Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Antivirus got turned off and will not turn back on


  • This topic is locked This topic is locked
32 replies to this topic

#1 sqarcle

sqarcle

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:11:59 AM

Posted 10 January 2016 - 10:21 AM

Several weeks ago I noticed an alert on my computer that my antivirus (at the time it was Panda Security's free AV) was turned off. I tried turning it on through Windows' tool and it didn't work. When I tried opening Panda itself, it would take approximately 5 minutes for the window to open, then nothing inside it would be clickable. I assumed the issue was with Panda and uninstalled it, then got BitDefender's Total Security 2016 free trial.
 
That seemed to work better, but then the next day I was again getting the message from Windows that my antivirus was turned off. This time I opened BitDefender to check its status, and it said my computer was protected. I tried telling BitDefender to turn on through Windows' Action Centre, and then my status on the BitDefender window changed, and said that real time protection is turned off. I tried turning it on several times in the BitDefender window as well as through the Action Centre to no avail.
 
I downloaded and ran FRST, and following are the contents of the FRST.txt log. Thank you in advance to all those who help me!
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:09-01-2015
Ran by cookie (administrator) on LOLLIPOP (10-01-2016 10:00:35)
Running from C:\Users\cookie\Downloads
Loaded Profiles: cookie (Available Profiles: cookie)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 10 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2016\vsserv.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe
(Bitdefender) C:\Program Files\Bitdefender Agent\ProductAgentService.exe
(@ByELDI) C:\Program Files\KMSpico\Service_KMS.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2016\updatesrv.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2016\bdagent.exe
(Flux Software LLC) C:\Users\cookie\AppData\Local\FluxSoftware\Flux\flux.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Google Inc.) C:\Users\cookie\AppData\Local\Google\Update\GoogleUpdate.exe
(Dropbox, Inc.) C:\Users\cookie\AppData\Local\Dropbox\Update\DropboxUpdate.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2016\bdwtxag.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Dropbox, Inc.) C:\Users\cookie\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Google) C:\Users\cookie\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
() F:\WDSync_v7_1_020.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [] => [X]
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [972672 2011-04-27] (TOSHIBA Corporation)
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [562304 2011-06-30] (Conexant Systems, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2679592 2011-02-03] (Synaptics Incorporated)
HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1647616 2012-06-13] (Conexant Systems, Inc.)
HKLM\...\Run: [Bdagent] => C:\Program Files\Bitdefender\Bitdefender 2016\bdagent.exe [1720488 2015-12-10] (Bitdefender)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642216 2012-08-08] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [PSUAMain] => "C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe" /LaunchSysTray
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596528 2015-11-09] (Oracle Corporation)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2015-08-06] (Apple Inc.)
HKU\S-1-5-21-2696656946-2823728835-2560566368-1001\...\Run: [F.lux] => C:\Users\cookie\AppData\Local\FluxSoftware\Flux\flux.exe [1016712 2013-10-15] (Flux Software LLC)
HKU\S-1-5-21-2696656946-2823728835-2560566368-1001\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation)
HKU\S-1-5-21-2696656946-2823728835-2560566368-1001\...\Run: [Google Update] => C:\Users\cookie\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-29] (Google Inc.)
HKU\S-1-5-21-2696656946-2823728835-2560566368-1001\...\Run: [Dropbox Update] => C:\Users\cookie\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-16] (Dropbox, Inc.)
HKU\S-1-5-21-2696656946-2823728835-2560566368-1001\...\Run: [Bitdefender Wallet Agent] => C:\Program Files\Bitdefender\Bitdefender 2016\bdwtxag.exe [1423288 2015-12-10] (Bitdefender)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\cookie\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\cookie\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\cookie\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\cookie\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\cookie\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\cookie\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\cookie\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\cookie\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass FF RunOnce.lnk [2014-01-02]
ShortcutTarget: Install LastPass FF RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk [2014-01-02]
ShortcutTarget: Install LastPass IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass)
Startup: C:\Users\cookie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-12-10]
ShortcutTarget: Dropbox.lnk -> C:\Users\cookie\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
GroupPolicyScripts-x32: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{4F249FCB-81DC-4926-A792-CD7E26199F26}: [DhcpNameServer] 209.222.18.222 209.222.18.218
Tcpip\..\Interfaces\{DA9169B1-DA52-4E82-8425-9FBF7B10E283}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKU\S-1-5-21-2696656946-2823728835-2560566368-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.toshiba.com
HKU\S-1-5-21-2696656946-2823728835-2560566368-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://start.toshiba.com
SearchScopes: HKLM -> DefaultScope {57AF7CDB-9903-47BF-85E4-C26C3355AD6C} URL = hxxp://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {57AF7CDB-9903-47BF-85E4-C26C3355AD6C} URL = hxxp://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP
SearchScopes: HKLM-x32 -> DefaultScope {57AF7CDB-9903-47BF-85E4-C26C3355AD6C} URL = hxxp://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {57AF7CDB-9903-47BF-85E4-C26C3355AD6C} URL = hxxp://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP
SearchScopes: HKU\.DEFAULT -> DefaultScope {57AF7CDB-9903-47BF-85E4-C26C3355AD6C} URL =
SearchScopes: HKU\S-1-5-21-2696656946-2823728835-2560566368-1001 -> DefaultScope {76E202F3-D464-4763-A143-705F7C435601} URL = hxxps://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=926458&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2696656946-2823728835-2560566368-1001 -> {1A66CBE7-5DFC-4C2D-BB8C-00E54510C07B} URL = hxxp://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP
SearchScopes: HKU\S-1-5-21-2696656946-2823728835-2560566368-1001 -> {57AF7CDB-9903-47BF-85E4-C26C3355AD6C} URL =
SearchScopes: HKU\S-1-5-21-2696656946-2823728835-2560566368-1001 -> {76E202F3-D464-4763-A143-705F7C435601} URL = hxxps://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=926458&p={searchTerms}
BHO: Bitdefender Wallet  -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender 2016\pmbxie.dll [2015-12-10] (Bitdefender)
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2015-03-31] (Microsoft Corporation)
BHO: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2014-01-02] (LastPass)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2014-01-22] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2015-01-21] (Microsoft Corporation)
BHO-x32: Bitdefender Wallet -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender 2016\Antispam32\pmbxie.dll [2015-12-10] (Bitdefender)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2015-03-31] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\ssv.dll [2015-12-06] (Oracle Corporation)
BHO-x32: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar.dll [2014-01-02] (LastPass)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2015-01-21] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\jp2ssv.dll [2015-12-06] (Oracle Corporation)
Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2014-01-02] (LastPass)
Toolbar: HKLM - Bitdefender Wallet  - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2016\pmbxie.dll [2015-12-10] (Bitdefender)
Toolbar: HKLM-x32 - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll [2014-01-02] (LastPass)
Toolbar: HKLM-x32 - Bitdefender Wallet - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2016\Antispam32\pmbxie.dll [2015-12-10] (Bitdefender)

FireFox:
========
FF ProfilePath: C:\Users\cookie\AppData\Roaming\Mozilla\Firefox\Profiles\5eiwcocj.default-1421186635032
FF DefaultSearchEngine: Google
FF DefaultSearchEngine.US: Google
FF Homepage: google.ca
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_20_0_0_267.dll [2015-12-28] ()
FF Plugin: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2014-01-02] (LastPass)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_267.dll [2015-12-28] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-14] ()
FF Plugin-x32: @gametap.com/npdd,version=1.0 -> C:\Program Files (x86)\Downloader\npdd.dll [2012-07-20] (Metaboli)
FF Plugin-x32: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2015-12-06] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2015-12-06] (Oracle Corporation)
FF Plugin-x32: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass.dll [2014-01-02] (LastPass)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-03-31] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [No File]
FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-02] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2696656946-2823728835-2560566368-1001: @talk.google.com/GoogleTalkPlugin -> C:\Users\cookie\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-2696656946-2823728835-2560566368-1001: @talk.google.com/O1DPlugin -> C:\Users\cookie\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-2696656946-2823728835-2560566368-1001: @tools.google.com/Google Update;version=3 -> C:\Users\cookie\AppData\Local\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-02] (Google Inc.)
FF Plugin HKU\S-1-5-21-2696656946-2823728835-2560566368-1001: @tools.google.com/Google Update;version=9 -> C:\Users\cookie\AppData\Local\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-02] (Google Inc.)
FF Plugin HKU\S-1-5-21-2696656946-2823728835-2560566368-1001: vsee.com/VSeeDetection -> C:\Users\cookie\AppData\Roaming\VSeeInstall\npVSeeDetection.dll [2013-07-29] (VSee Lab)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-03-31] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2015-12-12] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2015-12-12] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2015-12-12] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2015-12-12] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2015-12-12] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\cookie\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\cookie\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Extension: Add to Amazon Wish List Button - C:\Users\cookie\AppData\Roaming\Mozilla\Firefox\Profiles\5eiwcocj.default-1421186635032\extensions\amznUWL2@amazon.com.xpi [2015-05-29]
FF Extension: LastPass - C:\Users\cookie\AppData\Roaming\Mozilla\Firefox\Profiles\5eiwcocj.default-1421186635032\extensions\support@lastpass.com [2016-01-04]
FF Extension: AmazonSmile 1Button for Firefox - C:\Users\cookie\AppData\Roaming\Mozilla\Firefox\Profiles\5eiwcocj.default-1421186635032\Extensions\smile1Button@amazon.com.xpi [2015-05-29]
FF Extension: uBlock Origin - C:\Users\cookie\AppData\Roaming\Mozilla\Firefox\Profiles\5eiwcocj.default-1421186635032\Extensions\uBlock0@raymondhill.net.xpi [2016-01-07]
FF Extension: Boomerang for Gmail - C:\Users\cookie\AppData\Roaming\Mozilla\Firefox\Profiles\5eiwcocj.default-1421186635032\Extensions\{65e41d20-f092-41b7-bb83-c6e8a9ab0f57}.xpi [2015-08-26]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2012-10-06] [not signed]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2012-10-17] [not signed]
FF HKLM\...\Firefox\Extensions: [bdwteffv20@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2016\antispam32\bdwteff
FF Extension: Bitdefender Wallet - C:\Program Files\Bitdefender\Bitdefender 2016\antispam32\bdwteff [2015-12-16]
FF HKLM\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2016\bdtbext
FF Extension: Bitdefender Antispam Toolbar - C:\Program Files\Bitdefender\Bitdefender 2016\bdtbext [2015-12-16] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [bdwteffv20@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2016\antispam32\bdwteff
FF Extension: Bitdefender Wallet - C:\Program Files\Bitdefender\Bitdefender 2016\antispam32\bdwteff [2015-12-16]
FF HKLM-x32\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2016\bdtbext
FF Extension: Bitdefender Antispam Toolbar - C:\Program Files\Bitdefender\Bitdefender 2016\bdtbext [2015-12-16] [not signed]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com
CHR StartupUrls: Default -> "hxxps://gmail.com/","hxxp://facebook.com/","hxxp://tumblr.com/","hxxps://twitter.com/","hxxp://moodle.yorku.ca/","hxxp://mymail.yorku.ca/"
CHR DefaultSearchURL: Default -> hxxps://search.yahoo.com/search?fr=chr-yo_gc&ei=utf-8&ilc=12&type=926458&p={searchTerms}
CHR DefaultSearchKeyword: Default -> yahoo.com search
CHR DefaultSuggestURL: Default -> hxxps://ff.search.yahoo.com/gossip?output=fxjson&command={searchTerms}
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\cookie\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.2.464\_platform_specific\win_x86\widevinecdmadapter.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.106\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.106\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.106\pdf.dll => No File
CHR Plugin: (Chrome Remote Desktop) - C:\Users\cookie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp\35.0.1916.38_0\remoting_host_plugin.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll => No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL => No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll => No File
CHR Plugin: (Downloader Detector) - C:\Program Files (x86)\Downloader\npdd.dll (Metaboli)
CHR Plugin: (Java Deployment Toolkit 7.0.550.14) - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll => No File
CHR Plugin: (Java™ Platform SE 7 U55) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll => No File
CHR Plugin: (NPLastPass) - C:\Program Files (x86)\LastPass\nplastpass.dll (LastPass)
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Nexon Game Controller) - C:\ProgramData\NexonUS\NGM\npNxGameUS.dll => No File
CHR Plugin: (Google Update) - C:\Users\cookie\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll => No File
CHR Plugin: (Google Talk Plugin) - C:\Users\cookie\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
CHR Plugin: (Google Talk Plugin Video Renderer) - C:\Users\cookie\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
CHR Plugin: (VSeeDetection) - C:\Users\cookie\AppData\Roaming\VSeeInstall\npVSeeDetection.dll (VSee Lab)
CHR Plugin: (Shockwave Flash) - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll => No File
CHR Profile: C:\Users\cookie\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (YouTube) - C:\Users\cookie\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-30]
CHR Extension: (Add to Amazon Wish List) - C:\Users\cookie\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced [2013-09-09]
CHR Extension: (uBlock Origin) - C:\Users\cookie\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2016-01-09]
CHR Extension: (Google Search) - C:\Users\cookie\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-01-09]
CHR Extension: (Bitdefender Wallet) - C:\Users\cookie\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhejlifdlcgcmogbggeomfodgklfaem [2016-01-09]
CHR Extension: (Chrome Remote Desktop) - C:\Users\cookie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2016-01-09]
CHR Extension: (AmazonSmile 1Button for Chrome) - C:\Users\cookie\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdgenjhkjihnmigcommchefpajjhdmba [2015-02-21]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\cookie\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2016-01-09]
CHR Extension: (Ella Moss) - C:\Users\cookie\AppData\Local\Google\Chrome\User Data\Default\Extensions\klghmpijngbhkpcnbdjpdbognohonimk [2014-11-22]
CHR Extension: (Chrome Web Store Payments) - C:\Users\cookie\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-10-30]
CHR Extension: (Gmail) - C:\Users\cookie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-06]
CHR HKLM-x32\...\Chrome\Extension: [dhhejlifdlcgcmogbggeomfodgklfaem] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
S3 fussvc; C:\Program Files (x86)\Windows Kits\8.1\App Certification Kit\fussvc.exe [142336 2014-02-19] (Microsoft Corporation) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
S2 KMSServerService; C:\windows\KMSServerService\KMS Server Service.exe [211968 2014-12-27] (My Digital Life Forums) [File not signed]
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [50688 2014-04-28] (Hewlett-Packard) [File not signed]
R2 PandaAgent; C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe [73464 2015-10-28] (Panda Security, S.L.)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [66048 2014-04-28] (Hewlett-Packard) [File not signed]
R2 ProductAgentService; C:\Program Files\Bitdefender Agent\ProductAgentService.exe [857288 2015-11-09] (Bitdefender)
R2 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [966336 2014-12-04] (@ByELDI) [File not signed]
S3 Te.Service; C:\Program Files (x86)\Windows Kits\8.1\Testing\Runtimes\TAEF\Wex.Services.exe [119808 2013-08-22] (Microsoft Corporation) [File not signed]
R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender 2016\updatesrv.exe [124488 2015-09-29] (Bitdefender)
R2 VSSERV; C:\Program Files\Bitdefender\Bitdefender 2016\vsserv.exe [1604080 2015-12-09] (Bitdefender)
S3 VSStandardCollectorService140; C:\Program Files (x86)\Microsoft Visual Studio 14.0\Team Tools\DiagnosticsHub\Collector\StandardCollector.Service.exe [50408 2015-04-23] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 NanoServiceMain; "C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe" [X]
S2 PSUAService; "C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe" [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [1600512 2015-10-28] (BitDefender)
R3 avchv; C:\Windows\System32\DRIVERS\avchv.sys [282000 2015-09-17] (BitDefender)
S3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [775424 2015-09-17] (BitDefender)
R1 bdfwfpf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [107080 2012-10-29] (BitDefender LLC)
R1 BDVEDISK; C:\Windows\System32\DRIVERS\bdvedisk.sys [87912 2015-12-04] (BitDefender)
S3 CORK95; C:\Windows\System32\drivers\CORK95.sys [25600 2012-10-31] ( ) [File not signed]
S3 CorsairVBusDriver; C:\Windows\System32\DRIVERS\CorsairVBusDriver.sys [48808 2015-02-03] (Corsair)
S3 CorsairVHidDriver; C:\Windows\System32\DRIVERS\CorsairVHidDriver.sys [22696 2015-02-03] (Corsair)
S3 cpudrv64; C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [17864 2011-06-02] ()
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R0 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [160032 2015-04-29] (BitDefender LLC)
R0 ignis; C:\Windows\System32\DRIVERS\ignis.sys [271808 2015-10-22] (Bitdefender)
R1 NNSALPC; C:\Windows\System32\DRIVERS\NNSAlpc.sys [94456 2015-07-09] (Panda Security, S.L.)
R1 NNSHTTP; C:\Windows\System32\DRIVERS\NNSHttp.sys [201976 2015-07-09] (Panda Security, S.L.)
R1 NNSHTTPS; C:\Windows\System32\DRIVERS\NNSHttps.sys [110840 2015-07-09] (Panda Security, S.L.)
R1 NNSIDS; C:\Windows\System32\DRIVERS\NNSIds.sys [110840 2015-07-09] (Panda Security, S.L.)
R1 NNSNAHSL; C:\Windows\System32\DRIVERS\NNSNAHSL.sys [57648 2015-05-20] (Panda Security, S.L.)
R1 NNSPICC; C:\Windows\System32\DRIVERS\NNSPicc.sys [103160 2015-07-09] (Panda Security, S.L.)
R1 NNSPIHSW; C:\Windows\System32\DRIVERS\NNSPihsw.sys [73464 2015-08-31] (Panda Security, S.L.)
R1 NNSPOP3; C:\Windows\System32\DRIVERS\NNSPop3.sys [124152 2015-07-09] (Panda Security, S.L.)
R1 NNSPROT; C:\Windows\System32\DRIVERS\NNSProt.sys [300280 2015-07-09] (Panda Security, S.L.)
R1 NNSPRV; C:\Windows\System32\DRIVERS\NNSPrv.sys [170232 2015-07-09] (Panda Security, S.L.)
R1 NNSSMTP; C:\Windows\System32\DRIVERS\NNSSmtp.sys [113400 2015-07-09] (Panda Security, S.L.)
R1 NNSSTRM; C:\Windows\System32\DRIVERS\NNSStrm.sys [257784 2015-07-09] (Panda Security, S.L.)
R1 NNSTLSC; C:\Windows\System32\DRIVERS\NNSTlsc.sys [106232 2015-07-09] (Panda Security, S.L.)
R2 PSINAflt; C:\Windows\System32\DRIVERS\PSINAflt.sys [164088 2015-07-19] (Panda Security, S.L.)
R2 PSINFile; C:\Windows\System32\DRIVERS\PSINFile.sys [121592 2015-07-19] (Panda Security, S.L.)
R1 PSINKNC; C:\Windows\System32\DRIVERS\psinknc.sys [197880 2015-07-19] (Panda Security, S.L.)
R2 PSINProc; C:\Windows\System32\DRIVERS\PSINProc.sys [124152 2015-07-19] (Panda Security, S.L.)
R2 PSINProt; C:\Windows\System32\DRIVERS\PSINProt.sys [134392 2015-07-19] (Panda Security, S.L.)
R2 PSINReg; C:\Windows\System32\DRIVERS\PSINReg.sys [107768 2015-07-19] (Panda Security, S.L.)
S3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [61712 2015-05-22] (Panda Security, S.L.)
R3 RTWlanE; C:\Windows\System32\DRIVERS\rtwlane.sys [1514568 2013-05-02] (Realtek Semiconductor Corporation                           )
R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [477272 2015-06-02] (BitDefender S.R.L.)
S3 usbbus; C:\Windows\System32\DRIVERS\lgx64bus.sys [17920 2008-11-11] (LG Electronics Inc.)
S3 USBModem; C:\Windows\System32\DRIVERS\lgx64modem.sys [33792 2008-11-11] (LG Electronics Inc.)
S3 EagleX64; \??\C:\windows\system32\drivers\EagleX64.sys [X]
S3 netr28ux; system32\DRIVERS\netr28ux.sys [X]
S3 vmci; \SystemRoot\system32\DRIVERS\vmci.sys [X]
S3 VMnetAdapter; system32\DRIVERS\vmnetadapter.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-01-10 10:00 - 2016-01-10 10:01 - 00032247 _____ C:\Users\cookie\Downloads\FRST.txt
2016-01-10 09:59 - 2016-01-10 10:00 - 00000000 ____D C:\FRST
2016-01-10 09:58 - 2016-01-10 09:58 - 02370560 _____ (Farbar) C:\Users\cookie\Downloads\FRST64.exe
2016-01-09 15:06 - 2016-01-09 15:06 - 00001874 _____ C:\Users\cookie\AppData\Roaming\Microsoft\Windows\Start Menu\ELAN 4.9.2.lnk
2016-01-09 15:06 - 2016-01-09 15:06 - 00000000 ____D C:\Program Files (x86)\ELAN 4.9.2
2016-01-09 15:03 - 2016-01-09 15:05 - 80950717 _____ (Macrovision) C:\Users\cookie\Downloads\ELAN_4-9-2_win.exe
2016-01-09 12:55 - 2016-01-09 13:58 - 00001058 _____ C:\Users\cookie\Documents\github.txt
2016-01-07 09:27 - 2016-01-07 09:27 - 00000037 _____ C:\Users\cookie\Documents\adapt vocab.txt
2016-01-07 06:08 - 2016-01-07 06:08 - 00000385 _____ C:\Users\cookie\AppData\Roaminguser_gensett.xml
2016-01-06 09:33 - 2016-01-10 09:15 - 00003949 _____ C:\bdlog.txt
2016-01-05 09:02 - 2016-01-05 09:02 - 00413908 _____ C:\ProgramData\1452001207.bdinstall.bin
2016-01-05 09:02 - 2016-01-05 09:02 - 00000385 _____ C:\windows\system32\user_gensett.xml
2016-01-05 09:01 - 2016-01-05 09:01 - 00000684 ____H C:\bdr-cf01
2016-01-05 09:00 - 2016-01-05 09:00 - 00000000 ____H C:\windows\system32\Drivers\Msft_Kernel_avchv_01009.Wdf
2016-01-05 09:00 - 2016-01-05 09:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bitdefender 2016
2016-01-05 09:00 - 2016-01-05 09:00 - 00000000 ____D C:\ProgramData\BDLogging
2016-01-05 08:59 - 2007-04-11 10:11 - 00511328 _____ (Microsoft Corporation) C:\windows\capicom.dll
2016-01-05 08:58 - 2015-12-04 19:27 - 00087912 _____ (BitDefender) C:\windows\system32\Drivers\bdvedisk.sys
2016-01-05 08:58 - 2015-10-28 13:01 - 01600512 _____ (BitDefender) C:\windows\system32\Drivers\avc3.sys
2016-01-05 08:58 - 2015-10-22 14:02 - 00271808 _____ (Bitdefender) C:\windows\system32\Drivers\ignis.sys
2016-01-05 08:58 - 2015-09-17 21:24 - 00282000 _____ (BitDefender) C:\windows\system32\Drivers\avchv.sys
2016-01-05 08:58 - 2015-09-17 21:23 - 00775424 _____ (BitDefender) C:\windows\system32\Drivers\avckf.sys
2016-01-05 08:57 - 2016-01-05 09:07 - 00000000 ____D C:\Users\cookie\AppData\Roaming\Bitdefender
2016-01-05 08:57 - 2016-01-05 09:01 - 00253404 ____H C:\bdr-ld01
2016-01-05 08:57 - 2016-01-05 09:01 - 00009216 ____H C:\bdr-ld01.mbr
2016-01-05 08:57 - 2015-12-15 21:35 - 49760229 ____H C:\bdr-im01.gz
2016-01-05 08:57 - 2013-08-13 12:38 - 03271472 ____H C:\bdr-bz01
2016-01-05 08:18 - 2016-01-05 09:19 - 00000000 ____D C:\ProgramData\Bitdefender
2016-01-05 08:18 - 2015-04-29 13:32 - 00160032 ____N (BitDefender LLC) C:\windows\system32\Drivers\gzflt.sys
2016-01-05 08:17 - 2016-01-05 08:18 - 00000000 ____D C:\Program Files\Common Files\Bitdefender
2016-01-05 08:17 - 2016-01-05 08:17 - 00000000 ____D C:\Users\cookie\AppData\Roaming\QuickScan
2016-01-05 08:17 - 2016-01-05 08:17 - 00000000 ____D C:\Program Files\Bitdefender
2016-01-05 08:17 - 2015-06-02 14:21 - 00477272 _____ (BitDefender S.R.L.) C:\windows\system32\Drivers\trufos.sys
2016-01-05 08:13 - 2016-01-10 09:17 - 00000000 ____D C:\Program Files\Bitdefender Agent
2016-01-05 08:13 - 2016-01-05 08:13 - 09736896 _____ C:\Users\cookie\Downloads\bitdefender_antivirus.exe
2016-01-05 08:13 - 2016-01-05 08:13 - 00003640 _____ C:\windows\System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864
2016-01-05 08:13 - 2016-01-05 08:13 - 00000000 ____D C:\ProgramData\Bitdefender Agent
2016-01-04 20:00 - 2016-01-04 20:00 - 00162208 _____ C:\Users\cookie\Downloads\Antivirus_Free_Edition.exe
2016-01-04 19:36 - 2016-01-04 19:37 - 00757656 _____ C:\Users\cookie\Downloads\UNINSTALLER.exe
2015-12-30 12:38 - 2015-12-30 12:38 - 00000737 _____ C:\Users\cookie\Documents\back bend sequence.txt
2015-12-30 00:31 - 2015-12-30 00:31 - 00514238 _____ C:\Users\cookie\Documents\TBS Order Confirmation.pdf
2015-12-29 23:06 - 2015-12-29 23:06 - 00085064 _____ C:\Users\cookie\Documents\TBS Gift Card.pdf
2015-12-28 16:37 - 2015-12-28 16:37 - 05124251 _____ C:\Users\cookie\Documents\530180+Natural+Selection (1).pdf
2015-12-23 16:52 - 2015-12-23 16:52 - 00000116 _____ C:\Users\cookie\Documents\python.txt
2015-12-23 14:42 - 2015-12-28 13:38 - 00000161 _____ C:\Users\cookie\Documents\script.txt
2015-12-12 16:42 - 2015-12-12 17:07 - 00000000 ____D C:\Users\cookie\Documents\ShareX
2015-12-12 16:40 - 2015-12-12 16:40 - 01626489 _____ (ShareX Developers ) C:\Users\cookie\Downloads\ShareX-8.4.1-setup.exe
2015-12-12 16:40 - 2015-12-12 16:40 - 00000000 ____D C:\Users\cookie\AppData\Roaming\ZScreen
2015-12-12 16:40 - 2015-12-12 16:40 - 00000000 ____D C:\Users\cookie\AppData\Local\ZScreen
2015-12-12 16:38 - 2016-01-09 10:56 - 00000000 ____D C:\Program Files\ZScreen
2015-12-12 16:36 - 2015-12-12 16:37 - 01967283 _____ (ZScreen ) C:\Users\cookie\Downloads\ZScreen-4.0.5.2310-setup.exe
2015-12-12 09:19 - 2015-12-12 09:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-12-12 09:17 - 2015-12-12 09:19 - 00000000 ____D C:\Program Files\iTunes
2015-12-12 09:17 - 2015-12-12 09:17 - 00000000 ____D C:\Program Files\iPod
2015-12-12 09:17 - 2015-12-12 09:17 - 00000000 ____D C:\Program Files (x86)\iTunes
2015-12-12 09:15 - 2015-12-12 09:15 - 00000000 ____D C:\Program Files\Bonjour
2015-12-12 09:15 - 2015-12-12 09:15 - 00000000 ____D C:\Program Files (x86)\Bonjour
2015-12-12 09:13 - 2015-12-12 09:13 - 00000000 ____D C:\windows\System32\Tasks\Apple
2015-12-12 09:13 - 2015-12-12 09:13 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2015-12-12 09:08 - 2015-12-12 09:09 - 00000000 ____D C:\Program Files (x86)\QuickTime
2015-12-12 09:08 - 2015-12-12 09:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-01-10 10:00 - 2009-07-13 22:20 - 00000000 ____D C:\Windows
2016-01-10 09:49 - 2014-01-02 19:25 - 00000000 ____D C:\Users\cookie\AppData\LocalLow\LastPass
2016-01-10 09:38 - 2015-06-16 14:28 - 00000922 _____ C:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2696656946-2823728835-2560566368-1001UA.job
2016-01-10 09:32 - 2013-04-27 18:25 - 00000912 _____ C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2696656946-2823728835-2560566368-1001UA.job
2016-01-10 09:32 - 2009-07-13 23:45 - 00024608 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-01-10 09:32 - 2009-07-13 23:45 - 00024608 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-01-10 09:26 - 2009-07-14 00:13 - 00782510 _____ C:\windows\system32\PerfStringBackup.INI
2016-01-10 09:26 - 2009-07-13 22:20 - 00000000 ____D C:\windows\inf
2016-01-10 09:24 - 2012-11-12 10:47 - 00000830 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2016-01-10 09:19 - 2012-08-22 12:20 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-01-10 09:18 - 2012-09-04 07:55 - 00000000 ___RD C:\Users\cookie\Dropbox
2016-01-10 09:18 - 2012-08-08 12:23 - 00000000 ____D C:\Users\cookie\AppData\Roaming\Dropbox
2016-01-10 09:17 - 2014-11-30 18:07 - 00000894 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-01-10 09:16 - 2009-07-14 00:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2016-01-10 09:14 - 2015-03-29 16:01 - 00000000 ____D C:\Users\cookie\AppData\Local\CrashDumps
2016-01-10 09:14 - 2014-11-30 18:07 - 00000898 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-01-10 09:14 - 2013-04-27 18:25 - 00000860 _____ C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2696656946-2823728835-2560566368-1001Core.job
2016-01-10 02:23 - 2015-06-16 14:28 - 00000870 _____ C:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2696656946-2823728835-2560566368-1001Core.job
2016-01-09 15:21 - 2015-07-21 14:36 - 00000000 ____D C:\Program Files (x86)\ELAN_4.9.1
2016-01-09 15:20 - 2015-06-23 08:45 - 00000000 ____D C:\Program Files (x86)\ELAN_4.9.0
2016-01-09 15:08 - 2014-12-14 15:27 - 00000000 ____D C:\Program Files (x86)\ELAN 4.8.1
2016-01-08 11:56 - 2015-03-31 08:11 - 00000000 ___SD C:\windows\system32\GWX
2016-01-08 11:56 - 2014-12-27 08:24 - 00000000 ____D C:\Program Files\KMSpico
2016-01-08 11:56 - 2012-08-22 12:20 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-01-08 11:56 - 2012-08-08 13:57 - 00000000 ____D C:\windows\System32\Tasks\OfficeSoftwareProtectionPlatform
2016-01-08 11:56 - 2009-07-13 22:20 - 00000000 ____D C:\windows\registration
2016-01-08 11:55 - 2014-12-26 23:11 - 00000000 __RHD C:\MSOCache
2016-01-08 08:58 - 2012-08-08 11:46 - 00000000 ____D C:\Users\cookie
2016-01-05 08:54 - 2012-08-08 11:50 - 00113928 _____ C:\Users\cookie\AppData\Local\GDIPFONTCACHEV1.DAT
2016-01-05 08:35 - 2009-07-13 23:45 - 00507600 _____ C:\windows\system32\FNTCACHE.DAT
2016-01-05 08:30 - 2013-04-21 17:41 - 00000000 ____D C:\ProgramData\NexonUS
2016-01-04 19:39 - 2014-06-14 08:25 - 00000000 ____D C:\Users\cookie\AppData\Roaming\Panda Security
2016-01-04 08:24 - 2015-05-04 12:56 - 00000000 ____D C:\Program Files (x86)\Corsair
2016-01-02 16:58 - 2013-10-25 16:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YNAB 4
2016-01-02 16:58 - 2013-10-25 16:12 - 00000000 ____D C:\Program Files (x86)\YNAB 4
2016-01-02 14:20 - 2012-11-12 10:47 - 00003768 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
2016-01-02 14:19 - 2012-11-12 10:47 - 00796864 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2016-01-02 14:19 - 2011-11-01 22:40 - 00142528 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-12-18 15:23 - 2009-07-13 22:20 - 00000000 ____D C:\windows\system32\NDF
2015-12-17 06:33 - 2012-08-22 05:24 - 00000000 ____D C:\Users\cookie\AppData\Roaming\Mozilla
2015-12-17 05:58 - 2015-07-13 13:22 - 00000000 ____D C:\Users\cookie\AppData\Local\Spotify
2015-12-17 05:58 - 2015-07-13 13:21 - 00000000 ____D C:\Users\cookie\AppData\Roaming\Spotify
2015-12-12 09:35 - 2012-09-06 11:44 - 00000000 ____D C:\Users\cookie\AppData\Roaming\Apple Computer
2015-12-12 09:17 - 2014-10-10 15:25 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2015-12-12 09:17 - 2013-11-11 20:28 - 00000000 ____D C:\Program Files\Common Files\Apple
2015-12-12 09:13 - 2013-11-11 20:29 - 00002519 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk

==================== Files in the root of some directories =======

2014-01-02 19:26 - 2014-01-02 19:26 - 13024768 _____ (LastPass) C:\Program Files (x86)\Common Files\lpuninstall.exe
2013-07-07 17:42 - 2013-07-07 17:42 - 0000037 ___SH () C:\Users\cookie\AppData\Local\70149b02515b3bb20dd492.47983420
2013-06-08 11:47 - 2014-09-15 16:27 - 0000600 _____ () C:\Users\cookie\AppData\Local\PUTTY.RND
2016-01-05 09:02 - 2016-01-05 09:02 - 0413908 _____ () C:\ProgramData\1452001207.bdinstall.bin
2012-08-15 15:16 - 2014-12-14 17:31 - 0015687 _____ () C:\ProgramData\hpzinstall.log

Files to move or delete:
====================
C:\Users\cookie\comcat5.dll


Some files in TEMP:
====================
C:\Users\cookie\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp3yzmep.dll
C:\Users\cookie\AppData\Local\Temp\ICReinstall_Adobe Garamond Pro Regular.exe
C:\Users\cookie\AppData\Local\Temp\jre-8u60-windows-au.exe
C:\Users\cookie\AppData\Local\Temp\jre-8u65-windows-au.exe
C:\Users\cookie\AppData\Local\Temp\jre-8u66-windows-au.exe
C:\Users\cookie\AppData\Local\Temp\NGM.exe
C:\Users\cookie\AppData\Local\Temp\NGMDll.dll
C:\Users\cookie\AppData\Local\Temp\NGMResource.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\SysWOW64\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-12-31 01:58

