Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Redirected to new site on some mediafire links


  • This topic is locked This topic is locked
26 replies to this topic

#1 troubledsoul

troubledsoul

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:12:54 AM

Posted 13 June 2016 - 12:30 PM

1. I and a bunch of friends regularly use www.mediafire.com to exchange large pdfs. Normally, when I click on the download button on the page, the file starts downloading. However, for the last 2-3 days, I am experiencing trouble while downloading from some (but not all) mediafire links. Have not experienced the same problem on google drive or OneDrive.
 
2.  In the modified behaviour, when I click on the download link, a new tab opens up (about:blank), the Save as dialogue comes (which is normal) and the original  download page is redirected to some other website.
 
3. The redirect website varies from time to time (even with the same link). Some times it is legit looking sites like godaddy or alibaba, and sometimes it is shady websites like bet365, fashionmia, ace2three or adsupplyads. Some of the sites have serious WOT warnings.
 
4. Some of my friends are facing this trouble with the same links, some are not. For some, the trouble was resolved by installing adblocker and adblockerplus. That has not worked for me (I already had those two software on my browser). The problem is not browser specific. 
 
5. I have already tried a bunch of things including CCleaner->RKill->Zemana->MBAM->JRT. None of this worked.
 
6. Finally, I uninstalled and re-installed Chrome. That seemed to have solved the problem and I was able to download from those mediafire links without any problem. However, within 15-20 minutes, the problem came back. This led me to the conclusion that this is perhaps a malware infection on my laptop. Hence this post.
 
7. Two of the mediafire links where I am facing the problem are:
 
**Links removed**
 
8. I am pasting the FRST log below.
 
9. Any help would be greatly appreciated.
 
Thanks
TroubledSoul
 
 
 
 
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:12-06-2016 01
Ran by SD (administrator) on MINDBLOWER (13-06-2016 22:23:27)
Running from C:\Users\SD\Desktop
Loaded Profiles: SD (Available Profiles: SD)
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
() C:\Windows\System32\nvwmi.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
() C:\Windows\System32\nvwmi.exe
(Andrea Electronics Corporation) C:\Windows\System32\AEADISRV.EXE
(Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 16.0.0\avp.exe
(Cisco Systems, Inc.) C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
() D:\Programs on D\Everything\Everything.exe
(Google Inc) C:\Program Files\Google\Google Input Tools\GoogleInputService.exe
() D:\Programs on D\AtempoLiveNavigator\bin\HNagent.exe
(Google Inc.) C:\Program Files\Google\Google Input Tools\GoogleInputHandler.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
(Nitro PDF Software) D:\Programs on D\NitroPDF\NitroPDFReaderDriverService3.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe
(Old McDonald's Farm) D:\Programs on D\Autorun Eater\oldmcdonald.exe
(Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
() D:\Programs on D\Everything\Everything.exe
(Oracle Corporation) D:\Programs on D\AtempoLiveNavigator\jre\bin\javaw.exe
() C:\Windows\StartupMonitor.exe
(Old McDonald's Farm) D:\Programs on D\Autorun Eater\billy.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
() D:\Programs on D\Rainlendar2\Rainlendar2.exe
(Ruiware) D:\Programs on D\WinPatrol\WinPatrol.exe
() D:\Programs on D\Launchy\Launchy.exe
(Zhorn Software) D:\Programs on D\Stickies\stickies.exe
(Dropbox, Inc.) C:\Users\SD\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 16.0.0\avpui.exe
(Box, Inc.) C:\Program Files\Box\Box Sync\BoxSync.exe
() C:\Program Files\Box\Box Sync\BoxSyncMonitor.exe
(Google Inc.) C:\Users\SD\Desktop\ChromeSetup.exe
(Google Inc.) C:\Users\SD\AppData\Local\Temp\GUM387D.tmp\GoogleUpdate.exe
(Google Inc.) C:\Users\SD\AppData\Local\Temp\GUM387D.tmp\GoogleUpdateSetup.exe
(Google Inc.) C:\Program Files\GUM67A7.tmp\GoogleUpdate.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Don HO don.h@free.fr) D:\Programs on D\Notepad++\notepad++.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Autorun Eater] => D:\Programs on D\Autorun Eater\oldmcdonald.exe [522720 2012-02-17] (Old McDonald's Farm)
HKLM\...\Run: [SoundMAXPnP] => C:\Program Files\Analog Devices\Core\smax4pnp.exe [1183744 2007-02-21] (Analog Devices, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1791272 2010-06-04] (Synaptics Incorporated)
HKLM\...\Run: [Everything] => D:\Programs on D\Everything\Everything.exe [1048576 2014-08-06] ()
HKLM\...\Run: [HNTray] => D:\Programs on D\AtempoLiveNavigator\japps\HNTray.jar [81155 2014-10-01] ()
HKLM\...\Run: [Run StartupMonitor] => C:\Windows\StartupMonitor.exe [86016 2000-05-20] ()
HKLM\...\Run: [BoxSync] => C:\Program Files\Box\Box Sync\BoxSync.exe [6180368 2016-04-26] (Box, Inc.)
HKLM\...\Run: [nwiz] => C:\Program Files\NVIDIA Corporation\nview\nwiz.exe [2601816 2015-11-05] ()
HKLM\...\Run: [KeePass 2 PreLoad] => C:\Program Files\KeePass Password Safe 2\KeePass.exe [2756672 2016-03-09] (Dominik Reichl)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [596504 2016-04-01] (Oracle Corporation)
HKU\S-1-5-21-1435187640-4071721805-2113652602-1000\...\Run: [Rainlendar2] => D:\Programs on D\Rainlendar2\Rainlendar2.exe [2598496 2013-03-10] ()
HKU\S-1-5-21-1435187640-4071721805-2113652602-1000\...\Run: [Google Update] => C:\Users\SD\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-30] (Google Inc.)
HKU\S-1-5-21-1435187640-4071721805-2113652602-1000\...\Run: [Dropbox Update] => C:\Users\SD\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-16] (Dropbox, Inc.)
HKU\S-1-5-21-1435187640-4071721805-2113652602-1000\...\Run: [WinPatrol] => D:\Programs on D\WinPatrol\winpatrol.exe [1216648 2015-08-06] (Ruiware)
HKU\S-1-5-21-1435187640-4071721805-2113652602-1000\...\Policies\Explorer: [NoDriveTypeAutoRun] 0x00000000
HKU\S-1-5-21-1435187640-4071721805-2113652602-1000\...\MountPoints2: {03099ae5-5717-11e3-bf9d-001a4b7a6ef6} - "H:\WD SmartWare.exe" autoplay=true
HKU\S-1-5-21-1435187640-4071721805-2113652602-1000\...\MountPoints2: {04bc6363-f0ac-11e5-8ac0-001a4b7a6ef6} - H:\AutoRun.exe
HKU\S-1-5-21-1435187640-4071721805-2113652602-1000\...\MountPoints2: {30829f2a-4b36-11e5-8a87-001a4b7a6ef6} - "H:\WD SmartWare.exe" autoplay=true
HKU\S-1-5-21-1435187640-4071721805-2113652602-1000\...\MountPoints2: {c6d6df48-bc9e-11e3-bfdc-001a4b7a6ef6} - H:\LaunchU3.exe -a
HKU\S-1-5-21-1435187640-4071721805-2113652602-1000\...\MountPoints2: {fbb5b0ea-35a0-11e5-97f0-e10cee659626} - "H:\WD SmartWare.exe" autoplay=true
HKU\S-1-5-21-1435187640-4071721805-2113652602-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\ssText3d.scr [293888 2010-11-21] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [    BoxSyncFileLocked] -> {2a607da5-abe8-358e-a881-c0f5faf2d3a5} => C:\Windows\system32\mscoree.dll [2010-11-21] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [    BoxSyncFileLockedByOther] -> {f7d2951f-0b6b-346c-99ec-69cffc30a364} => C:\Windows\system32\mscoree.dll [2010-11-21] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [    BoxSyncNotSynced] -> {5ea95e3d-3e46-3812-b03c-49785fa67d41} => C:\Windows\system32\mscoree.dll [2010-11-21] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [    BoxSyncProblem] -> {a88b7184-bfa1-3d14-8efb-2225df9699bc} => C:\Windows\system32\mscoree.dll [2010-11-21] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [    BoxSyncSynced] -> {c89f9943-8f58-3eca-bd55-a658f53b2f48} => C:\Windows\system32\mscoree.dll [2010-11-21] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync32.dll [2016-05-17] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync32.dll [2016-05-17] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync32.dll [2016-05-17] (Google)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\SD\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-06-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\SD\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-06-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\SD\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-06-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [__HNOverlayProtStatus1] -> {450ACD9A-FF33-411A-AD17-94F72F47BA3A} => D:\Programs on D\AtempoLiveNavigator\bin\hnoverlay.dll [2014-10-01] (Atempo)
ShellIconOverlayIdentifiers: [__HNOverlayProtStatus2] -> {450ACD9A-FF33-411A-AD17-94F72F47BA3B} => D:\Programs on D\AtempoLiveNavigator\bin\hnoverlay.dll [2014-10-01] (Atempo)
ShellIconOverlayIdentifiers: [__HNOverlayProtStatus3] -> {450ACD9A-FF33-411A-AD17-94F72F47BA3C} => D:\Programs on D\AtempoLiveNavigator\bin\hnoverlay.dll [2014-10-01] (Atempo)
ShellIconOverlayIdentifiers: [__HNOverlayProtStatus4] -> {450ACD9A-FF33-411A-AD17-94F72F47BA3D} => D:\Programs on D\AtempoLiveNavigator\bin\hnoverlay.dll [2014-10-01] (Atempo)
ShellIconOverlayIdentifiers: [__HNOverlayProtStatus5] -> {450ACD9A-FF33-411A-AD17-94F72F47BA3E} => D:\Programs on D\AtempoLiveNavigator\bin\hnoverlay.dll [2014-10-01] (Atempo)
ShellIconOverlayIdentifiers: [__HNOverlayProtStatus6] -> {450ACD9A-FF33-411A-AD17-94F72F47BA3F} => D:\Programs on D\AtempoLiveNavigator\bin\hnoverlay.dll [2014-10-01] (Atempo)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Launchy.lnk [2015-09-27]
ShortcutTarget: Launchy.lnk -> D:\Programs on D\Launchy\Launchy.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Stickies.lnk [2015-09-27]
ShortcutTarget: Stickies.lnk -> D:\Programs on D\Stickies\stickies.exe (Zhorn Software)
Startup: C:\Users\SD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2016-06-04]
ShortcutTarget: Dropbox.lnk -> C:\Users\SD\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
GroupPolicyScripts: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.130
Tcpip\..\Interfaces\{2AE9FE49-4B41-43E2-9FE8-B4704FE984FE}: [DhcpNameServer] 192.168.1.130
Tcpip\..\Interfaces\{7E28CD10-44DD-466C-8AC3-E7D7BDED979C}: [DhcpNameServer] 192.168.1.130 218.248.241.3 8.8.8.8
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
BHO: Tensons.Application.DownloadAcceleratorManager.BHO -> {00000003-1118-11da-8cd6-0800200c9888} -> C:\Windows\system32\mscoree.dll [2010-11-21] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_91\bin\ssv.dll [2016-04-23] (Oracle Corporation)
BHO: Kaspersky Protection plugin -> {C66D064F-82FE-4E1A-B06A-B2490BA48B18} -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 16.0.0\IEExt\ie_plugin.dll [2015-12-04] (AO Kaspersky Lab)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-04-23] (Oracle Corporation)
Toolbar: HKLM - Kaspersky Protection toolbar - {3507FA00-ADA2-4A02-99B9-51AD26CA9120} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 16.0.0\IEExt\ie_plugin.dll [2015-12-04] (AO Kaspersky Lab)
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\BelarcAdvisor\System\BAVoilaX.dll [2013-04-16] (Belarc, Inc.)
 
FireFox:
========
FF ProfilePath: C:\Users\SD\AppData\Roaming\Mozilla\Firefox\Profiles\s7j5cgli.default-1391063854552
FF Homepage: C:\\Users\\SD\\Desktop\\My home page.html
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_22_0_0_168.dll [2016-05-26] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll [2016-02-19] (Adobe Systems, Inc.)
FF Plugin: @alternatiff.com/AlternaTIFF -> C:\Program Files\MIE\AlternaTIFF\npzzatif.dll [2015-05-22] (Medical Informatics Engineering, Inc.)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-12-29] (Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-12-29] (Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-12-29] (Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-12-29] (Foxit Corporation)
FF Plugin: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-04-23] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-04-23] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin: @nullsoft.com/winampDetector;version=1 -> D:\Programs on D\Winamp Detect\npwachk.dll [2013-11-20] (Nullsoft, Inc.)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.1 -> D:\Programs on D\VLC\npvlc.dll [2016-01-21] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.2 -> D:\Programs on D\VLC\npvlc.dll [2016-01-21] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> D:\Programs on D\VLC\npvlc.dll [2016-01-21] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> D:\Programs on D\VLC\npvlc.dll [2016-01-21] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.0 -> D:\Programs on D\VLC\npvlc.dll [2016-01-21] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> D:\Programs on D\VLC\npvlc.dll [2016-01-21] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.2 -> D:\Programs on D\VLC\npvlc.dll [2016-01-21] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-05-28] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1435187640-4071721805-2113652602-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\SD\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-1435187640-4071721805-2113652602-1000: @talk.google.com/O1DPlugin -> C:\Users\SD\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-1435187640-4071721805-2113652602-1000: @tools.google.com/Google Update;version=3 -> C:\Users\SD\AppData\Local\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin HKU\S-1-5-21-1435187640-4071721805-2113652602-1000: @tools.google.com/Google Update;version=9 -> C:\Users\SD\AppData\Local\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\SD\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\SD\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Extension: WOT - C:\Users\SD\AppData\Roaming\Mozilla\Firefox\Profiles\s7j5cgli.default-1391063854552\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2015-12-17]
FF Extension: FlashGot - C:\Users\SD\AppData\Roaming\Mozilla\Firefox\Profiles\s7j5cgli.default-1391063854552\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi [2016-04-06]
FF Extension: DownThemAll! - C:\Users\SD\AppData\Roaming\Mozilla\Firefox\Profiles\s7j5cgli.default-1391063854552\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2016-04-18]
FF Extension: NoScript - C:\Users\SD\AppData\Roaming\Mozilla\Firefox\Profiles\s7j5cgli.default-1391063854552\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2016-04-18]
FF Extension: Zotero - C:\Users\SD\AppData\Roaming\Mozilla\Firefox\Profiles\s7j5cgli.default-1391063854552\extensions\zotero@chnm.gmu.edu.xpi [2016-05-27]
FF Extension: Kaspersky Protection - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 16.0.0\FFExt\light_plugin_firefox [2016-05-23]
FF Extension: Easy Youtube Video Downloader Express - C:\Users\SD\AppData\Roaming\Mozilla\Firefox\Profiles\s7j5cgli.default-1391063854552\Extensions\{b9acf540-acba-11e1-8ccb-001fd0e08bd4}.xpi [2016-06-11]
FF Extension: Video DownloadHelper - C:\Users\SD\AppData\Roaming\Mozilla\Firefox\Profiles\s7j5cgli.default-1391063854552\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2016-05-27]
FF Extension: Adblock Plus - C:\Users\SD\AppData\Roaming\Mozilla\Firefox\Profiles\s7j5cgli.default-1391063854552\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-05-04]
FF HKLM\...\Firefox\Extensions: [wcapturex@deskperience.com] - D:\Programs on D\WordWeb\WCaptureMoz
FF Extension: WordWeb one-click lookup - D:\Programs on D\WordWeb\WCaptureMoz [2013-11-26] [not signed]
FF HKLM\...\Firefox\Extensions: [light_plugin_D772DC8D6FAF43A29B25C4EBAA5AD1DE@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 16.0.0\FFExt\light_plugin_firefox
 
Chrome: 
=======
CHR HomePage: Default -> hxxps://www.google.co.in/
CHR Profile: C:\Users\SD\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\SD\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-06-13]
CHR Extension: (Google Docs) - C:\Users\SD\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-06-13]
CHR Extension: (Google Drive) - C:\Users\SD\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-06-13]
CHR Extension: (WOT: Web of Trust, Website Reputation Ratings) - C:\Users\SD\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2016-06-13]
CHR Extension: (YouTube) - C:\Users\SD\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-06-13]
CHR Extension: (Adblock Plus) - C:\Users\SD\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-06-13]
CHR Extension: (Replace New Tab Page) - C:\Users\SD\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnkhddihkmmiiclaipbaaelfojkmlkja [2016-06-13]
CHR Extension: (Zotero Connector) - C:\Users\SD\AppData\Local\Google\Chrome\User Data\Default\Extensions\ekhagklcjbdpajgpjgmbionohlpdbjgc [2016-06-13]
CHR Extension: (Google Sheets) - C:\Users\SD\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-06-13]
CHR Extension: (Google Docs Offline) - C:\Users\SD\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-06-13]
CHR Extension: (AdBlock) - C:\Users\SD\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-06-13]
CHR Extension: (Kindle Cloud Reader) - C:\Users\SD\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdipabjmbhpdkjaihfjoikhjjeneebd [2016-06-13]
CHR Extension: (Speed Dial 2) - C:\Users\SD\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpfpebmajhhopeonhlcgidhclcccjcik [2016-06-13]
CHR Extension: (Google Scholar Button) - C:\Users\SD\AppData\Local\Google\Chrome\User Data\Default\Extensions\ldipcbpaocekfooobnbcddclnhejkcpn [2016-06-13]
CHR Extension: (Capture Webpage Screenshot Entirely. FireShot) - C:\Users\SD\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbpblocgmgfnpjjppndjkmgjaogfceg [2016-06-13]
CHR Extension: (Save to Pocket) - C:\Users\SD\AppData\Local\Google\Chrome\User Data\Default\Extensions\niloccemoadcdkdjlinkgdfekeahmflj [2016-06-13]
CHR Extension: (Chrome Web Store Payments) - C:\Users\SD\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-06-13]
CHR Extension: (Gmail) - C:\Users\SD\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-06-13]
CHR Profile: C:\Users\SD\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (No Name) - C:\Users\SD\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-01-15]
CHR Extension: (No Name) - C:\Users\SD\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2016-06-13]
CHR Extension: (No Name) - C:\Users\SD\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\eahebamiopdhefndnmappcihfajigkka [2016-04-08]
 