Additional scan result of Farbar Recovery Scan Tool (x64) Version:09-01-2015
Ran by cookie (2016-01-10 10:02:51)
Running from C:\Users\cookie\Downloads
Windows 7 Home Premium Service Pack 1 (X64) (2012-08-08 16:46:51)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2696656946-2823728835-2560566368-500 - Administrator - Disabled)
cookie (S-1-5-21-2696656946-2823728835-2560566368-1001 - Administrator - Enabled) => C:\Users\cookie
Guest (S-1-5-21-2696656946-2823728835-2560566368-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Bitdefender Antivirus (Enabled - Out of date) {9A0813D8-CED6-F86B-072E-28D2AF25A83D}
AS: Bitdefender Antispyware (Enabled - Out of date) {2169F23C-E8EC-F7E5-3D9E-13A0D4A2E280}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Bitdefender Firewall (Enabled) {A23392FD-84B9-F933-2C71-81E751F6EF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-2696656946-2823728835-2560566368-1001\...\uTorrent) (Version: 3.4.2.36802 - BitTorrent Inc.)
64 Bit HP CIO Components Installer (Version: 17.2.1 - Hewlett-Packard) Hidden
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.009.20079 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.6.0.19140 - Adobe Systems Incorporated)
Adobe Flash Player 20 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 20.0.0.270 - Adobe Systems Incorporated)
Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.267 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{54813D9E-06CB-128C-A78F-A93AD4588598}) (Version: 8.0.881.0 - Advanced Micro Devices, Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{C5815ACF-FD34-4553-8A22-C7411B7E662B}) (Version: 4.1.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{CBF12D2F-CF64-4CB7-858B-2C1F21068E5F}) (Version: 4.1.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
Application Insights Tools for Visual Studio 2015 RC (x32 Version: 3.2 - Microsoft Corporation) Hidden
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.1.42 - Atheros Communications Inc.)
Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
AzureTools.Notifications (x32 Version: 2.6.30331.1601 - Microsoft Corporation) Hidden
Bitdefender Agent (HKLM\...\Bitdefender Agent) (Version: 20.0.23.1252 - Bitdefender)
Bitdefender Total Security 2016 (HKLM\...\Bitdefender) (Version: 20.0.24.1290 - Bitdefender)
Blend for Visual Studio SDK for .NET 4.5 (x32 Version: 3.0.40218.0 - Microsoft Corporation) Hidden
Blend for Visual Studio SDK for Silverlight 5 (x32 Version: 3.0.40218.0 - Microsoft Corporation) Hidden
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Bullzip PDF Printer 10.11.0.2338 (HKLM\...\Bullzip PDF Printer_is1) (Version: 10.11.0.2338 - Bullzip)
calibre (HKLM-x32\...\{B4B62C79-A41D-47C6-B689-0416BEA6678F}) (Version: 2.35.0 - Kovid Goyal)
CameraHelperMsi (x32 Version: 13.51.815.0 - Logitech) Hidden
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.54.44.0 - Conexant)
Dotfuscator and Analytics Community Edition 5.18.0 (x32 Version: 5.18.0.2789 - PreEmptive Solutions) Hidden
Download Windows Universal Tools (x32 Version: 14.0.22823 - Microsoft Corporation) Hidden
Downloader (HKLM-x32\...\Downloader) (Version: - )
Dropbox (HKU\S-1-5-21-2696656946-2823728835-2560566368-1001\...\Dropbox) (Version: 3.12.5 - Dropbox, Inc.)
ELAN 4.9.2 (HKLM-x32\...\ELAN 4.9.2) (Version: 4.9.2.0 - MPI - The Language Archive)
Entity Framework 6.1.3 Tools for Visual Studio 2015 (HKLM-x32\...\{1A8A9739-BAD7-491F-B5B9-A79A2B965422}) (Version: 14.0.40302.0 - Microsoft Corporation)
erLT (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
Extended Asian Language font pack for Adobe Reader XI (HKLM-x32\...\{AC76BA86-7AD7-2530-0000-A00000000004}) (Version: 11.0.0 - Adobe Systems Incorporated)
f.lux (HKU\S-1-5-21-2696656946-2823728835-2560566368-1001\...\Flux) (Version: - )
FileZilla Client 3.14.0 (HKLM-x32\...\FileZilla Client) (Version: 3.14.0 - Tim Kosse)
Firestorm-Release (remove only) (HKLM-x32\...\Firestorm-Release) (Version: - )
Free Scan to PDF (HKLM-x32\...\{11586A4D-F255-4D52-A612-7D2DAADC1773}) (Version: 1.0.0 - freepdfsolutions.com)
Git version 1.9.4-preview20140929 (HKLM-x32\...\Git_is1) (Version: 1.9.4-preview20140929 - The Git Development Community)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 47.0.2526.106 - Google Inc.)
Google Talk Plugin (HKLM-x32\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 5.41.3.0 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.29.1 - Google Inc.) Hidden
HP Photosmart D110 All-In-One Driver 14.0 Rel. 7 (HKLM\...\{14BC6853-A74E-4874-B50D-679889D1544D}) (Version: 14.0 - HP)
IIS 10.0 Express (HKLM\...\{5456A561-2429-411B-B2C8-CAE4411D446B}) (Version: 10.0.1733 - Microsoft Corporation)
IIS Express Application Compatibility Database for x64 (HKLM\...\{08274920-8908-45c2-9258-8ad67ff77b09}.sdb) (Version: - )
IIS Express Application Compatibility Database for x86 (HKLM\...\{ad846bae-d44b-4722-abad-f7420e08bcd9}.sdb) (Version: - )
inSSIDer 3 (HKLM-x32\...\{A80CEA4E-74C1-4F9F-806B-E1D9AFC01768}) (Version: 3.0.7.48 - MetaGeek, LLC)
iTunes (HKLM\...\{0D44E3A4-6C3D-45D7-B443-079509E5BE5D}) (Version: 12.3.2.35 - Apple Inc.)
Jaikoz (64-bit) 8.2.5 (HKLM\...\Jaikoz (64-bit) 8.2.5) (Version: 8.2.5 - )
Java 8 Update 66 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218066F0}) (Version: 8.0.660.18 - Oracle Corporation)
Jet Set Radio (HKLM-x32\...\Steam App 205950) (Version: - Blit Software)
KeePass Password Safe 2.22 (HKLM-x32\...\KeePassPasswordSafe2_is1) (Version: - Dominik Reichl)
KMSpico (HKLM\...\{8B29D47F-92E2-4C20-9EE0-F710991F5D7C}_is1) (Version: - )
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - )
LastPass (uninstall only) (HKLM-x32\...\LastPass) (Version: - LastPass)
LG USB Modem driver (HKLM-x32\...\{C3ABE126-2BB2-4246-BFE1-6797679B3579}) (Version: - )
Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.51 - Logitech Inc.)
Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU) (HKLM-x32\...\{D3517C62-68A5-37CF-92F7-93C029A89681}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM-x32\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 SDK (HKLM-x32\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (ENU) (HKLM-x32\...\{290FC320-2F5A-329E-8840-C4193BD7A9EE}) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (HKLM-x32\...\{B941AFB4-8851-33A1-9E72-0C33D463C41C}) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.6 RC (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.00057 - Microsoft Corporation)
Microsoft .NET Framework 4.6 RC Multi-Targeting Pack (ENU) (HKLM-x32\...\{E689C2B1-3711-4FF7-95C4-1F4932A2B493}) (Version: 4.6.00057 - Microsoft Corporation)
Microsoft .NET Framework 4.6 RC Multi-Targeting Pack (HKLM-x32\...\{F1052F45-79C1-48D6-979F-CC5B6F864615}) (Version: 4.6.00057 - Microsoft Corporation)
Microsoft .NET Framework 4.6 RC SDK (HKLM-x32\...\{7318F8D8-AFC9-499C-9909-1CA56E7E7FB4}) (Version: 4.6.00057 - Microsoft Corporation)
Microsoft .NET Version Manager (x64) 1.0.0-beta4 (HKLM\...\{a87918f8-8462-36ae-ab64-5bac8473c726}) (Version: 1.0.10413.0 - Microsoft Corporation)
Microsoft Help Viewer 2.2 (HKLM-x32\...\Microsoft Help Viewer 2.2) (Version: 2.2.22823 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.1.177.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM-x32\...\Office15.PROPLUSR) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Command Line Utilities (HKLM\...\{9D573E71-1077-4C7E-B4DB-4E22A5D2B48B}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client (HKLM\...\{49D665A2-4C2A-476E-9AB8-FCC425F526FC}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2014 Express LocalDB (HKLM\...\{AB8DE9BA-19E1-446A-BCFA-6B3DA9751E21}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects (HKLM-x32\...\{2774595F-BC2A-4B12-A25B-0C37A37049B0}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects (x64) (HKLM\...\{1F9EB3B6-AED7-4AA7-B8F1-8E314B74B2A5}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Transact-SQL ScriptDom (HKLM\...\{020CDFE0-C127-4047-B571-37C82396B662}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 T-SQL Language Service (HKLM-x32\...\{47D08E7A-92A1-489B-B0BF-415516497BCE}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools - enu (14.0.50325.0) (HKLM-x32\...\{91A6AD24-DADE-407B-B19B-65000C22B931}) (Version: 14.0.50325.0 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM\...\{68BA34E8-9B9D-4A74-83F0-7D366B532D75}) (Version: 12.0.2402.11 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM-x32\...\{718FFB65-F6E4-4D62-861F-ED10ED32C936}) (Version: 12.0.2402.11 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 RC Redistributable (x64) - 14.0.22816 (HKLM-x32\...\{e2495eb6-cca8-47aa-91ea-3410ca44d7b7}) (Version: 14.0.22816.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 RC Redistributable (x86) - 14.0.22816 (HKLM-x32\...\{714692fa-709b-4925-8170-821d51135f42}) (Version: 14.0.22816.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio Community 2015 RC (HKLM-x32\...\{d79c19c8-760e-4fc2-a85a-8a89093b59e6}) (Version: 14.0.22823 - Microsoft Corporation)
Microsoft Web Deploy 3.6 Beta3 (HKLM\...\{07F0FC77-282E-42E5-BAE6-B8C098F8453E}) (Version: 3.1238.1942 - Microsoft Corporation)
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{D9C50188-12D5-4D3E-8F00-682346C2AA5F}) (Version: 1.20.146.0 - Microsoft)
MiKTeX 2.9 (HKLM\...\MiKTeX 2.9) (Version: 2.9 - MiKTeX.org)
Mozilla Firefox 43.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 43.0.1 (x86 en-US)) (Version: 43.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 43.0.1.5828 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Multi-Device Hybrid Apps using C# - Templates - ENU (x32 Version: 14.0.22823 - Microsoft Corporation) Hidden
Network64 (Version: 140.0.212.000 - Hewlett-Packard) Hidden
Outils de vérification linguistique 2013 de Microsoft Office - Français (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
paint.net (HKLM\...\{DF3A46D9-67B3-44B2-9D01-25C8BA772C8A}) (Version: 4.0.6 - dotPDN LLC)
Panda Devices Agent (x32 Version: 1.06.00 - Panda Security) Hidden
Panda Free Antivirus (Version: 8.04.00.0000 - Panda Security) Hidden
PeerBlock 1.2 (r693) (HKLM\...\{015C5B35-B678-451C-9AEE-821E8D69621C}_is1) (Version: 1.2.0.693 - PeerBlock, LLC)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
pomodairo (HKLM-x32\...\pomodairo.1041936B6D0707C313E2E169D771193A7DFBADCC.1) (Version: 1.9 - UNKNOWN)
pomodairo (x32 Version: 1.9 - UNKNOWN) Hidden
Popcorn Time (HKU\S-1-5-21-2696656946-2823728835-2560566368-1001\...\Popcorn Time) (Version: - Popcorn Official)
PowerShellIntegration.Notifications (x32 Version: 2.6.0.0 - Microsoft Corporation) Hidden
PreEmptive Analytics Visual Studio Components (x32 Version: 1.2.3197.1 - PreEmptive Solutions) Hidden
Prerequisites for SSDT (HKLM-x32\...\{21373064-AD95-48DB-A32E-0D9E08EF7355}) (Version: 12.0.2000.8 - Microsoft Corporation)
Private Internet Access Support Files (HKLM-x32\...\{7D72DAFF-DCB2-437B-BC22-4B2ABF21462B}) (Version: 1.0.0.0 - Private Internet Access)
PS_AIO_07_D110_SW_Min (x32 Version: 140.0.142.000 - Hewlett-Packard) Hidden
Python 2.7.10 (HKLM-x32\...\{E2B51919-207A-43EB-AE78-733F9C6797C2}) (Version: 2.7.10150 - Python Software Foundation)
Python 2.7.6 (64-bit) (HKLM\...\{C3CC4DF5-39A5-4027-B136-2B3E1F5AB6E3}) (Version: 2.7.6150 - Python Software Foundation)
Python 3.4 matplotlib-1.4.2 (HKLM-x32\...\matplotlib-py3.4) (Version: - )
Python 3.4 numpy-1.8.1 (HKLM-x32\...\numpy-py3.4) (Version: - )
Python 3.4 pyparsing-2.0.3 (HKU\S-1-5-21-2696656946-2823728835-2560566368-1001\...\pyparsing-py3.4) (Version: - )
Python 3.4.2 (HKLM-x32\...\{2583CDBA-8A53-4622-BB67-1D163714C1B4}) (Version: 3.4.16349 - Python Software Foundation)
Python Tools Redirection Template (x32 Version: 0.7.4100.000 - Microsoft Corporation) Hidden
QuickTime 7 (HKLM-x32\...\{80CEEB1E-0A6C-45B9-A312-37A1D25FDEBC}) (Version: 7.78.80.95 - Apple Inc.)
Realtek USB 2.0 Reader Driver (HKLM-x32\...\{62BBB2F0-E220-4821-A564-730807D2C34D}) (Version: 1.0.0.14 - Realtek Semiconductor Corp.)
Realtek WLAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4fed-B2B9-173001290E16}) (Version: 2.00.0013 - REALTEK Semiconductor Corp.)
Roslyn Language Services - x86 (x32 Version: 14.0.22823 - Microsoft Corporation) Hidden
Scan (x32 Version: 140.0.77.000 - Hewlett-Packard) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition (HKLM-x32\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{7F6C4883-A18C-459A-82C1-A2F9403F2DA6}) (Version: - Microsoft)
Skype™ 7.7 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.7.103 - Skype Technologies S.A.)
SourceTree (HKLM-x32\...\SourceTree 1.6.22) (Version: 1.6.22 - Atlassian)
SourceTree (x32 Version: 1.6.22 - Atlassian) Hidden
Spotify (HKU\S-1-5-21-2696656946-2823728835-2560566368-1001\...\Spotify) (Version: 1.0.19.106.gb8a7150f - Spotify AB)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Sublime Text Build 3059 (HKLM\...\Sublime Text 3_is1) (Version: - Sublime HQ Pty Ltd)
SumatraPDF (HKLM-x32\...\SumatraPDF) (Version: 2.3.2 - Krzysztof Kowalczyk)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.2.11.1 - Synaptics Incorporated)
System Requirements Lab CYRI (HKLM-x32\...\{943A8D28-80D6-41DC-AE94-81FEB42041BF}) (Version: 4.5.1.0 - Husdawg, LLC)
System Requirements Lab for Intel (HKLM-x32\...\{C7CA731B-BF9A-46D9-92CF-8A8737AE9240}) (Version: 4.5.13.0 - Husdawg, LLC)
Team Explorer for Microsoft Visual Studio 2015 RC (x32 Version: 14.0.22821 - Microsoft Corporation) Hidden
TeamViewer 8 (HKLM-x32\...\TeamViewer 8) (Version: 8.0.20202 - TeamViewer)
Test Tools for Microsoft Visual Studio 2015 RC (x32 Version: 14.0.22823 - Microsoft Corporation) Hidden
Tixati (HKLM-x32\...\tixati) (Version: - )
Toolbox (x32 Version: 140.0.424.000 - Hewlett-Packard) Hidden
TOSHIBA Sleep Utility (HKLM-x32\...\{654F7484-88C5-46DC-AB32-C66BCB0E2102}) (Version: 1.4.2.8 - TOSHIBA Corporation)
TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.6.1.64 - TOSHIBA Corporation)
TOSHIBA Web Camera Application (HKLM-x32\...\InstallShield_{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}) (Version: 2.0.3.3 - TOSHIBA Corporation)
TypeScript Power Tool (x32 Version: 1.4.3.0 - Microsoft Corporation) Hidden
TypeScript Tools for Microsoft Visual Studio 2015 (x32 Version: 1.4.3.0 - Microsoft Corporation) Hidden
Universal CRT Headers Libraries and Sources (x32 Version: 10.0.10056 - Microsoft Corporation) Hidden
Universal CRT Redistributable (x32 Version: 10.0.10058 - Microsoft Corporation) Hidden
Universal CRT Tools x64 (Version: 10.0.10056 - Microsoft Corporation) Hidden
Universal CRT Tools x86 (x32 Version: 10.0.10056 - Microsoft Corporation) Hidden
Update for (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version: - Elaborate Bytes)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
VSee (HKU\S-1-5-21-2696656946-2823728835-2560566368-1001\...\VSee) (Version: 14.0.0.220 - VSee Lab Inc)
WCF Data Services 5.6.2 Runtime (x32 Version: 5.6.61937.2 - Microsoft Corporation) Hidden
WCF Data Services Tools for Microsoft Visual Studio 2014 (x32 Version: 5.6.61937.2 - Microsoft Corporation) Hidden
Winamp (HKLM-x32\...\Winamp) (Version: 5.63 - Nullsoft, Inc)
Winamp Detector Plug-in (HKU\S-1-5-21-2696656946-2823728835-2560566368-1001\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
WinRAR 4.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
YNAB 4 version 4.3.820 (HKLM-x32\...\com.ynab.YNAB4.LiveCaptive_is1) (Version: 4.3.820 - YouNeedABudget.com)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2696656946-2823728835-2560566368-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\cookie\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2696656946-2823728835-2560566368-1001_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\cookie\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2696656946-2823728835-2560566368-1001_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\cookie\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2696656946-2823728835-2560566368-1001_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\cookie\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2696656946-2823728835-2560566368-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\cookie\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2696656946-2823728835-2560566368-1001_Classes\CLSID\{ca586c80-7c84-4b88-8537-726724df6929}\InprocServer32 -> C:\Program Files (x86)\Git\git-cheetah\git_shell_ext64.dll ()
CustomCLSID: HKU\S-1-5-21-2696656946-2823728835-2560566368-1001_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\cookie\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2696656946-2823728835-2560566368-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\cookie\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2696656946-2823728835-2560566368-1001_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\cookie\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2696656946-2823728835-2560566368-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\cookie\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2696656946-2823728835-2560566368-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\cookie\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2696656946-2823728835-2560566368-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\cookie\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2696656946-2823728835-2560566368-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\cookie\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2696656946-2823728835-2560566368-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\cookie\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2696656946-2823728835-2560566368-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\cookie\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2696656946-2823728835-2560566368-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\cookie\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2696656946-2823728835-2560566368-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\cookie\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2696656946-2823728835-2560566368-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\cookie\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2696656946-2823728835-2560566368-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\cookie\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2696656946-2823728835-2560566368-1001_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\cookie\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0458DC26-7C70-48CA-BB0A-9BDBDB6F8599} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2696656946-2823728835-2560566368-1001UA => C:\Users\cookie\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {1992ED17-AAB7-4C90-B0D2-49E94C500DFB} - System32\Tasks\{D45924BD-D66B-454B-9190-1D9EA67A2C86} => pcalua.exe -a F:\setup.exe -d F:\
Task: {1CA2097B-E967-4F41-BB6F-6617731D84FB} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2696656946-2823728835-2560566368-1001Core => C:\Users\cookie\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-16] (Dropbox, Inc.)
Task: {214FAE51-B12E-4A99-AA64-472EF09B2C9F} - System32\Tasks\{238DB05A-EFF0-47BD-B113-9F8FFC850B9D} => pcalua.exe -a C:\Users\cookie\Downloads\setuptools-0.6c11.win32-py2.7.exe -d C:\Users\cookie\Downloads
Task: {2A88784C-D4A3-4854-B915-0D354B8E2B40} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-08-27] (Apple Inc.)
Task: {2BB3A57D-9FC5-4F85-9400-892029C3CA11} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2696656946-2823728835-2560566368-1001UA => C:\Users\cookie\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-16] (Dropbox, Inc.)
Task: {33DF5B3A-F107-4667-B76E-F7CE984358D5} - System32\Tasks\AutoPico Daily Restart => C:\Program Files\KMSpico\AutoPico.exe [2014-12-04] (@ByELDI)
Task: {3D3396AF-E764-4FB8-8E49-96CEFAECF96C} - System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864 => C:\Program Files\Bitdefender Agent\WatchDog.exe [2015-11-09] (Bitdefender)
Task: {45C1E98A-8DDF-4E1C-BACD-EB33F63531E9} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-01-29] (Microsoft Corporation)
Task: {4853084B-9873-4FE0-B413-0B228CE0577C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-26] (Google Inc.)
Task: {4C9A947D-4036-4E41-8D6C-76AD56B9CA50} - System32\Tasks\Private Internet Access Startup => C:\Program Files\pia_manager\pia_manager.exe [2015-06-30] ()
Task: {5A40E926-9E86-4B89-9CFD-B12311724371} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => config upnphost start= auto
Task: {A4ECFADE-6481-437C-99BA-3CC54BA2EA99} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-01-29] (Microsoft Corporation)
Task: {AA5493A6-27FF-4CE1-8D3C-179BC9748B28} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-01-29] (Microsoft Corporation)
Task: {AFB5320E-84F5-47D5-B400-111F92AD59DA} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-01-02] (Adobe Systems Incorporated)
Task: {B22973F6-4601-4EC4-8D3E-0DBF50B0C753} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-22] (Microsoft Corporation)
Task: {B679D990-8055-4934-89F4-4139356C7E06} - System32\Tasks\{82E7D476-174B-4272-B099-5D3B06A7567E} => Firefox.exe hxxp://ui.skype.com/ui/0/7.7.85.103/en/abandoninstall?page=tsBing
Task: {C969C709-02A2-4899-8ED2-5B0C0B64FC7E} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-01-29] (Microsoft Corporation)
Task: {DBF5B2B6-7444-48ED-A009-15AB86FBD5A1} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-22] (Microsoft Corporation)
Task: {DD9F510C-95F4-499A-90C8-BAC5BC372FF4} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask => start sppsvc
Task: {DEF536B2-EAE0-4020-B486-095B6545FD5E} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2013-01-29] (Microsoft)
Task: {E4749B25-424E-4608-B6F4-797D1ED92605} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2696656946-2823728835-2560566368-1001Core => C:\Users\cookie\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {E924B388-6B50-480D-90C1-E153B2FA5190} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-26] (Google Inc.)
Task: {EB50DA6A-5BA9-45BC-8EA1-C5A232C22696} - System32\Tasks\{DC7403F6-F2E0-4EAE-88B1-CA4CE0712854} => pcalua.exe -a F:\WD_Windows_Tools\setup.exe -d F:\WD_Windows_Tools
Task: {F11FC597-5041-4BF1-90F8-813C851E50B9} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated)
Task: {F3B71EFC-53A1-4AB4-BE56-E2B469AC7912} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2696656946-2823728835-2560566368-1001Core.job => C:\Users\cookie\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2696656946-2823728835-2560566368-1001UA.job => C:\Users\cookie\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2696656946-2823728835-2560566368-1001Core.job => C:\Users\cookie\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2696656946-2823728835-2560566368-1001UA.job => C:\Users\cookie\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\cookie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MinGW\MinGW Shell.lnk -> C:\MinGW\msys\1.0\msys.bat ()

ShortcutWithArgument: C:\Users\cookie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Type IPA phonetic symbols - online keyboard (all languages).lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --app=hxxp://ipa.typeit.org/full/

==================== Loaded Modules (Whitelisted) ==============

2016-01-05 08:58 - 2013-09-03 13:29 - 00101328 _____ () C:\Program Files\Bitdefender\Bitdefender 2016\bdmetrics.dll
2016-01-05 08:58 - 2015-12-03 19:22 - 00876888 _____ () C:\Program Files\Bitdefender\Bitdefender 2016\otengines_001_001\ashttpbr.mdl
2016-01-05 08:58 - 2015-12-03 19:22 - 00742976 _____ () C:\Program Files\Bitdefender\Bitdefender 2016\otengines_001_001\ashttpdsp.mdl
2016-01-05 08:58 - 2015-12-03 19:22 - 02803536 _____ () C:\Program Files\Bitdefender\Bitdefender 2016\otengines_001_001\ashttpph.mdl
2016-01-05 08:58 - 2015-12-03 19:22 - 01415584 _____ () C:\Program Files\Bitdefender\Bitdefender 2016\otengines_001_001\ashttprbl.mdl
2015-11-20 14:57 - 2015-11-20 14:57 - 00085800 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-11-20 14:57 - 2015-11-20 14:57 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2010-11-18 20:18 - 2010-11-18 20:18 - 11190784 _____ () C:\Program Files\Toshiba\FlashCards\BlackPng.dll
2015-09-16 07:12 - 2015-09-16 07:12 - 00043480 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2008-02-13 11:46 - 2008-02-13 11:46 - 04523520 _____ () F:\WDSync_v7_1_020.exe
2015-01-21 14:59 - 2015-01-21 14:59 - 08898728 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2015-12-10 22:26 - 2015-10-30 19:59 - 00034768 _____ () C:\Users\cookie\AppData\Roaming\Dropbox\bin\_multiprocessing.pyd
2015-12-10 22:26 - 2015-10-30 20:00 - 00019408 _____ () C:\Users\cookie\AppData\Roaming\Dropbox\bin\faulthandler.pyd
2015-12-10 22:26 - 2015-12-08 16:36 - 00022848 _____ () C:\Users\cookie\AppData\Roaming\Dropbox\bin\Crypto.Random.OSRNG.winrandom.pyd
2015-12-10 22:26 - 2015-12-08 16:36 - 00023352 _____ () C:\Users\cookie\AppData\Roaming\Dropbox\bin\Crypto.Util._counter.pyd
2015-12-10 22:26 - 2015-12-08 16:36 - 00042296 _____ () C:\Users\cookie\AppData\Roaming\Dropbox\bin\Crypto.Cipher._AES.pyd
2015-12-10 22:26 - 2015-10-30 19:59 - 00116688 _____ () C:\Users\cookie\AppData\Roaming\Dropbox\bin\pywintypes27.dll
2015-12-10 22:26 - 2015-10-30 19:59 - 00093640 _____ () C:\Users\cookie\AppData\Roaming\Dropbox\bin\_ctypes.pyd
2015-12-10 22:26 - 2015-10-30 19:59 - 00018376 _____ () C:\Users\cookie\AppData\Roaming\Dropbox\bin\select.pyd
2015-12-10 22:26 - 2015-12-08 16:36 - 00019760 _____ () C:\Users\cookie\AppData\Roaming\Dropbox\bin\tornado.speedups.pyd
2015-12-10 22:26 - 2015-10-30 20:00 - 00105928 _____ () C:\Users\cookie\AppData\Roaming\Dropbox\bin\win32api.pyd
2015-12-10 22:26 - 2015-10-30 19:59 - 00392144 _____ () C:\Users\cookie\AppData\Roaming\Dropbox\bin\pythoncom27.dll
2015-12-10 22:26 - 2015-12-08 16:36 - 00381752 _____ () C:\Users\cookie\AppData\Roaming\Dropbox\bin\win32com.shell.shell.pyd
2015-12-10 22:26 - 2015-10-30 19:59 - 00692688 _____ () C:\Users\cookie\AppData\Roaming\Dropbox\bin\unicodedata.pyd
2015-12-10 22:26 - 2015-12-08 16:36 - 00020816 _____ () C:\Users\cookie\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._constant_time.pyd
2015-12-10 22:26 - 2015-10-30 20:00 - 00109520 _____ () C:\Users\cookie\AppData\Roaming\Dropbox\bin\_cffi_backend.pyd
2015-12-10 22:26 - 2015-12-08 16:36 - 01737032 _____ () C:\Users\cookie\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._openssl.pyd
2015-12-10 22:26 - 2015-12-08 16:36 - 00020808 _____ () C:\Users\cookie\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._padding.pyd
2015-12-10 22:26 - 2015-12-08 16:36 - 00020800 _____ () C:\Users\cookie\AppData\Roaming\Dropbox\bin\_cffi_python_x66cf7a7cx17a72769.pyd
2015-12-10 22:26 - 2015-12-08 16:36 - 00021840 _____ () C:\Users\cookie\AppData\Roaming\Dropbox\bin\_cffi_unicode_environ_win32_x8bf8e68bx9968e850.pyd
2015-12-10 22:26 - 2015-12-08 16:36 - 00038696 _____ () C:\Users\cookie\AppData\Roaming\Dropbox\bin\fastpath.pyd
2015-12-10 22:26 - 2015-10-30 20:00 - 00024528 _____ () C:\Users\cookie\AppData\Roaming\Dropbox\bin\win32event.pyd
2015-12-10 22:26 - 2015-10-30 20:00 - 00020936 _____ () C:\Users\cookie\AppData\Roaming\Dropbox\bin\mmapfile.pyd
2015-12-10 22:26 - 2015-10-30 20:00 - 00114640 _____ () C:\Users\cookie\AppData\Roaming\Dropbox\bin\win32security.pyd
2015-12-10 22:26 - 2015-12-08 16:36 - 00021320 _____ () C:\Users\cookie\AppData\Roaming\Dropbox\bin\_cffi_pywin_kernel32_xde9e4433x360333f0.pyd
2015-12-10 22:26 - 2015-10-30 20:00 - 00124880 _____ () C:\Users\cookie\AppData\Roaming\Dropbox\bin\win32file.pyd
2015-12-10 22:26 - 2015-10-30 20:00 - 00030160 _____ () C:\Users\cookie\AppData\Roaming\Dropbox\bin\win32pipe.pyd
2015-12-10 22:26 - 2015-10-30 20:00 - 00043472 _____ () C:\Users\cookie\AppData\Roaming\Dropbox\bin\win32process.pyd
2015-12-10 22:26 - 2015-10-30 20:00 - 00175560 _____ () C:\Users\cookie\AppData\Roaming\Dropbox\bin\win32gui.pyd
2015-12-10 22:26 - 2015-10-30 20:00 - 00028616 _____ () C:\Users\cookie\AppData\Roaming\Dropbox\bin\win32ts.pyd
2015-12-10 22:26 - 2015-10-30 20:00 - 00024016 _____ () C:\Users\cookie\AppData\Roaming\Dropbox\bin\win32clipboard.pyd
2015-12-10 22:26 - 2015-10-30 20:00 - 00048592 _____ () C:\Users\cookie\AppData\Roaming\Dropbox\bin\win32service.pyd
2015-12-10 22:26 - 2015-12-08 16:36 - 00024392 _____ () C:\Users\cookie\AppData\Roaming\Dropbox\bin\librsyncffi.compiled._librsyncffi.pyd
2015-12-10 22:26 - 2015-10-30 20:00 - 00036296 _____ () C:\Users\cookie\AppData\Roaming\Dropbox\bin\librsync.dll
2015-12-10 22:26 - 2015-10-30 20:00 - 00024016 _____ () C:\Users\cookie\AppData\Roaming\Dropbox\bin\win32profile.pyd
2015-12-10 22:26 - 2015-12-08 16:36 - 00117056 _____ () C:\Users\cookie\AppData\Roaming\Dropbox\bin\breakpad.client.windows.handler.pyd
2015-12-10 22:26 - 2015-12-08 16:36 - 00023376 _____ () C:\Users\cookie\AppData\Roaming\Dropbox\bin\winscreenshot.compiled._CaptureScreenshot.pyd
2015-12-10 22:26 - 2015-10-30 19:59 - 00134608 _____ () C:\Users\cookie\AppData\Roaming\Dropbox\bin\_elementtree.pyd
2015-12-10 22:26 - 2015-10-30 19:59 - 00134088 _____ () C:\Users\cookie\AppData\Roaming\Dropbox\bin\pyexpat.pyd
2015-12-10 22:26 - 2015-10-30 20:00 - 00240584 _____ () C:\Users\cookie\AppData\Roaming\Dropbox\bin\jpegtran.pyd
2015-12-10 22:26 - 2015-12-08 16:36 - 00020280 _____ () C:\Users\cookie\AppData\Roaming\Dropbox\bin\cpuid.compiled._cpuid.pyd
2015-12-10 22:26 - 2015-12-08 16:36 - 00052024 _____ () C:\Users\cookie\AppData\Roaming\Dropbox\bin\psutil._psutil_windows.pyd
2015-12-10 22:26 - 2015-12-08 16:36 - 00021304 _____ () C:\Users\cookie\AppData\Roaming\Dropbox\bin\Crypto.Util.strxor.pyd
2015-12-10 22:26 - 2015-10-30 20:00 - 00350152 _____ () C:\Users\cookie\AppData\Roaming\Dropbox\bin\winxpgui.pyd
2015-12-10 22:26 - 2015-12-08 16:36 - 00084792 _____ () C:\Users\cookie\AppData\Roaming\Dropbox\bin\dropbox_sqlite_ext.DLL
2015-12-10 22:26 - 2015-12-08 16:36 - 01826608 _____ () C:\Users\cookie\AppData\Roaming\Dropbox\bin\PyQt5.QtCore.pyd
2015-12-10 22:26 - 2015-10-30 20:00 - 00083912 _____ () C:\Users\cookie\AppData\Roaming\Dropbox\bin\sip.pyd
2015-12-10 22:26 - 2015-12-08 16:36 - 03891504 _____ () C:\Users\cookie\AppData\Roaming\Dropbox\bin\PyQt5.QtWidgets.pyd
2015-12-10 22:26 - 2015-12-08 16:36 - 01950000 _____ () C:\Users\cookie\AppData\Roaming\Dropbox\bin\PyQt5.QtGui.pyd
2015-12-10 22:26 - 2015-12-08 16:36 - 00519984 _____ () C:\Users\cookie\AppData\Roaming\Dropbox\bin\PyQt5.QtNetwork.pyd
2015-12-10 22:26 - 2015-12-08 16:36 - 00133936 _____ () C:\Users\cookie\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKit.pyd
2015-12-10 22:26 - 2015-12-08 16:36 - 00225080 _____ () C:\Users\cookie\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKitWidgets.pyd
2015-12-10 22:26 - 2015-12-08 16:36 - 00207672 _____ () C:\Users\cookie\AppData\Roaming\Dropbox\bin\PyQt5.QtPrintSupport.pyd
2015-12-10 22:26 - 2015-12-08 16:36 - 00024904 _____ () C:\Users\cookie\AppData\Roaming\Dropbox\bin\_cffi_wpad_proxy_win_x752e3d61xdcfdcc84.pyd
2015-12-10 22:26 - 2015-12-08 16:36 - 00486704 _____ () C:\Users\cookie\AppData\Roaming\Dropbox\bin\PyQt5.QtQuick.pyd
2015-12-10 22:26 - 2015-12-08 16:36 - 00357680 _____ () C:\Users\cookie\AppData\Roaming\Dropbox\bin\PyQt5.QtQml.pyd
2015-03-04 16:45 - 2015-10-30 20:01 - 00019920 _____ () C:\Users\cookie\AppData\Roaming\Dropbox\bin\QtQuick.2\qtquick2plugin.dll
2015-11-11 18:08 - 2015-10-30 20:00 - 00786904 _____ () C:\Users\cookie\AppData\Roaming\Dropbox\bin\QtQuick\Controls\qtquickcontrolsplugin.dll
2015-07-30 08:02 - 2015-10-30 20:00 - 00063448 _____ () C:\Users\cookie\AppData\Roaming\Dropbox\bin\QtQuick\Layouts\qquicklayoutsplugin.dll
2015-03-04 16:45 - 2015-10-30 20:00 - 00019408 _____ () C:\Users\cookie\AppData\Roaming\Dropbox\bin\QtQuick\Window.2\windowplugin.dll
2016-01-04 14:22 - 2016-01-04 14:22 - 01114648 _____ () C:\Users\cookie\AppData\Roaming\Mozilla\Firefox\Profiles\5eiwcocj.default-1421186635032\extensions\support@lastpass.com\platform\WINNT_x86-msvc\components\lpxpcom.dll
2015-01-21 14:58 - 2015-01-21 14:58 - 08898720 _____ () C:\Program Files (x86)\Microsoft Office\Office15\1033\GrooveIntlResource.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\cookie\Documents\PatilEtAlCogSci2014.pdf:com.dropbox.attributes
AlternateDataStreams: C:\Users\cookie\Documents\Stretching Scientifically - Thomas Kurz.pdf:com.dropbox.attributes
AlternateDataStreams: C:\Users\cookie\Documents\TBS Gift Card.pdf:com.dropbox.attributes
AlternateDataStreams: C:\Users\cookie\Documents\TBS Order Confirmation.pdf:com.dropbox.attributes

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NanoServiceMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSUAService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NanoServiceMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PSUAService => ""="Service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2016-01-10 09:17 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2696656946-2823728835-2560566368-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\cookie\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: Apple Mobile Device => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: TeamViewer8 => 2
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: BCSSync => "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
MSCONFIG\startupreg: Corsair K95 => C:\Program Files (x86)\Corsair\K95 Keyboard\K95Hid.exe
MSCONFIG\startupreg: Google Update => "C:\Users\cookie\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: KeePass 2 PreLoad => "C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe" --preload
MSCONFIG\startupreg: LWS => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
MSCONFIG\startupreg: Lync => "C:\Program Files (x86)\Microsoft Office\Office15\lync.exe" /fromrunkey
MSCONFIG\startupreg: PeerBlock => C:\Program Files\PeerBlock\peerblock.exe
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: Spotify => "C:\Users\cookie\AppData\Roaming\Spotify\Spotify.exe" -autostart -minimized
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\cookie\AppData\Roaming\Spotify\SpotifyWebHelper.exe"
MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\Steam.exe" -silent
MSCONFIG\startupreg: TPwrMain => %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
MSCONFIG\startupreg: TSleepSrv => %ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
MSCONFIG\startupreg: VirtualCloneDrive => "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
MSCONFIG\startupreg: VSee => "C:\Users\cookie\AppData\Roaming\VSeeInstall\vsee.exe" -quiet_start
MSCONFIG\startupreg: XboxStat => "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [TCP Query User{FAD4662C-4823-40B1-8390-C5F9F9F08391}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Allow) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe
FirewallRules: [UDP Query User{3888AA40-D141-4FD5-BC14-6B99D364442A}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Allow) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe
FirewallRules: [{361BF55A-7068-4314-BB4E-27FD022C26AC}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{BB7AFD27-1215-4443-842C-DC35B1B32E4E}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe
FirewallRules: [{AF099B6A-7595-461F-A167-FB85C3A05CE6}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [TCP Query User{8E424440-13D5-45D0-B5CD-62A000D4462D}C:\program files (x86)\winamp\winamp.exe] => (Allow) C:\program files (x86)\winamp\winamp.exe
FirewallRules: [UDP Query User{2962F176-ECB3-45DE-BC2D-1A28BF12ED97}C:\program files (x86)\winamp\winamp.exe] => (Allow) C:\program files (x86)\winamp\winamp.exe
FirewallRules: [{B8B5E582-B818-49DA-9D93-117C49FCFC26}] => (Allow) C:\Users\cookie\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{5C189DED-94B0-4D13-B276-9C5E9246C47E}] => (Allow) C:\Users\cookie\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [TCP Query User{6685C054-5334-413B-89A6-AC0597464669}C:\users\cookie\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\cookie\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{A3295C83-FDE9-4D90-B09C-83F2756F25B2}C:\users\cookie\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\cookie\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [TCP Query User{B813A9F3-BEAB-4682-971A-EFDF19DA40A3}C:\program files (x86)\firestorm-release\slvoice.exe] => (Allow) C:\program files (x86)\firestorm-release\slvoice.exe
FirewallRules: [UDP Query User{E80903A0-CE8B-4710-A1DF-C46147D80A5D}C:\program files (x86)\firestorm-release\slvoice.exe] => (Allow) C:\program files (x86)\firestorm-release\slvoice.exe
FirewallRules: [TCP Query User{BAA2EA8F-640C-4D04-AA6E-F1C24F6AB3E6}C:\users\cookie\appdata\roaming\vseeinstall\vsee.exe] => (Allow) C:\users\cookie\appdata\roaming\vseeinstall\vsee.exe
FirewallRules: [UDP Query User{6533D639-AD71-485E-A8B6-75EA1DF3EB1A}C:\users\cookie\appdata\roaming\vseeinstall\vsee.exe] => (Allow) C:\users\cookie\appdata\roaming\vseeinstall\vsee.exe
FirewallRules: [TCP Query User{698BEADD-63AA-42B9-BE90-1B5F3DF76648}C:\users\cookie\appdata\roaming\vseeinstall\vsee.exe] => (Allow) C:\users\cookie\appdata\roaming\vseeinstall\vsee.exe
FirewallRules: [UDP Query User{ABA78EF4-9557-48FF-94EB-ED3F16CB1BCB}C:\users\cookie\appdata\roaming\vseeinstall\vsee.exe] => (Allow) C:\users\cookie\appdata\roaming\vseeinstall\vsee.exe
FirewallRules: [{3EE0A7A6-BD26-41C1-87C1-F05B86B611D6}] => (Allow) C:\ProgramData\NexonUS\NGM\NGM.exe
FirewallRules: [{8D66CBDA-AE0A-4006-AE07-F26AF15DBB2F}] => (Allow) C:\ProgramData\NexonUS\NGM\NGM.exe
FirewallRules: [{BDB29141-B9DB-43DF-8F56-3A398B5A0514}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{6369B061-C267-4C19-B6D4-C21FEBEE60C9}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{84800ADD-DA3D-4107-80F0-C35C8CC89B9B}] => (Allow) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe
FirewallRules: [{CA2B9728-B991-4643-9CA2-239DE0FE28B3}] => (Allow) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe
FirewallRules: [{3D505A25-A48C-41D8-AD60-0AFF5FD7AAA5}] => (Allow) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
FirewallRules: [{29EF8B9E-7632-4EB4-AC1D-84E178971327}] => (Allow) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
FirewallRules: [{792DBD7F-FE33-440F-90E0-DF07712D6500}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Jet Set Radio\jsrsetup.exe
FirewallRules: [{D6966832-AA0B-41E9-82DE-D4A529CDD2C8}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Jet Set Radio\jsrsetup.exe
FirewallRules: [{5329D4F3-2F02-4AA4-B65F-49E680B1203A}] => (Allow) C:\Users\cookie\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
FirewallRules: [{2B5526CD-B730-457C-84A9-91E40955A2B7}] => (Allow) C:\Users\cookie\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
FirewallRules: [{0ADD25F0-7FE0-4223-BE90-B1D3724FEC8B}] => (Allow) C:\Users\cookie\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{7B7DF4A8-B6B5-4753-AB4E-37D9FED314BF}] => (Allow) C:\Users\cookie\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [TCP Query User{2A457B53-F5B0-41C9-8C7B-79A1E2B57034}C:\program files (x86)\popcorn time\popcorn-time.exe] => (Allow) C:\program files (x86)\popcorn time\popcorn-time.exe
FirewallRules: [UDP Query User{F9BED84F-14BC-4D3A-ADD8-60A9432EFC5E}C:\program files (x86)\popcorn time\popcorn-time.exe] => (Allow) C:\program files (x86)\popcorn time\popcorn-time.exe
FirewallRules: [{5B2921BA-A9E3-4D98-BD3B-AE8BEC06DE09}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
FirewallRules: [{7BE03DCF-2A47-4DB3-A211-10003559D632}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
FirewallRules: [{9C3D7007-F7F6-4D77-8C5E-008A11FB6116}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{8E9D3528-C72D-4208-92F9-008A8B618F73}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{E7D5776A-0A71-4044-8235-2AD13D374594}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{79997FC4-35B2-49F3-A02F-DEA543FA6FAD}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{F80BEA8D-4B54-4758-871E-C987AA1F1272}C:\python34\pythonw.exe] => (Allow) C:\python34\pythonw.exe
FirewallRules: [UDP Query User{02848205-E3BC-4D5D-A22E-8CD40D83160A}C:\python34\pythonw.exe] => (Allow) C:\python34\pythonw.exe
FirewallRules: [TCP Query User{6DEE97AA-412A-465E-9A72-50A7CC57B6F3}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{0E2CE1EB-95A8-4C57-B5B5-8505B52D7D37}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [TCP Query User{4CB4C8A6-A9D2-4879-BA2D-A62CE5EDB365}C:\users\cookie\appdata\local\popcorn time\node-webkit\popcorn time.exe] => (Allow) C:\users\cookie\appdata\local\popcorn time\node-webkit\popcorn time.exe
FirewallRules: [UDP Query User{1ED3C7D3-4A9D-48E1-992E-BC2F9B0D85C4}C:\users\cookie\appdata\local\popcorn time\node-webkit\popcorn time.exe] => (Allow) C:\users\cookie\appdata\local\popcorn time\node-webkit\popcorn time.exe
FirewallRules: [TCP Query User{25657DF7-0673-42AA-B2B7-D3EE6795DB8C}C:\program files\tixati\tixati.exe] => (Allow) C:\program files\tixati\tixati.exe
FirewallRules: [UDP Query User{5A939AD3-40C9-465E-93CE-7F2A970EB55A}C:\program files\tixati\tixati.exe] => (Allow) C:\program files\tixati\tixati.exe
FirewallRules: [{29B47F14-403D-476C-81C8-63FBBE4E1E8D}] => (Allow) C:\Users\cookie\AppData\Local\Temp\nsq290E.tmp\CnetInstaller-10067444.exe
FirewallRules: [{C32EEF61-6C1F-44B5-937C-1CB90B61AA2F}] => (Allow) C:\Users\cookie\AppData\Local\Temp\nsq290E.tmp\CnetInstaller-10067444.exe
FirewallRules: [{011900C2-2C8F-4233-AF64-F5CBFA15932D}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\IDE\devenv.exe
FirewallRules: [TCP Query User{DB447168-F411-48A3-B01C-9C43C4514074}C:\users\cookie\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\cookie\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{9AE044CE-D719-44AD-B74C-03A31189AADF}C:\users\cookie\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\cookie\appdata\roaming\spotify\spotify.exe
FirewallRules: [{9E4FBFB0-647B-4830-9032-E94BA61FC6F7}] => (Block) C:\users\cookie\appdata\roaming\spotify\spotify.exe
FirewallRules: [{A4F68DA2-9089-4351-9DE8-D0E68E810461}] => (Block) C:\users\cookie\appdata\roaming\spotify\spotify.exe
FirewallRules: [{3792A563-FA48-479F-83B1-1E806946456A}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{6B27A4DE-055E-4E36-9054-52DA7683A45C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{04206D19-C56A-42CF-9DB4-C5D93E7425ED}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{2453ACCB-876D-4D23-B09E-AC0EB94B1CFD}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{B522D5D5-5C8C-470B-A2F7-C202F44A301C}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{C17C43FE-20FF-4A4B-976A-4CEEC3B38B61}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{8C44DEDF-3A95-4B51-AA5D-A9B31B9C41F9}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{FDFD1B7A-80E8-4012-80FF-0FDDF5FE882C}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{10536039-1730-4216-A635-989F0808BEDD}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{191AC203-D372-4967-86AB-E88DDC725203}] => (Allow) LPort=1688
FirewallRules: [{C6D7E7EB-FF80-46CA-9F87-ED7172E7868F}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe
FirewallRules: [{13E636D3-C917-4F03-9D12-AF31494CEDE5}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe

==================== Restore Points =========================

06-01-2016 04:23:40 Scheduled Checkpoint
06-01-2016 05:51:30 Windows Update

==================== Faulty Device Manager Devices =============

Name: Photosmart D110 series
Description: Photosmart D110 series
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: HP
Service: StillCam
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Photosmart D110 series
Description: Photosmart D110 series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (01/10/2016 10:03:22 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "NdkApi,type="win32",version="1.0.0.1"1".
Dependent Assembly NdkApi,type="win32",version="1.0.0.1" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (01/10/2016 09:55:44 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Explorer.EXE version 6.1.7601.17567 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1584

Start Time: 01d14bb1a0d888b0

Termination Time: 301

Application Path: C:\windows\Explorer.EXE

Report Id: 2e691d3d-b7aa-11e5-9faa-047d7b6eab86

Error: (01/10/2016 09:27:22 AM) (Source: Software Protection Platform Service) (EventID: 1017) (User: )
Description: Installation of the Proof of Purchase failed. 0xC004F050
Partial Pkey=6CKHM
ACID=?
Detailed Error[?]

Error: (01/10/2016 09:19:19 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "NdkApi,type="win32",version="1.0.0.1"1".
Dependent Assembly NdkApi,type="win32",version="1.0.0.1" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (01/10/2016 09:18:29 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/10/2016 09:17:25 AM) (Source: Software Protection Platform Service) (EventID: 1017) (User: )
Description: Installation of the Proof of Purchase failed. 0xC004F050
Partial Pkey=6CKHM
ACID=?
Detailed Error[?]

Error: (01/10/2016 09:14:37 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: plugin-container.exe, version: 43.0.1.5828, time stamp: 0x56723a12
Faulting module name: mozglue.dll, version: 43.0.1.5828, time stamp: 0x56722c0b
Exception code: 0x80000003
Fault offset: 0x0000ed63
Faulting process id: 0x10c4
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report Id: plugin-container.exe3

Error: (01/10/2016 09:14:35 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: psprofiler.exe, version: 4.0.0.21, time stamp: 0x5448c49c
Faulting module name: psprofiler.exe, version: 4.0.0.21, time stamp: 0x5448c49c
Exception code: 0xc0000005
Fault offset: 0x0001be23
Faulting process id: 0x17bc
Faulting application start time: 0xpsprofiler.exe0
Faulting application path: psprofiler.exe1
Faulting module path: psprofiler.exe2
Report Id: psprofiler.exe3

Error: (01/10/2016 09:14:29 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "NdkApi,type="win32",version="1.0.0.1"1".
Dependent Assembly NdkApi,type="win32",version="1.0.0.1" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (01/10/2016 09:14:28 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "NdkApi,type="win32",version="1.0.0.1"1".
Dependent Assembly NdkApi,type="win32",version="1.0.0.1" could not be found.
Please use sxstrace.exe for detailed diagnosis.


System errors:
=============
Error: (01/10/2016 09:17:21 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The KMS Server Service service terminated unexpectedly. It has done this 1 time(s).

Error: (01/10/2016 09:17:00 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Panda Product Service service failed to start due to the following error:
%%2

Error: (01/10/2016 09:17:00 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Panda Protection Service service failed to start due to the following error:
%%2

Error: (01/10/2016 09:16:54 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.

Module Path: C:\windows\system32\Rtlihvs.dll
Error Code: 126

Error: (01/10/2016 09:14:24 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}

Error: (01/10/2016 02:41:04 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

Error: (01/09/2016 07:42:41 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Error: (01/09/2016 07:42:37 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the VSSERV service.

Error: (01/08/2016 06:06:26 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The KMS Server Service service terminated unexpectedly. It has done this 1 time(s).

Error: (01/08/2016 06:06:12 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Panda Product Service service failed to start due to the following error:
%%2


CodeIntegrity:
===================================
Date: 2016-01-04 19:42:07.257
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\SMCLpav\Pav2WSC.exe because the set of per-page image hashes could not be found on the system.

Date: 2016-01-04 19:42:07.179
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\SMCLpav\Pav2WSC.exe because the set of per-page image hashes could not be found on the system.

Date: 2016-01-04 19:42:07.086
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\SMCLpav\Pav2WSC.exe because the set of per-page image hashes could not be found on the system.

Date: 2016-01-04 19:42:06.992
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\SMCLpav\Pav2WSC.exe because the set of per-page image hashes could not be found on the system.

Date: 2016-01-04 19:42:06.898
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\SMCLpav\Pav2WSC.exe because the set of per-page image hashes could not be found on the system.

Date: 2016-01-04 19:42:06.820
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\SMCLpav\Pav2WSC.exe because the set of per-page image hashes could not be found on the system.

Date: 2016-01-04 19:42:06.711
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\SMCLpav\Pav2WSC.exe because the set of per-page image hashes could not be found on the system.

Date: 2016-01-04 19:42:06.618
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\SMCLpav\Pav2WSC.exe because the set of per-page image hashes could not be found on the system.

Date: 2016-01-04 19:42:06.524
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\SMCLpav\Pav2WSC.exe because the set of per-page image hashes could not be found on the system.

Date: 2016-01-04 19:38:44.527
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\SMCLpav\Pav2WSC.exe because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: AMD A6-3420M APU with Radeon™ HD Graphics
Percentage of memory in use: 60%
Total physical RAM: 3558.87 MB
Available physical RAM: 1396.96 MB
Total Virtual: 7115.94 MB
Available Virtual: 4433.65 MB

==================== Drives ================================

Drive c: (TI106304W0E) (Fixed) (Total:580.04 GB) (Free:259.11 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive f: (My Passport) (Fixed) (Total:298.01 GB) (Free:293.36 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 596.2 GB) (Disk ID: 52A8BCE0)
Partition 1: (Active) - (Size=1.5 GB) - (Type=27)
Partition 2: (Not Active) - (Size=580 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=14.7 GB) - (Type=17)

========================================================
Disk: 1 (Size: 298.1 GB) (Disk ID: 41FFC810)
Partition 1: (Active) - (Size=298.1 GB) - (Type=0C)

==================== End of Addition.txt ============================
==================== End of FRST.txt ============================

Attached Files


Edited by Oh My!, 13 January 2016 - 11:24 AM.


BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,022 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:59 AM

Posted 13 January 2016 - 11:25 AM

Greetings sqarcle and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far.

Unfortunately there is evidence of illegal software on your computer. I am going to request you completely uninstall Microsoft Office Professional Plus 2013 and all other products for which you do not have a valid Product Key. If you are willing to do that please rerun a FRST scan with Addition.txt and post both logs. If you prefer to leave the programs on your computer let me know that and I will be closing the Topic.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 sqarcle

sqarcle
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:11:59 AM

Posted 13 January 2016 - 06:30 PM

Hi Gary, my name is Vanessa.

 

I've uninstalled Microsoft Office and rerun FRST. Following are the logs:

 

FRST.txt:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:09-01-2015
Ran by cookie (administrator) on LOLLIPOP (13-01-2016 18:26:00)
Running from C:\Users\cookie\Desktop
Loaded Profiles: cookie (Available Profiles: cookie)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 10 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2016\vsserv.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe
(Bitdefender) C:\Program Files\Bitdefender Agent\ProductAgentService.exe
(@ByELDI) C:\Program Files\KMSpico\Service_KMS.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2016\updatesrv.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2016\bdagent.exe
(Flux Software LLC) C:\Users\cookie\AppData\Local\FluxSoftware\Flux\flux.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2016\bdwtxag.exe
(Dropbox, Inc.) C:\Users\cookie\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Google) C:\Users\cookie\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_20_0_0_267.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_20_0_0_267.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [] => [X]
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [972672 2011-04-27] (TOSHIBA Corporation)
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [562304 2011-06-30] (Conexant Systems, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2679592 2011-02-03] (Synaptics Incorporated)
HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1647616 2012-06-13] (Conexant Systems, Inc.)
HKLM\...\Run: [Bdagent] => C:\Program Files\Bitdefender\Bitdefender 2016\bdagent.exe [1720488 2015-12-10] (Bitdefender)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642216 2012-08-08] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [PSUAMain] => "C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe" /LaunchSysTray
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596528 2015-11-09] (Oracle Corporation)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2015-08-06] (Apple Inc.)
HKU\S-1-5-21-2696656946-2823728835-2560566368-1001\...\Run: [F.lux] => C:\Users\cookie\AppData\Local\FluxSoftware\Flux\flux.exe [1016712 2013-10-15] (Flux Software LLC)
HKU\S-1-5-21-2696656946-2823728835-2560566368-1001\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation)
HKU\S-1-5-21-2696656946-2823728835-2560566368-1001\...\Run: [Google Update] => C:\Users\cookie\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-29] (Google Inc.)
HKU\S-1-5-21-2696656946-2823728835-2560566368-1001\...\Run: [Dropbox Update] => C:\Users\cookie\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-16] (Dropbox, Inc.)
HKU\S-1-5-21-2696656946-2823728835-2560566368-1001\...\Run: [Bitdefender Wallet Agent] => C:\Program Files\Bitdefender\Bitdefender 2016\bdwtxag.exe [1423288 2015-12-10] (Bitdefender)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\cookie\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\cookie\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\cookie\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\cookie\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\cookie\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\cookie\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\cookie\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\cookie\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass FF RunOnce.lnk [2014-01-02]
ShortcutTarget: Install LastPass FF RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk [2014-01-02]
ShortcutTarget: Install LastPass IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass)
Startup: C:\Users\cookie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-12-10]
ShortcutTarget: Dropbox.lnk -> C:\Users\cookie\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
GroupPolicyScripts-x32: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{4F249FCB-81DC-4926-A792-CD7E26199F26}: [DhcpNameServer] 209.222.18.222 209.222.18.218
Tcpip\..\Interfaces\{DA9169B1-DA52-4E82-8425-9FBF7B10E283}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKU\S-1-5-21-2696656946-2823728835-2560566368-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.toshiba.com
HKU\S-1-5-21-2696656946-2823728835-2560566368-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://start.toshiba.com
SearchScopes: HKLM -> DefaultScope {57AF7CDB-9903-47BF-85E4-C26C3355AD6C} URL = hxxp://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {57AF7CDB-9903-47BF-85E4-C26C3355AD6C} URL = hxxp://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP
SearchScopes: HKLM-x32 -> DefaultScope {57AF7CDB-9903-47BF-85E4-C26C3355AD6C} URL = hxxp://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {57AF7CDB-9903-47BF-85E4-C26C3355AD6C} URL = hxxp://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP
SearchScopes: HKU\.DEFAULT -> DefaultScope {57AF7CDB-9903-47BF-85E4-C26C3355AD6C} URL =
SearchScopes: HKU\S-1-5-21-2696656946-2823728835-2560566368-1001 -> DefaultScope {76E202F3-D464-4763-A143-705F7C435601} URL = hxxps://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=926458&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2696656946-2823728835-2560566368-1001 -> {1A66CBE7-5DFC-4C2D-BB8C-00E54510C07B} URL = hxxp://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP
SearchScopes: HKU\S-1-5-21-2696656946-2823728835-2560566368-1001 -> {57AF7CDB-9903-47BF-85E4-C26C3355AD6C} URL =
SearchScopes: HKU\S-1-5-21-2696656946-2823728835-2560566368-1001 -> {76E202F3-D464-4763-A143-705F7C435601} URL = hxxps://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=926458&p={searchTerms}
BHO: Bitdefender Wallet  -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender 2016\pmbxie.dll [2015-12-10] (Bitdefender)
BHO: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2014-01-02] (LastPass)
BHO-x32: Bitdefender Wallet -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender 2016\Antispam32\pmbxie.dll [2015-12-10] (Bitdefender)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\ssv.dll [2015-12-06] (Oracle Corporation)
BHO-x32: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar.dll [2014-01-02] (LastPass)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\jp2ssv.dll [2015-12-06] (Oracle Corporation)
Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2014-01-02] (LastPass)
Toolbar: HKLM - Bitdefender Wallet  - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2016\pmbxie.dll [2015-12-10] (Bitdefender)
Toolbar: HKLM-x32 - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll [2014-01-02] (LastPass)
Toolbar: HKLM-x32 - Bitdefender Wallet - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2016\Antispam32\pmbxie.dll [2015-12-10] (Bitdefender)

FireFox:
========
FF ProfilePath: C:\Users\cookie\AppData\Roaming\Mozilla\Firefox\Profiles\5eiwcocj.default-1421186635032
FF DefaultSearchEngine: Google
FF DefaultSearchEngine.US: Google
FF Homepage: google.ca
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_20_0_0_267.dll [2015-12-28] ()
FF Plugin: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2014-01-02] (LastPass)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_267.dll [2015-12-28] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-14] ()
FF Plugin-x32: @gametap.com/npdd,version=1.0 -> C:\Program Files (x86)\Downloader\npdd.dll [2012-07-20] (Metaboli)
FF Plugin-x32: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2015-12-06] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2015-12-06] (Oracle Corporation)
FF Plugin-x32: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass.dll [2014-01-02] (LastPass)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [No File]
FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-02] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2696656946-2823728835-2560566368-1001: @talk.google.com/GoogleTalkPlugin -> C:\Users\cookie\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-2696656946-2823728835-2560566368-1001: @talk.google.com/O1DPlugin -> C:\Users\cookie\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-2696656946-2823728835-2560566368-1001: @tools.google.com/Google Update;version=3 -> C:\Users\cookie\AppData\Local\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-02] (Google Inc.)
FF Plugin HKU\S-1-5-21-2696656946-2823728835-2560566368-1001: @tools.google.com/Google Update;version=9 -> C:\Users\cookie\AppData\Local\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-02] (Google Inc.)
FF Plugin HKU\S-1-5-21-2696656946-2823728835-2560566368-1001: vsee.com/VSeeDetection -> C:\Users\cookie\AppData\Roaming\VSeeInstall\npVSeeDetection.dll [2013-07-29] (VSee Lab)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2015-12-12] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2015-12-12] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2015-12-12] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2015-12-12] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2015-12-12] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\cookie\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\cookie\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Extension: Add to Amazon Wish List Button - C:\Users\cookie\AppData\Roaming\Mozilla\Firefox\Profiles\5eiwcocj.default-1421186635032\extensions\amznUWL2@amazon.com.xpi [2015-05-29]
FF Extension: LastPass - C:\Users\cookie\AppData\Roaming\Mozilla\Firefox\Profiles\5eiwcocj.default-1421186635032\extensions\support@lastpass.com [2016-01-04]
FF Extension: AmazonSmile 1Button for Firefox - C:\Users\cookie\AppData\Roaming\Mozilla\Firefox\Profiles\5eiwcocj.default-1421186635032\Extensions\smile1Button@amazon.com.xpi [2015-05-29]
FF Extension: uBlock Origin - C:\Users\cookie\AppData\Roaming\Mozilla\Firefox\Profiles\5eiwcocj.default-1421186635032\Extensions\uBlock0@raymondhill.net.xpi [2016-01-11]
FF Extension: Boomerang for Gmail - C:\Users\cookie\AppData\Roaming\Mozilla\Firefox\Profiles\5eiwcocj.default-1421186635032\Extensions\{65e41d20-f092-41b7-bb83-c6e8a9ab0f57}.xpi [2015-08-26]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2012-10-06] [not signed]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2012-10-17] [not signed]
FF HKLM\...\Firefox\Extensions: [bdwteffv20@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2016\antispam32\bdwteff
FF Extension: Bitdefender Wallet - C:\Program Files\Bitdefender\Bitdefender 2016\antispam32\bdwteff [2015-12-16]
FF HKLM\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2016\bdtbext
FF Extension: Bitdefender Antispam Toolbar - C:\Program Files\Bitdefender\Bitdefender 2016\bdtbext [2015-12-16] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [bdwteffv20@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2016\antispam32\bdwteff
FF Extension: Bitdefender Wallet - C:\Program Files\Bitdefender\Bitdefender 2016\antispam32\bdwteff [2015-12-16]
FF HKLM-x32\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2016\bdtbext
FF Extension: Bitdefender Antispam Toolbar - C:\Program Files\Bitdefender\Bitdefender 2016\bdtbext [2015-12-16] [not signed]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com
CHR StartupUrls: Default -> "hxxps://gmail.com/","hxxp://facebook.com/","hxxp://tumblr.com/","hxxps://twitter.com/","hxxp://moodle.yorku.ca/","hxxp://mymail.yorku.ca/"
CHR DefaultSearchURL: Default -> hxxps://search.yahoo.com/search?fr=chr-yo_gc&ei=utf-8&ilc=12&type=926458&p={searchTerms}
CHR DefaultSearchKeyword: Default -> yahoo.com search
CHR DefaultSuggestURL: Default -> hxxps://ff.search.yahoo.com/gossip?output=fxjson&command={searchTerms}
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\cookie\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.2.464\_platform_specific\win_x86\widevinecdmadapter.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.106\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.106\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.106\pdf.dll => No File
CHR Plugin: (Chrome Remote Desktop) - C:\Users\cookie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp\35.0.1916.38_0\remoting_host_plugin.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll => No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL => No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll => No File
CHR Plugin: (Downloader Detector) - C:\Program Files (x86)\Downloader\npdd.dll (Metaboli)
CHR Plugin: (Java Deployment Toolkit 7.0.550.14) - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll => No File
CHR Plugin: (Java™ Platform SE 7 U55) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll => No File
CHR Plugin: (NPLastPass) - C:\Program Files (x86)\LastPass\nplastpass.dll (LastPass)
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Nexon Game Controller) - C:\ProgramData\NexonUS\NGM\npNxGameUS.dll => No File
CHR Plugin: (Google Update) - C:\Users\cookie\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll => No File
CHR Plugin: (Google Talk Plugin) - C:\Users\cookie\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
CHR Plugin: (Google Talk Plugin Video Renderer) - C:\Users\cookie\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
CHR Plugin: (VSeeDetection) - C:\Users\cookie\AppData\Roaming\VSeeInstall\npVSeeDetection.dll (VSee Lab)
CHR Plugin: (Shockwave Flash) - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll => No File
CHR Profile: C:\Users\cookie\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (YouTube) - C:\Users\cookie\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-30]
CHR Extension: (Add to Amazon Wish List) - C:\Users\cookie\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced [2013-09-09]
CHR Extension: (uBlock Origin) - C:\Users\cookie\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2016-01-09]
CHR Extension: (Google Search) - C:\Users\cookie\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-01-09]
CHR Extension: (Bitdefender Wallet) - C:\Users\cookie\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhejlifdlcgcmogbggeomfodgklfaem [2016-01-09]
CHR Extension: (Chrome Remote Desktop) - C:\Users\cookie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2016-01-09]
CHR Extension: (AmazonSmile 1Button for Chrome) - C:\Users\cookie\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdgenjhkjihnmigcommchefpajjhdmba [2015-02-21]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\cookie\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2016-01-09]
CHR Extension: (Ella Moss) - C:\Users\cookie\AppData\Local\Google\Chrome\User Data\Default\Extensions\klghmpijngbhkpcnbdjpdbognohonimk [2014-11-22]
CHR Extension: (Chrome Web Store Payments) - C:\Users\cookie\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-10-30]
CHR Extension: (Gmail) - C:\Users\cookie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-06]
CHR HKLM-x32\...\Chrome\Extension: [dhhejlifdlcgcmogbggeomfodgklfaem] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
S3 fussvc; C:\Program Files (x86)\Windows Kits\8.1\App Certification Kit\fussvc.exe [142336 2014-02-19] (Microsoft Corporation) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
S2 KMSServerService; C:\windows\KMSServerService\KMS Server Service.exe [211968 2014-12-27] (My Digital Life Forums) [File not signed]
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [50688 2014-04-28] (Hewlett-Packard) [File not signed]
R2 PandaAgent; C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe [73464 2015-10-28] (Panda Security, S.L.)
S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [66048 2014-04-28] (Hewlett-Packard) [File not signed]
R2 ProductAgentService; C:\Program Files\Bitdefender Agent\ProductAgentService.exe [857288 2015-11-09] (Bitdefender)
R2 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [966336 2014-12-04] (@ByELDI) [File not signed]
S3 Te.Service; C:\Program Files (x86)\Windows Kits\8.1\Testing\Runtimes\TAEF\Wex.Services.exe [119808 2013-08-22] (Microsoft Corporation) [File not signed]
R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender 2016\updatesrv.exe [124488 2015-09-29] (Bitdefender)
R2 VSSERV; C:\Program Files\Bitdefender\Bitdefender 2016\vsserv.exe [1604080 2015-12-09] (Bitdefender)
S3 VSStandardCollectorService140; C:\Program Files (x86)\Microsoft Visual Studio 14.0\Team Tools\DiagnosticsHub\Collector\StandardCollector.Service.exe [50408 2015-04-23] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 NanoServiceMain; "C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe" [X]
S2 PSUAService; "C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe" [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [1600512 2015-10-28] (BitDefender)
R3 avchv; C:\Windows\System32\DRIVERS\avchv.sys [282000 2015-09-17] (BitDefender)
S3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [775424 2015-09-17] (BitDefender)
R1 bdfwfpf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [107080 2012-10-29] (BitDefender LLC)
R1 BDVEDISK; C:\Windows\System32\DRIVERS\bdvedisk.sys [87912 2015-12-04] (BitDefender)
S3 CORK95; C:\Windows\System32\drivers\CORK95.sys [25600 2012-10-31] ( ) [File not signed]
S3 CorsairVBusDriver; C:\Windows\System32\DRIVERS\CorsairVBusDriver.sys [48808 2015-02-03] (Corsair)
S3 CorsairVHidDriver; C:\Windows\System32\DRIVERS\CorsairVHidDriver.sys [22696 2015-02-03] (Corsair)
S3 cpudrv64; C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [17864 2011-06-02] ()
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R0 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [160032 2015-04-29] (BitDefender LLC)
R0 ignis; C:\Windows\System32\DRIVERS\ignis.sys [271808 2015-10-22] (Bitdefender)
R1 NNSALPC; C:\Windows\System32\DRIVERS\NNSAlpc.sys [94456 2015-07-09] (Panda Security, S.L.)
R1 NNSHTTP; C:\Windows\System32\DRIVERS\NNSHttp.sys [201976 2015-07-09] (Panda Security, S.L.)
R1 NNSHTTPS; C:\Windows\System32\DRIVERS\NNSHttps.sys [110840 2015-07-09] (Panda Security, S.L.)
R1 NNSIDS; C:\Windows\System32\DRIVERS\NNSIds.sys [110840 2015-07-09] (Panda Security, S.L.)
R1 NNSNAHSL; C:\Windows\System32\DRIVERS\NNSNAHSL.sys [57648 2015-05-20] (Panda Security, S.L.)
R1 NNSPICC; C:\Windows\System32\DRIVERS\NNSPicc.sys [103160 2015-07-09] (Panda Security, S.L.)
R1 NNSPIHSW; C:\Windows\System32\DRIVERS\NNSPihsw.sys [73464 2015-08-31] (Panda Security, S.L.)
R1 NNSPOP3; C:\Windows\System32\DRIVERS\NNSPop3.sys [124152 2015-07-09] (Panda Security, S.L.)
R1 NNSPROT; C:\Windows\System32\DRIVERS\NNSProt.sys [300280 2015-07-09] (Panda Security, S.L.)
R1 NNSPRV; C:\Windows\System32\DRIVERS\NNSPrv.sys [170232 2015-07-09] (Panda Security, S.L.)
R1 NNSSMTP; C:\Windows\System32\DRIVERS\NNSSmtp.sys [113400 2015-07-09] (Panda Security, S.L.)
R1 NNSSTRM; C:\Windows\System32\DRIVERS\NNSStrm.sys [257784 2015-07-09] (Panda Security, S.L.)
R1 NNSTLSC; C:\Windows\System32\DRIVERS\NNSTlsc.sys [106232 2015-07-09] (Panda Security, S.L.)
R2 PSINAflt; C:\Windows\System32\DRIVERS\PSINAflt.sys [164088 2015-07-19] (Panda Security, S.L.)
R2 PSINFile; C:\Windows\System32\DRIVERS\PSINFile.sys [121592 2015-07-19] (Panda Security, S.L.)
R1 PSINKNC; C:\Windows\System32\DRIVERS\psinknc.sys [197880 2015-07-19] (Panda Security, S.L.)
R2 PSINProc; C:\Windows\System32\DRIVERS\PSINProc.sys [124152 2015-07-19] (Panda Security, S.L.)
R2 PSINProt; C:\Windows\System32\DRIVERS\PSINProt.sys [134392 2015-07-19] (Panda Security, S.L.)
R2 PSINReg; C:\Windows\System32\DRIVERS\PSINReg.sys [107768 2015-07-19] (Panda Security, S.L.)
S3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [61712 2015-05-22] (Panda Security, S.L.)
R3 RTWlanE; C:\Windows\System32\DRIVERS\rtwlane.sys [1514568 2013-05-02] (Realtek Semiconductor Corporation                           )
R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [477272 2015-06-02] (BitDefender S.R.L.)
S3 usbbus; C:\Windows\System32\DRIVERS\lgx64bus.sys [17920 2008-11-11] (LG Electronics Inc.)
S3 USBModem; C:\Windows\System32\DRIVERS\lgx64modem.sys [33792 2008-11-11] (LG Electronics Inc.)
S3 EagleX64; \??\C:\windows\system32\drivers\EagleX64.sys [X]
S3 netr28ux; system32\DRIVERS\netr28ux.sys [X]
S3 vmci; \SystemRoot\system32\DRIVERS\vmci.sys [X]
S3 VMnetAdapter; system32\DRIVERS\vmnetadapter.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-01-13 18:26 - 2016-01-13 18:26 - 00030670 _____ C:\Users\cookie\Desktop\FRST.txt
2016-01-12 10:05 - 2016-01-12 10:05 - 00000000 ____D C:\Users\cookie\Documents\5 Minute Yoga
2016-01-11 07:45 - 2016-01-11 08:03 - 00000194 _____ C:\Users\cookie\Documents\adapt scattergories.txt
2016-01-10 09:59 - 2016-01-13 18:26 - 00000000 ____D C:\FRST
2016-01-10 09:58 - 2016-01-10 09:58 - 02370560 _____ (Farbar) C:\Users\cookie\Desktop\FRST64.exe
2016-01-09 15:06 - 2016-01-09 15:06 - 00001874 _____ C:\Users\cookie\AppData\Roaming\Microsoft\Windows\Start Menu\ELAN 4.9.2.lnk
2016-01-09 15:06 - 2016-01-09 15:06 - 00000000 ____D C:\Program Files (x86)\ELAN 4.9.2
2016-01-09 15:03 - 2016-01-09 15:05 - 80950717 _____ (Macrovision) C:\Users\cookie\Downloads\ELAN_4-9-2_win.exe
2016-01-09 12:55 - 2016-01-09 13:58 - 00001058 _____ C:\Users\cookie\Documents\github.txt
2016-01-07 09:27 - 2016-01-07 09:27 - 00000037 _____ C:\Users\cookie\Documents\adapt vocab.txt
2016-01-07 06:08 - 2016-01-07 06:08 - 00000385 _____ C:\Users\cookie\AppData\Roaminguser_gensett.xml
2016-01-06 09:33 - 2016-01-12 21:49 - 00004739 _____ C:\bdlog.txt
2016-01-05 09:02 - 2016-01-05 09:02 - 00413908 _____ C:\ProgramData\1452001207.bdinstall.bin
2016-01-05 09:02 - 2016-01-05 09:02 - 00000385 _____ C:\windows\system32\user_gensett.xml
2016-01-05 09:01 - 2016-01-05 09:01 - 00000684 ____H C:\bdr-cf01
2016-01-05 09:00 - 2016-01-05 09:00 - 00000000 ____H C:\windows\system32\Drivers\Msft_Kernel_avchv_01009.Wdf
2016-01-05 09:00 - 2016-01-05 09:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bitdefender 2016
2016-01-05 09:00 - 2016-01-05 09:00 - 00000000 ____D C:\ProgramData\BDLogging
2016-01-05 08:59 - 2007-04-11 10:11 - 00511328 _____ (Microsoft Corporation) C:\windows\capicom.dll
2016-01-05 08:58 - 2015-12-04 19:27 - 00087912 _____ (BitDefender) C:\windows\system32\Drivers\bdvedisk.sys
2016-01-05 08:58 - 2015-10-28 13:01 - 01600512 _____ (BitDefender) C:\windows\system32\Drivers\avc3.sys
2016-01-05 08:58 - 2015-10-22 14:02 - 00271808 _____ (Bitdefender) C:\windows\system32\Drivers\ignis.sys
2016-01-05 08:58 - 2015-09-17 21:24 - 00282000 _____ (BitDefender) C:\windows\system32\Drivers\avchv.sys
2016-01-05 08:58 - 2015-09-17 21:23 - 00775424 _____ (BitDefender) C:\windows\system32\Drivers\avckf.sys
2016-01-05 08:57 - 2016-01-05 09:07 - 00000000 ____D C:\Users\cookie\AppData\Roaming\Bitdefender
2016-01-05 08:57 - 2016-01-05 09:01 - 00253404 ____H C:\bdr-ld01
2016-01-05 08:57 - 2016-01-05 09:01 - 00009216 ____H C:\bdr-ld01.mbr
2016-01-05 08:57 - 2015-12-15 21:35 - 49760229 ____H C:\bdr-im01.gz
2016-01-05 08:57 - 2013-08-13 12:38 - 03271472 ____H C:\bdr-bz01
2016-01-05 08:18 - 2016-01-05 09:19 - 00000000 ____D C:\ProgramData\Bitdefender
2016-01-05 08:18 - 2015-04-29 13:32 - 00160032 ____N (BitDefender LLC) C:\windows\system32\Drivers\gzflt.sys
2016-01-05 08:17 - 2016-01-05 08:18 - 00000000 ____D C:\Program Files\Common Files\Bitdefender
2016-01-05 08:17 - 2016-01-05 08:17 - 00000000 ____D C:\Users\cookie\AppData\Roaming\QuickScan
2016-01-05 08:17 - 2016-01-05 08:17 - 00000000 ____D C:\Program Files\Bitdefender
2016-01-05 08:17 - 2015-06-02 14:21 - 00477272 _____ (BitDefender S.R.L.) C:\windows\system32\Drivers\trufos.sys
2016-01-05 08:13 - 2016-01-13 17:56 - 00000000 ____D C:\Program Files\Bitdefender Agent
2016-01-05 08:13 - 2016-01-05 08:13 - 09736896 _____ C:\Users\cookie\Downloads\bitdefender_antivirus.exe
2016-01-05 08:13 - 2016-01-05 08:13 - 00003640 _____ C:\windows\System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864
2016-01-05 08:13 - 2016-01-05 08:13 - 00000000 ____D C:\ProgramData\Bitdefender Agent
2016-01-04 20:00 - 2016-01-04 20:00 - 00162208 _____ C:\Users\cookie\Downloads\Antivirus_Free_Edition.exe
2016-01-04 19:36 - 2016-01-04 19:37 - 00757656 _____ C:\Users\cookie\Downloads\UNINSTALLER.exe
2015-12-30 12:38 - 2015-12-30 12:38 - 00000737 _____ C:\Users\cookie\Documents\back bend sequence.txt
2015-12-30 00:31 - 2015-12-30 00:31 - 00514238 _____ C:\Users\cookie\Documents\TBS Order Confirmation.pdf
2015-12-29 23:06 - 2015-12-29 23:06 - 00085064 _____ C:\Users\cookie\Documents\TBS Gift Card.pdf
2015-12-28 16:37 - 2015-12-28 16:37 - 05124251 _____ C:\Users\cookie\Documents\530180+Natural+Selection (1).pdf
2015-12-23 16:52 - 2015-12-23 16:52 - 00000116 _____ C:\Users\cookie\Documents\python.txt
2015-12-23 14:42 - 2015-12-28 13:38 - 00000161 _____ C:\Users\cookie\Documents\script.txt