Opera: 
=======
OPR Extension: (Gantt) - C:\Users\SD\AppData\Roaming\Opera Software\Opera Stable\Extensions\maeombkgfpjdnjkhohbjachnnmpbipol [2014-02-01]
StartMenuInternet: (HKLM) OperaStable - D:\Programs on D\Opera\Launcher.exe
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AVP16.0.0; C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 16.0.0\avp.exe [194000 2015-12-04] (Kaspersky Lab ZAO)
S3 BoxSyncUpdateService; C:\Program Files\Box\Box Sync\SyncUpdaterService.exe [36240 2016-02-26] (Box, Inc.)
R2 CVPND; C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe [1528616 2010-03-23] (Cisco Systems, Inc.)
R2 Everything; D:\Programs on D\Everything\Everything.exe [1048576 2014-08-06] () [File not signed]
R2 GoogleInputService; C:\Program Files\Google\Google Input Tools\GoogleInputService.exe [164888 2016-01-26] (Google Inc)
R2 HNagent; D:\Programs on D\AtempoLiveNavigator\bin\HNagent.exe [6847824 2014-10-01] ()
S2 MBAMService; D:\Programs on D\Malwarebytes' Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
S4 MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [44384 2010-12-10] (Microsoft Corporation)
S4 msvsmon90; D:\Programs on D\VisualStudio9\Common7\IDE\Remote Debugger\x86\msvsmon.exe [3004416 2007-11-07] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [45056 2013-11-14] (Hewlett-Packard) [File not signed]
R2 NitroReaderDriverReadSpool3; D:\Programs on D\NitroPDF\NitroPDFReaderDriverService3.exe [196624 2013-07-26] (Nitro PDF Software)
R2 NVWMI; C:\Windows\system32\nvwmi.exe [2216136 2015-11-05] ()
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [55808 2013-11-14] (Hewlett-Packard) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
S2 ZAMSvc; "C:\Program Files\Zemana AntiMalware\ZAM.exe" /service [X]
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 cm_km; C:\Windows\System32\DRIVERS\cm_km.sys [201912 2015-07-06] (Kaspersky Lab ZAO)
S3 CVirtA; C:\Windows\System32\DRIVERS\CVirtA.sys [5275 2007-01-18] (Cisco Systems, Inc.)
R2 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [308859 2010-03-23] (Cisco Systems, Inc.) [File not signed]
R3 DNE; C:\Windows\System32\DRIVERS\dne2000.sys [131984 2008-11-16] (Deterministic Networks, Inc.)
R3 e1express; C:\Windows\System32\DRIVERS\e1e6232.sys [219352 2009-06-05] (Intel Corporation)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [153784 2015-06-22] (Kaspersky Lab ZAO)
R0 klbackupdisk; C:\Windows\System32\DRIVERS\klbackupdisk.sys [46776 2015-06-06] (Kaspersky Lab ZAO)
R1 klbackupflt; C:\Windows\System32\DRIVERS\klbackupflt.sys [58224 2015-06-27] (Kaspersky Lab ZAO)
R2 kldisk; C:\Windows\System32\DRIVERS\kldisk.sys [66976 2016-04-08] (AO Kaspersky Lab)
R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [147328 2015-12-04] (AO Kaspersky Lab)
R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [53168 2016-05-23] (AO Kaspersky Lab)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [785328 2016-05-23] (AO Kaspersky Lab)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [44120 2016-05-23] (AO Kaspersky Lab)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [37048 2015-06-06] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [38072 2015-06-07] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [39304 2015-12-04] (AO Kaspersky Lab)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [54328 2015-06-11] (Kaspersky Lab ZAO)
R1 Klwtp; C:\Windows\System32\DRIVERS\klwtp.sys [87736 2015-06-16] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [156856 2015-06-23] (Kaspersky Lab ZAO)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [24448 2016-03-10] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [53120 2016-03-10] (Malwarebytes Corporation)
S3 RICOH SmartCard Reader; C:\Windows\System32\DRIVERS\rismc32.sys [49152 2009-07-20] (RICOH Company, Ltd.)
R3 rismc32; C:\Windows\System32\DRIVERS\rismc32.sys [49152 2009-07-20] (RICOH Company, Ltd.)
S1 ZAM; \??\C:\Windows\System32\drivers\zam32.sys [X]
S1 ZAM_Guard; \??\C:\Windows\System32\drivers\zamguard32.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-06-13 22:20 - 2016-06-13 22:23 - 00026996 _____ C:\Users\SD\Desktop\FRST.txt
2016-06-13 22:20 - 2016-06-13 22:20 - 01735680 _____ (Farbar) C:\Users\SD\Desktop\FRST.exe
2016-06-13 21:01 - 2016-06-13 21:01 - 00002217 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-06-13 20:57 - 2016-06-13 20:57 - 06871040 _____ C:\Program Files\GUT67A8.tmp
2016-06-13 20:57 - 2016-06-13 20:57 - 00000000 ____D C:\Program Files\GUM67A7.tmp
2016-06-13 20:51 - 2016-06-13 20:51 - 00987728 _____ (Google Inc.) C:\Users\SD\Desktop\ChromeSetup.exe
2016-06-13 09:28 - 2016-06-13 16:45 - 00008992 _____ C:\Users\SD\Desktop\PhD Interviews_EcoEvo_2016.xlsx
2016-06-12 18:10 - 2016-06-12 18:15 - 00004126 _____ C:\Users\SD\Desktop\নারায়ন সান্যাল.txt
2016-06-12 16:31 - 2016-06-12 17:14 - 00000000 ____D C:\Program Files\Emsisoft Anti-Malware
2016-06-12 14:43 - 2016-06-12 18:46 - 00055234 _____ C:\Windows\ZAM_Guard.krnl.trace
2016-06-12 14:43 - 2016-06-12 17:19 - 00000000 ____D C:\Users\SD\AppData\Local\Zemana
2016-06-12 14:43 - 2016-06-12 17:18 - 00054017 _____ C:\Windows\ZAM.krnl.trace
2016-06-12 12:11 - 2016-06-12 12:11 - 00012800 ___SH C:\Users\SD\Thumbs.db
2016-06-12 12:01 - 2016-06-12 12:01 - 00030100 _____ C:\Users\SD\Documents\cc_20160612_120113.reg
2016-06-12 00:09 - 2016-06-12 00:10 - 00224636 _____ C:\TDSSKiller.3.1.0.9_12.06.2016_00.09.03_log.txt
2016-06-11 12:38 - 2016-06-11 23:20 - 00000000 ____D C:\Program Files\Mozilla Firefox
2016-06-11 12:04 - 2016-06-11 12:04 - 00567453 _____ C:\Users\SD\Desktop\Debunking_Handbook.pdf
2016-06-10 17:21 - 2016-06-10 17:43 - 00390008 _____ C:\Users\SD\Desktop\Vatakili 6.0.4.pdf
2016-06-10 15:28 - 2016-06-10 15:28 - 00000000 ____D C:\Users\Public\Documents\Hewlett-Packard
2016-06-10 15:25 - 2016-06-10 15:25 - 00000000 ____D C:\ProgramData\Hewlett-Packard
2016-06-10 15:23 - 2014-02-19 01:06 - 00420128 _____ (Hewlett-Packard Corporation) C:\Windows\system32\hpcpn165.dll
2016-06-10 15:07 - 2016-06-10 15:18 - 00000000 ____D C:\HP_LaserJet_Pro_M201-M202
2016-06-10 11:21 - 2016-06-10 20:30 - 00000000 ____D C:\Users\SD\AppData\Local\NPE
2016-06-10 11:21 - 2016-06-10 11:21 - 00000000 ____D C:\ProgramData\Norton
2016-06-04 10:11 - 2016-06-04 10:12 - 00000000 ____D C:\Users\SD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-05-30 17:54 - 2016-04-14 21:08 - 00105192 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2016-05-30 17:54 - 2016-04-14 21:03 - 02365440 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2016-05-30 17:54 - 2016-04-14 21:03 - 01806848 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2016-05-30 17:54 - 2016-04-14 21:03 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2016-05-30 17:54 - 2016-04-14 21:03 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2016-05-30 17:54 - 2016-04-14 21:03 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll
2016-05-30 17:54 - 2016-04-14 20:41 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2016-05-30 17:54 - 2016-04-09 12:24 - 12881408 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2016-05-30 17:54 - 2016-04-09 12:24 - 01499648 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2016-05-30 17:54 - 2016-04-09 11:14 - 02973184 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2016-05-30 17:53 - 2016-04-12 06:37 - 00137960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-05-30 17:53 - 2016-04-12 06:37 - 00067304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-05-30 17:53 - 2016-04-12 06:32 - 01062400 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-05-30 17:53 - 2016-04-12 06:32 - 00655360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-05-30 17:53 - 2016-04-12 06:32 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-05-30 17:53 - 2016-04-12 06:32 - 00260608 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-05-30 17:53 - 2016-04-12 06:32 - 00251392 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-05-30 17:53 - 2016-04-12 06:32 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-05-30 17:53 - 2016-04-12 06:32 - 00171520 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-05-30 17:53 - 2016-04-12 06:32 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-05-30 17:53 - 2016-04-12 06:32 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2016-05-30 17:53 - 2016-04-12 06:32 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-05-30 17:53 - 2016-04-12 06:32 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-05-30 17:53 - 2016-04-12 06:32 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-05-30 17:53 - 2016-04-12 06:32 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-05-30 17:53 - 2016-04-12 06:31 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-05-30 17:53 - 2016-04-12 06:31 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-05-30 17:53 - 2016-04-12 06:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-05-30 17:53 - 2016-04-12 06:07 - 00226304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-05-30 17:53 - 2016-04-12 06:07 - 00124416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-05-30 17:53 - 2016-04-12 06:07 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-05-30 17:53 - 2016-04-12 06:06 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-05-30 17:53 - 2016-04-12 06:06 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-05-30 17:53 - 2016-04-12 06:06 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-05-30 17:53 - 2016-03-10 00:10 - 00351744 _____ (Microsoft Corporation) C:\Windows\system32\winhttp.dll
2016-05-30 17:53 - 2016-03-10 00:10 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\webio.dll
2016-05-30 17:53 - 2015-12-17 00:17 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\nlsbres.dll
2016-05-30 17:53 - 2015-12-17 00:13 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\kbdgeoqw.dll
2016-05-30 17:53 - 2015-12-17 00:13 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDAZEL.DLL
2016-05-30 17:53 - 2015-12-17 00:13 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDAZE.DLL
2016-05-27 12:57 - 2016-05-27 12:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++
2016-05-26 19:06 - 2016-05-26 19:06 - 00000000 ____D C:\Users\SD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NetLogo 5.3.1
2016-05-19 15:14 - 2016-05-19 15:14 - 02395395 _____ C:\Users\SD\PopulusHelp.pdf
2016-05-19 10:22 - 2016-05-19 10:22 - 00000000 ____D C:\Windows\system32\FlashPlayerCPLApp.cp
2016-05-19 10:22 - 2016-05-19 10:22 - 00000000 ____D C:\Windows\system32\FlashPlayerApp.ex
2016-05-19 10:08 - 2016-06-04 09:40 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-05-19 09:49 - 2016-05-19 09:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Box Sync
2016-05-14 17:16 - 2016-05-14 17:16 - 00972468 _____ C:\Users\SD\Desktop\Lopatkin+_NatMicroBiol_2016_Antibiotics as a selective driver for conjugation dynamics.pdf
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-06-13 22:23 - 2016-04-14 15:50 - 00000000 ____D C:\FRST
2016-06-13 22:22 - 2013-11-27 21:46 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-06-13 22:07 - 2015-06-16 14:56 - 00000906 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1435187640-4071721805-2113652602-1000UA.job
2016-06-13 21:58 - 2013-11-26 18:30 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2016-06-13 21:57 - 2014-10-29 20:43 - 00000896 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1435187640-4071721805-2113652602-1000UA.job
2016-06-13 21:56 - 2013-11-26 17:41 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-06-13 21:02 - 2013-11-26 18:19 - 00000000 ____D C:\Users\SD\Desktop\All Shortcuts
2016-06-13 21:02 - 2009-07-14 10:04 - 00032224 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-06-13 21:02 - 2009-07-14 10:04 - 00032224 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-06-13 21:01 - 2013-11-26 17:41 - 00000000 ____D C:\Program Files\Google
2016-06-13 20:57 - 2015-09-23 16:17 - 00000540 _____ C:\Windows\Tasks\MATLAB R2015b Startup Accelerator.job
2016-06-13 20:54 - 2013-11-27 11:00 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\M_Browsers
2016-06-13 20:51 - 2015-08-29 15:32 - 00000000 ____D C:\Users\SD\AppData\Local\Box Sync
2016-06-13 20:48 - 2014-08-03 21:11 - 00000000 ____D C:\Users\SD\AppData\Roaming\stickies
2016-06-13 20:48 - 2013-11-26 18:33 - 00000000 ____D C:\Users\SD\.rainlendar2
2016-06-13 20:47 - 2013-11-26 17:41 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-06-13 20:47 - 2009-07-14 10:23 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-06-13 19:28 - 2015-04-17 00:39 - 00001188 _____ C:\Users\SD\Desktop\QuickBASIC under DOSBox.lnk
2016-06-13 18:58 - 2013-11-27 16:20 - 00000440 _____ C:\Users\SD\Desktop\Wireless Network Connection - Shortcut.lnk
2016-06-13 15:57 - 2014-10-29 20:43 - 00000844 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1435187640-4071721805-2113652602-1000Core.job
2016-06-13 10:07 - 2015-06-16 14:56 - 00000854 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1435187640-4071721805-2113652602-1000Core.job
2016-06-13 09:30 - 2010-11-21 02:31 - 00847598 _____ C:\Windows\system32\PerfStringBackup.INI
2016-06-13 09:30 - 2009-07-14 08:07 - 00000000 ____D C:\Windows\inf
2016-06-12 17:33 - 2013-11-27 11:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\M_Utilities
2016-06-12 16:00 - 2015-03-11 10:07 - 00170200 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-06-12 15:40 - 2014-07-24 21:42 - 00000000 ____D C:\AdwCleaner
2016-06-12 14:44 - 2013-11-26 14:38 - 00000000 ____D C:\Users\SD
2016-06-12 12:03 - 2009-07-14 08:07 - 00000000 ____D C:\Windows\system32\NDF
2016-06-12 00:27 - 2016-03-18 16:05 - 00000000 ____D C:\Users\SD\Desktop\Techno Babble_Download Mantra
2016-06-11 23:20 - 2013-11-26 18:40 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2016-06-11 22:07 - 2013-11-27 10:44 - 00000000 ____D C:\Users\SD\AppData\Roaming\vlc
2016-06-11 19:15 - 2016-04-20 00:13 - 00000000 ____D C:\Users\SD\.spyder2-py3
2016-06-11 19:05 - 2014-01-25 15:30 - 00000000 ____D C:\Users\SD\.matplotlib
2016-06-11 16:16 - 2016-04-19 22:50 - 00000000 ____D C:\Users\SD\.spyder2
2016-06-10 15:10 - 2014-03-27 15:58 - 00000000 ____D C:\Program Files\HP
2016-06-10 15:08 - 2014-03-27 15:58 - 00000000 ____D C:\ProgramData\HP
2016-06-10 11:53 - 2015-04-16 23:47 - 00050253 _____ C:\Users\SD\Desktop\My home page.html
2016-06-10 11:53 - 2015-01-15 21:47 - 00000000 ____D C:\Users\SD\Desktop\My home page_files
2016-06-09 10:54 - 2013-11-26 19:34 - 00000000 ____D C:\Users\SD\AppData\Roaming\Dropbox
2016-06-09 10:52 - 2015-06-16 14:56 - 00000000 ____D C:\Users\SD\AppData\Local\Dropbox
2016-06-06 11:39 - 2015-03-18 21:24 - 00000000 ____D C:\Users\SD\AppData\Local\CrashDumps
2016-06-02 16:36 - 2009-07-14 08:07 - 00000000 ____D C:\Windows\rescache
2016-06-01 13:16 - 2014-11-15 11:28 - 00000000 ____D C:\Users\SD\AppData\Roaming\Skype
2016-05-31 11:12 - 2009-07-14 10:03 - 00436952 _____ C:\Windows\system32\FNTCACHE.DAT
2016-05-30 15:01 - 2016-04-24 20:38 - 00001841 _____ C:\Users\SD\Desktop\Some thoughts on dispersal.txt
2016-05-30 14:58 - 2016-04-28 14:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2016-05-27 12:54 - 2015-04-17 00:39 - 00022398 _____ C:\Users\SD\Desktop\disc_24-03-2014.txt
2016-05-26 19:07 - 2015-09-11 16:01 - 00000000 ____D C:\Users\SD\.oracle_jre_usage
2016-05-26 19:04 - 2013-11-27 11:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\M_Teaching
2016-05-26 13:52 - 2015-04-10 13:34 - 00000000 ___SD C:\Windows\system32\GWX
2016-05-26 12:22 - 2013-11-27 21:46 - 00800448 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2016-05-26 12:22 - 2013-11-27 21:46 - 00143040 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2016-05-23 16:53 - 2016-04-08 15:40 - 00785328 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klif.sys
2016-05-23 16:53 - 2015-06-11 19:32 - 00044120 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klim6.sys
2016-05-23 16:52 - 2015-12-04 08:31 - 00053168 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klhk.sys
2016-05-14 16:46 - 2015-09-23 23:15 - 00002420 _____ C:\Users\SD\dli-settings.xml
2016-05-14 16:46 - 2015-09-23 23:05 - 00000000 ____D C:\Users\SD\dli_index
 
==================== Files in the root of some directories =======
 
2016-06-13 20:57 - 2016-06-13 20:57 - 6871040 _____ () C:\Program Files\GUT67A8.tmp
2014-12-06 20:43 - 2014-12-06 20:43 - 1330121 _____ () C:\Users\SD\AppData\Local\53E9472D_stp.CIS
2014-08-16 14:28 - 2014-08-16 14:28 - 0188748 _____ () C:\Users\SD\AppData\Local\ars.cache
2014-08-16 14:28 - 2014-08-16 14:28 - 0346459 _____ () C:\Users\SD\AppData\Local\census.cache
2014-08-16 13:37 - 2014-08-16 13:37 - 0000036 _____ () C:\Users\SD\AppData\Local\housecall.guid.cache
2014-05-11 20:52 - 2014-05-11 20:52 - 0000350 _____ () C:\Users\SD\AppData\Local\psppirerc
2015-07-19 15:14 - 2015-07-19 15:14 - 0000907 _____ () C:\Users\SD\AppData\Local\recently-used.xbel
2014-08-16 14:16 - 2014-08-16 14:16 - 0000010 _____ () C:\Users\SD\AppData\Local\sponge.last.runtime.cache
2015-03-30 09:33 - 2015-03-30 09:37 - 0000000 _____ () C:\Users\SD\AppData\Local\{FE477C15-EB29-4FB4-B656-DD5B899261CF}
 
Some files in TEMP:
====================
C:\Users\SD\AppData\Local\Temp\GURA38E.exe
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-06-07 12:40
 
==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x86) Version:12-06-2016 01
Ran by SD (2016-06-13 22:24:47)
Running from C:\Users\SD\Desktop
Microsoft Windows 7 Professional Service Pack 1 (X86) (2013-11-26 09:08:04)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1435187640-4071721805-2113652602-500 - Administrator - Disabled)
Guest (S-1-5-21-1435187640-4071721805-2113652602-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1435187640-4071721805-2113652602-1005 - Limited - Enabled)
SD (S-1-5-21-1435187640-4071721805-2113652602-1000 - Administrator - Enabled) => C:\Users\SD

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Kaspersky Internet Security (Enabled - Up to date) {86367591-4BE4-AE08-2FD9-7FCB8259CD98}
AS: Kaspersky Internet Security (Enabled - Up to date) {3D579475-6DDE-A186-1569-44B9F9DE8725}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Enabled) {BE0DF4B4-018B-AF50-0486-D6FE7C8A8AE3}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