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-01-13 18:24 - 2012-11-12 10:47 - 00000830 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2016-01-13 18:15 - 2009-07-13 22:20 - 00000000 ____D C:\Windows
2016-01-13 18:06 - 2014-11-30 18:07 - 00000898 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-01-13 18:03 - 2012-08-08 13:54 - 00000000 ____D C:\ProgramData\Microsoft Help
2016-01-13 18:01 - 2014-12-26 23:20 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-01-13 18:01 - 2010-11-21 02:16 - 00000000 ____D C:\windows\ShellNew
2016-01-13 17:58 - 2012-09-04 07:55 - 00000000 ___RD C:\Users\cookie\Dropbox
2016-01-13 17:58 - 2009-07-13 21:34 - 00000387 _____ C:\windows\win.ini
2016-01-13 17:56 - 2009-07-13 22:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2016-01-13 17:38 - 2015-06-16 14:28 - 00000922 _____ C:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2696656946-2823728835-2560566368-1001UA.job
2016-01-13 17:32 - 2013-04-27 18:25 - 00000912 _____ C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2696656946-2823728835-2560566368-1001UA.job
2016-01-13 17:01 - 2009-07-13 23:45 - 00024608 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-01-13 17:01 - 2009-07-13 23:45 - 00024608 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-01-13 16:58 - 2009-07-14 00:13 - 00782510 _____ C:\windows\system32\PerfStringBackup.INI
2016-01-13 16:58 - 2009-07-13 22:20 - 00000000 ____D C:\windows\inf
2016-01-13 12:22 - 2014-11-30 18:07 - 00000894 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-01-13 06:46 - 2014-01-02 19:25 - 00000000 ____D C:\Users\cookie\AppData\LocalLow\LastPass
2016-01-13 06:46 - 2012-08-22 12:20 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-01-13 06:45 - 2012-08-22 12:20 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-01-13 06:45 - 2012-08-08 12:23 - 00000000 ____D C:\Users\cookie\AppData\Roaming\Dropbox
2016-01-13 06:44 - 2009-07-14 00:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2016-01-12 20:38 - 2015-06-16 14:28 - 00000870 _____ C:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2696656946-2823728835-2560566368-1001Core.job
2016-01-12 07:49 - 2013-04-27 18:25 - 00000860 _____ C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2696656946-2823728835-2560566368-1001Core.job
2016-01-10 10:17 - 2015-03-29 16:01 - 00000000 ____D C:\Users\cookie\AppData\Local\CrashDumps
2016-01-09 15:21 - 2015-07-21 14:36 - 00000000 ____D C:\Program Files (x86)\ELAN_4.9.1
2016-01-09 15:20 - 2015-06-23 08:45 - 00000000 ____D C:\Program Files (x86)\ELAN_4.9.0
2016-01-09 15:08 - 2014-12-14 15:27 - 00000000 ____D C:\Program Files (x86)\ELAN 4.8.1
2016-01-09 10:56 - 2015-12-12 16:38 - 00000000 ____D C:\Program Files\ZScreen
2016-01-08 11:56 - 2015-03-31 08:11 - 00000000 ___SD C:\windows\system32\GWX
2016-01-08 11:56 - 2014-12-27 08:24 - 00000000 ____D C:\Program Files\KMSpico
2016-01-08 11:56 - 2012-08-08 13:57 - 00000000 ____D C:\windows\System32\Tasks\OfficeSoftwareProtectionPlatform
2016-01-08 11:56 - 2009-07-13 22:20 - 00000000 ____D C:\windows\registration
2016-01-08 08:58 - 2012-08-08 11:46 - 00000000 ____D C:\Users\cookie
2016-01-05 08:54 - 2012-08-08 11:50 - 00113928 _____ C:\Users\cookie\AppData\Local\GDIPFONTCACHEV1.DAT
2016-01-05 08:35 - 2009-07-13 23:45 - 00507600 _____ C:\windows\system32\FNTCACHE.DAT
2016-01-05 08:30 - 2013-04-21 17:41 - 00000000 ____D C:\ProgramData\NexonUS
2016-01-04 19:39 - 2014-06-14 08:25 - 00000000 ____D C:\Users\cookie\AppData\Roaming\Panda Security
2016-01-04 08:24 - 2015-05-04 12:56 - 00000000 ____D C:\Program Files (x86)\Corsair
2016-01-02 16:58 - 2013-10-25 16:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YNAB 4
2016-01-02 16:58 - 2013-10-25 16:12 - 00000000 ____D C:\Program Files (x86)\YNAB 4
2016-01-02 14:20 - 2012-11-12 10:47 - 00003768 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
2016-01-02 14:19 - 2012-11-12 10:47 - 00796864 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2016-01-02 14:19 - 2011-11-01 22:40 - 00142528 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-12-18 15:23 - 2009-07-13 22:20 - 00000000 ____D C:\windows\system32\NDF
2015-12-17 06:33 - 2012-08-22 05:24 - 00000000 ____D C:\Users\cookie\AppData\Roaming\Mozilla
2015-12-17 05:58 - 2015-07-13 13:22 - 00000000 ____D C:\Users\cookie\AppData\Local\Spotify
2015-12-17 05:58 - 2015-07-13 13:21 - 00000000 ____D C:\Users\cookie\AppData\Roaming\Spotify

==================== Files in the root of some directories =======

2014-01-02 19:26 - 2014-01-02 19:26 - 13024768 _____ (LastPass) C:\Program Files (x86)\Common Files\lpuninstall.exe
2013-07-07 17:42 - 2013-07-07 17:42 - 0000037 ___SH () C:\Users\cookie\AppData\Local\70149b02515b3bb20dd492.47983420
2013-06-08 11:47 - 2014-09-15 16:27 - 0000600 _____ () C:\Users\cookie\AppData\Local\PUTTY.RND
2016-01-05 09:02 - 2016-01-05 09:02 - 0413908 _____ () C:\ProgramData\1452001207.bdinstall.bin
2012-08-15 15:16 - 2014-12-14 17:31 - 0015687 _____ () C:\ProgramData\hpzinstall.log

Files to move or delete:
====================
C:\Users\cookie\comcat5.dll


Some files in TEMP:
====================
C:\Users\cookie\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp3yzmep.dll
C:\Users\cookie\AppData\Local\Temp\ICReinstall_Adobe Garamond Pro Regular.exe
C:\Users\cookie\AppData\Local\Temp\jre-8u60-windows-au.exe
C:\Users\cookie\AppData\Local\Temp\jre-8u65-windows-au.exe
C:\Users\cookie\AppData\Local\Temp\jre-8u66-windows-au.exe
C:\Users\cookie\AppData\Local\Temp\NGM.exe
C:\Users\cookie\AppData\Local\Temp\NGMDll.dll
C:\Users\cookie\AppData\Local\Temp\NGMResource.dll
C:\Users\cookie\AppData\Local\Temp\ose00000.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\SysWOW64\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-01-10 13:53

==================== End of FRST.txt ============================

 

Addition.txt:

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:09-01-2015
Ran by cookie (2016-01-13 18:26:57)
Running from C:\Users\cookie\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2012-08-08 16:46:51)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2696656946-2823728835-2560566368-500 - Administrator - Disabled)
cookie (S-1-5-21-2696656946-2823728835-2560566368-1001 - Administrator - Enabled) => C:\Users\cookie
Guest (S-1-5-21-2696656946-2823728835-2560566368-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Bitdefender Antivirus (Enabled - Out of date) {9A0813D8-CED6-F86B-072E-28D2AF25A83D}
AS: Bitdefender Antispyware (Enabled - Out of date) {2169F23C-E8EC-F7E5-3D9E-13A0D4A2E280}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Bitdefender Firewall (Enabled) {A23392FD-84B9-F933-2C71-81E751F6EF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-2696656946-2823728835-2560566368-1001\...\uTorrent) (Version: 3.4.2.36802 - BitTorrent Inc.)
64 Bit HP CIO Components Installer (Version: 17.2.1 - Hewlett-Packard) Hidden
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.009.20079 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.6.0.19140 - Adobe Systems Incorporated)
Adobe Flash Player 20 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 20.0.0.270 - Adobe Systems Incorporated)
Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.267 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{54813D9E-06CB-128C-A78F-A93AD4588598}) (Version: 8.0.881.0 - Advanced Micro Devices, Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{C5815ACF-FD34-4553-8A22-C7411B7E662B}) (Version: 4.1.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{CBF12D2F-CF64-4CB7-858B-2C1F21068E5F}) (Version: 4.1.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
Application Insights Tools for Visual Studio 2015 RC (x32 Version: 3.2 - Microsoft Corporation) Hidden
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.1.42 - Atheros Communications Inc.)
Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
AzureTools.Notifications (x32 Version: 2.6.30331.1601 - Microsoft Corporation) Hidden
Bitdefender Agent (HKLM\...\Bitdefender Agent) (Version: 20.0.23.1252 - Bitdefender)
Bitdefender Total Security 2016 (HKLM\...\Bitdefender) (Version: 20.0.24.1290 - Bitdefender)
Blend for Visual Studio SDK for .NET 4.5 (x32 Version: 3.0.40218.0 - Microsoft Corporation) Hidden
Blend for Visual Studio SDK for Silverlight 5 (x32 Version: 3.0.40218.0 - Microsoft Corporation) Hidden
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Bullzip PDF Printer 10.11.0.2338 (HKLM\...\Bullzip PDF Printer_is1) (Version: 10.11.0.2338 - Bullzip)
calibre (HKLM-x32\...\{B4B62C79-A41D-47C6-B689-0416BEA6678F}) (Version: 2.35.0 - Kovid Goyal)
CameraHelperMsi (x32 Version: 13.51.815.0 - Logitech) Hidden
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.54.44.0 - Conexant)
Dotfuscator and Analytics Community Edition 5.18.0 (x32 Version: 5.18.0.2789 - PreEmptive Solutions) Hidden
Download Windows Universal Tools (x32 Version: 14.0.22823 - Microsoft Corporation) Hidden
Downloader (HKLM-x32\...\Downloader) (Version:  - )
Dropbox (HKU\S-1-5-21-2696656946-2823728835-2560566368-1001\...\Dropbox) (Version: 3.12.5 - Dropbox, Inc.)
ELAN 4.9.2 (HKLM-x32\...\ELAN 4.9.2) (Version: 4.9.2.0 - MPI - The Language Archive)
Entity Framework 6.1.3 Tools  for Visual Studio 2015 (HKLM-x32\...\{1A8A9739-BAD7-491F-B5B9-A79A2B965422}) (Version: 14.0.40302.0 - Microsoft Corporation)
erLT (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
Extended Asian Language font pack for Adobe Reader XI (HKLM-x32\...\{AC76BA86-7AD7-2530-0000-A00000000004}) (Version: 11.0.0 - Adobe Systems Incorporated)
f.lux (HKU\S-1-5-21-2696656946-2823728835-2560566368-1001\...\Flux) (Version:  - )
FileZilla Client 3.14.0 (HKLM-x32\...\FileZilla Client) (Version: 3.14.0 - Tim Kosse)
Firestorm-Release (remove only) (HKLM-x32\...\Firestorm-Release) (Version:  - )
Free Scan to PDF (HKLM-x32\...\{11586A4D-F255-4D52-A612-7D2DAADC1773}) (Version: 1.0.0 - freepdfsolutions.com)
Git version 1.9.4-preview20140929 (HKLM-x32\...\Git_is1) (Version: 1.9.4-preview20140929 - The Git Development Community)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 47.0.2526.106 - Google Inc.)
Google Talk Plugin (HKLM-x32\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 5.41.3.0 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.29.1 - Google Inc.) Hidden
HP Photosmart D110 All-In-One Driver 14.0 Rel. 7 (HKLM\...\{14BC6853-A74E-4874-B50D-679889D1544D}) (Version: 14.0 - HP)
IIS 10.0 Express (HKLM\...\{5456A561-2429-411B-B2C8-CAE4411D446B}) (Version: 10.0.1733 - Microsoft Corporation)
IIS Express Application Compatibility Database for x64 (HKLM\...\{08274920-8908-45c2-9258-8ad67ff77b09}.sdb) (Version:  - )
IIS Express Application Compatibility Database for x86 (HKLM\...\{ad846bae-d44b-4722-abad-f7420e08bcd9}.sdb) (Version:  - )
inSSIDer 3 (HKLM-x32\...\{A80CEA4E-74C1-4F9F-806B-E1D9AFC01768}) (Version: 3.0.7.48 - MetaGeek, LLC)
iTunes (HKLM\...\{0D44E3A4-6C3D-45D7-B443-079509E5BE5D}) (Version: 12.3.2.35 - Apple Inc.)
Jaikoz (64-bit) 8.2.5 (HKLM\...\Jaikoz (64-bit) 8.2.5) (Version: 8.2.5 - )
Java 8 Update 66 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218066F0}) (Version: 8.0.660.18 - Oracle Corporation)
Jet Set Radio (HKLM-x32\...\Steam App 205950) (Version:  - Blit Software)
KeePass Password Safe 2.22 (HKLM-x32\...\KeePassPasswordSafe2_is1) (Version:  - Dominik Reichl)
KMSpico (HKLM\...\{8B29D47F-92E2-4C20-9EE0-F710991F5D7C}_is1) (Version:  - )
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
LastPass (uninstall only) (HKLM-x32\...\LastPass) (Version:  - LastPass)
LG USB Modem driver (HKLM-x32\...\{C3ABE126-2BB2-4246-BFE1-6797679B3579}) (Version:  - )
Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.51 - Logitech Inc.)
Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU) (HKLM-x32\...\{D3517C62-68A5-37CF-92F7-93C029A89681}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM-x32\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 SDK (HKLM-x32\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (ENU) (HKLM-x32\...\{290FC320-2F5A-329E-8840-C4193BD7A9EE}) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (HKLM-x32\...\{B941AFB4-8851-33A1-9E72-0C33D463C41C}) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.6 RC (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.00057 - Microsoft Corporation)
Microsoft .NET Framework 4.6 RC Multi-Targeting Pack (ENU) (HKLM-x32\...\{E689C2B1-3711-4FF7-95C4-1F4932A2B493}) (Version: 4.6.00057 - Microsoft Corporation)
Microsoft .NET Framework 4.6 RC Multi-Targeting Pack (HKLM-x32\...\{F1052F45-79C1-48D6-979F-CC5B6F864615}) (Version: 4.6.00057 - Microsoft Corporation)
Microsoft .NET Framework 4.6 RC SDK (HKLM-x32\...\{7318F8D8-AFC9-499C-9909-1CA56E7E7FB4}) (Version: 4.6.00057 - Microsoft Corporation)
Microsoft .NET Version Manager (x64) 1.0.0-beta4 (HKLM\...\{a87918f8-8462-36ae-ab64-5bac8473c726}) (Version: 1.0.10413.0 - Microsoft Corporation)
Microsoft Help Viewer 2.2 (HKLM-x32\...\Microsoft Help Viewer 2.2) (Version: 2.2.22823 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.1.177.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Command Line Utilities  (HKLM\...\{9D573E71-1077-4C7E-B4DB-4E22A5D2B48B}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client  (HKLM\...\{49D665A2-4C2A-476E-9AB8-FCC425F526FC}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2014 Express LocalDB  (HKLM\...\{AB8DE9BA-19E1-446A-BCFA-6B3DA9751E21}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects  (HKLM-x32\...\{2774595F-BC2A-4B12-A25B-0C37A37049B0}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects  (x64) (HKLM\...\{1F9EB3B6-AED7-4AA7-B8F1-8E314B74B2A5}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Transact-SQL ScriptDom  (HKLM\...\{020CDFE0-C127-4047-B571-37C82396B662}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 T-SQL Language Service  (HKLM-x32\...\{47D08E7A-92A1-489B-B0BF-415516497BCE}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools - enu (14.0.50325.0) (HKLM-x32\...\{91A6AD24-DADE-407B-B19B-65000C22B931}) (Version: 14.0.50325.0 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM\...\{68BA34E8-9B9D-4A74-83F0-7D366B532D75}) (Version: 12.0.2402.11 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM-x32\...\{718FFB65-F6E4-4D62-861F-ED10ED32C936}) (Version: 12.0.2402.11 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 RC Redistributable (x64) - 14.0.22816 (HKLM-x32\...\{e2495eb6-cca8-47aa-91ea-3410ca44d7b7}) (Version: 14.0.22816.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 RC Redistributable (x86) - 14.0.22816 (HKLM-x32\...\{714692fa-709b-4925-8170-821d51135f42}) (Version: 14.0.22816.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio Community 2015 RC (HKLM-x32\...\{d79c19c8-760e-4fc2-a85a-8a89093b59e6}) (Version: 14.0.22823 - Microsoft Corporation)
Microsoft Web Deploy 3.6 Beta3 (HKLM\...\{07F0FC77-282E-42E5-BAE6-B8C098F8453E}) (Version: 3.1238.1942 - Microsoft Corporation)
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{D9C50188-12D5-4D3E-8F00-682346C2AA5F}) (Version: 1.20.146.0 - Microsoft)
MiKTeX 2.9 (HKLM\...\MiKTeX 2.9) (Version: 2.9 - MiKTeX.org)
Mozilla Firefox 43.0.4 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 43.0.4 (x86 en-US)) (Version: 43.0.4 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 43.0.4.5848 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Multi-Device Hybrid Apps using C# - Templates - ENU (x32 Version: 14.0.22823 - Microsoft Corporation) Hidden
Network64 (Version: 140.0.212.000 - Hewlett-Packard) Hidden
paint.net (HKLM\...\{DF3A46D9-67B3-44B2-9D01-25C8BA772C8A}) (Version: 4.0.6 - dotPDN LLC)
Panda Devices Agent (x32 Version: 1.06.00 - Panda Security) Hidden
Panda Free Antivirus (Version: 8.04.00.0000 - Panda Security) Hidden
PeerBlock 1.2 (r693) (HKLM\...\{015C5B35-B678-451C-9AEE-821E8D69621C}_is1) (Version: 1.2.0.693 - PeerBlock, LLC)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
pomodairo (HKLM-x32\...\pomodairo.1041936B6D0707C313E2E169D771193A7DFBADCC.1) (Version: 1.9 - UNKNOWN)
pomodairo (x32 Version: 1.9 - UNKNOWN) Hidden
Popcorn Time (HKU\S-1-5-21-2696656946-2823728835-2560566368-1001\...\Popcorn Time) (Version:  - Popcorn Official)
PowerShellIntegration.Notifications (x32 Version: 2.6.0.0 - Microsoft Corporation) Hidden
PreEmptive Analytics Visual Studio Components (x32 Version: 1.2.3197.1 - PreEmptive Solutions) Hidden
Prerequisites for SSDT  (HKLM-x32\...\{21373064-AD95-48DB-A32E-0D9E08EF7355}) (Version: 12.0.2000.8 - Microsoft Corporation)
Private Internet Access Support Files (HKLM-x32\...\{7D72DAFF-DCB2-437B-BC22-4B2ABF21462B}) (Version: 1.0.0.0 - Private Internet Access)
PS_AIO_07_D110_SW_Min (x32 Version: 140.0.142.000 - Hewlett-Packard) Hidden
Python 2.7.10 (HKLM-x32\...\{E2B51919-207A-43EB-AE78-733F9C6797C2}) (Version: 2.7.10150 - Python Software Foundation)
Python 2.7.6 (64-bit) (HKLM\...\{C3CC4DF5-39A5-4027-B136-2B3E1F5AB6E3}) (Version: 2.7.6150 - Python Software Foundation)
Python 3.4 matplotlib-1.4.2 (HKLM-x32\...\matplotlib-py3.4) (Version:  - )
Python 3.4 numpy-1.8.1 (HKLM-x32\...\numpy-py3.4) (Version:  - )
Python 3.4 pyparsing-2.0.3 (HKU\S-1-5-21-2696656946-2823728835-2560566368-1001\...\pyparsing-py3.4) (Version:  - )
Python 3.4.2 (HKLM-x32\...\{2583CDBA-8A53-4622-BB67-1D163714C1B4}) (Version: 3.4.16349 - Python Software Foundation)
Python Tools Redirection Template (x32 Version: 0.7.4100.000 - Microsoft Corporation) Hidden
QuickTime 7 (HKLM-x32\...\{80CEEB1E-0A6C-45B9-A312-37A1D25FDEBC}) (Version: 7.78.80.95 - Apple Inc.)
Realtek USB 2.0 Reader Driver (HKLM-x32\...\{62BBB2F0-E220-4821-A564-730807D2C34D}) (Version: 1.0.0.14 - Realtek Semiconductor Corp.)
Realtek WLAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4fed-B2B9-173001290E16}) (Version: 2.00.0013 - REALTEK Semiconductor Corp.)
Roslyn Language Services - x86 (x32 Version: 14.0.22823 - Microsoft Corporation) Hidden
Scan (x32 Version: 140.0.77.000 - Hewlett-Packard) Hidden
Skype™ 7.7 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.7.103 - Skype Technologies S.A.)
SourceTree (HKLM-x32\...\SourceTree 1.6.22) (Version: 1.6.22 - Atlassian)
SourceTree (x32 Version: 1.6.22 - Atlassian) Hidden
Spotify (HKU\S-1-5-21-2696656946-2823728835-2560566368-1001\...\Spotify) (Version: 1.0.19.106.gb8a7150f - Spotify AB)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Sublime Text Build 3059 (HKLM\...\Sublime Text 3_is1) (Version:  - Sublime HQ Pty Ltd)
SumatraPDF (HKLM-x32\...\SumatraPDF) (Version: 2.3.2 - Krzysztof Kowalczyk)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.2.11.1 - Synaptics Incorporated)
System Requirements Lab CYRI (HKLM-x32\...\{943A8D28-80D6-41DC-AE94-81FEB42041BF}) (Version: 4.5.1.0 - Husdawg, LLC)
System Requirements Lab for Intel (HKLM-x32\...\{C7CA731B-BF9A-46D9-92CF-8A8737AE9240}) (Version: 4.5.13.0 - Husdawg, LLC)
Team Explorer for Microsoft Visual Studio 2015 RC (x32 Version: 14.0.22821 - Microsoft Corporation) Hidden
TeamViewer 8 (HKLM-x32\...\TeamViewer 8) (Version: 8.0.20202 - TeamViewer)
Test Tools for Microsoft Visual Studio 2015 RC (x32 Version: 14.0.22823 - Microsoft Corporation) Hidden
Tixati (HKLM-x32\...\tixati) (Version:  - )
Toolbox (x32 Version: 140.0.424.000 - Hewlett-Packard) Hidden
TOSHIBA Sleep Utility (HKLM-x32\...\{654F7484-88C5-46DC-AB32-C66BCB0E2102}) (Version: 1.4.2.8 - TOSHIBA Corporation)
TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.6.1.64 - TOSHIBA Corporation)
TOSHIBA Web Camera Application (HKLM-x32\...\InstallShield_{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}) (Version: 2.0.3.3 - TOSHIBA Corporation)
TypeScript Power Tool (x32 Version: 1.4.3.0 - Microsoft Corporation) Hidden
TypeScript Tools for Microsoft Visual Studio 2015 (x32 Version: 1.4.3.0 - Microsoft Corporation) Hidden
Universal CRT Headers Libraries and Sources (x32 Version: 10.0.10056 - Microsoft Corporation) Hidden
Universal CRT Redistributable (x32 Version: 10.0.10058 - Microsoft Corporation) Hidden
Universal CRT Tools x64 (Version: 10.0.10056 - Microsoft Corporation) Hidden
Universal CRT Tools x86 (x32 Version: 10.0.10056 - Microsoft Corporation) Hidden
Update for  (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version:  - Elaborate Bytes)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
VSee (HKU\S-1-5-21-2696656946-2823728835-2560566368-1001\...\VSee) (Version: 14.0.0.220 - VSee Lab Inc)
WCF Data Services 5.6.2 Runtime (x32 Version: 5.6.61937.2 - Microsoft Corporation) Hidden
WCF Data Services Tools for Microsoft Visual Studio 2014 (x32 Version: 5.6.61937.2 - Microsoft Corporation) Hidden
Winamp (HKLM-x32\...\Winamp) (Version: 5.63  - Nullsoft, Inc)
Winamp Detector Plug-in (HKU\S-1-5-21-2696656946-2823728835-2560566368-1001\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
WinRAR 4.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
YNAB 4 version 4.3.820 (HKLM-x32\...\com.ynab.YNAB4.LiveCaptive_is1) (Version: 4.3.820 - YouNeedABudget.com)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2696656946-2823728835-2560566368-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\cookie\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2696656946-2823728835-2560566368-1001_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\cookie\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2696656946-2823728835-2560566368-1001_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\cookie\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2696656946-2823728835-2560566368-1001_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\cookie\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2696656946-2823728835-2560566368-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\cookie\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2696656946-2823728835-2560566368-1001_Classes\CLSID\{ca586c80-7c84-4b88-8537-726724df6929}\InprocServer32 -> C:\Program Files (x86)\Git\git-cheetah\git_shell_ext64.dll ()
CustomCLSID: HKU\S-1-5-21-2696656946-2823728835-2560566368-1001_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\cookie\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2696656946-2823728835-2560566368-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\cookie\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2696656946-2823728835-2560566368-1001_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\cookie\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2696656946-2823728835-2560566368-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\cookie\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2696656946-2823728835-2560566368-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\cookie\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2696656946-2823728835-2560566368-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\cookie\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2696656946-2823728835-2560566368-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\cookie\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2696656946-2823728835-2560566368-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\cookie\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2696656946-2823728835-2560566368-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\cookie\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2696656946-2823728835-2560566368-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\cookie\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2696656946-2823728835-2560566368-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\cookie\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2696656946-2823728835-2560566368-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\cookie\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2696656946-2823728835-2560566368-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\cookie\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2696656946-2823728835-2560566368-1001_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\cookie\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0458DC26-7C70-48CA-BB0A-9BDBDB6F8599} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2696656946-2823728835-2560566368-1001UA => C:\Users\cookie\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {1992ED17-AAB7-4C90-B0D2-49E94C500DFB} - System32\Tasks\{D45924BD-D66B-454B-9190-1D9EA67A2C86} => pcalua.exe -a F:\setup.exe -d F:\
Task: {1CA2097B-E967-4F41-BB6F-6617731D84FB} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2696656946-2823728835-2560566368-1001Core => C:\Users\cookie\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-16] (Dropbox, Inc.)
Task: {214FAE51-B12E-4A99-AA64-472EF09B2C9F} - System32\Tasks\{238DB05A-EFF0-47BD-B113-9F8FFC850B9D} => pcalua.exe -a C:\Users\cookie\Downloads\setuptools-0.6c11.win32-py2.7.exe -d C:\Users\cookie\Downloads
Task: {2A88784C-D4A3-4854-B915-0D354B8E2B40} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-08-27] (Apple Inc.)
Task: {2BB3A57D-9FC5-4F85-9400-892029C3CA11} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2696656946-2823728835-2560566368-1001UA => C:\Users\cookie\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-16] (Dropbox, Inc.)
Task: {33DF5B3A-F107-4667-B76E-F7CE984358D5} - System32\Tasks\AutoPico Daily Restart => C:\Program Files\KMSpico\AutoPico.exe [2014-12-04] (@ByELDI)
Task: {3D3396AF-E764-4FB8-8E49-96CEFAECF96C} - System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864 => C:\Program Files\Bitdefender Agent\WatchDog.exe [2015-11-09] (Bitdefender)
Task: {45C1E98A-8DDF-4E1C-BACD-EB33F63531E9} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-01-29] (Microsoft Corporation)
Task: {4853084B-9873-4FE0-B413-0B228CE0577C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-26] (Google Inc.)
Task: {4C9A947D-4036-4E41-8D6C-76AD56B9CA50} - System32\Tasks\Private Internet Access Startup => C:\Program Files\pia_manager\pia_manager.exe [2015-06-30] ()
Task: {5A40E926-9E86-4B89-9CFD-B12311724371} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => config upnphost start= auto
Task: {A4ECFADE-6481-437C-99BA-3CC54BA2EA99} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-01-29] (Microsoft Corporation)
Task: {AA5493A6-27FF-4CE1-8D3C-179BC9748B28} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-01-29] (Microsoft Corporation)
Task: {AFB5320E-84F5-47D5-B400-111F92AD59DA} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-01-02] (Adobe Systems Incorporated)
Task: {B679D990-8055-4934-89F4-4139356C7E06} - System32\Tasks\{82E7D476-174B-4272-B099-5D3B06A7567E} => Firefox.exe hxxp://ui.skype.com/ui/0/7.7.85.103/en/abandoninstall?page=tsBing
Task: {C969C709-02A2-4899-8ED2-5B0C0B64FC7E} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-01-29] (Microsoft Corporation)
Task: {DD9F510C-95F4-499A-90C8-BAC5BC372FF4} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask => start sppsvc
Task: {DEF536B2-EAE0-4020-B486-095B6545FD5E} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2013-01-29] (Microsoft)
Task: {E4749B25-424E-4608-B6F4-797D1ED92605} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2696656946-2823728835-2560566368-1001Core => C:\Users\cookie\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {E924B388-6B50-480D-90C1-E153B2FA5190} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-26] (Google Inc.)
Task: {EB50DA6A-5BA9-45BC-8EA1-C5A232C22696} - System32\Tasks\{DC7403F6-F2E0-4EAE-88B1-CA4CE0712854} => pcalua.exe -a F:\WD_Windows_Tools\setup.exe -d F:\WD_Windows_Tools
Task: {F11FC597-5041-4BF1-90F8-813C851E50B9} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2696656946-2823728835-2560566368-1001Core.job => C:\Users\cookie\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2696656946-2823728835-2560566368-1001UA.job => C:\Users\cookie\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2696656946-2823728835-2560566368-1001Core.job => C:\Users\cookie\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2696656946-2823728835-2560566368-1001UA.job => C:\Users\cookie\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\cookie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MinGW\MinGW Shell.lnk -> C:\MinGW\msys\1.0\msys.bat ()

ShortcutWithArgument: C:\Users\cookie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Type IPA phonetic symbols - online keyboard (all languages).lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --app=hxxp://ipa.typeit.org/full/

==================== Loaded Modules (Whitelisted) ==============

2016-01-05 08:58 - 2013-09-03 13:29 - 00101328 _____ () C:\Program Files\Bitdefender\Bitdefender 2016\bdmetrics.dll
2016-01-05 08:58 - 2015-12-03 19:22 - 00876888 _____ () C:\Program Files\Bitdefender\Bitdefender 2016\otengines_001_001\ashttpbr.mdl
2016-01-05 08:58 - 2015-12-03 19:22 - 00742976 _____ () C:\Program Files\Bitdefender\Bitdefender 2016\otengines_001_001\ashttpdsp.mdl
2016-01-05 08:58 - 2015-12-03 19:22 - 02803536 _____ () C:\Program Files\Bitdefender\Bitdefender 2016\otengines_001_001\ashttpph.mdl
2016-01-05 08:58 - 2015-12-03 19:22 - 01415584 _____ () C:\Program Files\Bitdefender\Bitdefender 2016\otengines_001_001\ashttprbl.mdl
2015-11-20 14:57 - 2015-11-20 14:57 - 00085800 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-11-20 14:57 - 2015-11-20 14:57 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-09-16 07:12 - 2015-09-16 07:12 - 00043480 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2010-11-18 20:18 - 2010-11-18 20:18 - 11190784 _____ () C:\Program Files\Toshiba\FlashCards\BlackPng.dll
2015-12-10 22:26 - 2015-10-30 19:59 - 00034768 _____ () C:\Users\cookie\AppData\Roaming\Dropbox\bin\_multiprocessing.pyd
2015-12-10 22:26 - 2015-10-30 20:00 - 00019408 _____ () C:\Users\cookie\AppData\Roaming\Dropbox\bin\faulthandler.pyd
2015-12-10 22:26 - 2015-12-08 16:36 - 00022848 _____ () C:\Users\cookie\AppData\Roaming\Dropbox\bin\Crypto.Random.OSRNG.winrandom.pyd
2015-12-10 22:26 - 2015-12-08 16:36 - 00023352 _____ () C:\Users\cookie\AppData\Roaming\Dropbox\bin\Crypto.Util._counter.pyd
2015-12-10 22:26 - 2015-12-08 16:36 - 00042296 _____ () C:\Users\cookie\AppData\Roaming\Dropbox\bin\Crypto.Cipher._AES.pyd
2015-12-10 22:26 - 2015-10-30 19:59 - 00116688 _____ () C:\Users\cookie\AppData\Roaming\Dropbox\bin\pywintypes27.dll
2015-12-10 22:26 - 2015-10-30 19:59 - 00093640 _____ () C:\Users\cookie\AppData\Roaming\Dropbox\bin\_ctypes.pyd
2015-12-10 22:26 - 2015-10-30 19:59 - 00018376 _____ () C:\Users\cookie\AppData\Roaming\Dropbox\bin\select.pyd
2015-12-10 22:26 - 2015-12-08 16:36 - 00019760 _____ () C:\Users\cookie\AppData\Roaming\Dropbox\bin\tornado.speedups.pyd
2015-12-10 22:26 - 2015-10-30 20:00 - 00105928 _____ () C:\Users\cookie\AppData\Roaming\Dropbox\bin\win32api.pyd
2015-12-10 22:26 - 2015-10-30 19:59 - 00392144 _____ () C:\Users\cookie\AppData\Roaming\Dropbox\bin\pythoncom27.dll
2015-12-10 22:26 - 2015-12-08 16:36 - 00381752 _____ () C:\Users\cookie\AppData\Roaming\Dropbox\bin\win32com.shell.shell.pyd
2015-12-10 22:26 - 2015-10-30 19:59 - 00692688 _____ () C:\Users\cookie\AppData\Roaming\Dropbox\bin\unicodedata.pyd
2015-12-10 22:26 - 2015-12-08 16:36 - 00020816 _____ () C:\Users\cookie\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._constant_time.pyd
2015-12-10 22:26 - 2015-10-30 20:00 - 00109520 _____ () C:\Users\cookie\AppData\Roaming\Dropbox\bin\_cffi_backend.pyd
2015-12-10 22:26 - 2015-12-08 16:36 - 01737032 _____ () C:\Users\cookie\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._openssl.pyd
2015-12-10 22:26 - 2015-12-08 16:36 - 00020808 _____ () C:\Users\cookie\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._padding.pyd
2015-12-10 22:26 - 2015-12-08 16:36 - 00020800 _____ () C:\Users\cookie\AppData\Roaming\Dropbox\bin\_cffi_python_x66cf7a7cx17a72769.pyd
2015-12-10 22:26 - 2015-12-08 16:36 - 00021840 _____ () C:\Users\cookie\AppData\Roaming\Dropbox\bin\_cffi_unicode_environ_win32_x8bf8e68bx9968e850.pyd
2015-12-10 22:26 - 2015-12-08 16:36 - 00038696 _____ () C:\Users\cookie\AppData\Roaming\Dropbox\bin\fastpath.pyd
2015-12-10 22:26 - 2015-10-30 20:00 - 00024528 _____ () C:\Users\cookie\AppData\Roaming\Dropbox\bin\win32event.pyd
2015-12-10 22:26 - 2015-10-30 20:00 - 00020936 _____ () C:\Users\cookie\AppData\Roaming\Dropbox\bin\mmapfile.pyd
2015-12-10 22:26 - 2015-10-30 20:00 - 00114640 _____ () C:\Users\cookie\AppData\Roaming\Dropbox\bin\win32security.pyd
2015-12-10 22:26 - 2015-12-08 16:36 - 00021320 _____ () C:\Users\cookie\AppData\Roaming\Dropbox\bin\_cffi_pywin_kernel32_xde9e4433x360333f0.pyd
2015-12-10 22:26 - 2015-10-30 20:00 - 00124880 _____ () C:\Users\cookie\AppData\Roaming\Dropbox\bin\win32file.pyd
2015-12-10 22:26 - 2015-10-30 20:00 - 00030160 _____ () C:\Users\cookie\AppData\Roaming\Dropbox\bin\win32pipe.pyd
2015-12-10 22:26 - 2015-10-30 20:00 - 00043472 _____ () C:\Users\cookie\AppData\Roaming\Dropbox\bin\win32process.pyd
2015-12-10 22:26 - 2015-10-30 20:00 - 00175560 _____ () C:\Users\cookie\AppData\Roaming\Dropbox\bin\win32gui.pyd
2015-12-10 22:26 - 2015-10-30 20:00 - 00028616 _____ () C:\Users\cookie\AppData\Roaming\Dropbox\bin\win32ts.pyd
2015-12-10 22:26 - 2015-10-30 20:00 - 00024016 _____ () C:\Users\cookie\AppData\Roaming\Dropbox\bin\win32clipboard.pyd
2015-12-10 22:26 - 2015-10-30 20:00 - 00048592 _____ () C:\Users\cookie\AppData\Roaming\Dropbox\bin\win32service.pyd
2015-12-10 22:26 - 2015-12-08 16:36 - 00024392 _____ () C:\Users\cookie\AppData\Roaming\Dropbox\bin\librsyncffi.compiled._librsyncffi.pyd
2015-12-10 22:26 - 2015-10-30 20:00 - 00036296 _____ () C:\Users\cookie\AppData\Roaming\Dropbox\bin\librsync.dll
2015-12-10 22:26 - 2015-10-30 20:00 - 00024016 _____ () C:\Users\cookie\AppData\Roaming\Dropbox\bin\win32profile.pyd
2015-12-10 22:26 - 2015-12-08 16:36 - 00117056 _____ () C:\Users\cookie\AppData\Roaming\Dropbox\bin\breakpad.client.windows.handler.pyd
2015-12-10 22:26 - 2015-12-08 16:36 - 00023376 _____ () C:\Users\cookie\AppData\Roaming\Dropbox\bin\winscreenshot.compiled._CaptureScreenshot.pyd
2015-12-10 22:26 - 2015-10-30 19:59 - 00134608 _____ () C:\Users\cookie\AppData\Roaming\Dropbox\bin\_elementtree.pyd
2015-12-10 22:26 - 2015-10-30 19:59 - 00134088 _____ () C:\Users\cookie\AppData\Roaming\Dropbox\bin\pyexpat.pyd
2015-12-10 22:26 - 2015-10-30 20:00 - 00240584 _____ () C:\Users\cookie\AppData\Roaming\Dropbox\bin\jpegtran.pyd
2015-12-10 22:26 - 2015-12-08 16:36 - 00020280 _____ () C:\Users\cookie\AppData\Roaming\Dropbox\bin\cpuid.compiled._cpuid.pyd
2015-12-10 22:26 - 2015-12-08 16:36 - 00052024 _____ () C:\Users\cookie\AppData\Roaming\Dropbox\bin\psutil._psutil_windows.pyd
2015-12-10 22:26 - 2015-12-08 16:36 - 00021304 _____ () C:\Users\cookie\AppData\Roaming\Dropbox\bin\Crypto.Util.strxor.pyd
2015-12-10 22:26 - 2015-10-30 20:00 - 00350152 _____ () C:\Users\cookie\AppData\Roaming\Dropbox\bin\winxpgui.pyd
2015-12-10 22:26 - 2015-12-08 16:36 - 00084792 _____ () C:\Users\cookie\AppData\Roaming\Dropbox\bin\dropbox_sqlite_ext.DLL
2015-12-10 22:26 - 2015-12-08 16:36 - 01826608 _____ () C:\Users\cookie\AppData\Roaming\Dropbox\bin\PyQt5.QtCore.pyd
2015-12-10 22:26 - 2015-10-30 20:00 - 00083912 _____ () C:\Users\cookie\AppData\Roaming\Dropbox\bin\sip.pyd
2015-12-10 22:26 - 2015-12-08 16:36 - 03891504 _____ () C:\Users\cookie\AppData\Roaming\Dropbox\bin\PyQt5.QtWidgets.pyd
2015-12-10 22:26 - 2015-12-08 16:36 - 01950000 _____ () C:\Users\cookie\AppData\Roaming\Dropbox\bin\PyQt5.QtGui.pyd
2015-12-10 22:26 - 2015-12-08 16:36 - 00519984 _____ () C:\Users\cookie\AppData\Roaming\Dropbox\bin\PyQt5.QtNetwork.pyd
2015-12-10 22:26 - 2015-12-08 16:36 - 00133936 _____ () C:\Users\cookie\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKit.pyd
2015-12-10 22:26 - 2015-12-08 16:36 - 00225080 _____ () C:\Users\cookie\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKitWidgets.pyd
2015-12-10 22:26 - 2015-12-08 16:36 - 00207672 _____ () C:\Users\cookie\AppData\Roaming\Dropbox\bin\PyQt5.QtPrintSupport.pyd
2015-12-10 22:26 - 2015-12-08 16:36 - 00024904 _____ () C:\Users\cookie\AppData\Roaming\Dropbox\bin\_cffi_wpad_proxy_win_x752e3d61xdcfdcc84.pyd
2015-12-10 22:26 - 2015-12-08 16:36 - 00486704 _____ () C:\Users\cookie\AppData\Roaming\Dropbox\bin\PyQt5.QtQuick.pyd
2015-12-10 22:26 - 2015-12-08 16:36 - 00357680 _____ () C:\Users\cookie\AppData\Roaming\Dropbox\bin\PyQt5.QtQml.pyd
2015-03-04 16:45 - 2015-10-30 20:01 - 00019920 _____ () C:\Users\cookie\AppData\Roaming\Dropbox\bin\QtQuick.2\qtquick2plugin.dll
2015-11-11 18:08 - 2015-10-30 20:00 - 00786904 _____ () C:\Users\cookie\AppData\Roaming\Dropbox\bin\QtQuick\Controls\qtquickcontrolsplugin.dll
2015-07-30 08:02 - 2015-10-30 20:00 - 00063448 _____ () C:\Users\cookie\AppData\Roaming\Dropbox\bin\QtQuick\Layouts\qquicklayoutsplugin.dll
2015-03-04 16:45 - 2015-10-30 20:00 - 00019408 _____ () C:\Users\cookie\AppData\Roaming\Dropbox\bin\QtQuick\Window.2\windowplugin.dll
2016-01-04 14:22 - 2016-01-04 14:22 - 01114648 _____ () C:\Users\cookie\AppData\Roaming\Mozilla\Firefox\Profiles\5eiwcocj.default-1421186635032\extensions\support@lastpass.com\platform\WINNT_x86-msvc\components\lpxpcom.dll
2015-12-28 13:26 - 2015-12-28 13:26 - 17882304 _____ () C:\windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_267.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\cookie\Documents\PatilEtAlCogSci2014.pdf:com.dropbox.attributes
AlternateDataStreams: C:\Users\cookie\Documents\Stretching Scientifically - Thomas Kurz.pdf:com.dropbox.attributes
AlternateDataStreams: C:\Users\cookie\Documents\TBS Gift Card.pdf:com.dropbox.attributes
AlternateDataStreams: C:\Users\cookie\Documents\TBS Order Confirmation.pdf:com.dropbox.attributes