32 Bit HP CIO Components Installer (Version: 16.1.1 - Hewlett-Packard) Hidden
Adobe Acrobat Reader DC (HKLM\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.016.20045 - Adobe Systems Incorporated)
Adobe Flash Player 22 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 22.0.0.168 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM\...\Adobe Shockwave Player) (Version: 12.1.1.151 - Adobe Systems, Inc.)
Adobe Shockwave Player 12.2 (HKLM\...\{C1F3739C-D31D-4062-8788-29261C4A2A68}) (Version: 12.2.4.194 - Adobe Systems, Inc)
Amazon Kindle (HKU\S-1-5-21-1435187640-4071721805-2113652602-1000\...\Amazon Kindle) (Version: - Amazon)
Any Video Converter 5.5.9 (HKLM\...\Any Video Converter_is1) (Version: - Any-Video-Converter.com)
Areca (HKLM\...\Areca) (Version: - )
Atempo Live Navigator (HKLM\...\{332942D4-D972-48E8-AAF3-6A93F0C35706}) (Version: 3.2.15268 - Atempo)
Autorun Eater v2.6 (HKLM\...\Autorun Eater_is1) (Version: 2.6 - Old McDonald's Farm)
Avro Keyboard 5.5.0 (HKLM\...\Avro Keyboard_is1) (Version: 5.5.0 - OmicronLab)
Box Sync (HKLM\...\{385E44C4-CFBC-42D6-9446-955A509FC441}) (Version: 4.0.7415.0 - Box, Inc.)
Box Sync (Version: 4.0.6567.0 - Box Inc.) Hidden
BRB-ArrayTools (HKLM\...\{1CA1C22B-358A-42CA-A1E0-B63D9132A0F8}) (Version: 4.4.0.0 - National Cancer Institute Biometric Research Branch)
BRB-CGHTools (HKLM\...\{3F217A19-4BCB-47F6-9AF7-CC0576C9B055}) (Version: 1.3.2 - National Cancer Institute Biometric Research Branch)
Bullzip PDF Printer 10.2.0.2141 (HKLM\...\Bullzip PDF Printer_is1) (Version: 10.2.0.2141 - Bullzip)
Canon Utilities CameraWindow DC 8 (HKLM\...\CameraWindowDC) (Version: 8.8.0.17 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.16 - Piriform)
Cisco Systems VPN Client 5.0.07.0290 (HKLM\...\{B0BF7057-6869-4E4B-920C-EA2A58DA07F0}) (Version: 5.0.6 - Cisco Systems, Inc.)
ConvertHelper 3.1.1 (HKLM\...\{27CC6AB1-E72B-4179-AF1A-EAE507EBAF52}}_is1) (Version: - DownloadHelper)
Crystal Reports Basic for Visual Studio 2008 (HKLM\...\{AA467959-A1D6-4F45-90CD-11DC57733F32}) (Version: 10.5.0.0 - Business Objects)
CutePDF Writer 3.0 (HKLM\...\CutePDF Writer Installation) (Version: 3.0 - CutePDF.com)
DjVu Solo 3.1 (HKLM\...\DjVu Solo 3.1) (Version: - )
doPDF 7.3 printer (HKLM\...\doPDF 7 printer_is1) (Version: - Softland)
Download Accelerator Manager (HKLM\...\Download Accelerator Manager) (Version: 4.5.47 - )
Dropbox (HKU\S-1-5-21-1435187640-4071721805-2113652602-1000\...\Dropbox) (Version: 4.4.29 - Dropbox, Inc.)
Effect Size Generator 2.3 (HKLM\...\Effect_Size_Generator_2.2) (Version: - )
EndNote X3 (HKLM\...\{86B3F2D6-AC2B-4E88-8AE1-F2F77F781B0C}) (Version: 13.0.0.4094 - Thomson Reuters)
Enthought Canopy (32-bit) (HKLM\...\{7C13AA42-1B81-4C70-963D-D2772F8D7F33}) (Version: 1.2.0.123 - Enthought, Inc.)
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version: - )
Everything 1.3.4.686 (x86) (HKLM\...\Everything) (Version: - )
Exact Audio Copy 1.0beta3 (HKLM\...\Exact Audio Copy) (Version: 1.0beta3 - Andre Wiethoff)
FastStone Image Viewer 4.9 (HKLM\...\FastStone Image Viewer) (Version: 4.9 - FastStone Soft)
FileZilla Client 3.7.3 (HKLM\...\FileZilla Client) (Version: 3.7.3 - Tim Kosse)
Flashnote 4.6 (HKLM\...\Flashnote) (Version: 4.6 - Tiushkov Nikolay)
foobar2000 v1.3.7 (HKLM\...\foobar2000) (Version: 1.3.7 - Peter Pawlowski)
Foxit Reader (HKLM\...\Foxit Reader_is1) (Version: 7.3.4.311 - Foxit Software Inc.)
FreeFileSync 6.12 (HKLM\...\FreeFileSync_is1) (Version: 6.12 - www.FreeFileSync.org)
GIMP 2.8.8 (HKLM\...\GIMP-2_is1) (Version: 2.8.8 - The GIMP Team)
GOM Player (HKLM\...\GOM Player) (Version: 2.2.77.5240 - Gretech Corporation)
Google Chrome (HKLM\...\Google Chrome) (Version: 51.0.2704.84 - Google Inc.)
Google Drive (HKLM\...\{709316AD-161C-4D5C-9AE7-0B3A822DA271}) (Version: 1.30.2170.0459 - Google, Inc.)
Google Input Bengali (HKLM\...\GoogleInputBengali) (Version: - Google Inc.)
Google Input Tools (HKLM\...\GoogleInputFramework) (Version: - Google Inc.)
Google Talk Plugin (HKLM\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 5.41.3.0 - Google)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.30.3 - Google Inc.) Hidden
GPL Ghostscript (HKLM\...\GPL Ghostscript 9.10) (Version: 9.10 - Artifex Software Inc.)
HandBrake 0.9.9.1 (HKLM\...\HandBrake) (Version: 0.9.9.1 - )
HP Deskjet 3540 series Basic Device Software (HKLM\...\{4BD528D2-7E50-4FE4-BBB2-D8E66F970991}) (Version: 32.0.1180.44630 - Hewlett-Packard Co.)
HP Quick Launch Buttons (HKLM\...\{34D2AB40-150D-475D-AE32-BD23FB5EE355}) (Version: 6.50.14.1 - Hewlett-Packard Company)
IBM SPSS Statistics 21 (HKLM\...\{1E26B9C2-ED08-4EEA-83C8-A786502B41E5}) (Version: 21.0.0.0 - IBM Corp)
iDailyDiary 3.85 (HKLM\...\iDailyDiary_is1) (Version: - Splinterware Software Solutions)
Intel® Network Connections Drivers (HKLM\...\PROSet) (Version: 14.2 - Intel)
IrfanView (remove only) (HKLM\...\IrfanView) (Version: 4.42 - Irfan Skiljan)
JAGS 3.4.0 (HKLM\...\JAGS-3.4.0) (Version: 3.4.0 - JAGS)
Java 8 Update 91 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218091F0}) (Version: 8.0.910.14 - Oracle Corporation)
JetBrains PyCharm Community Edition 2016.1.2 (HKLM\...\PyCharm Community Edition 2016.1.2) (Version: 145.844.6 - JetBrains s.r.o.)
Kaspersky Internet Security (HKLM\...\InstallWIX_{77E7AE5C-181C-4CAF-ADBF-946F11C1CE26}) (Version: 16.0.0.614 - Kaspersky Lab)
Kaspersky Internet Security (Version: 16.0.0.614 - Kaspersky Lab) Hidden
KeePass Password Safe 1.30 (HKLM\...\KeePass Password Safe_is1) (Version: 1.30 - Dominik Reichl)
KeePass Password Safe 2.32 (HKLM\...\KeePassPasswordSafe2_is1) (Version: 2.32 - Dominik Reichl)
KeepNote 0.7.8 (HKLM\...\KeepNote_is1) (Version: - Matt Rasmussen)
K-Lite Mega Codec Pack 12.0.5 (HKLM\...\KLiteCodecPack_is1) (Version: 12.0.5 - KLCP)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
MATLAB R2010a (HKLM\...\MatlabR2010a) (Version: 7.10 - The MathWorks, Inc.)
MATLAB R2015b (HKLM\...\Matlab R2015b) (Version: 8.6 - MathWorks)
Microsoft .NET Compact Framework 2.0 SP2 (HKLM\...\{EDDF99D9-9FE3-4871-A7DB-D1522C51EE9A}) (Version: 2.0.7045 - Microsoft Corporation)
Microsoft .NET Compact Framework 3.5 (HKLM\...\{291B3A3B-F808-45B8-8113-DF232FCB6C82}) (Version: 3.5.7283 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Application Compatibility Toolkit 5.6 (HKLM\...\{0F5AEBB0-43F3-4571-ACE7-A7942E8AA179}) (Version: 5.6.7324.0 - Microsoft Corporation)
Microsoft Device Emulator version 3.0 - ENU (HKLM\...\{B32E7732-B2FB-3FD0-81AC-6025B1104C66}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Document Explorer 2008 (HKLM\...\Microsoft Document Explorer 2008) (Version: - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Professional Plus 2007 (HKLM\...\PROPLUS) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft SQL Server 2005 (HKLM\...\Microsoft SQL Server 2005) (Version: - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 Design Tools ENU (HKLM\...\{2E5C075E-11AB-4BDD-918C-7B9A68953FF8}) (Version: 3.5.5386.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 ENU (HKLM\...\{BCC899FE-2DAA-460C-A5FB-60291E73D9C3}) (Version: 3.5.5386.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 for Devices ENU (HKLM\...\{241F2BF7-69EB-42A4-9156-96B2426C7504}) (Version: 3.5.5386.0 - Microsoft Corporation)
Microsoft SQL Server Database Publishing Wizard 1.2 (HKLM\...\{9A33B83D-FFC4-44CF-BEEF-632DECEF2FCD}) (Version: 1.2.0.0 - Microsoft Corporation)
Microsoft SQL Server Native Client (HKLM\...\{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server Setup Support Files (English) (HKLM\...\{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{E7084B89-69E0-46B3-A118-8F99D06988CD}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2008 Professional Edition - ENU (HKLM\...\Microsoft Visual Studio 2008 Professional Edition - ENU) (Version: - Microsoft Corporation)
Microsoft Visual Studio Web Authoring Component (HKLM\...\VisualWebDeveloper) (Version: 12.0.4518.1066 - Microsoft Corporation)
Microsoft Windows SDK for Visual Studio 2008 .NET Framework Tools (HKLM\...\{05EC21B8-4593-3037-A781-A6B5AFFCB19D}) (Version: 3.5.21022 - Microsoft)
Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries (HKLM\...\{842FAF7C-50EF-4463-9B8F-6222E1384D7D}) (Version: 6.1.5288.17011 - Microsoft Corporation)
Microsoft Windows SDK for Visual Studio 2008 SDK Reference Assemblies and IntelliSense (HKLM\...\{64c5b887-b5ee-42b8-8596-78905a6b5f1f}) (Version: 6.1.5288.17011 - Microsoft Corporation)
Microsoft Windows SDK for Visual Studio 2008 Tools (HKLM\...\{CAA376AF-0DE8-4FCA-942E-C6AC579B94B3}) (Version: 6.1.5288.17011 - Microsoft Corporation)
Microsoft Windows SDK for Visual Studio 2008 Win32 Tools (HKLM\...\{B268E9A1-04A9-40D0-9866-846BE2B74BA7}) (Version: 6.1.5288.17011 - Microsoft Corporation)
Mozilla Firefox 37.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 37.0.1 (x86 en-US)) (Version: 37.0.1 - Mozilla)
Mozilla Firefox 44.0.2 (x86 en-US) (HKU\S-1-5-21-1435187640-4071721805-2113652602-1000\...\Mozilla Firefox 44.0.2 (x86 en-US)) (Version: 44.0.2 - Mozilla)
Mozilla Firefox 47.0 (x86 en-US) (HKLM\...\Mozilla Firefox 47.0 (x86 en-US)) (Version: 47.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 47.0.0.5999 - Mozilla)
NetLogo 5.3.1 (HKLM\...\{EB5AB27B-F791-490D-9C46-FC3A9BA5270B}) (Version: 5.3.1 - CCL)
Nitro Reader 3 (HKLM\...\{F5451D00-B448-4E9A-82DC-1929F4F1910D}) (Version: 3.5.6.5 - Nitro)
Notepad++ (HKLM\...\Notepad++) (Version: 6.9.1 - Notepad++ Team)
NVIDIA Display Control Panel (HKLM\...\NVIDIA Display Control Panel) (Version: 6.14.12.6128 - NVIDIA Corporation)
NVIDIA Graphics Driver 341.92 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 341.92 - NVIDIA Corporation)
NVIDIA nView 141.36 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView) (Version: 141.36 - NVIDIA Corporation)
NVIDIA WMI 2.18.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVWMI) (Version: 2.18.0 - NVIDIA Corporation)
OpenOffice 4.1.2 (HKLM\...\{E6AD67BB-1C33-4AB3-A387-E0D48137AB70}) (Version: 4.12.9782 - Apache Software Foundation)
OpenStat version 2.0 (HKLM\...\{1C6D7856-B7F4-4483-8B47-20199F1CF224}_is1) (Version: 2.0 - WGM Consulting)
Opera Stable 36.0.2130.46 (HKLM\...\Opera 36.0.2130.46) (Version: 36.0.2130.46 - Opera Software)
Oracle VM VirtualBox 4.3.4 (HKLM\...\{867E903E-9EB4-4B3A-A7C8-E556E5C996ED}) (Version: 4.3.4 - Oracle Corporation)
Origin 8.5.1 (Version: 8.51.00 - OriginLab) Hidden
OriginPro 8.5.1 (HKLM\...\{E1294D19-6193-4EC2-A077-6571012BDE5B}) (Version: 8.5.1 - OriginLab Corporation)
PopGene.S2 (HKLM\...\{462EEFCF-11A5-49E7-A5AC-C1871CDC2F09}) (Version: 1.0.0 - PopGene)
PSPP (HKLM\...\PSPP) (Version: 0.8.3 - Free Software Foundation, Inc.)
PVSonyDll (Version: 1.00.0001 - NVIDIA Corporation) Hidden
PyQt4 - PyQwt5 5.2.1-5 (HKLM\...\PyQt4 - PyQwt5 5.2.1-5) (Version: 5.2.1-5 - pythonxy.com)
PyQt4 - QtHelp 4.8.4-2 (HKLM\...\PyQt4 - QtHelp 4.8.4-2) (Version: 4.8.4-2 - pythonxy.com)
Python 2.7 - astropy 0.2.4-1 (HKLM\...\Python 2.7 - astropy 0.2.4-1) (Version: 0.2.4-1 - pythonxy)
Python 2.7 - babel 1.3-2 (HKLM\...\Python 2.7 - babel 1.3-2) (Version: 1.3-2 - pythonxy)
Python 2.7 - base_libraries 1.4.0-9 (HKLM\...\Python 2.7 - base_libraries 1.4.0-9) (Version: 1.4.0-9 - pythonxy)
Python 2.7 - base_python 1.7.1-14 (HKLM\...\Python 2.7 - base_python 1.7.1-14) (Version: 1.7.1-14 - pythonxy)
Python 2.7 - BeautifulSoup4 4.3.1-1 (HKLM\...\Python 2.7 - BeautifulSoup4 4.3.1-1) (Version: 4.3.1-1 - pythonxy)
Python 2.7 - bottleneck 0.7.0-2 (HKLM\...\Python 2.7 - bottleneck 0.7.0-2) (Version: 0.7.0-2 - pythonxy)
Python 2.7 - cffi 0.7.2-3 (HKLM\...\Python 2.7 - cffi 0.7.2-3) (Version: 0.7.2-3 - pythonxy)
Python 2.7 - cvxopt 1.1.6-1 (HKLM\...\Python 2.7 - cvxopt 1.1.6-1) (Version: 1.1.6-1 - pythonxy)
Python 2.7 - cx_Freeze 4.3.1-1 (HKLM\...\Python 2.7 - cx_Freeze 4.3.1-1) (Version: 4.3.1-1 - pythonxy.com)
Python 2.7 - Cython 0.19.1-7 (HKLM\...\Python 2.7 - Cython 0.19.1-7) (Version: 0.19.1-7 - pythonxy)
Python 2.7 - docutils 0.11-2 (HKLM\...\Python 2.7 - docutils 0.11-2) (Version: 0.11-2 - pythonxy)
Python 2.7 - EnthoughtToolSuite 4.3.0-3 (HKLM\...\Python 2.7 - EnthoughtToolSuite 4.3.0-3) (Version: 4.3.0-3 - pythonxy)
Python 2.7 - fabric 1.8.0-1 (HKLM\...\Python 2.7 - fabric 1.8.0-1) (Version: 1.8.0-1 - pythonxy)
Python 2.7 - formlayout 1.0.15-3 (HKLM\...\Python 2.7 - formlayout 1.0.15-3) (Version: 1.0.15-3 - pythonxy)
Python 2.7 - freeimage 3.6.0-3 (HKLM\...\Python 2.7 - freeimage 3.6.0-3) (Version: 3.6.0-3 - pythonxy)
Python 2.7 - gdal 1.9.2-2 (HKLM\...\Python 2.7 - gdal 1.9.2-2) (Version: 1.9.2-2 - pythonxy.com)
Python 2.7 - gevent 1.0.0-2 (HKLM\...\Python 2.7 - gevent 1.0.0-2) (Version: 1.0.0-2 - pythonxy)
Python 2.7 - Gnuplot 1.8.0.3 (HKLM\...\Python 2.7 - Gnuplot 1.8.0.3) (Version: 1.8.0.3 - pythonxy.com)
Python 2.7 - guidata 1.6.1-2 (HKLM\...\Python 2.7 - guidata 1.6.1-2) (Version: 1.6.1-2 - pythonxy)
Python 2.7 - guiqwt 2.3.1-4 (HKLM\...\Python 2.7 - guiqwt 2.3.1-4) (Version: 2.3.1-4 - pythonxy)
Python 2.7 - h5py 2.2.0-4 (HKLM\...\Python 2.7 - h5py 2.2.0-4) (Version: 2.2.0-4 - pythonxy)
Python 2.7 - html5lib 0.99-1 (HKLM\...\Python 2.7 - html5lib 0.99-1) (Version: 0.99-1 - pythonxy)
Python 2.7 - IPython 1.1.0-3 (HKLM\...\Python 2.7 - IPython 1.1.0-3) (Version: 1.1.0-3 - pythonxy)
Python 2.7 - itk 4.4.1-3 (HKLM\...\Python 2.7 - itk 4.4.1-3) (Version: 4.4.1-3 - pythonxy)
Python 2.7 - jinja2 2.7.1-2 (HKLM\...\Python 2.7 - jinja2 2.7.1-2) (Version: 2.7.1-2 - pythonxy)
Python 2.7 - lxml 3.2.3-7 (HKLM\...\Python 2.7 - lxml 3.2.3-7) (Version: 3.2.3-7 - pythonxy)
Python 2.7 - mahotas 1.0.2-6 (HKLM\...\Python 2.7 - mahotas 1.0.2-6) (Version: 1.0.2-6 - pythonxy)
Python 2.7 - matplotlib 1.3.0-2 (HKLM\...\Python 2.7 - matplotlib 1.3.0-2) (Version: 1.3.0-2 - pythonxy)
Python 2.7 - mdp 3.3.0.1 (HKLM\...\Python 2.7 - mdp 3.3.0.1) (Version: 3.3.0.1 - pythonxy.com)
Python 2.7 - mx 3.2.6-2 (HKLM\...\Python 2.7 - mx 3.2.6-2) (Version: 3.2.6-2 - pythonxy)
Python 2.7 - netcdf4 1.0.5-2 (HKLM\...\Python 2.7 - netcdf4 1.0.5-2) (Version: 1.0.5-2 - pythonxy)
Python 2.7 - networkx 1.8.1-1 (HKLM\...\Python 2.7 - networkx 1.8.1-1) (Version: 1.8.1-1 - pythonxy)
Python 2.7 - nose 1.3.0-2 (HKLM\...\Python 2.7 - nose 1.3.0-2) (Version: 1.3.0-2 - pythonxy)
Python 2.7 - numexpr 2.2.2-4 (HKLM\...\Python 2.7 - numexpr 2.2.2-4) (Version: 2.2.2-4 - pythonxy)
Python 2.7 - numpy 1.7.1-3 (HKLM\...\Python 2.7 - numpy 1.7.1-3) (Version: 1.7.1-3 - pythonxy)
Python 2.7 - OpenCV 2.4.6.1-3 (HKLM\...\Python 2.7 - OpenCV 2.4.6.1-3) (Version: 2.4.6.1-3 - pythonxy)
Python 2.7 - openpyxl 1.6.2-2 (HKLM\...\Python 2.7 - openpyxl 1.6.2-2) (Version: 1.6.2-2 - pythonxy)
Python 2.7 - pandas 0.12.0-7 (HKLM\...\Python 2.7 - pandas 0.12.0-7) (Version: 0.12.0-7 - pythonxy)
Python 2.7 - paramiko 1.12.0-4 (HKLM\...\Python 2.7 - paramiko 1.12.0-4) (Version: 1.12.0-4 - pythonxy)
Python 2.7 - patsy 0.2.1-1 (HKLM\...\Python 2.7 - patsy 0.2.1-1) (Version: 0.2.1-1 - pythonxy)
Python 2.7 - PIL 2.2.1-4 (HKLM\...\Python 2.7 - PIL 2.2.1-4) (Version: 2.2.1-4 - pythonxy)
Python 2.7 - pip 1.4.1-4 (HKLM\...\Python 2.7 - pip 1.4.1-4) (Version: 1.4.1-4 - pythonxy)
Python 2.7 - ply 3.4 (HKLM\...\Python 2.7 - ply 3.4) (Version: 3.4 - pythonxy.com)
Python 2.7 - pp 1.6.4-3 (HKLM\...\Python 2.7 - pp 1.6.4-3) (Version: 1.6.4-3 - pythonxy.com)
Python 2.7 - psutil 1.1.0-4 (HKLM\...\Python 2.7 - psutil 1.1.0-4) (Version: 1.1.0-4 - pythonxy)
Python 2.7 - py2exe 0.6.9 (HKLM\...\Python 2.7 - py2exe 0.6.9) (Version: 0.6.9 - pythonxy.com)
Python 2.7 - pycparser 2.10-2 (HKLM\...\Python 2.7 - pycparser 2.10-2) (Version: 2.10-2 - pythonxy)
Python 2.7 - pycrypto 2.6-1 (HKLM\...\Python 2.7 - pycrypto 2.6-1) (Version: 2.6-1 - pythonxy)
Python 2.7 - PycURL 7.19.0-2 (HKLM\...\Python 2.7 - PycURL 7.19.0-2) (Version: 7.19.0-2 - pythonxy)
Python 2.7 - pydicom 0.9.8-2 (HKLM\...\Python 2.7 - pydicom 0.9.8-2) (Version: 0.9.8-2 - pythonxy.com)
Python 2.7 - pygame 1.9.2-2 (HKLM\...\Python 2.7 - pygame 1.9.2-2) (Version: 1.9.2-2 - pythonxy)
Python 2.7 - pygments 1.6-1 (HKLM\...\Python 2.7 - pygments 1.6-1) (Version: 1.6-1 - pythonxy.com)
Python 2.7 - pygraphviz 1.3-2 (HKLM\...\Python 2.7 - pygraphviz 1.3-2) (Version: 1.3-2 - pythonxy)
Python 2.7 - pyhdf 0.8.3-2 (HKLM\...\Python 2.7 - pyhdf 0.8.3-2) (Version: 0.8.3-2 - pythonxy)
Python 2.7 - PyICU 1.5-1 (HKLM\...\Python 2.7 - PyICU 1.5-1) (Version: 1.5-1 - pythonxy.com)
Python 2.7 - pylint 1.0.0-6 (HKLM\...\Python 2.7 - pylint 1.0.0-6) (Version: 1.0.0-6 - pythonxy)
Python 2.7 - pyodbc 3.0.7-1 (HKLM\...\Python 2.7 - pyodbc 3.0.7-1) (Version: 3.0.7-1 - pythonxy)
Python 2.7 - PyOpenGL 3.0.2-3 (HKLM\...\Python 2.7 - PyOpenGL 3.0.2-3) (Version: 3.0.2-3 - pythonxy)
Python 2.7 - pyparallel 0.2.0.1 (HKLM\...\Python 2.7 - pyparallel 0.2.0.1) (Version: 0.2.0.1 - pythonxy.com)
Python 2.7 - pyparsing 2.0.1-2 (HKLM\...\Python 2.7 - pyparsing 2.0.1-2) (Version: 2.0.1-2 - pythonxy)
Python 2.7 - PyQt4 4.9.6-3 (HKLM\...\Python 2.7 - PyQt4 4.9.6-3) (Version: 4.9.6-3 - pythonxy.com)
Python 2.7 - pyreadline 2.0-1 (HKLM\...\Python 2.7 - pyreadline 2.0-1) (Version: 2.0-1 - pythonxy)
Python 2.7 - pyserial 2.6.0.1 (HKLM\...\Python 2.7 - pyserial 2.6.0.1) (Version: 2.6.0.1 - pythonxy.com)
Python 2.7 - pytables 3.0.0-2 (HKLM\...\Python 2.7 - pytables 3.0.0-2) (Version: 3.0.0-2 - pythonxy)
Python 2.7 - pytest 2.4.2-2 (HKLM\...\Python 2.7 - pytest 2.4.2-2) (Version: 2.4.2-2 - pythonxy)
Python 2.7 - pyvisa 1.4 (HKLM\...\Python 2.7 - pyvisa 1.4) (Version: 1.4 - pythonxy.com)
Python 2.7 - PyWavelets 0.2.2 (HKLM\...\Python 2.7 - PyWavelets 0.2.2) (Version: 0.2.2 - pythonxy.com)
Python 2.7 - pywin32 218-1 (HKLM\...\Python 2.7 - pywin32 218-1) (Version: 218-1 - pythonxy.com)
Python 2.7 - pywinauto 0.4.0 (HKLM\...\Python 2.7 - pywinauto 0.4.0) (Version: 0.4.0 - pythonxy.com)
Python 2.7 - pyyaml 3.10-1 (HKLM\...\Python 2.7 - pyyaml 3.10-1) (Version: 3.10-1 - pythonxy)
Python 2.7 - pyzmq 13.1.0-5 (HKLM\...\Python 2.7 - pyzmq 13.1.0-5) (Version: 13.1.0-5 - pythonxy)
Python 2.7 - reportlab 2.7-1 (HKLM\...\Python 2.7 - reportlab 2.7-1) (Version: 2.7-1 - pythonxy)
Python 2.7 - rst2pdf 0.93-3 (HKLM\...\Python 2.7 - rst2pdf 0.93-3) (Version: 0.93-3 - pythonxy)
Python 2.7 - scikits.image 0.8.2-2 (HKLM\...\Python 2.7 - scikits.image 0.8.2-2) (Version: 0.8.2-2 - pythonxy.com)
Python 2.7 - scikits-learn 0.14.1-4 (HKLM\...\Python 2.7 - scikits-learn 0.14.1-4) (Version: 0.14.1-4 - pythonxy)
Python 2.7 - scipy 0.12.0-2 (HKLM\...\Python 2.7 - scipy 0.12.0-2) (Version: 0.12.0-2 - pythonxy)
Python 2.7 - SendKeys 0.3 (HKLM\...\Python 2.7 - SendKeys 0.3) (Version: 0.3 - pythonxy)
Python 2.7 - setuptools 1.1.6-3 (HKLM\...\Python 2.7 - setuptools 1.1.6-3) (Version: 1.1.6-3 - pythonxy)
Python 2.7 - simplejson 3.3.0-5 (HKLM\...\Python 2.7 - simplejson 3.3.0-5) (Version: 3.3.0-5 - pythonxy)
Python 2.7 - sphinx 1.2-1 (HKLM\...\Python 2.7 - sphinx 1.2-1) (Version: 1.2-1 - pythonxy)
Python 2.7 - spyder 2.2.4-8 (HKLM\...\Python 2.7 - spyder 2.2.4-8) (Version: 2.2.4-8 - pythonxy)
Python 2.7 - sqlalchemy 0.8.2-7 (HKLM\...\Python 2.7 - sqlalchemy 0.8.2-7) (Version: 0.8.2-7 - pythonxy)
Python 2.7 - statsmodels 0.5.0-1 (HKLM\...\Python 2.7 - statsmodels 0.5.0-1) (Version: 0.5.0-1 - pythonxy)
Python 2.7 - sympy 0.7.3-2 (HKLM\...\Python 2.7 - sympy 0.7.3-2) (Version: 0.7.3-2 - pythonxy)
Python 2.7 - tornado 3.1.1-4 (HKLM\...\Python 2.7 - tornado 3.1.1-4) (Version: 3.1.1-4 - pythonxy)
Python 2.7 - uncertainties 2.4.1-7 (HKLM\...\Python 2.7 - uncertainties 2.4.1-7) (Version: 2.4.1-7 - pythonxy)
Python 2.7 - veusz 1.18-5 (HKLM\...\Python 2.7 - veusz 1.18-5) (Version: 1.18-5 - pythonxy)
Python 2.7 - virtualenv 1.10.1-5 (HKLM\...\Python 2.7 - virtualenv 1.10.1-5) (Version: 1.10.1-5 - pythonxy)
Python 2.7 - vitables 2.1.0.3 (HKLM\...\Python 2.7 - vitables 2.1.0.3) (Version: 2.1.0.3 - pythonxy.com)
Python 2.7 - vpython 5.74-1 (HKLM\...\Python 2.7 - vpython 5.74-1) (Version: 5.74-1 - pythonxy.com)
Python 2.7 - vtk 5.10.1-3 (HKLM\...\Python 2.7 - vtk 5.10.1-3) (Version: 5.10.1-3 - pythonxy)