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NanoServiceMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSUAService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NanoServiceMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PSUAService => ""="Service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2016-01-13 17:56 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2696656946-2823728835-2560566368-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\cookie\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: Apple Mobile Device => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: TeamViewer8 => 2
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: BCSSync => "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
MSCONFIG\startupreg: Corsair K95 => C:\Program Files (x86)\Corsair\K95 Keyboard\K95Hid.exe
MSCONFIG\startupreg: Google Update => "C:\Users\cookie\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: KeePass 2 PreLoad => "C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe" --preload
MSCONFIG\startupreg: LWS => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
MSCONFIG\startupreg: Lync => "C:\Program Files (x86)\Microsoft Office\Office15\lync.exe" /fromrunkey
MSCONFIG\startupreg: PeerBlock => C:\Program Files\PeerBlock\peerblock.exe
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: Spotify => "C:\Users\cookie\AppData\Roaming\Spotify\Spotify.exe" -autostart -minimized
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\cookie\AppData\Roaming\Spotify\SpotifyWebHelper.exe"
MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\Steam.exe" -silent
MSCONFIG\startupreg: TPwrMain => %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
MSCONFIG\startupreg: TSleepSrv => %ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
MSCONFIG\startupreg: VirtualCloneDrive => "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
MSCONFIG\startupreg: VSee => "C:\Users\cookie\AppData\Roaming\VSeeInstall\vsee.exe" -quiet_start
MSCONFIG\startupreg: XboxStat => "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [TCP Query User{FAD4662C-4823-40B1-8390-C5F9F9F08391}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Allow) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe
FirewallRules: [UDP Query User{3888AA40-D141-4FD5-BC14-6B99D364442A}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Allow) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe
FirewallRules: [{361BF55A-7068-4314-BB4E-27FD022C26AC}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{BB7AFD27-1215-4443-842C-DC35B1B32E4E}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe
FirewallRules: [{AF099B6A-7595-461F-A167-FB85C3A05CE6}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [TCP Query User{8E424440-13D5-45D0-B5CD-62A000D4462D}C:\program files (x86)\winamp\winamp.exe] => (Allow) C:\program files (x86)\winamp\winamp.exe
FirewallRules: [UDP Query User{2962F176-ECB3-45DE-BC2D-1A28BF12ED97}C:\program files (x86)\winamp\winamp.exe] => (Allow) C:\program files (x86)\winamp\winamp.exe
FirewallRules: [{B8B5E582-B818-49DA-9D93-117C49FCFC26}] => (Allow) C:\Users\cookie\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{5C189DED-94B0-4D13-B276-9C5E9246C47E}] => (Allow) C:\Users\cookie\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [TCP Query User{6685C054-5334-413B-89A6-AC0597464669}C:\users\cookie\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\cookie\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{A3295C83-FDE9-4D90-B09C-83F2756F25B2}C:\users\cookie\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\cookie\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [TCP Query User{B813A9F3-BEAB-4682-971A-EFDF19DA40A3}C:\program files (x86)\firestorm-release\slvoice.exe] => (Allow) C:\program files (x86)\firestorm-release\slvoice.exe
FirewallRules: [UDP Query User{E80903A0-CE8B-4710-A1DF-C46147D80A5D}C:\program files (x86)\firestorm-release\slvoice.exe] => (Allow) C:\program files (x86)\firestorm-release\slvoice.exe
FirewallRules: [TCP Query User{BAA2EA8F-640C-4D04-AA6E-F1C24F6AB3E6}C:\users\cookie\appdata\roaming\vseeinstall\vsee.exe] => (Allow) C:\users\cookie\appdata\roaming\vseeinstall\vsee.exe
FirewallRules: [UDP Query User{6533D639-AD71-485E-A8B6-75EA1DF3EB1A}C:\users\cookie\appdata\roaming\vseeinstall\vsee.exe] => (Allow) C:\users\cookie\appdata\roaming\vseeinstall\vsee.exe
FirewallRules: [TCP Query User{698BEADD-63AA-42B9-BE90-1B5F3DF76648}C:\users\cookie\appdata\roaming\vseeinstall\vsee.exe] => (Allow) C:\users\cookie\appdata\roaming\vseeinstall\vsee.exe
FirewallRules: [UDP Query User{ABA78EF4-9557-48FF-94EB-ED3F16CB1BCB}C:\users\cookie\appdata\roaming\vseeinstall\vsee.exe] => (Allow) C:\users\cookie\appdata\roaming\vseeinstall\vsee.exe
FirewallRules: [{3EE0A7A6-BD26-41C1-87C1-F05B86B611D6}] => (Allow) C:\ProgramData\NexonUS\NGM\NGM.exe
FirewallRules: [{8D66CBDA-AE0A-4006-AE07-F26AF15DBB2F}] => (Allow) C:\ProgramData\NexonUS\NGM\NGM.exe
FirewallRules: [{BDB29141-B9DB-43DF-8F56-3A398B5A0514}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{6369B061-C267-4C19-B6D4-C21FEBEE60C9}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{84800ADD-DA3D-4107-80F0-C35C8CC89B9B}] => (Allow) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe
FirewallRules: [{CA2B9728-B991-4643-9CA2-239DE0FE28B3}] => (Allow) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe
FirewallRules: [{3D505A25-A48C-41D8-AD60-0AFF5FD7AAA5}] => (Allow) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
FirewallRules: [{29EF8B9E-7632-4EB4-AC1D-84E178971327}] => (Allow) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
FirewallRules: [{792DBD7F-FE33-440F-90E0-DF07712D6500}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Jet Set Radio\jsrsetup.exe
FirewallRules: [{D6966832-AA0B-41E9-82DE-D4A529CDD2C8}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Jet Set Radio\jsrsetup.exe
FirewallRules: [{5329D4F3-2F02-4AA4-B65F-49E680B1203A}] => (Allow) C:\Users\cookie\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
FirewallRules: [{2B5526CD-B730-457C-84A9-91E40955A2B7}] => (Allow) C:\Users\cookie\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
FirewallRules: [{0ADD25F0-7FE0-4223-BE90-B1D3724FEC8B}] => (Allow) C:\Users\cookie\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{7B7DF4A8-B6B5-4753-AB4E-37D9FED314BF}] => (Allow) C:\Users\cookie\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [TCP Query User{2A457B53-F5B0-41C9-8C7B-79A1E2B57034}C:\program files (x86)\popcorn time\popcorn-time.exe] => (Allow) C:\program files (x86)\popcorn time\popcorn-time.exe
FirewallRules: [UDP Query User{F9BED84F-14BC-4D3A-ADD8-60A9432EFC5E}C:\program files (x86)\popcorn time\popcorn-time.exe] => (Allow) C:\program files (x86)\popcorn time\popcorn-time.exe
FirewallRules: [{E7D5776A-0A71-4044-8235-2AD13D374594}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{79997FC4-35B2-49F3-A02F-DEA543FA6FAD}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{F80BEA8D-4B54-4758-871E-C987AA1F1272}C:\python34\pythonw.exe] => (Allow) C:\python34\pythonw.exe
FirewallRules: [UDP Query User{02848205-E3BC-4D5D-A22E-8CD40D83160A}C:\python34\pythonw.exe] => (Allow) C:\python34\pythonw.exe
FirewallRules: [TCP Query User{6DEE97AA-412A-465E-9A72-50A7CC57B6F3}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{0E2CE1EB-95A8-4C57-B5B5-8505B52D7D37}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [TCP Query User{4CB4C8A6-A9D2-4879-BA2D-A62CE5EDB365}C:\users\cookie\appdata\local\popcorn time\node-webkit\popcorn time.exe] => (Allow) C:\users\cookie\appdata\local\popcorn time\node-webkit\popcorn time.exe
FirewallRules: [UDP Query User{1ED3C7D3-4A9D-48E1-992E-BC2F9B0D85C4}C:\users\cookie\appdata\local\popcorn time\node-webkit\popcorn time.exe] => (Allow) C:\users\cookie\appdata\local\popcorn time\node-webkit\popcorn time.exe
FirewallRules: [TCP Query User{25657DF7-0673-42AA-B2B7-D3EE6795DB8C}C:\program files\tixati\tixati.exe] => (Allow) C:\program files\tixati\tixati.exe
FirewallRules: [UDP Query User{5A939AD3-40C9-465E-93CE-7F2A970EB55A}C:\program files\tixati\tixati.exe] => (Allow) C:\program files\tixati\tixati.exe
FirewallRules: [{29B47F14-403D-476C-81C8-63FBBE4E1E8D}] => (Allow) C:\Users\cookie\AppData\Local\Temp\nsq290E.tmp\CnetInstaller-10067444.exe
FirewallRules: [{C32EEF61-6C1F-44B5-937C-1CB90B61AA2F}] => (Allow) C:\Users\cookie\AppData\Local\Temp\nsq290E.tmp\CnetInstaller-10067444.exe
FirewallRules: [{011900C2-2C8F-4233-AF64-F5CBFA15932D}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\IDE\devenv.exe
FirewallRules: [TCP Query User{DB447168-F411-48A3-B01C-9C43C4514074}C:\users\cookie\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\cookie\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{9AE044CE-D719-44AD-B74C-03A31189AADF}C:\users\cookie\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\cookie\appdata\roaming\spotify\spotify.exe
FirewallRules: [{9E4FBFB0-647B-4830-9032-E94BA61FC6F7}] => (Block) C:\users\cookie\appdata\roaming\spotify\spotify.exe
FirewallRules: [{A4F68DA2-9089-4351-9DE8-D0E68E810461}] => (Block) C:\users\cookie\appdata\roaming\spotify\spotify.exe
FirewallRules: [{3792A563-FA48-479F-83B1-1E806946456A}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{6B27A4DE-055E-4E36-9054-52DA7683A45C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{04206D19-C56A-42CF-9DB4-C5D93E7425ED}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{2453ACCB-876D-4D23-B09E-AC0EB94B1CFD}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{B522D5D5-5C8C-470B-A2F7-C202F44A301C}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{C17C43FE-20FF-4A4B-976A-4CEEC3B38B61}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{8C44DEDF-3A95-4B51-AA5D-A9B31B9C41F9}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{FDFD1B7A-80E8-4012-80FF-0FDDF5FE882C}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{10536039-1730-4216-A635-989F0808BEDD}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{B9043BFD-446C-4B20-AF7A-F1C8A66D12A9}] => (Allow) LPort=1688
FirewallRules: [{5DD76DCB-062F-4389-957A-5D27C9CD5773}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe
FirewallRules: [{0F22C75B-B9E5-4825-BAB4-2631F8BA00AA}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe

==================== Restore Points =========================

06-01-2016 04:23:40 Scheduled Checkpoint
06-01-2016 05:51:30 Windows Update
13-01-2016 17:53:53 Removed Microsoft Office Professional Plus 2013
13-01-2016 17:54:51 PROPLUSR

==================== Faulty Device Manager Devices =============

Name: Photosmart D110 series
Description: Photosmart D110 series
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: HP
Service: StillCam
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Photosmart D110 series
Description: Photosmart D110 series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (01/13/2016 04:56:00 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 13716607

Error: (01/13/2016 04:56:00 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 13716607

Error: (01/13/2016 04:56:00 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (01/13/2016 01:07:25 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1093

Error: (01/13/2016 01:07:25 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1093

Error: (01/13/2016 01:07:25 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (01/13/2016 10:32:55 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2075

Error: (01/13/2016 10:32:55 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2075

Error: (01/13/2016 10:32:55 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (01/13/2016 10:32:54 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1077


System errors:
=============
Error: (01/13/2016 06:44:38 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The KMS Server Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (01/13/2016 06:44:18 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Panda Product Service service failed to start due to the following error:
%%2

Error: (01/13/2016 06:44:18 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Panda Protection Service service failed to start due to the following error:
%%2

Error: (01/13/2016 06:44:11 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.

Module Path: C:\windows\system32\Rtlihvs.dll
Error Code: 126

Error: (01/10/2016 09:17:21 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The KMS Server Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (01/10/2016 09:17:00 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Panda Product Service service failed to start due to the following error:
%%2

Error: (01/10/2016 09:17:00 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Panda Protection Service service failed to start due to the following error:
%%2

Error: (01/10/2016 09:16:54 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.

Module Path: C:\windows\system32\Rtlihvs.dll
Error Code: 126

Error: (01/10/2016 09:14:24 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}

Error: (01/10/2016 02:41:04 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}


CodeIntegrity:
===================================
  Date: 2016-01-04 19:42:07.257
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\SMCLpav\Pav2WSC.exe because the set of per-page image hashes could not be found on the system.

  Date: 2016-01-04 19:42:07.179
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\SMCLpav\Pav2WSC.exe because the set of per-page image hashes could not be found on the system.

  Date: 2016-01-04 19:42:07.086
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\SMCLpav\Pav2WSC.exe because the set of per-page image hashes could not be found on the system.

  Date: 2016-01-04 19:42:06.992
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\SMCLpav\Pav2WSC.exe because the set of per-page image hashes could not be found on the system.

  Date: 2016-01-04 19:42:06.898
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\SMCLpav\Pav2WSC.exe because the set of per-page image hashes could not be found on the system.

  Date: 2016-01-04 19:42:06.820
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\SMCLpav\Pav2WSC.exe because the set of per-page image hashes could not be found on the system.

  Date: 2016-01-04 19:42:06.711
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\SMCLpav\Pav2WSC.exe because the set of per-page image hashes could not be found on the system.

  Date: 2016-01-04 19:42:06.618
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\SMCLpav\Pav2WSC.exe because the set of per-page image hashes could not be found on the system.

  Date: 2016-01-04 19:42:06.524
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\SMCLpav\Pav2WSC.exe because the set of per-page image hashes could not be found on the system.

  Date: 2016-01-04 19:38:44.527
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\SMCLpav\Pav2WSC.exe because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: AMD A6-3420M APU with Radeon™ HD Graphics
Percentage of memory in use: 71%
Total physical RAM: 3558.87 MB
Available physical RAM: 997.65 MB
Total Virtual: 7115.94 MB
Available Virtual: 4023.46 MB

==================== Drives ================================

Drive c: (TI106304W0E) (Fixed) (Total:580.04 GB) (Free:269.45 GB) NTFS ==>[system with boot components (obtained from drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 596.2 GB) (Disk ID: 52A8BCE0)
Partition 1: (Active) - (Size=1.5 GB) - (Type=27)
Partition 2: (Not Active) - (Size=580 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=14.7 GB) - (Type=17)

==================== End of Addition.txt ============================



#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,022 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:59 AM

Posted 13 January 2016 - 07:51 PM

Thank you Vanessa.

Please consider and do this.

===================================================

P2P Warning

--------------------

Going over your logs I noticed that you have µTorrent installed. It is pretty much certain that if you continue to use P2P programs, you will get infected again.
  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
I would recommend that you uninstall µTorrent, however that choice is up to you. If you choose to remove the program, you can do so via Start > Control Panel > Add/Remove Programs.

If you are still leaning toward using this program, please take a look at this information about Ransomware which can be delivered via P2P file transfers. The newest variation of Ransomware can make it impossible to recover the files this malicious software encrypts. In other words, you will probably lose most if not all of your valuable information, including pictures. In addition it has recently been reported that P2P downloads may be tracked resulting in your IP address being monitored by copyright authorities. .

If you wish to keep it, please do not use it until we are completely done and your machine is determined to be clean and updated.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Click Format and check Word Wrap
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
(@ByELDI) C:\Program Files\KMSpico\Service_KMS.exe
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
GroupPolicyScripts-x32: Restriction <======= ATTENTION
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\.DEFAULT -> DefaultScope {57AF7CDB-9903-47BF-85E4-C26C3355AD6C} URL =
SearchScopes: HKU\S-1-5-21-2696656946-2823728835-2560566368-1001 -> {57AF7CDB-9903-47BF-85E4-C26C3355AD6C} URL =
SearchScopes: HKU\S-1-5-21-2696656946-2823728835-2560566368-1001 -> {76E202F3-D464-4763-A143-705F7C435601} URL = 
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\cookie\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.2.464\_platform_specific\win_x86\widevinecdmadapter.dll => No File
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.106\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.106\pdf.dll => No File
CHR Plugin: (Chrome Remote Desktop) - C:\Users\cookie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp\35.0.1916.38_0\remoting_host_plugin.dll => No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL => No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll => No File
CHR Plugin: (Java Deployment Toolkit 7.0.550.14) - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll => No File
CHR Plugin: (Java Platform SE 7 U55) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll => No File
CHR Plugin: (Nexon Game Controller) - C:\ProgramData\NexonUS\NGM\npNxGameUS.dll => No File
CHR Plugin: (Google Update) - C:\Users\cookie\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll => No File
CHR Plugin: (Shockwave Flash) - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll => No File
S2 KMSServerService; C:\windows\KMSServerService\KMS Server Service.exe [211968 2014-12-27] (My Digital Life Forums) [File not signed]
C:\windows\KMSServerService
R2 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [966336 2014-12-04] (@ByELDI) [File not signed]
C:\Program Files\KMSpico
S2 NanoServiceMain; "C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe" [X]
S2 PSUAService; "C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe" [X]
S3 EagleX64; \??\C:\windows\system32\drivers\EagleX64.sys [X]
S3 netr28ux; system32\DRIVERS\netr28ux.sys [X]
S3 vmci; \SystemRoot\system32\DRIVERS\vmci.sys [X]
S3 VMnetAdapter; system32\DRIVERS\vmnetadapter.sys [X]
CustomCLSID: HKU\S-1-5-21-2696656946-2823728835-2560566368-1001_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\cookie\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2696656946-2823728835-2560566368-1001_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\cookie\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2696656946-2823728835-2560566368-1001_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\cookie\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2696656946-2823728835-2560566368-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\cookie\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2696656946-2823728835-2560566368-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\cookie\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2696656946-2823728835-2560566368-1001_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\cookie\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File
Task: {1992ED17-AAB7-4C90-B0D2-49E94C500DFB} - System32\Tasks\{D45924BD-D66B-454B-9190-1D9EA67A2C86} => pcalua.exe -a F:\setup.exe -d F:\
Task: {33DF5B3A-F107-4667-B76E-F7CE984358D5} - System32\Tasks\AutoPico Daily Restart => C:\Program Files\KMSpico\AutoPico.exe [2014-12-04] (@ByELDI)
Task: {EB50DA6A-5BA9-45BC-8EA1-C5A232C22696} - System32\Tasks\{DC7403F6-F2E0-4EAE-88B1-CA4CE0712854} => pcalua.exe -a F:\WD_Windows_Tools\setup.exe -d F:\WD_Windows_Tools
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

System Summary Information

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msinfo32 and press Enter
  • Left click on System Summary
  • Click File, Save, and name the file Summary
  • Zip and attach the file to your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • System Summary Information

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 sqarcle

sqarcle
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:11:59 AM

Posted 13 January 2016 - 08:20 PM

Hi Gary,

 

Following is the fixlog, and attached is the summary file.

 

Fix result of Farbar Recovery Scan Tool (x64) Version:09-01-2015
Ran by cookie (2016-01-13 20:10:12) Run:1
Running from C:\Users\cookie\Desktop
Loaded Profiles: cookie (Available Profiles: cookie)
Boot Mode: Normal
==============================================

fixlist content:
*****************
(@ByELDI) C:\Program Files\KMSpico\Service_KMS.exe
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
GroupPolicyScripts-x32: Restriction <======= ATTENTION
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\.DEFAULT -> DefaultScope {57AF7CDB-9903-47BF-85E4-C26C3355AD6C} URL =
SearchScopes: HKU\S-1-5-21-2696656946-2823728835-2560566368-1001 -> {57AF7CDB-9903-47BF-85E4-C26C3355AD6C} URL =
SearchScopes: HKU\S-1-5-21-2696656946-2823728835-2560566368-1001 -> {76E202F3-D464-4763-A143-705F7C435601} URL =
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\cookie\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.2.464\_platform_specific\win_x86\widevinecdmadapter.dll => No File
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.106\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.106\pdf.dll => No File
CHR Plugin: (Chrome Remote Desktop) - C:\Users\cookie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp\35.0.1916.38_0\remoting_host_plugin.dll => No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL => No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll => No File
CHR Plugin: (Java Deployment Toolkit 7.0.550.14) - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll => No File
CHR Plugin: (Java Platform SE 7 U55) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll => No File
CHR Plugin: (Nexon Game Controller) - C:\ProgramData\NexonUS\NGM\npNxGameUS.dll => No File
CHR Plugin: (Google Update) - C:\Users\cookie\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll => No File
CHR Plugin: (Shockwave Flash) - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll => No File
S2 KMSServerService; C:\windows\KMSServerService\KMS Server Service.exe [211968 2014-12-27] (My Digital Life Forums) [File not signed]
C:\windows\KMSServerService
R2 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [966336 2014-12-04] (@ByELDI) [File not signed]
C:\Program Files\KMSpico
S2 NanoServiceMain; "C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe" [X]
S2 PSUAService; "C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe" [X]
S3 EagleX64; \??\C:\windows\system32\drivers\EagleX64.sys [X]
S3 netr28ux; system32\DRIVERS\netr28ux.sys [X]
S3 vmci; \SystemRoot\system32\DRIVERS\vmci.sys [X]
S3 VMnetAdapter; system32\DRIVERS\vmnetadapter.sys [X]
CustomCLSID: HKU\S-1-5-21-2696656946-2823728835-2560566368-1001_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\cookie\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2696656946-2823728835-2560566368-1001_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\cookie\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2696656946-2823728835-2560566368-1001_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\cookie\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2696656946-2823728835-2560566368-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\cookie\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2696656946-2823728835-2560566368-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\cookie\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2696656946-2823728835-2560566368-1001_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\cookie\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File
Task: {1992ED17-AAB7-4C90-B0D2-49E94C500DFB} - System32\Tasks\{D45924BD-D66B-454B-9190-1D9EA67A2C86} => pcalua.exe -a F:\setup.exe -d F:\
Task: {33DF5B3A-F107-4667-B76E-F7CE984358D5} - System32\Tasks\AutoPico Daily Restart => C:\Program Files\KMSpico\AutoPico.exe [2014-12-04] (@ByELDI)
Task: {EB50DA6A-5BA9-45BC-8EA1-C5A232C22696} - System32\Tasks\{DC7403F6-F2E0-4EAE-88B1-CA4CE0712854} => pcalua.exe -a F:\WD_Windows_Tools\setup.exe -d F:\WD_Windows_Tools
*****************

[2848] C:\Program Files\KMSpico\Service_KMS.exe => process closed successfully.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast" => key removed successfully
HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found.
C:\windows\SysWOW64\GroupPolicy\Machine => moved successfully
C:\windows\SysWOW64\GroupPolicy\GPT.ini => moved successfully
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully
HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
"HKU\S-1-5-21-2696656946-2823728835-2560566368-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{57AF7CDB-9903-47BF-85E4-C26C3355AD6C}" => key removed successfully
HKCR\CLSID\{57AF7CDB-9903-47BF-85E4-C26C3355AD6C} => key not found.
"HKU\S-1-5-21-2696656946-2823728835-2560566368-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{76E202F3-D464-4763-A143-705F7C435601}" => key removed successfully
HKCR\CLSID\{76E202F3-D464-4763-A143-705F7C435601} => key not found.
C:\Users\cookie\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.2.464\_platform_specific\win_x86\widevinecdmadapter.dll => not found.
C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.106\ppGoogleNaClPluginChrome.dll => not found.
C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.106\pdf.dll => not found.
C:\Users\cookie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp\35.0.1916.38_0\remoting_host_plugin.dll => not found.
C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL => not found.
C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL => not found.
C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll => not found.
C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll => not found.
C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll => not found.
C:\ProgramData\NexonUS\NGM\npNxGameUS.dll => not found.
C:\Users\cookie\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll => not found.
C:\windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll => not found.
KMSServerService => service removed successfully
C:\windows\KMSServerService => moved successfully
Service KMSELDI => service removed successfully
C:\Program Files\KMSpico => moved successfully
NanoServiceMain => service could not remove
PSUAService => service could not remove
EagleX64 => service removed successfully
netr28ux => service removed successfully
vmci => service removed successfully
VMnetAdapter => service removed successfully
"HKU\S-1-5-21-2696656946-2823728835-2560566368-1001_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}" => key removed successfully
"HKU\S-1-5-21-2696656946-2823728835-2560566368-1001_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}" => key removed successfully
"HKU\S-1-5-21-2696656946-2823728835-2560566368-1001_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}" => key removed successfully
"HKU\S-1-5-21-2696656946-2823728835-2560566368-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}" => key removed successfully
"HKU\S-1-5-21-2696656946-2823728835-2560566368-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}" => key removed successfully
"HKU\S-1-5-21-2696656946-2823728835-2560566368-1001_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1992ED17-AAB7-4C90-B0D2-49E94C500DFB}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1992ED17-AAB7-4C90-B0D2-49E94C500DFB}" => key removed successfully
C:\windows\System32\Tasks\{D45924BD-D66B-454B-9190-1D9EA67A2C86} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{D45924BD-D66B-454B-9190-1D9EA67A2C86}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{33DF5B3A-F107-4667-B76E-F7CE984358D5}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{33DF5B3A-F107-4667-B76E-F7CE984358D5}" => key removed successfully
C:\windows\System32\Tasks\AutoPico Daily Restart => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AutoPico Daily Restart" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EB50DA6A-5BA9-45BC-8EA1-C5A232C22696}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EB50DA6A-5BA9-45BC-8EA1-C5A232C22696}" => key removed successfully
C:\windows\System32\Tasks\{DC7403F6-F2E0-4EAE-88B1-CA4CE0712854} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{DC7403F6-F2E0-4EAE-88B1-CA4CE0712854}" => key removed successfully


The system needed a reboot.

==== End of Fixlog 20:10:17 ====

Attached Files



#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,022 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:59 AM

Posted 13 January 2016 - 08:58 PM

Hi Vanessa,

I would like to run the Panda Antivirus Uninstaller by downloading and running file from here.

Let me know how that goes then check your computer/Bitdefender behavior.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#7 sqarcle

sqarcle
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:11:59 AM

Posted 13 January 2016 - 09:10 PM

Hi Gary,

 

I downloaded and ran the uninstaller. After rebooting I tried to turn on BitDefender's real time protection and it still didn't work. I've attached a screenshot to my reply, in case you might find it helpful. (side note: BitDefender's firewall is disabled because I disabled it, since Windows Firewall is activated.)

Attached Files



#8 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,022 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:59 AM

Posted 13 January 2016 - 09:25 PM

Before we uninstall and reinstall BitDefender I would like to review a fresh FRST scan. Please make sure to place a check mark in Addition.txt and copy/paste the reports in your reply.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#9 sqarcle

sqarcle
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:11:59 AM

Posted 14 January 2016 - 07:52 AM

Hi Gary,

 

Here are the logs:

 