Python 2.7 - winpdb 1.4.8.3 (HKLM\...\Python 2.7 - winpdb 1.4.8.3) (Version: 1.4.8.3 - pythonxy.com)
Python 2.7 - wxPython 2.8.12.1-1 (HKLM\...\Python 2.7 - wxPython 2.8.12.1-1) (Version: 2.8.12.1-1 - pythonxy)
Python 2.7 - xlrd 0.9.2-3 (HKLM\...\Python 2.7 - xlrd 0.9.2-3) (Version: 0.9.2-3 - pythonxy)
Python 2.7 - xlwt 0.7.5-1 (HKLM\...\Python 2.7 - xlwt 0.7.5-1) (Version: 0.7.5-1 - pythonxy)
Python 2.7 - xy 1.3.2-4 (HKLM\...\Python 2.7 - xy 1.3.2-4) (Version: 1.3.2-4 - pythonxy)
Python 2.7.5 (Version: 2.7.5150 - Python Software Foundation) Hidden
Python 3.5.1 (Anaconda3 4.0.0 32-bit) (HKU\S-1-5-21-1435187640-4071721805-2113652602-1000\...\Python 3.5.1 (Anaconda3 4.0.0 32-bit)) (Version: 4.0.0 - Continuum Analytics, Inc.)
Python(x,y) - console 2.0.148-8 (HKLM\...\Python(x,y) - console 2.0.148-8) (Version: 2.0.148-8 - pythonxy.com)
Python(x,y) - gettext 0.14.4.3 (HKLM\...\Python(x,y) - gettext 0.14.4.3) (Version: 0.14.4.3 - pythonxy.com)
Python(x,y) - mingw 4.5.2.3 (HKLM\...\Python(x,y) - mingw 4.5.2.3) (Version: 4.5.2.3 - pythonxy.com)
Python(x,y) - SciTE 3.3.2-3 (HKLM\...\Python(x,y) - SciTE 3.3.2-3) (Version: 3.3.2-3 - pythonxy)
Python(x,y) - swig 2.0.10-2 (HKLM\...\Python(x,y) - swig 2.0.10-2) (Version: 2.0.10-2 - pythonxy)
Python(x,y) - WinMerge 2.12.4.2 (HKLM\...\Python(x,y) - WinMerge 2.12.4.2) (Version: 2.12.4.2 - pythonxy.com)
Python(x,y) - xydoc 1.0.5.1 (HKLM\...\Python(x,y) - xydoc 1.0.5.1) (Version: 1.0.5.1 - pythonxy.com)
Python(x,y) (HKLM\...\Python(x,y)) (Version: 2.7.5.1 - Python(x,y))
Q-Dir (HKLM\...\Q-Dir) (Version: - )
Qiqqa (HKLM\...\{99AF0582-482B-4E5E-BB11-675354BF5E77}_is1) (Version: 77 - Quantisle Ltd.)
QLBCASL (Version: 6.40.17.2 - Hewlett-Packard) Hidden
R for Windows 3.0.1 (HKLM\...\R for Windows 3.0.1_is1) (Version: 3.0.1 - R Core Team)
R for Windows 3.1.0 (HKLM\...\R for Windows 3.1.0_is1) (Version: 3.1.0 - R Core Team)
R for Windows 3.2.2 (HKLM\...\R for Windows 3.2.2_is1) (Version: 3.2.2 - R Core Team)
R for Windows 3.2.4 Revised (HKLM\...\R for Windows 3.2.4 Revised_is1) (Version: 3.2.4 Revised - R Core Team)
Rainlendar2 (remove only) (HKLM\...\Rainlendar2) (Version: - )
ResearchSoft Direct Export Helper (HKLM\...\ResearchSoft Direct Export Helper) (Version: - )
RICOH Media Driver (HKLM\...\{F5CC2EF8-20A4-4366-A681-3FE849E65809}) (Version: 2.10.00.04 - RICOH)
Rodeo (HKLM\...\Rodeo) (Version: - )
RStudio (HKLM\...\RStudio) (Version: 0.99.484 - RStudio)
SciDAVis 1.D5 (HKLM\...\SciDAVis) (Version: 1.D5 - )
SigmaPlot 11.0 (HKLM\...\{B1A88375-BAB9-4081-B58F-A137FC6ED2A4}) (Version: 11.0 - Systat Software, Inc.)
Skype™ 7.22 (HKLM\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.22.109 - Skype Technologies S.A.)
Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_PCI_VEN_14F1&DEV_2C06_hpZ1379z) (Version: - )
Sophos Virus Removal Tool (HKLM\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.5.4 - Sophos Limited)
StartupMonitor (HKLM\...\{76EFAC4F-1712-401F-B2AE-590B170C9BCE}) (Version: 1.0.2.0 - Mike Lin)
STATISTICA 9.1.210.0 (HKLM\...\{93ac258b-48e2-75fc-8d9c-e8496769386d}) (Version: 9.1.210.0 - StatSoft, Inc.)
Stickies 8.0a (HKLM\...\ZhornStickies) (Version: - Zhorn Software)
SumatraPDF (HKLM\...\SumatraPDF) (Version: 3.1.1 - Krzysztof Kowalczyk)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.24.0 - Synaptics Incorporated)
TableCurve 2D v5.01 (HKLM\...\TableCurve 2D v5.01) (Version: - )
TableCurve 3D v4.0 (HKLM\...\TableCurve 3D v4.0) (Version: - )
TeraCopy 2.27 (HKLM\...\TeraCopy_is1) (Version: - Code Sector)
TreeDBNotes 4 (HKLM\...\TreeDBNotes 4) (Version: - )
UBitMenu UK (HKLM\...\{C8748FFB-1713-4e95-B3DF-4F1622D96F93}_is1) (Version: 01.04 - UBit Schweiz AG)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0021-0000-0000-0000000FF1CE}_VisualWebDeveloper_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
VC Runtimes MSI (Version: 9.0.21022 - Microsoft) Hidden
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden
VirtuaWin v4.4 (HKLM\...\VirtuaWin_is1) (Version: - )
Visual Studio 2005 Tools for Office Second Edition Runtime (HKLM\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version: - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime (HKLM\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version: - Microsoft Corporation)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.2 - VideoLAN)
wePresent WiPG-1000 (HKLM\...\wePresent WiPG-1000_is1) (Version: 1.2.4.5 - AWIND Inc)
Winamp (HKLM\...\Winamp) (Version: 5.66 - Nullsoft, Inc)
Winamp Detector Plug-in (HKU\S-1-5-21-1435187640-4071721805-2113652602-1000\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
WinDjView 2.1 (HKLM\...\WinDjView) (Version: 2.1 - Andrew Zhezherun)
Windows Mobile 5.0 SDK R2 for Pocket PC (HKLM\...\{6C9F6D23-E9AD-43C9-B43A-011562AAF876}) (Version: 5.00.1700.5.14343.06 - Microsoft Corporation)
Windows Mobile 5.0 SDK R2 for Smartphone (HKLM\...\{9656F3AC-6BA9-43F0-ABED-F214B5DAB27B}) (Version: 5.00.1700.5.14343.06 - Microsoft Corporation)
WinMerge 2.14.0 (HKLM\...\WinMerge_is1) (Version: 2.14.0 - Thingamahoochie Software)
WinPatrol (HKLM\...\{6A206A04-6BC1-411B-AA04-4E52EDEEADF2}) (Version: 33.6.2015.18 - Ruiware)
WinRAR 5.01 beta 1 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.1 - win.rar GmbH)
WinX DVD Ripper 5.6.0 (HKLM\...\WinX DVD Ripper_is1) (Version: - Digiarty Software, Inc.)
WordWeb (HKLM\...\WordWeb) (Version: 7 - WordWeb Software)
XLSTAT 2010 (HKLM\...\{68B36FA5-E276-4C03-A56C-EC25717E1668}) (Version: 12.2.03 - Addinsoft)
XMind 2013 (v3.4.0) (HKLM\...\XMind_is1) (Version: 3.4.0.201311050558 - XMind Ltd.)
Zim Desktop Wiki (HKLM\...\Zim Desktop Wiki) (Version: - )
Zotero Standalone 4.0.20 (x86 en-US) (HKLM\...\Zotero Standalone 4.0.20 (x86 en-US)) (Version: 4.0.20 - Zotero)
Zotero Standalone 4.0.28 (x86 en-US) (HKU\S-1-5-21-1435187640-4071721805-2113652602-1000\...\Zotero Standalone 4.0.28 (x86 en-US)) (Version: 4.0.28 - Zotero)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1435187640-4071721805-2113652602-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\SD\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1435187640-4071721805-2113652602-1000_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\SD\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1435187640-4071721805-2113652602-1000_Classes\CLSID\{05187161-5C36-4324-A734-22BF37509F2D}\InprocServer32 -> C:\Users\SD\AppData\Local\Enthought\opencodecs\x86\dsfTheoraDecoder.dll ()
CustomCLSID: HKU\S-1-5-21-1435187640-4071721805-2113652602-1000_Classes\CLSID\{05A1D945-A794-44EF-B41A-2F851A117155}\InprocServer32 -> C:\Users\SD\AppData\Local\Enthought\opencodecs\x86\dsfVorbisDecoder.dll ()
CustomCLSID: HKU\S-1-5-21-1435187640-4071721805-2113652602-1000_Classes\CLSID\{0A368B9B-3566-4730-B40E-EAF6858A53AF}\InprocServer32 -> C:\Users\SD\AppData\Local\Dropbox\Update\1.3.27.33\psuser.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1435187640-4071721805-2113652602-1000_Classes\CLSID\{121EA765-6D3F-4519-9686-A0BA6E5281A2}\InprocServer32 -> C:\Users\SD\AppData\Local\Enthought\opencodecs\x86\dsfTheoraEncoder.dll ()
CustomCLSID: HKU\S-1-5-21-1435187640-4071721805-2113652602-1000_Classes\CLSID\{1F3EFFE4-0E70-47C7-9C48-05EB99E20011}\InprocServer32 -> C:\Users\SD\AppData\Local\Enthought\opencodecs\x86\dsfOggMux.dll ()
CustomCLSID: HKU\S-1-5-21-1435187640-4071721805-2113652602-1000_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\SD\AppData\Local\Google\Update\1.3.30.3\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1435187640-4071721805-2113652602-1000_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\SD\AppData\Local\Google\Update\1.3.30.3\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1435187640-4071721805-2113652602-1000_Classes\CLSID\{2F234A01-A4EB-4EAB-A130-A13C97953F0B}\localserver32 -> D:\Programs on D\OriginLab\Origin851\Origin85.exe (OriginLab Corporation)
CustomCLSID: HKU\S-1-5-21-1435187640-4071721805-2113652602-1000_Classes\CLSID\{3059C9E6-9EDC-4C89-933E-C65623F8FD60}\localserver32 -> C:\Users\SD\AppData\Local\Dropbox\Update\DropboxUpdate.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1435187640-4071721805-2113652602-1000_Classes\CLSID\{3376086C-D6F9-4CE4-8B89-33CD570106B5}\InprocServer32 -> C:\Users\SD\AppData\Local\Enthought\opencodecs\x86\dsfFLACDecoder.dll ()
CustomCLSID: HKU\S-1-5-21-1435187640-4071721805-2113652602-1000_Classes\CLSID\{39125640-8D80-11DC-A2FE-C5C455D89593}\InprocServer32 -> C:\Users\SD\AppData\Local\Google\Google Talk Plugin\googletalkax.dll (Google)
CustomCLSID: HKU\S-1-5-21-1435187640-4071721805-2113652602-1000_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\SD\AppData\Local\Google\Update\1.3.30.3\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1435187640-4071721805-2113652602-1000_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\SD\AppData\Local\Google\Update\1.3.30.3\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1435187640-4071721805-2113652602-1000_Classes\CLSID\{5C769985-C3E1-4F95-BEE7-1101C465F5FC}\InprocServer32 -> C:\Users\SD\AppData\Local\Enthought\opencodecs\x86\dsfTheoraEncoder.dll ()
CustomCLSID: HKU\S-1-5-21-1435187640-4071721805-2113652602-1000_Classes\CLSID\{5C94FE86-B93B-467F-BFC3-BD6C91416F9B}\InprocServer32 -> C:\Users\SD\AppData\Local\Enthought\opencodecs\x86\dsfVorbisEncoder.dll ()
CustomCLSID: HKU\S-1-5-21-1435187640-4071721805-2113652602-1000_Classes\CLSID\{61F6D8A0-2863-11D0-BBB6-00409512C43D}\localserver32 -> D:\Programs on D\OriginLab\Origin851\Origin85.exe (OriginLab Corporation)
CustomCLSID: HKU\S-1-5-21-1435187640-4071721805-2113652602-1000_Classes\CLSID\{6DDA37BA-0553-499A-AE0D-BEBA67204548}\InprocServer32 -> C:\Users\SD\AppData\Local\Enthought\opencodecs\x86\dsfNativeFLACSource.dll ()
CustomCLSID: HKU\S-1-5-21-1435187640-4071721805-2113652602-1000_Classes\CLSID\{7036C2FE-A209-464C-97AB-95B9260EDBF7}\InprocServer32 -> C:\Users\SD\AppData\Local\Enthought\opencodecs\x86\dsfSpeexEncoder.dll ()