FRST.txt:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:09-01-2015
Ran by cookie (administrator) on LOLLIPOP (14-01-2016 07:47:06)
Running from C:\Users\cookie\Desktop
Loaded Profiles: cookie (Available Profiles: cookie)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 10 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2016\vsserv.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe
(Bitdefender) C:\Program Files\Bitdefender Agent\ProductAgentService.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2016\updatesrv.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2016\bdagent.exe
(Flux Software LLC) C:\Users\cookie\AppData\Local\FluxSoftware\Flux\flux.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2016\bdwtxag.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Dropbox, Inc.) C:\Users\cookie\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(Google) C:\Users\cookie\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [] => [X]
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [972672 2011-04-27] (TOSHIBA Corporation)
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [562304 2011-06-30] (Conexant Systems, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2679592 2011-02-03] (Synaptics Incorporated)
HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1647616 2012-06-13] (Conexant Systems, Inc.)
HKLM\...\Run: [Bdagent] => C:\Program Files\Bitdefender\Bitdefender 2016\bdagent.exe [1720488 2015-12-10] (Bitdefender)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642216 2012-08-08] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [PSUAMain] => "C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe" /LaunchSysTray
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596528 2015-11-09] (Oracle Corporation)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2015-08-06] (Apple Inc.)
HKU\S-1-5-21-2696656946-2823728835-2560566368-1001\...\Run: [F.lux] => C:\Users\cookie\AppData\Local\FluxSoftware\Flux\flux.exe [1016712 2013-10-15] (Flux Software LLC)
HKU\S-1-5-21-2696656946-2823728835-2560566368-1001\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation)
HKU\S-1-5-21-2696656946-2823728835-2560566368-1001\...\Run: [Google Update] => C:\Users\cookie\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-29] (Google Inc.)
HKU\S-1-5-21-2696656946-2823728835-2560566368-1001\...\Run: [Dropbox Update] => C:\Users\cookie\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-16] (Dropbox, Inc.)
HKU\S-1-5-21-2696656946-2823728835-2560566368-1001\...\Run: [Bitdefender Wallet Agent] => C:\Program Files\Bitdefender\Bitdefender 2016\bdwtxag.exe [1423288 2015-12-10] (Bitdefender)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\cookie\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\cookie\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\cookie\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\cookie\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\cookie\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\cookie\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\cookie\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\cookie\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass FF RunOnce.lnk [2014-01-02]
ShortcutTarget: Install LastPass FF RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk [2014-01-02]
ShortcutTarget: Install LastPass IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass)
Startup: C:\Users\cookie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-12-10]
ShortcutTarget: Dropbox.lnk -> C:\Users\cookie\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{4F249FCB-81DC-4926-A792-CD7E26199F26}: [DhcpNameServer] 209.222.18.222 209.222.18.218
Tcpip\..\Interfaces\{DA9169B1-DA52-4E82-8425-9FBF7B10E283}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKU\S-1-5-21-2696656946-2823728835-2560566368-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.toshiba.com
HKU\S-1-5-21-2696656946-2823728835-2560566368-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://start.toshiba.com
SearchScopes: HKLM -> DefaultScope {57AF7CDB-9903-47BF-85E4-C26C3355AD6C} URL = hxxp://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP
SearchScopes: HKLM -> {57AF7CDB-9903-47BF-85E4-C26C3355AD6C} URL = hxxp://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP
SearchScopes: HKLM-x32 -> DefaultScope {57AF7CDB-9903-47BF-85E4-C26C3355AD6C} URL = hxxp://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP
SearchScopes: HKLM-x32 -> {57AF7CDB-9903-47BF-85E4-C26C3355AD6C} URL = hxxp://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP
SearchScopes: HKU\S-1-5-21-2696656946-2823728835-2560566368-1001 -> DefaultScope {76E202F3-D464-4763-A143-705F7C435601} URL =
SearchScopes: HKU\S-1-5-21-2696656946-2823728835-2560566368-1001 -> {1A66CBE7-5DFC-4C2D-BB8C-00E54510C07B} URL = hxxp://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP
BHO: Bitdefender Wallet  -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender 2016\pmbxie.dll [2015-12-10] (Bitdefender)
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2016-01-13] (Microsoft Corporation)
BHO: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2014-01-02] (LastPass)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\URLREDIR.DLL [2016-01-13] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2016-01-13] (Microsoft Corporation)
BHO-x32: Bitdefender Wallet -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender 2016\Antispam32\pmbxie.dll [2015-12-10] (Bitdefender)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\ssv.dll [2015-12-06] (Oracle Corporation)
BHO-x32: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar.dll [2014-01-02] (LastPass)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\URLREDIR.DLL [2016-01-13] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\jp2ssv.dll [2015-12-06] (Oracle Corporation)
Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2014-01-02] (LastPass)
Toolbar: HKLM - Bitdefender Wallet  - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2016\pmbxie.dll [2015-12-10] (Bitdefender)
Toolbar: HKLM-x32 - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll [2014-01-02] (LastPass)
Toolbar: HKLM-x32 - Bitdefender Wallet - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2016\Antispam32\pmbxie.dll [2015-12-10] (Bitdefender)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-01-13] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-01-13] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-01-13] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-01-13] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\cookie\AppData\Roaming\Mozilla\Firefox\Profiles\5eiwcocj.default-1421186635032
FF DefaultSearchEngine: Google
FF DefaultSearchEngine.US: Google
FF Homepage: google.ca
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_20_0_0_267.dll [2015-12-28] ()
FF Plugin: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2014-01-02] (LastPass)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_267.dll [2015-12-28] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-14] ()
FF Plugin-x32: @gametap.com/npdd,version=1.0 -> C:\Program Files (x86)\Downloader\npdd.dll [2012-07-20] (Metaboli)
FF Plugin-x32: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2015-12-06] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2015-12-06] (Oracle Corporation)
FF Plugin-x32: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass.dll [2014-01-02] (LastPass)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-01-13] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [No File]
FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-02] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2696656946-2823728835-2560566368-1001: @talk.google.com/GoogleTalkPlugin -> C:\Users\cookie\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-2696656946-2823728835-2560566368-1001: @talk.google.com/O1DPlugin -> C:\Users\cookie\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-2696656946-2823728835-2560566368-1001: @tools.google.com/Google Update;version=3 -> C:\Users\cookie\AppData\Local\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-02] (Google Inc.)
FF Plugin HKU\S-1-5-21-2696656946-2823728835-2560566368-1001: @tools.google.com/Google Update;version=9 -> C:\Users\cookie\AppData\Local\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-02] (Google Inc.)
FF Plugin HKU\S-1-5-21-2696656946-2823728835-2560566368-1001: vsee.com/VSeeDetection -> C:\Users\cookie\AppData\Roaming\VSeeInstall\npVSeeDetection.dll [2013-07-29] (VSee Lab)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2015-12-12] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2015-12-12] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2015-12-12] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2015-12-12] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2015-12-12] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\cookie\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\cookie\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Extension: Add to Amazon Wish List Button - C:\Users\cookie\AppData\Roaming\Mozilla\Firefox\Profiles\5eiwcocj.default-1421186635032\extensions\amznUWL2@amazon.com.xpi [2015-05-29]
FF Extension: LastPass - C:\Users\cookie\AppData\Roaming\Mozilla\Firefox\Profiles\5eiwcocj.default-1421186635032\extensions\support@lastpass.com [2016-01-04]
FF Extension: AmazonSmile 1Button for Firefox - C:\Users\cookie\AppData\Roaming\Mozilla\Firefox\Profiles\5eiwcocj.default-1421186635032\Extensions\smile1Button@amazon.com.xpi [2015-05-29]
FF Extension: uBlock Origin - C:\Users\cookie\AppData\Roaming\Mozilla\Firefox\Profiles\5eiwcocj.default-1421186635032\Extensions\uBlock0@raymondhill.net.xpi [2016-01-11]
FF Extension: Boomerang for Gmail - C:\Users\cookie\AppData\Roaming\Mozilla\Firefox\Profiles\5eiwcocj.default-1421186635032\Extensions\{65e41d20-f092-41b7-bb83-c6e8a9ab0f57}.xpi [2015-08-26]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2012-10-06] [not signed]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2012-10-17] [not signed]
FF HKLM\...\Firefox\Extensions: [bdwteffv20@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2016\antispam32\bdwteff
FF Extension: Bitdefender Wallet - C:\Program Files\Bitdefender\Bitdefender 2016\antispam32\bdwteff [2015-12-16]
FF HKLM\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2016\bdtbext
FF Extension: Bitdefender Antispam Toolbar - C:\Program Files\Bitdefender\Bitdefender 2016\bdtbext [2015-12-16] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [bdwteffv20@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2016\antispam32\bdwteff
FF Extension: Bitdefender Wallet - C:\Program Files\Bitdefender\Bitdefender 2016\antispam32\bdwteff [2015-12-16]
FF HKLM-x32\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2016\bdtbext
FF Extension: Bitdefender Antispam Toolbar - C:\Program Files\Bitdefender\Bitdefender 2016\bdtbext [2015-12-16] [not signed]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com
CHR StartupUrls: Default -> "hxxps://gmail.com/","hxxp://facebook.com/","hxxp://tumblr.com/","hxxps://twitter.com/","hxxp://moodle.yorku.ca/","hxxp://mymail.yorku.ca/"
CHR DefaultSearchURL: Default -> hxxps://search.yahoo.com/search?fr=chr-yo_gc&ei=utf-8&ilc=12&type=926458&p={searchTerms}
CHR DefaultSearchKeyword: Default -> yahoo.com search
CHR DefaultSuggestURL: Default -> hxxps://ff.search.yahoo.com/gossip?output=fxjson&command={searchTerms}
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\cookie\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.2.464\_platform_specific\win_x86\widevinecdmadapter.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.106\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.106\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.106\pdf.dll => No File
CHR Plugin: (Chrome Remote Desktop) - C:\Users\cookie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp\35.0.1916.38_0\remoting_host_plugin.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll => No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL => No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll => No File
CHR Plugin: (Downloader Detector) - C:\Program Files (x86)\Downloader\npdd.dll (Metaboli)
CHR Plugin: (Java Deployment Toolkit 7.0.550.14) - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll => No File
CHR Plugin: (Java™ Platform SE 7 U55) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll => No File
CHR Plugin: (NPLastPass) - C:\Program Files (x86)\LastPass\nplastpass.dll (LastPass)
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Nexon Game Controller) - C:\ProgramData\NexonUS\NGM\npNxGameUS.dll => No File
CHR Plugin: (Google Update) - C:\Users\cookie\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll => No File
CHR Plugin: (Google Talk Plugin) - C:\Users\cookie\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
CHR Plugin: (Google Talk Plugin Video Renderer) - C:\Users\cookie\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
CHR Plugin: (VSeeDetection) - C:\Users\cookie\AppData\Roaming\VSeeInstall\npVSeeDetection.dll (VSee Lab)
CHR Plugin: (Shockwave Flash) - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll => No File
CHR Profile: C:\Users\cookie\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (YouTube) - C:\Users\cookie\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-30]
CHR Extension: (Add to Amazon Wish List) - C:\Users\cookie\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced [2013-09-09]
CHR Extension: (uBlock Origin) - C:\Users\cookie\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2016-01-09]
CHR Extension: (Google Search) - C:\Users\cookie\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-01-09]
CHR Extension: (Bitdefender Wallet) - C:\Users\cookie\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhejlifdlcgcmogbggeomfodgklfaem [2016-01-09]
CHR Extension: (Chrome Remote Desktop) - C:\Users\cookie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2016-01-09]
CHR Extension: (AmazonSmile 1Button for Chrome) - C:\Users\cookie\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdgenjhkjihnmigcommchefpajjhdmba [2015-02-21]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\cookie\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2016-01-09]
CHR Extension: (Ella Moss) - C:\Users\cookie\AppData\Local\Google\Chrome\User Data\Default\Extensions\klghmpijngbhkpcnbdjpdbognohonimk [2014-11-22]
CHR Extension: (Chrome Web Store Payments) - C:\Users\cookie\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-10-30]
CHR Extension: (Gmail) - C:\Users\cookie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-06]
CHR HKLM-x32\...\Chrome\Extension: [dhhejlifdlcgcmogbggeomfodgklfaem] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2762936 2016-01-07] (Microsoft Corporation)
S3 fussvc; C:\Program Files (x86)\Windows Kits\8.1\App Certification Kit\fussvc.exe [142336 2014-02-19] (Microsoft Corporation) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [50688 2014-04-28] (Hewlett-Packard) [File not signed]
R2 PandaAgent; C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe [73464 2015-10-28] (Panda Security, S.L.)
S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [66048 2014-04-28] (Hewlett-Packard) [File not signed]
R2 ProductAgentService; C:\Program Files\Bitdefender Agent\ProductAgentService.exe [857288 2015-11-09] (Bitdefender)
S3 Te.Service; C:\Program Files (x86)\Windows Kits\8.1\Testing\Runtimes\TAEF\Wex.Services.exe [119808 2013-08-22] (Microsoft Corporation) [File not signed]
R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender 2016\updatesrv.exe [124488 2015-09-29] (Bitdefender)
R2 VSSERV; C:\Program Files\Bitdefender\Bitdefender 2016\vsserv.exe [1604080 2015-12-09] (Bitdefender)
S3 VSStandardCollectorService140; C:\Program Files (x86)\Microsoft Visual Studio 14.0\Team Tools\DiagnosticsHub\Collector\StandardCollector.Service.exe [50408 2015-04-23] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 NanoServiceMain; "C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe" [X]
S2 PSUAService; "C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe" [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [1600512 2015-10-28] (BitDefender)
R3 avchv; C:\Windows\System32\DRIVERS\avchv.sys [282000 2015-09-17] (BitDefender)
S3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [775424 2015-09-17] (BitDefender)
R1 bdfwfpf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [107080 2012-10-29] (BitDefender LLC)
R1 BDVEDISK; C:\Windows\System32\DRIVERS\bdvedisk.sys [87912 2015-12-04] (BitDefender)
S3 CORK95; C:\Windows\System32\drivers\CORK95.sys [25600 2012-10-31] ( ) [File not signed]
S3 CorsairVBusDriver; C:\Windows\System32\DRIVERS\CorsairVBusDriver.sys [48808 2015-02-03] (Corsair)
S3 CorsairVHidDriver; C:\Windows\System32\DRIVERS\CorsairVHidDriver.sys [22696 2015-02-03] (Corsair)
S3 cpudrv64; C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [17864 2011-06-02] ()
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R0 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [160032 2015-04-29] (BitDefender LLC)
R0 ignis; C:\Windows\System32\DRIVERS\ignis.sys [271808 2015-10-22] (Bitdefender)
R1 NNSALPC; C:\Windows\System32\DRIVERS\NNSAlpc.sys [94456 2015-07-09] (Panda Security, S.L.)
R1 NNSHTTP; C:\Windows\System32\DRIVERS\NNSHttp.sys [201976 2015-07-09] (Panda Security, S.L.)
R1 NNSHTTPS; C:\Windows\System32\DRIVERS\NNSHttps.sys [110840 2015-07-09] (Panda Security, S.L.)
R1 NNSIDS; C:\Windows\System32\DRIVERS\NNSIds.sys [110840 2015-07-09] (Panda Security, S.L.)
R1 NNSNAHSL; C:\Windows\System32\DRIVERS\NNSNAHSL.sys [57648 2015-05-20] (Panda Security, S.L.)
R1 NNSPICC; C:\Windows\System32\DRIVERS\NNSPicc.sys [103160 2015-07-09] (Panda Security, S.L.)
R1 NNSPIHSW; C:\Windows\System32\DRIVERS\NNSPihsw.sys [73464 2015-08-31] (Panda Security, S.L.)
R1 NNSPOP3; C:\Windows\System32\DRIVERS\NNSPop3.sys [124152 2015-07-09] (Panda Security, S.L.)
R1 NNSPROT; C:\Windows\System32\DRIVERS\NNSProt.sys [300280 2015-07-09] (Panda Security, S.L.)
R1 NNSPRV; C:\Windows\System32\DRIVERS\NNSPrv.sys [170232 2015-07-09] (Panda Security, S.L.)
R1 NNSSMTP; C:\Windows\System32\DRIVERS\NNSSmtp.sys [113400 2015-07-09] (Panda Security, S.L.)
R1 NNSSTRM; C:\Windows\System32\DRIVERS\NNSStrm.sys [257784 2015-07-09] (Panda Security, S.L.)
R1 NNSTLSC; C:\Windows\System32\DRIVERS\NNSTlsc.sys [106232 2015-07-09] (Panda Security, S.L.)
R2 PSINAflt; C:\Windows\System32\DRIVERS\PSINAflt.sys [164088 2015-07-19] (Panda Security, S.L.)
R2 PSINFile; C:\Windows\System32\DRIVERS\PSINFile.sys [121592 2015-07-19] (Panda Security, S.L.)
R1 PSINKNC; C:\Windows\System32\DRIVERS\psinknc.sys [197880 2015-07-19] (Panda Security, S.L.)
R2 PSINProc; C:\Windows\System32\DRIVERS\PSINProc.sys [124152 2015-07-19] (Panda Security, S.L.)
R2 PSINProt; C:\Windows\System32\DRIVERS\PSINProt.sys [134392 2015-07-19] (Panda Security, S.L.)
R2 PSINReg; C:\Windows\System32\DRIVERS\PSINReg.sys [107768 2015-07-19] (Panda Security, S.L.)
S3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [61712 2015-05-22] (Panda Security, S.L.)
R3 RTWlanE; C:\Windows\System32\DRIVERS\rtwlane.sys [1514568 2013-05-02] (Realtek Semiconductor Corporation                           )
R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [477272 2015-06-02] (BitDefender S.R.L.)
S3 usbbus; C:\Windows\System32\DRIVERS\lgx64bus.sys [17920 2008-11-11] (LG Electronics Inc.)
S3 USBModem; C:\Windows\System32\DRIVERS\lgx64modem.sys [33792 2008-11-11] (LG Electronics Inc.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-01-13 21:00 - 2016-01-13 21:02 - 00000000 ____D C:\SMCLpav
2016-01-13 20:19 - 2016-01-13 20:19 - 00138324 _____ C:\Users\cookie\Desktop\Summary.zip
2016-01-13 20:18 - 2016-01-13 20:18 - 04289108 _____ C:\Users\cookie\Desktop\Summary.nfo
2016-01-13 20:10 - 2016-01-13 20:10 - 00010258 _____ C:\Users\cookie\Desktop\Fixlog.txt
2016-01-13 19:08 - 2015-07-18 08:08 - 00984448 _____ (Microsoft Corporation) C:\windows\system32\ucrtbase.dll
2016-01-13 19:08 - 2015-07-18 08:08 - 00901264 _____ (Microsoft Corporation) C:\windows\SysWOW64\ucrtbase.dll
2016-01-13 19:08 - 2015-07-18 08:08 - 00066400 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2016-01-13 19:08 - 2015-07-18 08:08 - 00063840 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-private-l1-1-0.dll
2016-01-13 19:08 - 2015-07-18 08:08 - 00022368 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2016-01-13 19:08 - 2015-07-18 08:08 - 00020832 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-math-l1-1-0.dll
2016-01-13 19:08 - 2015-07-18 08:08 - 00019808 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2016-01-13 19:08 - 2015-07-18 08:08 - 00019808 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2016-01-13 19:08 - 2015-07-18 08:08 - 00017760 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2016-01-13 19:08 - 2015-07-18 08:08 - 00017760 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2016-01-13 19:08 - 2015-07-18 08:08 - 00017760 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-string-l1-1-0.dll
2016-01-13 19:08 - 2015-07-18 08:08 - 00017760 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2016-01-13 19:08 - 2015-07-18 08:08 - 00016224 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2016-01-13 19:08 - 2015-07-18 08:08 - 00016224 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2016-01-13 19:08 - 2015-07-18 08:08 - 00015712 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2016-01-13 19:08 - 2015-07-18 08:08 - 00015712 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2016-01-13 19:08 - 2015-07-18 08:08 - 00014176 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2016-01-13 19:08 - 2015-07-18 08:08 - 00014176 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll
2016-01-13 19:08 - 2015-07-18 08:08 - 00014176 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-time-l1-1-0.dll
2016-01-13 19:08 - 2015-07-18 08:08 - 00014176 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localization-l1-2-0.dll
2016-01-13 19:08 - 2015-07-18 08:08 - 00013664 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2016-01-13 19:08 - 2015-07-18 08:08 - 00013664 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2016-01-13 19:08 - 2015-07-18 08:08 - 00012640 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2016-01-13 19:08 - 2015-07-18 08:08 - 00012640 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2016-01-13 19:08 - 2015-07-18 08:08 - 00012640 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2016-01-13 19:08 - 2015-07-18 08:08 - 00012640 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-process-l1-1-0.dll
2016-01-13 19:08 - 2015-07-18 08:08 - 00012640 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2016-01-13 19:08 - 2015-07-18 08:08 - 00012640 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2016-01-13 19:08 - 2015-07-18 08:08 - 00012128 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2016-01-13 19:08 - 2015-07-18 08:08 - 00012128 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2016-01-13 19:08 - 2015-07-18 08:08 - 00012128 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2016-01-13 19:08 - 2015-07-18 08:08 - 00012128 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll
2016-01-13 19:08 - 2015-07-18 08:08 - 00012128 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll
2016-01-13 19:08 - 2015-07-18 08:08 - 00012128 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2016-01-13 19:08 - 2015-07-18 08:08 - 00012128 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2016-01-13 19:08 - 2015-07-18 08:08 - 00012128 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2016-01-13 19:08 - 2015-07-18 08:08 - 00012128 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
2016-01-13 19:08 - 2015-07-18 08:08 - 00012128 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2016-01-13 19:08 - 2015-07-18 08:08 - 00011616 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-eventing-provider-l1-1-0.dll
2016-01-13 19:08 - 2015-07-18 08:08 - 00011616 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll
2016-01-13 19:08 - 2015-07-18 08:08 - 00011616 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll
2016-01-13 19:08 - 2015-07-18 08:08 - 00011616 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll
2016-01-13 19:08 - 2015-07-18 08:08 - 00011616 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll
2016-01-13 19:08 - 2015-07-18 08:08 - 00011616 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-eventing-provider-l1-1-0.dll
2016-01-13 19:08 - 2015-07-18 08:08 - 00011616 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2016-01-13 19:08 - 2015-07-18 08:08 - 00011616 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2016-01-13 19:08 - 2015-07-18 08:08 - 00011616 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-core-file-l2-1-0.dll
2016-01-13 19:08 - 2015-07-18 08:08 - 00011616 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-core-file-l1-2-0.dll
2016-01-13 18:38 - 2016-01-13 18:38 - 00002387 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word 2016.lnk
2016-01-13 18:38 - 2016-01-13 18:38 - 00002386 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint 2016.lnk
2016-01-13 18:38 - 2016-01-13 18:38 - 00002350 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access 2016.lnk
2016-01-13 18:38 - 2016-01-13 18:38 - 00002349 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel 2016.lnk
2016-01-13 18:38 - 2016-01-13 18:38 - 00002343 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook 2016.lnk
2016-01-13 18:38 - 2016-01-13 18:38 - 00002337 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher 2016.lnk
2016-01-13 18:38 - 2016-01-13 18:38 - 00002329 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk
2016-01-13 18:38 - 2016-01-13 18:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016 Tools
2016-01-13 18:32 - 2016-01-14 06:13 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2016-01-13 18:32 - 2016-01-13 18:32 - 00000000 ____D C:\Program Files\Microsoft Office 15
2016-01-13 18:31 - 2016-01-13 18:31 - 03187368 _____ (Microsoft Corporation) C:\Users\cookie\Downloads\Setup.X86.en-US_O365HomePremRetail_7b5ceb26-1576-462b-a135-537a10cee918_TX_PR_.exe
2016-01-13 18:26 - 2016-01-14 07:48 - 00031273 _____ C:\Users\cookie\Desktop\FRST.txt
2016-01-13 18:26 - 2016-01-13 18:28 - 00061177 _____ C:\Users\cookie\Desktop\Addition.txt
2016-01-12 10:05 - 2016-01-12 10:05 - 00000000 ____D C:\Users\cookie\Documents\5 Minute Yoga
2016-01-11 07:45 - 2016-01-11 08:03 - 00000194 _____ C:\Users\cookie\Documents\adapt scattergories.txt
2016-01-10 09:59 - 2016-01-14 07:47 - 00000000 ____D C:\FRST
2016-01-10 09:58 - 2016-01-10 09:58 - 02370560 _____ (Farbar) C:\Users\cookie\Desktop\FRST64.exe
2016-01-09 15:06 - 2016-01-09 15:06 - 00001874 _____ C:\Users\cookie\AppData\Roaming\Microsoft\Windows\Start Menu\ELAN 4.9.2.lnk
2016-01-09 15:06 - 2016-01-09 15:06 - 00000000 ____D C:\Program Files (x86)\ELAN 4.9.2
2016-01-09 15:03 - 2016-01-09 15:05 - 80950717 _____ (Macrovision) C:\Users\cookie\Downloads\ELAN_4-9-2_win.exe
2016-01-09 12:55 - 2016-01-09 13:58 - 00001058 _____ C:\Users\cookie\Documents\github.txt
2016-01-07 09:27 - 2016-01-07 09:27 - 00000037 _____ C:\Users\cookie\Documents\adapt vocab.txt
2016-01-07 09:26 - 2016-01-07 09:26 - 00625848 _____ (Microsoft Corporation) C:\windows\system32\msvcp140.dll
2016-01-07 09:26 - 2016-01-07 09:26 - 00381128 _____ (Microsoft Corporation) C:\windows\system32\vccorlib140.dll
2016-01-07 09:26 - 2016-01-07 09:26 - 00323792 _____ (Microsoft Corporation) C:\windows\system32\concrt140.dll
2016-01-07 09:26 - 2016-01-07 09:26 - 00079544 _____ (Microsoft Corporation) C:\windows\system32\vcruntime140.dll
2016-01-07 07:34 - 2016-01-07 07:34 - 00430264 _____ (Microsoft Corporation) C:\windows\SysWOW64\msvcp140.dll
2016-01-07 07:34 - 2016-01-07 07:34 - 00257736 _____ (Microsoft Corporation) C:\windows\SysWOW64\vccorlib140.dll
2016-01-07 07:34 - 2016-01-07 07:34 - 00234192 _____ (Microsoft Corporation) C:\windows\SysWOW64\concrt140.dll
2016-01-07 07:34 - 2016-01-07 07:34 - 00075960 _____ (Microsoft Corporation) C:\windows\SysWOW64\vcruntime140.dll
2016-01-07 06:08 - 2016-01-07 06:08 - 00000385 _____ C:\Users\cookie\AppData\Roaminguser_gensett.xml
2016-01-06 09:33 - 2016-01-13 21:01 - 00007101 _____ C:\bdlog.txt
2016-01-05 09:02 - 2016-01-05 09:02 - 00413908 _____ C:\ProgramData\1452001207.bdinstall.bin
2016-01-05 09:02 - 2016-01-05 09:02 - 00000385 _____ C:\windows\system32\user_gensett.xml
2016-01-05 09:01 - 2016-01-05 09:01 - 00000684 ____H C:\bdr-cf01
2016-01-05 09:00 - 2016-01-05 09:00 - 00000000 ____H C:\windows\system32\Drivers\Msft_Kernel_avchv_01009.Wdf
2016-01-05 09:00 - 2016-01-05 09:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bitdefender 2016
2016-01-05 09:00 - 2016-01-05 09:00 - 00000000 ____D C:\ProgramData\BDLogging
2016-01-05 08:59 - 2007-04-11 10:11 - 00511328 _____ (Microsoft Corporation) C:\windows\capicom.dll
2016-01-05 08:58 - 2015-12-04 19:27 - 00087912 _____ (BitDefender) C:\windows\system32\Drivers\bdvedisk.sys
2016-01-05 08:58 - 2015-10-28 13:01 - 01600512 _____ (BitDefender) C:\windows\system32\Drivers\avc3.sys
2016-01-05 08:58 - 2015-10-22 14:02 - 00271808 _____ (Bitdefender) C:\windows\system32\Drivers\ignis.sys
2016-01-05 08:58 - 2015-09-17 21:24 - 00282000 _____ (BitDefender) C:\windows\system32\Drivers\avchv.sys
2016-01-05 08:58 - 2015-09-17 21:23 - 00775424 _____ (BitDefender) C:\windows\system32\Drivers\avckf.sys
2016-01-05 08:57 - 2016-01-05 09:07 - 00000000 ____D C:\Users\cookie\AppData\Roaming\Bitdefender
2016-01-05 08:57 - 2016-01-05 09:01 - 00253404 ____H C:\bdr-ld01
2016-01-05 08:57 - 2016-01-05 09:01 - 00009216 ____H C:\bdr-ld01.mbr
2016-01-05 08:57 - 2015-12-15 21:35 - 49760229 ____H C:\bdr-im01.gz
2016-01-05 08:57 - 2013-08-13 12:38 - 03271472 ____H C:\bdr-bz01
2016-01-05 08:18 - 2016-01-05 09:19 - 00000000 ____D C:\ProgramData\Bitdefender
2016-01-05 08:18 - 2015-04-29 13:32 - 00160032 ____N (BitDefender LLC) C:\windows\system32\Drivers\gzflt.sys
2016-01-05 08:17 - 2016-01-05 08:18 - 00000000 ____D C:\Program Files\Common Files\Bitdefender
2016-01-05 08:17 - 2016-01-05 08:17 - 00000000 ____D C:\Users\cookie\AppData\Roaming\QuickScan
2016-01-05 08:17 - 2016-01-05 08:17 - 00000000 ____D C:\Program Files\Bitdefender
2016-01-05 08:17 - 2015-06-02 14:21 - 00477272 _____ (BitDefender S.R.L.) C:\windows\system32\Drivers\trufos.sys
2016-01-05 08:13 - 2016-01-14 07:13 - 00000000 ____D C:\Program Files\Bitdefender Agent
2016-01-05 08:13 - 2016-01-05 08:13 - 09736896 _____ C:\Users\cookie\Downloads\bitdefender_antivirus.exe
2016-01-05 08:13 - 2016-01-05 08:13 - 00003640 _____ C:\windows\System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864
2016-01-05 08:13 - 2016-01-05 08:13 - 00000000 ____D C:\ProgramData\Bitdefender Agent
2016-01-04 20:00 - 2016-01-04 20:00 - 00162208 _____ C:\Users\cookie\Downloads\Antivirus_Free_Edition.exe
2016-01-04 19:36 - 2016-01-13 20:59 - 00757656 _____ C:\Users\cookie\Downloads\UNINSTALLER.exe
2015-12-30 12:38 - 2015-12-30 12:38 - 00000737 _____ C:\Users\cookie\Documents\back bend sequence.txt
2015-12-30 00:31 - 2015-12-30 00:31 - 00514238 _____ C:\Users\cookie\Documents\TBS Order Confirmation.pdf
2015-12-29 23:06 - 2015-12-29 23:06 - 00085064 _____ C:\Users\cookie\Documents\TBS Gift Card.pdf
2015-12-28 16:37 - 2015-12-28 16:37 - 05124251 _____ C:\Users\cookie\Documents\530180+Natural+Selection (1).pdf
2015-12-23 16:52 - 2015-12-23 16:52 - 00000116 _____ C:\Users\cookie\Documents\python.txt
2015-12-23 14:42 - 2015-12-28 13:38 - 00000161 _____ C:\Users\cookie\Documents\script.txt

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-01-14 07:38 - 2015-06-16 14:28 - 00000922 _____ C:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2696656946-2823728835-2560566368-1001UA.job
2016-01-14 07:32 - 2013-04-27 18:25 - 00000912 _____ C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2696656946-2823728835-2560566368-1001UA.job
2016-01-14 07:24 - 2012-11-12 10:47 - 00000830 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2016-01-14 07:06 - 2014-11-30 18:07 - 00000898 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-01-14 06:31 - 2013-04-27 18:25 - 00000860 _____ C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2696656946-2823728835-2560566368-1001Core.job
2016-01-14 06:30 - 2009-07-13 23:45 - 00024608 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-01-14 06:30 - 2009-07-13 23:45 - 00024608 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-01-14 06:14 - 2009-07-13 22:20 - 00000000 ____D C:\windows\inf
2016-01-13 21:04 - 2012-09-04 07:55 - 00000000 ___RD C:\Users\cookie\Dropbox
2016-01-13 21:03 - 2014-11-30 18:07 - 00000894 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-01-13 21:03 - 2014-01-02 19:25 - 00000000 ____D C:\Users\cookie\AppData\LocalLow\LastPass
2016-01-13 21:03 - 2012-08-08 12:23 - 00000000 ____D C:\Users\cookie\AppData\Roaming\Dropbox
2016-01-13 21:02 - 2009-07-14 00:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2016-01-13 20:38 - 2015-06-16 14:28 - 00000870 _____ C:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2696656946-2823728835-2560566368-1001Core.job
2016-01-13 20:10 - 2015-03-29 16:01 - 00000000 ____D C:\Users\cookie\AppData\Local\CrashDumps
2016-01-13 20:10 - 2009-07-13 22:20 - 00000000 ____D C:\windows\SysWOW64\GroupPolicy
2016-01-13 20:10 - 2009-07-13 22:20 - 00000000 ____D C:\Windows
2016-01-13 20:06 - 2012-08-08 12:22 - 00000000 ____D C:\Users\cookie\AppData\Roaming\uTorrent
2016-01-13 19:43 - 2012-08-08 11:50 - 00113840 _____ C:\Users\cookie\AppData\Local\GDIPFONTCACHEV1.DAT
2016-01-13 19:34 - 2009-07-14 00:13 - 00782510 _____ C:\windows\system32\PerfStringBackup.INI
2016-01-13 19:28 - 2009-07-13 23:45 - 00513288 _____ C:\windows\system32\FNTCACHE.DAT
2016-01-13 19:27 - 2012-08-22 12:20 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-01-13 18:47 - 2014-12-26 23:20 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-01-13 18:34 - 2009-07-13 22:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2016-01-13 18:03 - 2012-08-08 13:54 - 00000000 ____D C:\ProgramData\Microsoft Help
2016-01-13 18:01 - 2010-11-21 02:16 - 00000000 ____D C:\windows\ShellNew
2016-01-13 17:58 - 2009-07-13 21:34 - 00000387 _____ C:\windows\win.ini
2016-01-13 06:46 - 2012-08-22 12:20 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-01-09 15:21 - 2015-07-21 14:36 - 00000000 ____D C:\Program Files (x86)\ELAN_4.9.1
2016-01-09 15:20 - 2015-06-23 08:45 - 00000000 ____D C:\Program Files (x86)\ELAN_4.9.0
2016-01-09 15:08 - 2014-12-14 15:27 - 00000000 ____D C:\Program Files (x86)\ELAN 4.8.1
2016-01-09 10:56 - 2015-12-12 16:38 - 00000000 ____D C:\Program Files\ZScreen
2016-01-08 11:56 - 2015-03-31 08:11 - 00000000 ___SD C:\windows\system32\GWX
2016-01-08 11:56 - 2012-08-08 13:57 - 00000000 ____D C:\windows\System32\Tasks\OfficeSoftwareProtectionPlatform
2016-01-08 11:56 - 2009-07-13 22:20 - 00000000 ____D C:\windows\registration
2016-01-08 08:58 - 2012-08-08 11:46 - 00000000 ____D C:\Users\cookie
2016-01-05 08:30 - 2013-04-21 17:41 - 00000000 ____D C:\ProgramData\NexonUS
2016-01-04 19:39 - 2014-06-14 08:25 - 00000000 ____D C:\Users\cookie\AppData\Roaming\Panda Security
2016-01-04 08:24 - 2015-05-04 12:56 - 00000000 ____D C:\Program Files (x86)\Corsair
2016-01-02 16:58 - 2013-10-25 16:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YNAB 4
2016-01-02 16:58 - 2013-10-25 16:12 - 00000000 ____D C:\Program Files (x86)\YNAB 4
2016-01-02 14:20 - 2012-11-12 10:47 - 00003768 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
2016-01-02 14:19 - 2012-11-12 10:47 - 00796864 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2016-01-02 14:19 - 2011-11-01 22:40 - 00142528 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-12-18 15:23 - 2009-07-13 22:20 - 00000000 ____D C:\windows\system32\NDF
2015-12-17 06:33 - 2012-08-22 05:24 - 00000000 ____D C:\Users\cookie\AppData\Roaming\Mozilla
2015-12-17 05:58 - 2015-07-13 13:22 - 00000000 ____D C:\Users\cookie\AppData\Local\Spotify
2015-12-17 05:58 - 2015-07-13 13:21 - 00000000 ____D C:\Users\cookie\AppData\Roaming\Spotify

==================== Files in the root of some directories =======

2014-01-02 19:26 - 2014-01-02 19:26 - 13024768 _____ (LastPass) C:\Program Files (x86)\Common Files\lpuninstall.exe
2013-07-07 17:42 - 2013-07-07 17:42 - 0000037 ___SH () C:\Users\cookie\AppData\Local\70149b02515b3bb20dd492.47983420
2013-06-08 11:47 - 2014-09-15 16:27 - 0000600 _____ () C:\Users\cookie\AppData\Local\PUTTY.RND
2016-01-05 09:02 - 2016-01-05 09:02 - 0413908 _____ () C:\ProgramData\1452001207.bdinstall.bin
2012-08-15 15:16 - 2014-12-14 17:31 - 0015687 _____ () C:\ProgramData\hpzinstall.log

Files to move or delete:
====================
C:\Users\cookie\comcat5.dll


Some files in TEMP:
====================
C:\Users\cookie\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp3yzmep.dll
C:\Users\cookie\AppData\Local\Temp\ICReinstall_Adobe Garamond Pro Regular.exe
C:\Users\cookie\AppData\Local\Temp\jre-8u60-windows-au.exe
C:\Users\cookie\AppData\Local\Temp\jre-8u65-windows-au.exe
C:\Users\cookie\AppData\Local\Temp\jre-8u66-windows-au.exe
C:\Users\cookie\AppData\Local\Temp\NGM.exe
C:\Users\cookie\AppData\Local\Temp\NGMDll.dll
C:\Users\cookie\AppData\Local\Temp\NGMResource.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\SysWOW64\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-01-10 13:53

==================== End of FRST.txt ============================

 

Addition.txt:

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:09-01-2015
Ran by cookie (2016-01-14 07:48:50)
Running from C:\Users\cookie\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2012-08-08 16:46:51)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2696656946-2823728835-2560566368-500 - Administrator - Disabled)
cookie (S-1-5-21-2696656946-2823728835-2560566368-1001 - Administrator - Enabled) => C:\Users\cookie
Guest (S-1-5-21-2696656946-2823728835-2560566368-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Bitdefender Antivirus (Enabled - Out of date) {9A0813D8-CED6-F86B-072E-28D2AF25A83D}
AS: Bitdefender Antispyware (Enabled - Out of date) {2169F23C-E8EC-F7E5-3D9E-13A0D4A2E280}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Bitdefender Firewall (Enabled) {A23392FD-84B9-F933-2C71-81E751F6EF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (Version: 17.2.1 - Hewlett-Packard) Hidden
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.009.20079 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.6.0.19140 - Adobe Systems Incorporated)
Adobe Flash Player 20 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 20.0.0.270 - Adobe Systems Incorporated)
Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.267 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{54813D9E-06CB-128C-A78F-A93AD4588598}) (Version: 8.0.881.0 - Advanced Micro Devices, Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{C5815ACF-FD34-4553-8A22-C7411B7E662B}) (Version: 4.1.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{CBF12D2F-CF64-4CB7-858B-2C1F21068E5F}) (Version: 4.1.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
Application Insights Tools for Visual Studio 2015 RC (x32 Version: 3.2 - Microsoft Corporation) Hidden
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.1.42 - Atheros Communications Inc.)
Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
AzureTools.Notifications (x32 Version: 2.6.30331.1601 - Microsoft Corporation) Hidden
Bitdefender Agent (HKLM\...\Bitdefender Agent) (Version: 20.0.23.1252 - Bitdefender)
Bitdefender Total Security 2016 (HKLM\...\Bitdefender) (Version: 20.0.24.1290 - Bitdefender)
Blend for Visual Studio SDK for .NET 4.5 (x32 Version: 3.0.40218.0 - Microsoft Corporation) Hidden
Blend for Visual Studio SDK for Silverlight 5 (x32 Version: 3.0.40218.0 - Microsoft Corporation) Hidden
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Bullzip PDF Printer 10.11.0.2338 (HKLM\...\Bullzip PDF Printer_is1) (Version: 10.11.0.2338 - Bullzip)
calibre (HKLM-x32\...\{B4B62C79-A41D-47C6-B689-0416BEA6678F}) (Version: 2.35.0 - Kovid Goyal)
CameraHelperMsi (x32 Version: 13.51.815.0 - Logitech) Hidden
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.54.44.0 - Conexant)
Dotfuscator and Analytics Community Edition 5.18.0 (x32 Version: 5.18.0.2789 - PreEmptive Solutions) Hidden
Download Windows Universal Tools (x32 Version: 14.0.22823 - Microsoft Corporation) Hidden
Downloader (HKLM-x32\...\Downloader) (Version:  - )
Dropbox (HKU\S-1-5-21-2696656946-2823728835-2560566368-1001\...\Dropbox) (Version: 3.12.5 - Dropbox, Inc.)
ELAN 4.9.2 (HKLM-x32\...\ELAN 4.9.2) (Version: 4.9.2.0 - MPI - The Language Archive)
Entity Framework 6.1.3 Tools  for Visual Studio 2015 (HKLM-x32\...\{1A8A9739-BAD7-491F-B5B9-A79A2B965422}) (Version: 14.0.40302.0 - Microsoft Corporation)
erLT (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
Extended Asian Language font pack for Adobe Reader XI (HKLM-x32\...\{AC76BA86-7AD7-2530-0000-A00000000004}) (Version: 11.0.0 - Adobe Systems Incorporated)
f.lux (HKU\S-1-5-21-2696656946-2823728835-2560566368-1001\...\Flux) (Version:  - )
FileZilla Client 3.14.0 (HKLM-x32\...\FileZilla Client) (Version: 3.14.0 - Tim Kosse)
Firestorm-Release (remove only) (HKLM-x32\...\Firestorm-Release) (Version:  - )
Free Scan to PDF (HKLM-x32\...\{11586A4D-F255-4D52-A612-7D2DAADC1773}) (Version: 1.0.0 - freepdfsolutions.com)
Git version 1.9.4-preview20140929 (HKLM-x32\...\Git_is1) (Version: 1.9.4-preview20140929 - The Git Development Community)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 47.0.2526.106 - Google Inc.)
Google Talk Plugin (HKLM-x32\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 5.41.3.0 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.29.1 - Google Inc.) Hidden
HP Photosmart D110 All-In-One Driver 14.0 Rel. 7 (HKLM\...\{14BC6853-A74E-4874-B50D-679889D1544D}) (Version: 14.0 - HP)
IIS 10.0 Express (HKLM\...\{5456A561-2429-411B-B2C8-CAE4411D446B}) (Version: 10.0.1733 - Microsoft Corporation)
IIS Express Application Compatibility Database for x64 (HKLM\...\{08274920-8908-45c2-9258-8ad67ff77b09}.sdb) (Version:  - )
IIS Express Application Compatibility Database for x86 (HKLM\...\{ad846bae-d44b-4722-abad-f7420e08bcd9}.sdb) (Version:  - )
inSSIDer 3 (HKLM-x32\...\{A80CEA4E-74C1-4F9F-806B-E1D9AFC01768}) (Version: 3.0.7.48 - MetaGeek, LLC)
iTunes (HKLM\...\{0D44E3A4-6C3D-45D7-B443-079509E5BE5D}) (Version: 12.3.2.35 - Apple Inc.)
Jaikoz (64-bit) 8.2.5 (HKLM\...\Jaikoz (64-bit) 8.2.5) (Version: 8.2.5 - )
Java 8 Update 66 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218066F0}) (Version: 8.0.660.18 - Oracle Corporation)
Jet Set Radio (HKLM-x32\...\Steam App 205950) (Version:  - Blit Software)
KeePass Password Safe 2.22 (HKLM-x32\...\KeePassPasswordSafe2_is1) (Version:  - Dominik Reichl)
KMSpico (HKLM\...\{8B29D47F-92E2-4C20-9EE0-F710991F5D7C}_is1) (Version:  - )
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
LastPass (uninstall only) (HKLM-x32\...\LastPass) (Version:  - LastPass)
LG USB Modem driver (HKLM-x32\...\{C3ABE126-2BB2-4246-BFE1-6797679B3579}) (Version:  - )
Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.51 - Logitech Inc.)
Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU) (HKLM-x32\...\{D3517C62-68A5-37CF-92F7-93C029A89681}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM-x32\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 SDK (HKLM-x32\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (ENU) (HKLM-x32\...\{290FC320-2F5A-329E-8840-C4193BD7A9EE}) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (HKLM-x32\...\{B941AFB4-8851-33A1-9E72-0C33D463C41C}) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.6 RC (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.00057 - Microsoft Corporation)
Microsoft .NET Framework 4.6 RC Multi-Targeting Pack (ENU) (HKLM-x32\...\{E689C2B1-3711-4FF7-95C4-1F4932A2B493}) (Version: 4.6.00057 - Microsoft Corporation)
Microsoft .NET Framework 4.6 RC Multi-Targeting Pack (HKLM-x32\...\{F1052F45-79C1-48D6-979F-CC5B6F864615}) (Version: 4.6.00057 - Microsoft Corporation)
Microsoft .NET Framework 4.6 RC SDK (HKLM-x32\...\{7318F8D8-AFC9-499C-9909-1CA56E7E7FB4}) (Version: 4.6.00057 - Microsoft Corporation)
Microsoft .NET Version Manager (x64) 1.0.0-beta4 (HKLM\...\{a87918f8-8462-36ae-ab64-5bac8473c726}) (Version: 1.0.10413.0 - Microsoft Corporation)
Microsoft Help Viewer 2.2 (HKLM-x32\...\Microsoft Help Viewer 2.2) (Version: 2.2.22823 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.1.177.0 - Microsoft Corporation)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.6366.2056 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Command Line Utilities  (HKLM\...\{9D573E71-1077-4C7E-B4DB-4E22A5D2B48B}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client  (HKLM\...\{49D665A2-4C2A-476E-9AB8-FCC425F526FC}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2014 Express LocalDB  (HKLM\...\{AB8DE9BA-19E1-446A-BCFA-6B3DA9751E21}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects  (HKLM-x32\...\{2774595F-BC2A-4B12-A25B-0C37A37049B0}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects  (x64) (HKLM\...\{1F9EB3B6-AED7-4AA7-B8F1-8E314B74B2A5}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Transact-SQL ScriptDom  (HKLM\...\{020CDFE0-C127-4047-B571-37C82396B662}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 T-SQL Language Service  (HKLM-x32\...\{47D08E7A-92A1-489B-B0BF-415516497BCE}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools - enu (14.0.50325.0) (HKLM-x32\...\{91A6AD24-DADE-407B-B19B-65000C22B931}) (Version: 14.0.50325.0 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM\...\{68BA34E8-9B9D-4A74-83F0-7D366B532D75}) (Version: 12.0.2402.11 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM-x32\...\{718FFB65-F6E4-4D62-861F-ED10ED32C936}) (Version: 12.0.2402.11 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 RC Redistributable (x64) - 14.0.22816 (HKLM-x32\...\{e2495eb6-cca8-47aa-91ea-3410ca44d7b7}) (Version: 14.0.22816.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 RC Redistributable (x86) - 14.0.22816 (HKLM-x32\...\{714692fa-709b-4925-8170-821d51135f42}) (Version: 14.0.22816.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio Community 2015 RC (HKLM-x32\...\{d79c19c8-760e-4fc2-a85a-8a89093b59e6}) (Version: 14.0.22823 - Microsoft Corporation)
Microsoft Web Deploy 3.6 Beta3 (HKLM\...\{07F0FC77-282E-42E5-BAE6-B8C098F8453E}) (Version: 3.1238.1942 - Microsoft Corporation)
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{D9C50188-12D5-4D3E-8F00-682346C2AA5F}) (Version: 1.20.146.0 - Microsoft)
MiKTeX 2.9 (HKLM\...\MiKTeX 2.9) (Version: 2.9 - MiKTeX.org)
Mozilla Firefox 43.0.4 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 43.0.4 (x86 en-US)) (Version: 43.0.4 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 43.0.4.5848 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Multi-Device Hybrid Apps using C# - Templates - ENU (x32 Version: 14.0.22823 - Microsoft Corporation) Hidden
Network64 (Version: 140.0.212.000 - Hewlett-Packard) Hidden
Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.6326.1019 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.6326.1019 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (x32 Version: 16.0.6326.1019 - Microsoft Corporation) Hidden
paint.net (HKLM\...\{DF3A46D9-67B3-44B2-9D01-25C8BA772C8A}) (Version: 4.0.6 - dotPDN LLC)
Panda Devices Agent (x32 Version: 1.06.00 - Panda Security) Hidden
Panda Free Antivirus (Version: 8.04.00.0000 - Panda Security) Hidden
PeerBlock 1.2 (r693) (HKLM\...\{015C5B35-B678-451C-9AEE-821E8D69621C}_is1) (Version: 1.2.0.693 - PeerBlock, LLC)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
pomodairo (HKLM-x32\...\pomodairo.1041936B6D0707C313E2E169D771193A7DFBADCC.1) (Version: 1.9 - UNKNOWN)
pomodairo (x32 Version: 1.9 - UNKNOWN) Hidden
Popcorn Time (HKU\S-1-5-21-2696656946-2823728835-2560566368-1001\...\Popcorn Time) (Version:  - Popcorn Official)
PowerShellIntegration.Notifications (x32 Version: 2.6.0.0 - Microsoft Corporation) Hidden
PreEmptive Analytics Visual Studio Components (x32 Version: 1.2.3197.1 - PreEmptive Solutions) Hidden
Prerequisites for SSDT  (HKLM-x32\...\{21373064-AD95-48DB-A32E-0D9E08EF7355}) (Version: 12.0.2000.8 - Microsoft Corporation)
Private Internet Access Support Files (HKLM-x32\...\{7D72DAFF-DCB2-437B-BC22-4B2ABF21462B}) (Version: 1.0.0.0 - Private Internet Access)
PS_AIO_07_D110_SW_Min (x32 Version: 140.0.142.000 - Hewlett-Packard) Hidden
Python 2.7.10 (HKLM-x32\...\{E2B51919-207A-43EB-AE78-733F9C6797C2}) (Version: 2.7.10150 - Python Software Foundation)
Python 2.7.6 (64-bit) (HKLM\...\{C3CC4DF5-39A5-4027-B136-2B3E1F5AB6E3}) (Version: 2.7.6150 - Python Software Foundation)
Python 3.4 matplotlib-1.4.2 (HKLM-x32\...\matplotlib-py3.4) (Version:  - )
Python 3.4 numpy-1.8.1 (HKLM-x32\...\numpy-py3.4) (Version:  - )
Python 3.4 pyparsing-2.0.3 (HKU\S-1-5-21-2696656946-2823728835-2560566368-1001\...\pyparsing-py3.4) (Version:  - )
Python 3.4.2 (HKLM-x32\...\{2583CDBA-8A53-4622-BB67-1D163714C1B4}) (Version: 3.4.16349 - Python Software Foundation)
Python Tools Redirection Template (x32 Version: 0.7.4100.000 - Microsoft Corporation) Hidden
QuickTime 7 (HKLM-x32\...\{80CEEB1E-0A6C-45B9-A312-37A1D25FDEBC}) (Version: 7.78.80.95 - Apple Inc.)
Realtek USB 2.0 Reader Driver (HKLM-x32\...\{62BBB2F0-E220-4821-A564-730807D2C34D}) (Version: 1.0.0.14 - Realtek Semiconductor Corp.)
Realtek WLAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4fed-B2B9-173001290E16}) (Version: 2.00.0013 - REALTEK Semiconductor Corp.)
Roslyn Language Services - x86 (x32 Version: 14.0.22823 - Microsoft Corporation) Hidden
Scan (x32 Version: 140.0.77.000 - Hewlett-Packard) Hidden
Skype™ 7.7 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.7.103 - Skype Technologies S.A.)
SourceTree (HKLM-x32\...\SourceTree 1.6.22) (Version: 1.6.22 - Atlassian)
SourceTree (x32 Version: 1.6.22 - Atlassian) Hidden
Spotify (HKU\S-1-5-21-2696656946-2823728835-2560566368-1001\...\Spotify) (Version: 1.0.19.106.gb8a7150f - Spotify AB)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Sublime Text Build 3059 (HKLM\...\Sublime Text 3_is1) (Version:  - Sublime HQ Pty Ltd)
SumatraPDF (HKLM-x32\...\SumatraPDF) (Version: 2.3.2 - Krzysztof Kowalczyk)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.2.11.1 - Synaptics Incorporated)
System Requirements Lab CYRI (HKLM-x32\...\{943A8D28-80D6-41DC-AE94-81FEB42041BF}) (Version: 4.5.1.0 - Husdawg, LLC)
System Requirements Lab for Intel (HKLM-x32\...\{C7CA731B-BF9A-46D9-92CF-8A8737AE9240}) (Version: 4.5.13.0 - Husdawg, LLC)
Team Explorer for Microsoft Visual Studio 2015 RC (x32 Version: 14.0.22821 - Microsoft Corporation) Hidden
TeamViewer 8 (HKLM-x32\...\TeamViewer 8) (Version: 8.0.20202 - TeamViewer)
Test Tools for Microsoft Visual Studio 2015 RC (x32 Version: 14.0.22823 - Microsoft Corporation) Hidden
Tixati (HKLM-x32\...\tixati) (Version:  - )
Toolbox (x32 Version: 140.0.424.000 - Hewlett-Packard) Hidden
TOSHIBA Sleep Utility (HKLM-x32\...\{654F7484-88C5-46DC-AB32-C66BCB0E2102}) (Version: 1.4.2.8 - TOSHIBA Corporation)
TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.6.1.64 - TOSHIBA Corporation)
TOSHIBA Web Camera Application (HKLM-x32\...\InstallShield_{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}) (Version: 2.0.3.3 - TOSHIBA Corporation)
TypeScript Power Tool (x32 Version: 1.4.3.0 - Microsoft Corporation) Hidden
TypeScript Tools for Microsoft Visual Studio 2015 (x32 Version: 1.4.3.0 - Microsoft Corporation) Hidden
Universal CRT Headers Libraries and Sources (x32 Version: 10.0.10056 - Microsoft Corporation) Hidden
Universal CRT Redistributable (x32 Version: 10.0.10058 - Microsoft Corporation) Hidden
Universal CRT Tools x64 (Version: 10.0.10056 - Microsoft Corporation) Hidden
Universal CRT Tools x86 (x32 Version: 10.0.10056 - Microsoft Corporation) Hidden
Update for  (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version:  - Elaborate Bytes)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
VSee (HKU\S-1-5-21-2696656946-2823728835-2560566368-1001\...\VSee) (Version: 14.0.0.220 - VSee Lab Inc)
WCF Data Services 5.6.2 Runtime (x32 Version: 5.6.61937.2 - Microsoft Corporation) Hidden
WCF Data Services Tools for Microsoft Visual Studio 2014 (x32 Version: 5.6.61937.2 - Microsoft Corporation) Hidden
Winamp (HKLM-x32\...\Winamp) (Version: 5.63  - Nullsoft, Inc)
Winamp Detector Plug-in (HKU\S-1-5-21-2696656946-2823728835-2560566368-1001\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
WinRAR 4.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
YNAB 4 version 4.3.820 (HKLM-x32\...\com.ynab.YNAB4.LiveCaptive_is1) (Version: 4.3.820 - YouNeedABudget.com)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2696656946-2823728835-2560566368-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\cookie\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2696656946-2823728835-2560566368-1001_Classes\CLSID\{ca586c80-7c84-4b88-8537-726724df6929}\InprocServer32 -> C:\Program Files (x86)\Git\git-cheetah\git_shell_ext64.dll ()
CustomCLSID: HKU\S-1-5-21-2696656946-2823728835-2560566368-1001_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\cookie\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2696656946-2823728835-2560566368-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\cookie\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2696656946-2823728835-2560566368-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\cookie\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2696656946-2823728835-2560566368-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\cookie\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2696656946-2823728835-2560566368-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\cookie\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2696656946-2823728835-2560566368-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\cookie\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2696656946-2823728835-2560566368-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\cookie\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2696656946-2823728835-2560566368-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\cookie\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2696656946-2823728835-2560566368-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\cookie\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2696656946-2823728835-2560566368-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\cookie\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2696656946-2823728835-2560566368-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\cookie\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2696656946-2823728835-2560566368-1001_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\cookie\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0458DC26-7C70-48CA-BB0A-9BDBDB6F8599} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2696656946-2823728835-2560566368-1001UA => C:\Users\cookie\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {1CA2097B-E967-4F41-BB6F-6617731D84FB} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2696656946-2823728835-2560566368-1001Core => C:\Users\cookie\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-16] (Dropbox, Inc.)
Task: {214FAE51-B12E-4A99-AA64-472EF09B2C9F} - System32\Tasks\{238DB05A-EFF0-47BD-B113-9F8FFC850B9D} => pcalua.exe -a C:\Users\cookie\Downloads\setuptools-0.6c11.win32-py2.7.exe -d C:\Users\cookie\Downloads
Task: {2A88784C-D4A3-4854-B915-0D354B8E2B40} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-08-27] (Apple Inc.)
Task: {2BB3A57D-9FC5-4F85-9400-892029C3CA11} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2696656946-2823728835-2560566368-1001UA => C:\Users\cookie\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-16] (Dropbox, Inc.)
Task: {3D3396AF-E764-4FB8-8E49-96CEFAECF96C} - System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864 => C:\Program Files\Bitdefender Agent\WatchDog.exe [2015-11-09] (Bitdefender)
Task: {45C1E98A-8DDF-4E1C-BACD-EB33F63531E9} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-01-29] (Microsoft Corporation)
Task: {4853084B-9873-4FE0-B413-0B228CE0577C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-26] (Google Inc.)
Task: {4C0D626C-1950-4261-9077-10C41FA879DD} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2016-01-13] (Microsoft Corporation)
Task: {4C9A947D-4036-4E41-8D6C-76AD56B9CA50} - System32\Tasks\Private Internet Access Startup => C:\Program Files\pia_manager\pia_manager.exe [2015-06-30] ()
Task: {5A40E926-9E86-4B89-9CFD-B12311724371} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => config upnphost start= auto
Task: {8DC1BBDC-A5AF-4C4B-93B6-E538927D88AA} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-01-07] (Microsoft Corporation)
Task: {A4ECFADE-6481-437C-99BA-3CC54BA2EA99} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-01-29] (Microsoft Corporation)
Task: {AA5493A6-27FF-4CE1-8D3C-179BC9748B28} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-01-29] (Microsoft Corporation)
Task: {AFB5320E-84F5-47D5-B400-111F92AD59DA} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-01-02] (Adobe Systems Incorporated)
Task: {B679D990-8055-4934-89F4-4139356C7E06} - System32\Tasks\{82E7D476-174B-4272-B099-5D3B06A7567E} => Firefox.exe hxxp://ui.skype.com/ui/0/7.7.85.103/en/abandoninstall?page=tsBing
Task: {BC23AF66-2072-48D8-852F-1AC24CC60F36} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-01-07] (Microsoft Corporation)
Task: {C969C709-02A2-4899-8ED2-5B0C0B64FC7E} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-01-29] (Microsoft Corporation)
Task: {DD9F510C-95F4-499A-90C8-BAC5BC372FF4} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask => start sppsvc
Task: {DEF536B2-EAE0-4020-B486-095B6545FD5E} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2013-01-29] (Microsoft)
Task: {E4749B25-424E-4608-B6F4-797D1ED92605} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2696656946-2823728835-2560566368-1001Core => C:\Users\cookie\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {E924B388-6B50-480D-90C1-E153B2FA5190} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-26] (Google Inc.)
Task: {F11FC597-5041-4BF1-90F8-813C851E50B9} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2696656946-2823728835-2560566368-1001Core.job => C:\Users\cookie\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2696656946-2823728835-2560566368-1001UA.job => C:\Users\cookie\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2696656946-2823728835-2560566368-1001Core.job => C:\Users\cookie\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2696656946-2823728835-2560566368-1001UA.job => C:\Users\cookie\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\cookie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MinGW\MinGW Shell.lnk -> C:\MinGW\msys\1.0\msys.bat ()

ShortcutWithArgument: C:\Users\cookie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Type IPA phonetic symbols - online keyboard (all languages).lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --app=hxxp://ipa.typeit.org/full/

==================== Loaded Modules (Whitelisted) ==============

2016-01-05 08:58 - 2013-09-03 13:29 - 00101328 _____ () C:\Program Files\Bitdefender\Bitdefender 2016\bdmetrics.dll
2016-01-05 08:58 - 2015-12-03 19:22 - 00876888 _____ () C:\Program Files\Bitdefender\Bitdefender 2016\otengines_001_001\ashttpbr.mdl
2016-01-05 08:58 - 2015-12-03 19:22 - 00742976 _____ () C:\Program Files\Bitdefender\Bitdefender 2016\otengines_001_001\ashttpdsp.mdl
2016-01-05 08:58 - 2015-12-03 19:22 - 02803536 _____ () C:\Program Files\Bitdefender\Bitdefender 2016\otengines_001_001\ashttpph.mdl
2016-01-05 08:58 - 2015-12-03 19:22 - 01415584 _____ () C:\Program Files\Bitdefender\Bitdefender 2016\otengines_001_001\ashttprbl.mdl
2015-11-20 14:57 - 2015-11-20 14:57 - 00085800 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-11-20 14:57 - 2015-11-20 14:57 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2016-01-13 18:32 - 2016-01-07 06:13 - 00162472 _____ () C:\Program Files\Common Files\Microsoft Shared\ClickToRun\ApiClient.dll
2016-01-13 18:38 - 2016-01-13 18:38 - 08903848 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2015-09-16 07:12 - 2015-09-16 07:12 - 00043480 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2010-11-18 20:18 - 2010-11-18 20:18 - 11190784 _____ () C:\Program Files\Toshiba\FlashCards\BlackPng.dll
2015-12-10 22:26 - 2015-10-30 19:59 - 00034768 _____ () C:\Users\cookie\AppData\Roaming\Dropbox\bin\_multiprocessing.pyd
2015-12-10 22:26 - 2015-10-30 20:00 - 00019408 _____ () C:\Users\cookie\AppData\Roaming\Dropbox\bin\faulthandler.pyd
2015-12-10 22:26 - 2015-12-08 16:36 - 00022848 _____ () C:\Users\cookie\AppData\Roaming\Dropbox\bin\Crypto.Random.OSRNG.winrandom.pyd
2015-12-10 22:26 - 2015-12-08 16:36 - 00023352 _____ () C:\Users\cookie\AppData\Roaming\Dropbox\bin\Crypto.Util._counter.pyd
2015-12-10 22:26 - 2015-12-08 16:36 - 00042296 _____ () C:\Users\cookie\AppData\Roaming\Dropbox\bin\Crypto.Cipher._AES.pyd
2015-12-10 22:26 - 2015-10-30 19:59 - 00116688 _____ () C:\Users\cookie\AppData\Roaming\Dropbox\bin\pywintypes27.dll
2015-12-10 22:26 - 2015-10-30 19:59 - 00093640 _____ () C:\Users\cookie\AppData\Roaming\Dropbox\bin\_ctypes.pyd
2015-12-10 22:26 - 2015-10-30 19:59 - 00018376 _____ () C:\Users\cookie\AppData\Roaming\Dropbox\bin\select.pyd
2015-12-10 22:26 - 2015-12-08 16:36 - 00019760 _____ () C:\Users\cookie\AppData\Roaming\Dropbox\bin\tornado.speedups.pyd
2015-12-10 22:26 - 2015-10-30 20:00 - 00105928 _____ () C:\Users\cookie\AppData\Roaming\Dropbox\bin\win32api.pyd
2015-12-10 22:26 - 2015-10-30 19:59 - 00392144 _____ () C:\Users\cookie\AppData\Roaming\Dropbox\bin\pythoncom27.dll
2015-12-10 22:26 - 2015-12-08 16:36 - 00381752 _____ () C:\Users\cookie\AppData\Roaming\Dropbox\bin\win32com.shell.shell.pyd
2015-12-10 22:26 - 2015-10-30 19:59 - 00692688 _____ () C:\Users\cookie\AppData\Roaming\Dropbox\bin\unicodedata.pyd
2015-12-10 22:26 - 2015-12-08 16:36 - 00020816 _____ () C:\Users\cookie\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._constant_time.pyd
2015-12-10 22:26 - 2015-10-30 20:00 - 00109520 _____ () C:\Users\cookie\AppData\Roaming\Dropbox\bin\_cffi_backend.pyd
2015-12-10 22:26 - 2015-12-08 16:36 - 01737032 _____ () C:\Users\cookie\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._openssl.pyd
2015-12-10 22:26 - 2015-12-08 16:36 - 00020808 _____ () C:\Users\cookie\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._padding.pyd
2015-12-10 22:26 - 2015-12-08 16:36 - 00020800 _____ () C:\Users\cookie\AppData\Roaming\Dropbox\bin\_cffi_python_x66cf7a7cx17a72769.pyd
2015-12-10 22:26 - 2015-12-08 16:36 - 00021840 _____ () C:\Users\cookie\AppData\Roaming\Dropbox\bin\_cffi_unicode_environ_win32_x8bf8e68bx9968e850.pyd
2015-12-10 22:26 - 2015-12-08 16:36 - 00038696 _____ () C:\Users\cookie\AppData\Roaming\Dropbox\bin\fastpath.pyd
2015-12-10 22:26 - 2015-10-30 20:00 - 00024528 _____ () C:\Users\cookie\AppData\Roaming\Dropbox\bin\win32event.pyd
2015-12-10 22:26 - 2015-10-30 20:00 - 00020936 _____ () C:\Users\cookie\AppData\Roaming\Dropbox\bin\mmapfile.pyd
2015-12-10 22:26 - 2015-10-30 20:00 - 00114640 _____ () C:\Users\cookie\AppData\Roaming\Dropbox\bin\win32security.pyd
2015-12-10 22:26 - 2015-12-08 16:36 - 00021320 _____ () C:\Users\cookie\AppData\Roaming\Dropbox\bin\_cffi_pywin_kernel32_xde9e4433x360333f0.pyd
2015-12-10 22:26 - 2015-10-30 20:00 - 00124880 _____ () C:\Users\cookie\AppData\Roaming\Dropbox\bin\win32file.pyd
2015-12-10 22:26 - 2015-10-30 20:00 - 00030160 _____ () C:\Users\cookie\AppData\Roaming\Dropbox\bin\win32pipe.pyd
2015-12-10 22:26 - 2015-10-30 20:00 - 00043472 _____ () C:\Users\cookie\AppData\Roaming\Dropbox\bin\win32process.pyd
2015-12-10 22:26 - 2015-10-30 20:00 - 00175560 _____ () C:\Users\cookie\AppData\Roaming\Dropbox\bin\win32gui.pyd
2015-12-10 22:26 - 2015-10-30 20:00 - 00028616 _____ () C:\Users\cookie\AppData\Roaming\Dropbox\bin\win32ts.pyd
2015-12-10 22:26 - 2015-10-30 20:00 - 00024016 _____ () C:\Users\cookie\AppData\Roaming\Dropbox\bin\win32clipboard.pyd
2015-12-10 22:26 - 2015-10-30 20:00 - 00048592 _____ () C:\Users\cookie\AppData\Roaming\Dropbox\bin\win32service.pyd
2015-12-10 22:26 - 2015-12-08 16:36 - 00024392 _____ () C:\Users\cookie\AppData\Roaming\Dropbox\bin\librsyncffi.compiled._librsyncffi.pyd
2015-12-10 22:26 - 2015-10-30 20:00 - 00036296 _____ () C:\Users\cookie\AppData\Roaming\Dropbox\bin\librsync.dll
2015-12-10 22:26 - 2015-10-30 20:00 - 00024016 _____ () C:\Users\cookie\AppData\Roaming\Dropbox\bin\win32profile.pyd
2015-12-10 22:26 - 2015-12-08 16:36 - 00117056 _____ () C:\Users\cookie\AppData\Roaming\Dropbox\bin\breakpad.client.windows.handler.pyd
2015-12-10 22:26 - 2015-12-08 16:36 - 00023376 _____ () C:\Users\cookie\AppData\Roaming\Dropbox\bin\winscreenshot.compiled._CaptureScreenshot.pyd
2015-12-10 22:26 - 2015-10-30 19:59 - 00134608 _____ () C:\Users\cookie\AppData\Roaming\Dropbox\bin\_elementtree.pyd
2015-12-10 22:26 - 2015-10-30 19:59 - 00134088 _____ () C:\Users\cookie\AppData\Roaming\Dropbox\bin\pyexpat.pyd
2015-12-10 22:26 - 2015-10-30 20:00 - 00240584 _____ () C:\Users\cookie\AppData\Roaming\Dropbox\bin\jpegtran.pyd
2015-12-10 22:26 - 2015-12-08 16:36 - 00020280 _____ () C:\Users\cookie\AppData\Roaming\Dropbox\bin\cpuid.compiled._cpuid.pyd
2015-12-10 22:26 - 2015-12-08 16:36 - 00052024 _____ () C:\Users\cookie\AppData\Roaming\Dropbox\bin\psutil._psutil_windows.pyd
2015-12-10 22:26 - 2015-12-08 16:36 - 00021304 _____ () C:\Users\cookie\AppData\Roaming\Dropbox\bin\Crypto.Util.strxor.pyd
2015-12-10 22:26 - 2015-10-30 20:00 - 00350152 _____ () C:\Users\cookie\AppData\Roaming\Dropbox\bin\winxpgui.pyd
2015-12-10 22:26 - 2015-12-08 16:36 - 00084792 _____ () C:\Users\cookie\AppData\Roaming\Dropbox\bin\dropbox_sqlite_ext.DLL
2015-12-10 22:26 - 2015-12-08 16:36 - 01826608 _____ () C:\Users\cookie\AppData\Roaming\Dropbox\bin\PyQt5.QtCore.pyd
2015-12-10 22:26 - 2015-10-30 20:00 - 00083912 _____ () C:\Users\cookie\AppData\Roaming\Dropbox\bin\sip.pyd
2015-12-10 22:26 - 2015-12-08 16:36 - 03891504 _____ () C:\Users\cookie\AppData\Roaming\Dropbox\bin\PyQt5.QtWidgets.pyd
2015-12-10 22:26 - 2015-12-08 16:36 - 01950000 _____ () C:\Users\cookie\AppData\Roaming\Dropbox\bin\PyQt5.QtGui.pyd
2015-12-10 22:26 - 2015-12-08 16:36 - 00519984 _____ () C:\Users\cookie\AppData\Roaming\Dropbox\bin\PyQt5.QtNetwork.pyd
2015-12-10 22:26 - 2015-12-08 16:36 - 00133936 _____ () C:\Users\cookie\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKit.pyd
2015-12-10 22:26 - 2015-12-08 16:36 - 00225080 _____ () C:\Users\cookie\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKitWidgets.pyd
2015-12-10 22:26 - 2015-12-08 16:36 - 00207672 _____ () C:\Users\cookie\AppData\Roaming\Dropbox\bin\PyQt5.QtPrintSupport.pyd
2015-12-10 22:26 - 2015-12-08 16:36 - 00024904 _____ () C:\Users\cookie\AppData\Roaming\Dropbox\bin\_cffi_wpad_proxy_win_x752e3d61xdcfdcc84.pyd
2015-12-10 22:26 - 2015-12-08 16:36 - 00486704 _____ () C:\Users\cookie\AppData\Roaming\Dropbox\bin\PyQt5.QtQuick.pyd
2015-12-10 22:26 - 2015-12-08 16:36 - 00357680 _____ () C:\Users\cookie\AppData\Roaming\Dropbox\bin\PyQt5.QtQml.pyd
2015-03-04 16:45 - 2015-10-30 20:01 - 00019920 _____ () C:\Users\cookie\AppData\Roaming\Dropbox\bin\QtQuick.2\qtquick2plugin.dll
2015-11-11 18:08 - 2015-10-30 20:00 - 00786904 _____ () C:\Users\cookie\AppData\Roaming\Dropbox\bin\QtQuick\Controls\qtquickcontrolsplugin.dll
2015-07-30 08:02 - 2015-10-30 20:00 - 00063448 _____ () C:\Users\cookie\AppData\Roaming\Dropbox\bin\QtQuick\Layouts\qquicklayoutsplugin.dll
2015-03-04 16:45 - 2015-10-30 20:00 - 00019408 _____ () C:\Users\cookie\AppData\Roaming\Dropbox\bin\QtQuick\Window.2\windowplugin.dll
2016-01-04 14:22 - 2016-01-04 14:22 - 01114648 _____ () C:\Users\cookie\AppData\Roaming\Mozilla\Firefox\Profiles\5eiwcocj.default-1421186635032\extensions\support@lastpass.com\platform\WINNT_x86-msvc\components\lpxpcom.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\cookie\Documents\PatilEtAlCogSci2014.pdf:com.dropbox.attributes
AlternateDataStreams: C:\Users\cookie\Documents\Stretching Scientifically - Thomas Kurz.pdf:com.dropbox.attributes
AlternateDataStreams: C:\Users\cookie\Documents\TBS Gift Card.pdf:com.dropbox.attributes
AlternateDataStreams: C:\Users\cookie\Documents\TBS Order Confirmation.pdf:com.dropbox.attributes

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NanoServiceMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSUAService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NanoServiceMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PSUAService => ""="Service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2016-01-14 07:12 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2696656946-2823728835-2560566368-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\cookie\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: Apple Mobile Device => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: TeamViewer8 => 2
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: BCSSync => "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
MSCONFIG\startupreg: Corsair K95 => C:\Program Files (x86)\Corsair\K95 Keyboard\K95Hid.exe
MSCONFIG\startupreg: Google Update => "C:\Users\cookie\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: KeePass 2 PreLoad => "C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe" --preload
MSCONFIG\startupreg: LWS => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
MSCONFIG\startupreg: Lync => "C:\Program Files (x86)\Microsoft Office\Office15\lync.exe" /fromrunkey
MSCONFIG\startupreg: PeerBlock => C:\Program Files\PeerBlock\peerblock.exe
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: Spotify => "C:\Users\cookie\AppData\Roaming\Spotify\Spotify.exe" -autostart -minimized
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\cookie\AppData\Roaming\Spotify\SpotifyWebHelper.exe"
MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\Steam.exe" -silent
MSCONFIG\startupreg: TPwrMain => %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
MSCONFIG\startupreg: TSleepSrv => %ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
MSCONFIG\startupreg: VirtualCloneDrive => "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
MSCONFIG\startupreg: VSee => "C:\Users\cookie\AppData\Roaming\VSeeInstall\vsee.exe" -quiet_start
MSCONFIG\startupreg: XboxStat => "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [TCP Query User{FAD4662C-4823-40B1-8390-C5F9F9F08391}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Allow) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe
FirewallRules: [UDP Query User{3888AA40-D141-4FD5-BC14-6B99D364442A}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Allow) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe
FirewallRules: [{361BF55A-7068-4314-BB4E-27FD022C26AC}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{BB7AFD27-1215-4443-842C-DC35B1B32E4E}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe
FirewallRules: [{AF099B6A-7595-461F-A167-FB85C3A05CE6}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [TCP Query User{8E424440-13D5-45D0-B5CD-62A000D4462D}C:\program files (x86)\winamp\winamp.exe] => (Allow) C:\program files (x86)\winamp\winamp.exe
FirewallRules: [UDP Query User{2962F176-ECB3-45DE-BC2D-1A28BF12ED97}C:\program files (x86)\winamp\winamp.exe] => (Allow) C:\program files (x86)\winamp\winamp.exe
FirewallRules: [{B8B5E582-B818-49DA-9D93-117C49FCFC26}] => (Allow) C:\Users\cookie\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{5C189DED-94B0-4D13-B276-9C5E9246C47E}] => (Allow) C:\Users\cookie\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [TCP Query User{6685C054-5334-413B-89A6-AC0597464669}C:\users\cookie\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\cookie\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{A3295C83-FDE9-4D90-B09C-83F2756F25B2}C:\users\cookie\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\cookie\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [TCP Query User{B813A9F3-BEAB-4682-971A-EFDF19DA40A3}C:\program files (x86)\firestorm-release\slvoice.exe] => (Allow) C:\program files (x86)\firestorm-release\slvoice.exe
FirewallRules: [UDP Query User{E80903A0-CE8B-4710-A1DF-C46147D80A5D}C:\program files (x86)\firestorm-release\slvoice.exe] => (Allow) C:\program files (x86)\firestorm-release\slvoice.exe
FirewallRules: [TCP Query User{BAA2EA8F-640C-4D04-AA6E-F1C24F6AB3E6}C:\users\cookie\appdata\roaming\vseeinstall\vsee.exe] => (Allow) C:\users\cookie\appdata\roaming\vseeinstall\vsee.exe
FirewallRules: [UDP Query User{6533D639-AD71-485E-A8B6-75EA1DF3EB1A}C:\users\cookie\appdata\roaming\vseeinstall\vsee.exe] => (Allow) C:\users\cookie\appdata\roaming\vseeinstall\vsee.exe
FirewallRules: [TCP Query User{698BEADD-63AA-42B9-BE90-1B5F3DF76648}C:\users\cookie\appdata\roaming\vseeinstall\vsee.exe] => (Allow) C:\users\cookie\appdata\roaming\vseeinstall\vsee.exe
FirewallRules: [UDP Query User{ABA78EF4-9557-48FF-94EB-ED3F16CB1BCB}C:\users\cookie\appdata\roaming\vseeinstall\vsee.exe] => (Allow) C:\users\cookie\appdata\roaming\vseeinstall\vsee.exe
FirewallRules: [{3EE0A7A6-BD26-41C1-87C1-F05B86B611D6}] => (Allow) C:\ProgramData\NexonUS\NGM\NGM.exe
FirewallRules: [{8D66CBDA-AE0A-4006-AE07-F26AF15DBB2F}] => (Allow) C:\ProgramData\NexonUS\NGM\NGM.exe
FirewallRules: [{BDB29141-B9DB-43DF-8F56-3A398B5A0514}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{6369B061-C267-4C19-B6D4-C21FEBEE60C9}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{84800ADD-DA3D-4107-80F0-C35C8CC89B9B}] => (Allow) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe
FirewallRules: [{CA2B9728-B991-4643-9CA2-239DE0FE28B3}] => (Allow) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe
FirewallRules: [{3D505A25-A48C-41D8-AD60-0AFF5FD7AAA5}] => (Allow) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
FirewallRules: [{29EF8B9E-7632-4EB4-AC1D-84E178971327}] => (Allow) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
FirewallRules: [{792DBD7F-FE33-440F-90E0-DF07712D6500}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Jet Set Radio\jsrsetup.exe
FirewallRules: [{D6966832-AA0B-41E9-82DE-D4A529CDD2C8}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Jet Set Radio\jsrsetup.exe
FirewallRules: [{5329D4F3-2F02-4AA4-B65F-49E680B1203A}] => (Allow) C:\Users\cookie\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
FirewallRules: [{2B5526CD-B730-457C-84A9-91E40955A2B7}] => (Allow) C:\Users\cookie\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
FirewallRules: [TCP Query User{2A457B53-F5B0-41C9-8C7B-79A1E2B57034}C:\program files (x86)\popcorn time\popcorn-time.exe] => (Allow) C:\program files (x86)\popcorn time\popcorn-time.exe
FirewallRules: [UDP Query User{F9BED84F-14BC-4D3A-ADD8-60A9432EFC5E}C:\program files (x86)\popcorn time\popcorn-time.exe] => (Allow) C:\program files (x86)\popcorn time\popcorn-time.exe
FirewallRules: [{E7D5776A-0A71-4044-8235-2AD13D374594}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{79997FC4-35B2-49F3-A02F-DEA543FA6FAD}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{F80BEA8D-4B54-4758-871E-C987AA1F1272}C:\python34\pythonw.exe] => (Allow) C:\python34\pythonw.exe
FirewallRules: [UDP Query User{02848205-E3BC-4D5D-A22E-8CD40D83160A}C:\python34\pythonw.exe] => (Allow) C:\python34\pythonw.exe
FirewallRules: [TCP Query User{6DEE97AA-412A-465E-9A72-50A7CC57B6F3}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{0E2CE1EB-95A8-4C57-B5B5-8505B52D7D37}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [TCP Query User{4CB4C8A6-A9D2-4879-BA2D-A62CE5EDB365}C:\users\cookie\appdata\local\popcorn time\node-webkit\popcorn time.exe] => (Allow) C:\users\cookie\appdata\local\popcorn time\node-webkit\popcorn time.exe
FirewallRules: [UDP Query User{1ED3C7D3-4A9D-48E1-992E-BC2F9B0D85C4}C:\users\cookie\appdata\local\popcorn time\node-webkit\popcorn time.exe] => (Allow) C:\users\cookie\appdata\local\popcorn time\node-webkit\popcorn time.exe
FirewallRules: [TCP Query User{25657DF7-0673-42AA-B2B7-D3EE6795DB8C}C:\program files\tixati\tixati.exe] => (Allow) C:\program files\tixati\tixati.exe
FirewallRules: [UDP Query User{5A939AD3-40C9-465E-93CE-7F2A970EB55A}C:\program files\tixati\tixati.exe] => (Allow) C:\program files\tixati\tixati.exe
FirewallRules: [{29B47F14-403D-476C-81C8-63FBBE4E1E8D}] => (Allow) C:\Users\cookie\AppData\Local\Temp\nsq290E.tmp\CnetInstaller-10067444.exe
FirewallRules: [{C32EEF61-6C1F-44B5-937C-1CB90B61AA2F}] => (Allow) C:\Users\cookie\AppData\Local\Temp\nsq290E.tmp\CnetInstaller-10067444.exe
FirewallRules: [{011900C2-2C8F-4233-AF64-F5CBFA15932D}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\IDE\devenv.exe
FirewallRules: [TCP Query User{DB447168-F411-48A3-B01C-9C43C4514074}C:\users\cookie\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\cookie\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{9AE044CE-D719-44AD-B74C-03A31189AADF}C:\users\cookie\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\cookie\appdata\roaming\spotify\spotify.exe
FirewallRules: [{9E4FBFB0-647B-4830-9032-E94BA61FC6F7}] => (Block) C:\users\cookie\appdata\roaming\spotify\spotify.exe
FirewallRules: [{A4F68DA2-9089-4351-9DE8-D0E68E810461}] => (Block) C:\users\cookie\appdata\roaming\spotify\spotify.exe
FirewallRules: [{3792A563-FA48-479F-83B1-1E806946456A}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{6B27A4DE-055E-4E36-9054-52DA7683A45C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{04206D19-C56A-42CF-9DB4-C5D93E7425ED}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{2453ACCB-876D-4D23-B09E-AC0EB94B1CFD}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{B522D5D5-5C8C-470B-A2F7-C202F44A301C}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{C17C43FE-20FF-4A4B-976A-4CEEC3B38B61}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{8C44DEDF-3A95-4B51-AA5D-A9B31B9C41F9}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{FDFD1B7A-80E8-4012-80FF-0FDDF5FE882C}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{10536039-1730-4216-A635-989F0808BEDD}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{B9043BFD-446C-4B20-AF7A-F1C8A66D12A9}] => (Allow) LPort=1688
FirewallRules: [{5DD76DCB-062F-4389-957A-5D27C9CD5773}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe
FirewallRules: [{0F22C75B-B9E5-4825-BAB4-2631F8BA00AA}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe
FirewallRules: [{13F7B163-5A8D-442A-A6C0-E95C1E6E859D}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe

==================== Restore Points =========================

06-01-2016 04:23:40 Scheduled Checkpoint
06-01-2016 05:51:30 Windows Update
13-01-2016 17:53:53 Removed Microsoft Office Professional Plus 2013
13-01-2016 17:54:51 PROPLUSR
13-01-2016 19:08:13 Windows Update

==================== Faulty Device Manager Devices =============

Name: Photosmart D110 series
Description: Photosmart D110 series
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: HP
Service: StillCam
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Photosmart D110 series
Description: Photosmart D110 series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (01/14/2016 06:12:51 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 30454656

Error: (01/14/2016 06:12:51 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 30454656

Error: (01/14/2016 06:12:51 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (01/14/2016 06:12:50 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 30453626

Error: (01/14/2016 06:12:50 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 30453626

Error: (01/14/2016 06:12:50 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (01/14/2016 06:12:49 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 30452628

Error: (01/14/2016 06:12:49 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 30452628

Error: (01/14/2016 06:12:49 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (01/14/2016 06:12:48 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 30451629


System errors:
=============
Error: (01/13/2016 09:02:58 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Panda Product Service service failed to start due to the following error:
%%2

Error: (01/13/2016 09:02:58 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Panda Protection Service service failed to start due to the following error:
%%2

Error: (01/13/2016 09:02:49 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.

Module Path: C:\windows\system32\Rtlihvs.dll
Error Code: 126

Error: (01/13/2016 08:17:00 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The HP Network Devices Support service hung on starting.

Error: (01/13/2016 08:12:21 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Panda Product Service service failed to start due to the following error:
%%2

Error: (01/13/2016 08:12:14 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Panda Protection Service service failed to start due to the following error:
%%2

Error: (01/13/2016 08:12:08 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.

Module Path: C:\windows\system32\Rtlihvs.dll
Error Code: 126

Error: (01/13/2016 08:10:12 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Service KMSELDI service terminated unexpectedly.  It has done this 1 time(s).

Error: (01/13/2016 07:29:12 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The KMS Server Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (01/13/2016 07:28:51 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Panda Product Service service failed to start due to the following error:
%%2


CodeIntegrity:
===================================
  Date: 2016-01-13 21:00:57.791
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\SMCLpav\Pav2WSC.exe because the set of per-page image hashes could not be found on the system.

  Date: 2016-01-13 21:00:57.672
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\SMCLpav\Pav2WSC.exe because the set of per-page image hashes could not be found on the system.

  Date: 2016-01-13 21:00:57.552
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\SMCLpav\Pav2WSC.exe because the set of per-page image hashes could not be found on the system.

  Date: 2016-01-13 21:00:57.439
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\SMCLpav\Pav2WSC.exe because the set of per-page image hashes could not be found on the system.

  Date: 2016-01-13 21:00:57.330
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\SMCLpav\Pav2WSC.exe because the set of per-page image hashes could not be found on the system.

  Date: 2016-01-13 21:00:57.219
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\SMCLpav\Pav2WSC.exe because the set of per-page image hashes could not be found on the system.

  Date: 2016-01-13 21:00:57.109
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\SMCLpav\Pav2WSC.exe because the set of per-page image hashes could not be found on the system.

  Date: 2016-01-13 21:00:56.998
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\SMCLpav\Pav2WSC.exe because the set of per-page image hashes could not be found on the system.

  Date: 2016-01-13 21:00:56.881
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\SMCLpav\Pav2WSC.exe because the set of per-page image hashes could not be found on the system.

  Date: 2016-01-04 19:42:07.257
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\SMCLpav\Pav2WSC.exe because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: AMD A6-3420M APU with Radeon™ HD Graphics
Percentage of memory in use: 76%
Total physical RAM: 3558.87 MB
Available physical RAM: 850.66 MB
Total Virtual: 7115.94 MB
Available Virtual: 3950.1 MB

==================== Drives ================================

Drive c: (TI106304W0E) (Fixed) (Total:580.04 GB) (Free:266.27 GB) NTFS ==>[system with boot components (obtained from drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 596.2 GB) (Disk ID: 52A8BCE0)
Partition 1: (Active) - (Size=1.5 GB) - (Type=27)
Partition 2: (Not Active) - (Size=580 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=14.7 GB) - (Type=17)

==================== End of Addition.txt ============================



#10 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,022 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:59 AM

Posted 14 January 2016 - 09:52 AM

Hi Vanessa,

As I suspected, Panda is still on your computer. Please do this.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
CreateRestorePoint:
CloseProcesses:
HKLM-x32\...\Run: [PSUAMain] => "C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe" /LaunchSysTray
SearchScopes: HKU\S-1-5-21-2696656946-2823728835-2560566368-1001 -> DefaultScope {76E202F3-D464-4763-A143-705F7C435601} URL =
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [No File]
FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll [No File]
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\cookie\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.2.464\_platform_specific\win_x86\widevinecdmadapter.dll => No File
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.106\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.106\pdf.dll => No File
CHR Plugin: (Chrome Remote Desktop) - C:\Users\cookie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp\35.0.1916.38_0\remoting_host_plugin.dll => No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL => No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll => No File
CHR Plugin: (Java Deployment Toolkit 7.0.550.14) - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll => No File
CHR Plugin: (Java Platform SE 7 U55) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll => No File
CHR Plugin: (Nexon Game Controller) - C:\ProgramData\NexonUS\NGM\npNxGameUS.dll => No File
CHR Plugin: (Google Update) - C:\Users\cookie\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll => No File
CHR Plugin: (Shockwave Flash) - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll => No File
S2 KMSServerService; [b]C:\windows\KMSServerService[/b][b][/b]\KMS Server Service.exe [211968 2014-12-27] (My Digital Life Forums) [File not signed]
R2 PandaAgent; C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe [73464 2015-10-28] (Panda Security, S.L.)
R2 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [966336 2014-12-04] (@ByELDI) [File not signed]
S2 NanoServiceMain; "C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe" [X]
S2 PSUAService; "C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe" [X]
R1 NNSALPC; C:\Windows\System32\DRIVERS\NNSAlpc.sys [94456 2015-07-09] (Panda Security, S.L.)
R1 NNSHTTP; C:\Windows\System32\DRIVERS\NNSHttp.sys [201976 2015-07-09] (Panda Security, S.L.)
R1 NNSHTTPS; C:\Windows\System32\DRIVERS\NNSHttps.sys [110840 2015-07-09] (Panda Security, S.L.)
R1 NNSIDS; C:\Windows\System32\DRIVERS\NNSIds.sys [110840 2015-07-09] (Panda Security, S.L.)
R1 NNSNAHSL; C:\Windows\System32\DRIVERS\NNSNAHSL.sys [57648 2015-05-20] (Panda Security, S.L.)
R1 NNSPICC; C:\Windows\System32\DRIVERS\NNSPicc.sys [103160 2015-07-09] (Panda Security, S.L.)
R1 NNSPIHSW; C:\Windows\System32\DRIVERS\NNSPihsw.sys [73464 2015-08-31] (Panda Security, S.L.)
R1 NNSPOP3; C:\Windows\System32\DRIVERS\NNSPop3.sys [124152 2015-07-09] (Panda Security, S.L.)
R1 NNSPROT; C:\Windows\System32\DRIVERS\NNSProt.sys [300280 2015-07-09] (Panda Security, S.L.)
R1 NNSPRV; C:\Windows\System32\DRIVERS\NNSPrv.sys [170232 2015-07-09] (Panda Security, S.L.)
R1 NNSSMTP; C:\Windows\System32\DRIVERS\NNSSmtp.sys [113400 2015-07-09] (Panda Security, S.L.)
R1 NNSSTRM; C:\Windows\System32\DRIVERS\NNSStrm.sys [257784 2015-07-09] (Panda Security, S.L.)
R1 NNSTLSC; C:\Windows\System32\DRIVERS\NNSTlsc.sys [106232 2015-07-09] (Panda Security, S.L.)
R2 PSINAflt; C:\Windows\System32\DRIVERS\PSINAflt.sys [164088 2015-07-19] (Panda Security, S.L.)
R2 PSINFile; C:\Windows\System32\DRIVERS\PSINFile.sys [121592 2015-07-19] (Panda Security, S.L.)
R1 PSINKNC; C:\Windows\System32\DRIVERS\psinknc.sys [197880 2015-07-19] (Panda Security, S.L.)
R2 PSINProc; C:\Windows\System32\DRIVERS\PSINProc.sys [124152 2015-07-19] (Panda Security, S.L.)
R2 PSINProt; C:\Windows\System32\DRIVERS\PSINProt.sys [134392 2015-07-19] (Panda Security, S.L.)
R2 PSINReg; C:\Windows\System32\DRIVERS\PSINReg.sys [107768 2015-07-19] (Panda Security, S.L.)
S3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [61712 2015-05-22] (Panda Security, S.L.)
S3 EagleX64; \??\C:\windows\system32\drivers\EagleX64.sys [X]
S3 netr28ux; system32\DRIVERS\netr28ux.sys [X]
S3 vmci; \SystemRoot\system32\DRIVERS\vmci.sys [X]
S3 VMnetAdapter; system32\DRIVERS\vmnetadapter.sys [X]
2016-01-08 11:56 - 2014-12-27 08:24 - 00000000 ____D C:\Program Files\KMSpico
2016-01-04 19:39 - 2014-06-14 08:25 - 00000000 ____D C:\Users\cookie\AppData\Roaming\Panda Security
C:\Users\cookie\comcat5.dll
CustomCLSID: HKU\S-1-5-21-2696656946-2823728835-2560566368-1001_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\cookie\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2696656946-2823728835-2560566368-1001_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\cookie\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2696656946-2823728835-2560566368-1001_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\cookie\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2696656946-2823728835-2560566368-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\cookie\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2696656946-2823728835-2560566368-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\cookie\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2696656946-2823728835-2560566368-1001_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\cookie\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File
Task: {1992ED17-AAB7-4C90-B0D2-49E94C500DFB} - System32\Tasks\{D45924BD-D66B-454B-9190-1D9EA67A2C86} => pcalua.exe -a F:\setup.exe -d F:\
Task: {33DF5B3A-F107-4667-B76E-F7CE984358D5} - System32\Tasks\AutoPico Daily Restart => C:\Program Files\KMSpico\AutoPico.exe [2014-12-04] (@ByELDI)
Task: {EB50DA6A-5BA9-45BC-8EA1-C5A232C22696} - System32\Tasks\{DC7403F6-F2E0-4EAE-88B1-CA4CE0712854} => pcalua.exe -a F:\WD_Windows_Tools\setup.exe -d F:\WD_Windows_Tools
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSUAService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PSUAService => ""="Service"
FirewallRules: [{C6D7E7EB-FF80-46CA-9F87-ED7172E7868F}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe
FirewallRules: [{13E636D3-C917-4F03-9D12-AF31494CEDE5}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe
C:\Program Files (x86)\Panda Security
C:\windows\KMSServerService
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#11 sqarcle

sqarcle
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:11:59 AM

Posted 14 January 2016 - 10:04 AM

Hi Gary,

 

Here's the fixlog :)

 

Fix result of Farbar Recovery Scan Tool (x64) Version:09-01-2015
Ran by cookie (2016-01-14 09:54:56) Run:2
Running from C:\Users\cookie\Desktop
Loaded Profiles: cookie (Available Profiles: cookie)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
HKLM-x32\...\Run: [PSUAMain] => "C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe" /LaunchSysTray
SearchScopes: HKU\S-1-5-21-2696656946-2823728835-2560566368-1001 -> DefaultScope {76E202F3-D464-4763-A143-705F7C435601} URL =
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [No File]
FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll [No File]
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\cookie\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.2.464\_platform_specific\win_x86\widevinecdmadapter.dll => No File
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.106\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.106\pdf.dll => No File
CHR Plugin: (Chrome Remote Desktop) - C:\Users\cookie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp\35.0.1916.38_0\remoting_host_plugin.dll => No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL => No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll => No File
CHR Plugin: (Java Deployment Toolkit 7.0.550.14) - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll => No File
CHR Plugin: (Java Platform SE 7 U55) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll => No File
CHR Plugin: (Nexon Game Controller) - C:\ProgramData\NexonUS\NGM\npNxGameUS.dll => No File
CHR Plugin: (Google Update) - C:\Users\cookie\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll => No File
CHR Plugin: (Shockwave Flash) - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll => No File
S2 KMSServerService; C:\windows\KMSServerService\KMS Server Service.exe [211968 2014-12-27] (My Digital Life Forums) [File not signed]
R2 PandaAgent; C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe [73464 2015-10-28] (Panda Security, S.L.)
R2 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [966336 2014-12-04] (@ByELDI) [File not signed]
S2 NanoServiceMain; "C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe" [X]
S2 PSUAService; "C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe" [X]
R1 NNSALPC; C:\Windows\System32\DRIVERS\NNSAlpc.sys [94456 2015-07-09] (Panda Security, S.L.)
R1 NNSHTTP; C:\Windows\System32\DRIVERS\NNSHttp.sys [201976 2015-07-09] (Panda Security, S.L.)
R1 NNSHTTPS; C:\Windows\System32\DRIVERS\NNSHttps.sys [110840 2015-07-09] (Panda Security, S.L.)
R1 NNSIDS; C:\Windows\System32\DRIVERS\NNSIds.sys [110840 2015-07-09] (Panda Security, S.L.)
R1 NNSNAHSL; C:\Windows\System32\DRIVERS\NNSNAHSL.sys [57648 2015-05-20] (Panda Security, S.L.)
R1 NNSPICC; C:\Windows\System32\DRIVERS\NNSPicc.sys [103160 2015-07-09] (Panda Security, S.L.)
R1 NNSPIHSW; C:\Windows\System32\DRIVERS\NNSPihsw.sys [73464 2015-08-31] (Panda Security, S.L.)
R1 NNSPOP3; C:\Windows\System32\DRIVERS\NNSPop3.sys [124152 2015-07-09] (Panda Security, S.L.)
R1 NNSPROT; C:\Windows\System32\DRIVERS\NNSProt.sys [300280 2015-07-09] (Panda Security, S.L.)
R1 NNSPRV; C:\Windows\System32\DRIVERS\NNSPrv.sys [170232 2015-07-09] (Panda Security, S.L.)
R1 NNSSMTP; C:\Windows\System32\DRIVERS\NNSSmtp.sys [113400 2015-07-09] (Panda Security, S.L.)
R1 NNSSTRM; C:\Windows\System32\DRIVERS\NNSStrm.sys [257784 2015-07-09] (Panda Security, S.L.)
R1 NNSTLSC; C:\Windows\System32\DRIVERS\NNSTlsc.sys [106232 2015-07-09] (Panda Security, S.L.)
R2 PSINAflt; C:\Windows\System32\DRIVERS\PSINAflt.sys [164088 2015-07-19] (Panda Security, S.L.)
R2 PSINFile; C:\Windows\System32\DRIVERS\PSINFile.sys [121592 2015-07-19] (Panda Security, S.L.)
R1 PSINKNC; C:\Windows\System32\DRIVERS\psinknc.sys [197880 2015-07-19] (Panda Security, S.L.)
R2 PSINProc; C:\Windows\System32\DRIVERS\PSINProc.sys [124152 2015-07-19] (Panda Security, S.L.)
R2 PSINProt; C:\Windows\System32\DRIVERS\PSINProt.sys [134392 2015-07-19] (Panda Security, S.L.)
R2 PSINReg; C:\Windows\System32\DRIVERS\PSINReg.sys [107768 2015-07-19] (Panda Security, S.L.)
S3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [61712 2015-05-22] (Panda Security, S.L.)
S3 EagleX64; \??\C:\windows\system32\drivers\EagleX64.sys [X]
S3 netr28ux; system32\DRIVERS\netr28ux.sys [X]
S3 vmci; \SystemRoot\system32\DRIVERS\vmci.sys [X]
S3 VMnetAdapter; system32\DRIVERS\vmnetadapter.sys [X]
2016-01-08 11:56 - 2014-12-27 08:24 - 00000000 ____D C:\Program Files\KMSpico
2016-01-04 19:39 - 2014-06-14 08:25 - 00000000 ____D C:\Users\cookie\AppData\Roaming\Panda Security
C:\Users\cookie\comcat5.dll
CustomCLSID: HKU\S-1-5-21-2696656946-2823728835-2560566368-1001_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\cookie\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2696656946-2823728835-2560566368-1001_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\cookie\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2696656946-2823728835-2560566368-1001_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\cookie\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2696656946-2823728835-2560566368-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\cookie\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2696656946-2823728835-2560566368-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\cookie\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2696656946-2823728835-2560566368-1001_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\cookie\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File
Task: {1992ED17-AAB7-4C90-B0D2-49E94C500DFB} - System32\Tasks\{D45924BD-D66B-454B-9190-1D9EA67A2C86} => pcalua.exe -a F:\setup.exe -d F:\
Task: {33DF5B3A-F107-4667-B76E-F7CE984358D5} - System32\Tasks\AutoPico Daily Restart => C:\Program Files\KMSpico\AutoPico.exe [2014-12-04] (@ByELDI)
Task: {EB50DA6A-5BA9-45BC-8EA1-C5A232C22696} - System32\Tasks\{DC7403F6-F2E0-4EAE-88B1-CA4CE0712854} => pcalua.exe -a F:\WD_Windows_Tools\setup.exe -d F:\WD_Windows_Tools
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSUAService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PSUAService => ""="Service"
FirewallRules: [{C6D7E7EB-FF80-46CA-9F87-ED7172E7868F}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe
FirewallRules: [{13E636D3-C917-4F03-9D12-AF31494CEDE5}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe
C:\Program Files (x86)\Panda Security
C:\windows\KMSServerService
*****************

Restore point was successfully created.
Processes closed successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\PSUAMain => value removed successfully
HKU\S-1-5-21-2696656946-2823728835-2560566368-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@nexon.net/NxGame" => key removed successfully
C:\Users\cookie\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.2.464\_platform_specific\win_x86\widevinecdmadapter.dll => not found.
C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.106\ppGoogleNaClPluginChrome.dll => not found.
C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.106\pdf.dll => not found.
C:\Users\cookie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp\35.0.1916.38_0\remoting_host_plugin.dll => not found.
C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL => not found.
C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL => not found.
C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll => not found.
C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll => not found.
C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll => not found.
C:\ProgramData\NexonUS\NGM\npNxGameUS.dll => not found.
C:\Users\cookie\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll => not found.
C:\windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll => not found.
KMSServerService => service not found.
PandaAgent => Service stopped successfully.
PandaAgent => service removed successfully
Service KMSELDI => service not found.
NanoServiceMain => service could not remove
PSUAService => service could not remove
NNSALPC => Service stopped successfully.
NNSALPC => service could not remove
NNSHTTP => Service stopped successfully.
NNSHTTP => service could not remove
NNSHTTPS => Service stopped successfully.
NNSHTTPS => service could not remove
NNSIDS => Service stopped successfully.
NNSIDS => service could not remove
NNSNAHSL => Service stopped successfully.
NNSNAHSL => service removed successfully
NNSPICC => Service stopped successfully.
NNSPICC => service could not remove
NNSPIHSW => Service stopped successfully.
NNSPIHSW => service removed successfully
NNSPOP3 => Service stopped successfully.
NNSPOP3 => service could not remove
NNSPROT => Service stopped successfully.
NNSPROT => service could not remove
NNSPRV => Service stopped successfully.
NNSPRV => service could not remove
NNSSMTP => Service stopped successfully.
NNSSMTP => service could not remove
NNSSTRM => Service stopped successfully.
NNSSTRM => service could not remove
NNSTLSC => Service stopped successfully.
NNSTLSC => service could not remove
PSINAflt => Service stopped successfully.
PSINAflt => service could not remove
PSINFile => Service stopped successfully.
PSINFile => service could not remove
PSINKNC => Unable to stop service.
PSINKNC => service could not remove
PSINProc => Service stopped successfully.
PSINProc => service could not remove
PSINProt => Service stopped successfully.
PSINProt => service removed successfully
PSINReg => Service stopped successfully.
PSINReg => service removed successfully
PSKMAD => service removed successfully
EagleX64 => service not found.
netr28ux => service not found.
vmci => service not found.
VMnetAdapter => service not found.
"C:\Program Files\KMSpico" => not found.
C:\Users\cookie\AppData\Roaming\Panda Security => moved successfully
C:\Users\cookie\comcat5.dll => moved successfully
HKU\S-1-5-21-2696656946-2823728835-2560566368-1001_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448} => key not found.
HKU\S-1-5-21-2696656946-2823728835-2560566368-1001_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E} => key not found.
HKU\S-1-5-21-2696656946-2823728835-2560566368-1001_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98} => key not found.
HKU\S-1-5-21-2696656946-2823728835-2560566368-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A} => key not found.
HKU\S-1-5-21-2696656946-2823728835-2560566368-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9} => key not found.
HKU\S-1-5-21-2696656946-2823728835-2560566368-1001_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1992ED17-AAB7-4C90-B0D2-49E94C500DFB} => key not found.
C:\windows\System32\Tasks\{D45924BD-D66B-454B-9190-1D9EA67A2C86} => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{D45924BD-D66B-454B-9190-1D9EA67A2C86} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{33DF5B3A-F107-4667-B76E-F7CE984358D5} => key not found.
C:\windows\System32\Tasks\AutoPico Daily Restart => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AutoPico Daily Restart => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EB50DA6A-5BA9-45BC-8EA1-C5A232C22696} => key not found.
C:\windows\System32\Tasks\{DC7403F6-F2E0-4EAE-88B1-CA4CE0712854} => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{DC7403F6-F2E0-4EAE-88B1-CA4CE0712854} => key not found.
"HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\PSUAService" => key removed successfully
"HKLM\System\CurrentControlSet\Control\SafeBoot\Network\PSUAService" => key removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C6D7E7EB-FF80-46CA-9F87-ED7172E7868F} => value not found.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{13E636D3-C917-4F03-9D12-AF31494CEDE5} => value not found.
C:\Program Files (x86)\Panda Security => moved successfully
"C:\windows\KMSServerService" => not found.


The system needed a reboot.

==== End of Fixlog 09:56:22 ====



#12 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,022 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:59 AM

Posted 14 January 2016 - 10:28 AM

Greetings Vanessa,

Panda doesn't want to play nice so we are going to have to go after it a different way. The steps are a little more cumbersome but they are necessary.

Please do this. (In about 10-15 minutes I will need to be away from my computer for a few hours)

===================================================

Farbar's Recovery Scan Tool

--------------------

For this step you will need a USB flash drive.
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Click Format then check Word Wrap
  • Please copy and paste the contents of the below code box into the open notepad and save it on the flashdrive as fixlist.txt
S2 NanoServiceMain; "C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe" [X]
S2 PSUAService; "C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe" [X]
R1 NNSALPC; C:\Windows\System32\DRIVERS\NNSAlpc.sys [94456 2015-07-09] (Panda Security, S.L.)
R1 NNSHTTP; C:\Windows\System32\DRIVERS\NNSHttp.sys [201976 2015-07-09] (Panda Security, S.L.)
R1 NNSHTTPS; C:\Windows\System32\DRIVERS\NNSHttps.sys [110840 2015-07-09] (Panda Security, S.L.)
R1 NNSIDS; C:\Windows\System32\DRIVERS\NNSIds.sys [110840 2015-07-09] (Panda Security, S.L.)
R1 NNSNAHSL; C:\Windows\System32\DRIVERS\NNSNAHSL.sys [57648 2015-05-20] (Panda Security, S.L.)
R1 NNSPICC; C:\Windows\System32\DRIVERS\NNSPicc.sys [103160 2015-07-09] (Panda Security, S.L.)
R1 NNSPIHSW; C:\Windows\System32\DRIVERS\NNSPihsw.sys [73464 2015-08-31] (Panda Security, S.L.)
R1 NNSPOP3; C:\Windows\System32\DRIVERS\NNSPop3.sys [124152 2015-07-09] (Panda Security, S.L.)
R1 NNSPROT; C:\Windows\System32\DRIVERS\NNSProt.sys [300280 2015-07-09] (Panda Security, S.L.)
R1 NNSPRV; C:\Windows\System32\DRIVERS\NNSPrv.sys [170232 2015-07-09] (Panda Security, S.L.)
R1 NNSSMTP; C:\Windows\System32\DRIVERS\NNSSmtp.sys [113400 2015-07-09] (Panda Security, S.L.)
R1 NNSSTRM; C:\Windows\System32\DRIVERS\NNSStrm.sys [257784 2015-07-09] (Panda Security, S.L.)
R1 NNSTLSC; C:\Windows\System32\DRIVERS\NNSTlsc.sys [106232 2015-07-09] (Panda Security, S.L.)
R2 PSINAflt; C:\Windows\System32\DRIVERS\PSINAflt.sys [164088 2015-07-19] (Panda Security, S.L.)
R2 PSINFile; C:\Windows\System32\DRIVERS\PSINFile.sys [121592 2015-07-19] (Panda Security, S.L.)
R1 PSINKNC; C:\Windows\System32\DRIVERS\psinknc.sys [197880 2015-07-19] (Panda Security, S.L.)
R2 PSINProc; C:\Windows\System32\DRIVERS\PSINProc.sys [124152 2015-07-19] (Panda Security, S.L.)
R2 PSINProt; C:\Windows\System32\DRIVERS\PSINProt.sys [134392 2015-07-19] (Panda Security, S.L.)
R2 PSINReg; C:\Windows\System32\DRIVERS\PSINReg.sys [107768 2015-07-19] (Panda Security, S.L.)
S3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [61712 2015-05-22] (Panda Security, S.L.)
C:\Windows\System32\DRIVERS\NNSAlpc.sys
C:\Windows\System32\DRIVERS\NNSHttp.sys
C:\Windows\System32\DRIVERS\NNSHttps.sys
C:\Windows\System32\DRIVERS\NNSIds.sys
C:\Windows\System32\DRIVERS\NNSNAHSL.sys
C:\Windows\System32\DRIVERS\NNSPicc.sys
C:\Windows\System32\DRIVERS\NNSPihsw.sys
C:\Windows\System32\DRIVERS\NNSPop3.sys
C:\Windows\System32\DRIVERS\NNSProt.sys
C:\Windows\System32\DRIVERS\NNSPrv.sys
C:\Windows\System32\DRIVERS\NNSSmtp.sys
C:\Windows\System32\DRIVERS\NNSStrm.sys
C:\Windows\System32\DRIVERS\NNSTlsc.sys
C:\Windows\System32\DRIVERS\PSINAflt.sys
C:\Windows\System32\DRIVERS\PSINFile.sys
C:\Windows\System32\DRIVERS\psinknc.sys
C:\Windows\System32\DRIVERS\PSINProc.sys
C:\Windows\System32\DRIVERS\PSINProt.sys
C:\Windows\System32\DRIVERS\PSINReg.sys
C:\Windows\System32\DRIVERS\PSKMAD.sys
  • Please download Farbar Recovery Scan Tool and save it to a flash drive. You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Plug the flashdrive into the infected PC and follow the 2 step process below. Step #1 is to boot into the System Recovery Options and Step #2 is running Farbar's Recover Scan Tool
----------

Step #1 - Entering System Recovery Options

Option #1 (Windows7/Vista)

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select English as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
Option #2 (Windows 7/Vista)

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select English as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next
----------

Step #2 - Running Farbar's Recovery Scan Tool in System Recovery
  • Once you are in the System Recovery Options menu you will get the following options:

Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt

  • Select Command Prompt
  • In the command window type in Notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select Computer and find your flash drive letter and close the notepad.
  • In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter
    • Note: Replace letter e with the drive letter of your flash drive.
  • When the tool opens click Yes to disclaimer.
  • Press Fix button.
  • It will make a log (fixlog.txt) on the flash drive. Please copy and paste it to your reply.
  • Reboot your computer into Normal Mode and check the performance
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#13 sqarcle

sqarcle
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:11:59 AM

Posted 14 January 2016 - 10:41 AM

Hi Gary,

 

I also need to be away from my computer for a couple hours, but I will do this asap!



#14 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,022 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:59 AM

Posted 14 January 2016 - 10:46 AM

Perfect, see you a bit later.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#15 sqarcle

sqarcle
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:11:59 AM

Posted 14 January 2016 - 01:43 PM

Hi Gary,

 

Here is the fixlog:

 

Fix result of Farbar Recovery Scan Tool (x64) Version:10-01-2015 01
Ran by SYSTEM (2016-01-14 13:37:45) Run:3
Running from f:\
Boot Mode: Recovery
==============================================

fixlist content:
*****************
S2 NanoServiceMain; "C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe" [X]
S2 PSUAService; "C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe" [X]
R1 NNSALPC; C:\Windows\System32\DRIVERS\NNSAlpc.sys [94456 2015-07-09] (Panda Security, S.L.)
R1 NNSHTTP; C:\Windows\System32\DRIVERS\NNSHttp.sys [201976 2015-07-09] (Panda Security, S.L.)
R1 NNSHTTPS; C:\Windows\System32\DRIVERS\NNSHttps.sys [110840 2015-07-09] (Panda Security, S.L.)
R1 NNSIDS; C:\Windows\System32\DRIVERS\NNSIds.sys [110840 2015-07-09] (Panda Security, S.L.)
R1 NNSNAHSL; C:\Windows\System32\DRIVERS\NNSNAHSL.sys [57648 2015-05-20] (Panda Security, S.L.)
R1 NNSPICC; C:\Windows\System32\DRIVERS\NNSPicc.sys [103160 2015-07-09] (Panda Security, S.L.)
R1 NNSPIHSW; C:\Windows\System32\DRIVERS\NNSPihsw.sys [73464 2015-08-31] (Panda Security, S.L.)
R1 NNSPOP3; C:\Windows\System32\DRIVERS\NNSPop3.sys [124152 2015-07-09] (Panda Security, S.L.)
R1 NNSPROT; C:\Windows\System32\DRIVERS\NNSProt.sys [300280 2015-07-09] (Panda Security, S.L.)
R1 NNSPRV; C:\Windows\System32\DRIVERS\NNSPrv.sys [170232 2015-07-09] (Panda Security, S.L.)
R1 NNSSMTP; C:\Windows\System32\DRIVERS\NNSSmtp.sys [113400 2015-07-09] (Panda Security, S.L.)
R1 NNSSTRM; C:\Windows\System32\DRIVERS\NNSStrm.sys [257784 2015-07-09] (Panda Security, S.L.)
R1 NNSTLSC; C:\Windows\System32\DRIVERS\NNSTlsc.sys [106232 2015-07-09] (Panda Security, S.L.)
R2 PSINAflt; C:\Windows\System32\DRIVERS\PSINAflt.sys [164088 2015-07-19] (Panda Security, S.L.)
R2 PSINFile; C:\Windows\System32\DRIVERS\PSINFile.sys [121592 2015-07-19] (Panda Security, S.L.)
R1 PSINKNC; C:\Windows\System32\DRIVERS\psinknc.sys [197880 2015-07-19] (Panda Security, S.L.)
R2 PSINProc; C:\Windows\System32\DRIVERS\PSINProc.sys [124152 2015-07-19] (Panda Security, S.L.)
R2 PSINProt; C:\Windows\System32\DRIVERS\PSINProt.sys [134392 2015-07-19] (Panda Security, S.L.)
R2 PSINReg; C:\Windows\System32\DRIVERS\PSINReg.sys [107768 2015-07-19] (Panda Security, S.L.)
S3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [61712 2015-05-22] (Panda Security, S.L.)
C:\Windows\System32\DRIVERS\NNSAlpc.sys
C:\Windows\System32\DRIVERS\NNSHttp.sys
C:\Windows\System32\DRIVERS\NNSHttps.sys
C:\Windows\System32\DRIVERS\NNSIds.sys
C:\Windows\System32\DRIVERS\NNSNAHSL.sys
C:\Windows\System32\DRIVERS\NNSPicc.sys
C:\Windows\System32\DRIVERS\NNSPihsw.sys
C:\Windows\System32\DRIVERS\NNSPop3.sys
C:\Windows\System32\DRIVERS\NNSProt.sys
C:\Windows\System32\DRIVERS\NNSPrv.sys
C:\Windows\System32\DRIVERS\NNSSmtp.sys
C:\Windows\System32\DRIVERS\NNSStrm.sys
C:\Windows\System32\DRIVERS\NNSTlsc.sys
C:\Windows\System32\DRIVERS\PSINAflt.sys
C:\Windows\System32\DRIVERS\PSINFile.sys
C:\Windows\System32\DRIVERS\psinknc.sys
C:\Windows\System32\DRIVERS\PSINProc.sys
C:\Windows\System32\DRIVERS\PSINProt.sys
C:\Windows\System32\DRIVERS\PSINReg.sys
C:\Windows\System32\DRIVERS\PSKMAD.sys
*****************

NanoServiceMain => service removed successfully
PSUAService => service removed successfully
NNSALPC => service removed successfully
NNSHTTP => service removed successfully
NNSHTTPS => service removed successfully
NNSIDS => service removed successfully
NNSNAHSL => service not found.
NNSPICC => service removed successfully
NNSPIHSW => service not found.
NNSPOP3 => service removed successfully
NNSPROT => service removed successfully
NNSPRV => service removed successfully
NNSSMTP => service removed successfully
NNSSTRM => service removed successfully
NNSTLSC => service removed successfully
PSINAflt => service removed successfully
PSINFile => service removed successfully
PSINKNC => service removed successfully
PSINProc => service removed successfully
PSINProt => service not found.
PSINReg => service not found.
PSKMAD => service not found.
C:\Windows\System32\DRIVERS\NNSAlpc.sys => moved successfully
C:\Windows\System32\DRIVERS\NNSHttp.sys => moved successfully
C:\Windows\System32\DRIVERS\NNSHttps.sys => moved successfully
C:\Windows\System32\DRIVERS\NNSIds.sys => moved successfully
C:\Windows\System32\DRIVERS\NNSNAHSL.sys => moved successfully
C:\Windows\System32\DRIVERS\NNSPicc.sys => moved successfully
C:\Windows\System32\DRIVERS\NNSPihsw.sys => moved successfully
C:\Windows\System32\DRIVERS\NNSPop3.sys => moved successfully
C:\Windows\System32\DRIVERS\NNSProt.sys => moved successfully
C:\Windows\System32\DRIVERS\NNSPrv.sys => moved successfully
C:\Windows\System32\DRIVERS\NNSSmtp.sys => moved successfully
C:\Windows\System32\DRIVERS\NNSStrm.sys => moved successfully
C:\Windows\System32\DRIVERS\NNSTlsc.sys => moved successfully
C:\Windows\System32\DRIVERS\PSINAflt.sys => moved successfully
C:\Windows\System32\DRIVERS\PSINFile.sys => moved successfully
C:\Windows\System32\DRIVERS\psinknc.sys => moved successfully
C:\Windows\System32\DRIVERS\PSINProc.sys => moved successfully
C:\Windows\System32\DRIVERS\PSINProt.sys => moved successfully
C:\Windows\System32\DRIVERS\PSINReg.sys => moved successfully
C:\Windows\System32\DRIVERS\PSKMAD.sys => moved successfully

==== End of Fixlog 13:37:47 ====






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users