CustomCLSID: HKU\S-1-5-21-1435187640-4071721805-2113652602-1000_Classes\CLSID\{7605E26C-DE38-4B82-ADD8-FE2568CC0B25}\InprocServer32 -> C:\Users\SD\AppData\Local\Enthought\opencodecs\x86\dsfSpeexDecoder.dll ()
CustomCLSID: HKU\S-1-5-21-1435187640-4071721805-2113652602-1000_Classes\CLSID\{77E3A6A3-2A24-43FA-B929-00747E4B560B}\InprocServer32 -> C:\Users\SD\AppData\Local\Enthought\opencodecs\x86\dsfFLACEncoder.dll ()
CustomCLSID: HKU\S-1-5-21-1435187640-4071721805-2113652602-1000_Classes\CLSID\{7CC95AE6-C1FA-40CC-AB17-3E91DA2F77CA}\InprocServer32 -> C:\Users\SD\AppData\Local\Enthought\opencodecs\x86\AxPlayer.dll (Xiph.Org)
CustomCLSID: HKU\S-1-5-21-1435187640-4071721805-2113652602-1000_Classes\CLSID\{87DC457B-B35D-48AC-BD42-BDF35EF623CE}\localserver32 -> C:\Users\SD\AppData\Local\Dropbox\Update\1.3.27.33\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1435187640-4071721805-2113652602-1000_Classes\CLSID\{9FAA38ED-5635-44F7-9BE0-8CAFE29B3783}\localserver32 -> C:\Users\SD\AppData\Local\Dropbox\Update\1.3.27.33\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1435187640-4071721805-2113652602-1000_Classes\CLSID\{9FE89513-7A1C-4229-8DF1-AB272A668E52}\localserver32 -> D:\Programs on D\OriginLab\Origin851\Origin85.exe (OriginLab Corporation)
CustomCLSID: HKU\S-1-5-21-1435187640-4071721805-2113652602-1000_Classes\CLSID\{A538F05F-DC08-4BF9-994F-18A86CCA6CC4}\InprocServer32 -> C:\Users\SD\AppData\Local\Enthought\opencodecs\x86\dsfVorbisEncoder.dll ()
CustomCLSID: HKU\S-1-5-21-1435187640-4071721805-2113652602-1000_Classes\CLSID\{AB9F4455-E591-4132-A386-0B91EAEDB96C}\InprocServer32 -> C:\Users\SD\AppData\Local\Google\Google Talk Plugin\o1dax.dll (Google)
CustomCLSID: HKU\S-1-5-21-1435187640-4071721805-2113652602-1000_Classes\CLSID\{B0F21977-8AAB-4632-A73D-528B909C5663}\localserver32 -> D:\Programs on D\OriginLab\Origin851\Origin85.exe (OriginLab Corporation)
CustomCLSID: HKU\S-1-5-21-1435187640-4071721805-2113652602-1000_Classes\CLSID\{C0DD324D-A74F-4533-84AD-030F76771C77}\localserver32 -> C:\Users\SD\AppData\Local\Dropbox\Update\1.3.27.33\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1435187640-4071721805-2113652602-1000_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\SD\AppData\Local\Google\Update\1.3.30.3\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1435187640-4071721805-2113652602-1000_Classes\CLSID\{C32E3EEC-3C10-426E-95F3-38C7F139FADD}\localserver32 -> C:\Users\SD\AppData\Local\Dropbox\Update\1.3.27.33\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1435187640-4071721805-2113652602-1000_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\SD\AppData\Local\Google\Update\1.3.30.3\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1435187640-4071721805-2113652602-1000_Classes\CLSID\{C9361F5A-3282-4944-9899-6D99CDC5370B}\InprocServer32 -> C:\Users\SD\AppData\Local\Enthought\opencodecs\x86\dsfOggDemux2.dll ()
CustomCLSID: HKU\S-1-5-21-1435187640-4071721805-2113652602-1000_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\SD\AppData\Local\Google\Update\1.3.30.3\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1435187640-4071721805-2113652602-1000_Classes\CLSID\{E7A37920-253C-4FF1-B169-298A7CE6CAA9}\localserver32 -> C:\Users\SD\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1435187640-4071721805-2113652602-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\SD\AppData\Local\Google\Update\1.3.30.3\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1435187640-4071721805-2113652602-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\SD\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1435187640-4071721805-2113652602-1000_Classes\CLSID\{ED3110F0-5211-11DF-94AF-0026B977EEAA}\InprocServer32 -> C:\Users\SD\AppData\Local\Enthought\opencodecs\x86\webmmux.dll (Google)
CustomCLSID: HKU\S-1-5-21-1435187640-4071721805-2113652602-1000_Classes\CLSID\{ED3110F3-5211-11DF-94AF-0026B977EEAA}\InprocServer32 -> C:\Users\SD\AppData\Local\Enthought\opencodecs\x86\vp8decoder.dll (Google)
CustomCLSID: HKU\S-1-5-21-1435187640-4071721805-2113652602-1000_Classes\CLSID\{ED3110F5-5211-11DF-94AF-0026B977EEAA}\InprocServer32 -> C:\Users\SD\AppData\Local\Enthought\opencodecs\x86\vp8encoder.dll (Google)
CustomCLSID: HKU\S-1-5-21-1435187640-4071721805-2113652602-1000_Classes\CLSID\{ED3110F8-5211-11DF-94AF-0026B977EEAA}\InprocServer32 -> C:\Users\SD\AppData\Local\Enthought\opencodecs\x86\webmsplit.dll (Google)
CustomCLSID: HKU\S-1-5-21-1435187640-4071721805-2113652602-1000_Classes\CLSID\{ED311102-5211-11DF-94AF-0026B977EEAA}\InprocServer32 -> C:\Users\SD\AppData\Local\Enthought\opencodecs\x86\vp8encoder.dll (Google)
CustomCLSID: HKU\S-1-5-21-1435187640-4071721805-2113652602-1000_Classes\CLSID\{ED79AEC0-68AD-4BE6-B06E-B4D3C8101624}\InprocServer32 -> C:\Users\SD\AppData\Local\Enthought\opencodecs\x86\dsfSpeexEncoder.dll ()
CustomCLSID: HKU\S-1-5-21-1435187640-4071721805-2113652602-1000_Classes\CLSID\{EE66A998-4E5C-4E23-A0F3-97C40D87EC48}\InprocServer32 -> C:\Users\SD\AppData\Local\Enthought\opencodecs\x86\dsfFLACEncoder.dll ()
CustomCLSID: HKU\S-1-5-21-1435187640-4071721805-2113652602-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\SD\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1435187640-4071721805-2113652602-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\SD\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1435187640-4071721805-2113652602-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\SD\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1435187640-4071721805-2113652602-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\SD\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1435187640-4071721805-2113652602-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\SD\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1435187640-4071721805-2113652602-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\SD\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1435187640-4071721805-2113652602-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\SD\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1435187640-4071721805-2113652602-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\SD\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1435187640-4071721805-2113652602-1000_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\SD\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1435187640-4071721805-2113652602-1000_Classes\CLSID\{FE819BE5-BADF-4370-9913-6FB84ABA6FB1}\InprocServer32 -> C:\Users\SD\AppData\Local\Dropbox\Update\1.3.27.33\psuser.dll (Dropbox, Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0057E525-0505-4EA9-9B38-6E14A6DB1E37} - System32\Tasks\Opera scheduled Autoupdate 1391229852 => D:\Programs on D\Opera\launcher.exe [2016-03-24] (Opera Software)
Task: {04387A8A-B1AD-4F21-9545-D5EB916AD134} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2016-05-26] (Adobe Systems Incorporated)
Task: {04B53A1A-C12E-4FF5-8D60-184ABE28487B} - System32\Tasks\{608BE89A-5B9D-40C0-A925-76B242B507AE} => C:\STAT\STA_WIN.EXE [1995-12-14] ()
Task: {08AD8929-9E7A-4382-8D24-E622CE758ED3} - System32\Tasks\{A6CE1F8C-EB2A-4320-AD1E-27CD6D0EC567} => pcalua.exe -a "D:\Programs on D\DLIDownloader\Uninstall.exe" -d "D:\Programs on D\DLIDownloader"
Task: {0E75DF78-7A15-4075-AB9B-A9FEC8C5CDD8} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-04-22] (Adobe Systems Incorporated)
Task: {17FE5E7B-74FF-402F-94D0-A0CBBB4FC669} - System32\Tasks\{6BEDB762-CBF9-4E77-98F1-CAF58AEDC73C} => C:\STAT\STA_WIN.EXE [1995-12-14] ()
Task: {2426AF32-AD8E-4E19-A36A-C6601E3E40B8} - System32\Tasks\{A1A3F479-C159-4D9F-9045-7BB9C1EC9B73} => C:\STAT\STA_BAS.EXE [1995-12-14] ()
Task: {2E3324AF-D6F0-463E-92FA-3573A83C9B17} - System32\Tasks\{F5BC9529-58D4-4FBE-AC12-BC96C49EAAD0} => C:\STAT\STA_BAS.EXE [1995-12-14] ()
Task: {358A1515-76B7-4029-B542-7325DEA04A4E} - System32\Tasks\{D1C665D2-AE1D-4FC6-9DD2-5EB523401A17} => C:\STAT\STA_BAS.EXE [1995-12-14] ()
Task: {3B622486-BCE3-4B0A-8DF1-745F972893FC} - System32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901} => C:\Program Files\Common Files\AV\Kaspersky Lab\upgrade_launcher.exe [2015-11-11] (AO Kaspersky Lab)
Task: {4961C2E6-67C8-4AD3-B45B-640A6E6B7C65} - System32\Tasks\MATLAB R2015b Startup Accelerator => D:\Programs on D\MATLAB_R2015b\bin\win32\MATLABStartupAccelerator.exe [2015-07-30] ()
Task: {50D4F229-5BEC-401B-BF5C-5D799BDF4C9A} - System32\Tasks\{7811F6EC-FE1C-4B83-BE46-422CC076F413} => C:\STAT\STA_BAS.EXE [1995-12-14] ()
Task: {52CC46EE-ADB3-40F5-BD22-208CEE972AF9} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1435187640-4071721805-2113652602-1000Core => C:\Users\SD\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-16] (Dropbox, Inc.)
Task: {53FB695C-720C-471B-AD5D-44014B0ABDEB} - System32\Tasks\{AD0876B4-D39A-4DD8-86B0-BCD69F7EAF0D} => pcalua.exe -a C:\Users\SD\Desktop\vpnclient-win-msi-5.0.07.0290-k9.exe -d C:\Users\SD\Desktop
Task: {5872593A-3CD0-47D7-AFF3-E3327857612C} - System32\Tasks\{92FCA738-36EB-42AD-A7D9-B666A87BAC0E} => E:\DeyAtPune\ResearchRelated\qbasic\QB.EXE [1988-09-28] ()
Task: {5EF67412-CD9C-48C7-BED4-AB6731B2E244} - System32\Tasks\{42D78DDF-602A-407C-BB51-D178536D8748} => msiexec.exe /package "H:\PuneSoftwares_5\Softwares_Scientific\ENDNOTE_official\ENX3Inst.msi"
Task: {6035E747-3828-4C10-8446-174F72704E87} - System32\Tasks\{9BA6AC18-4F97-485F-A275-4E2A5CF99FE2} => C:\STAT\STA_WIN.EXE [1995-12-14] ()
Task: {68AC9B48-149D-4E19-A2C8-7D1C0722F51E} - System32\Tasks\{D39EA1C0-5FE8-49CA-8940-E06AF176B574} => pcalua.exe -a F:\install.exe -d F:\
Task: {6C66C042-D363-42F8-89DE-86D199907E52} - System32\Tasks\{8FE17DE7-D42E-4A8C-866C-AC7D02AC15C4} => C:\STAT\STA_BAS.EXE [1995-12-14] ()
Task: {6D19562B-A068-4AA6-9894-CF5CFAD2810C} - System32\Tasks\CCleanerSkipUAC => D:\Programs on D\CCleaner\CCleaner.exe [2016-03-12] (Piriform Ltd)
Task: {7C42C550-9C79-4A2E-81A0-FE8C7CA3F077} - System32\Tasks\klcp_update => C:\Program Files\K-Lite Codec Pack\Tools\CodecTweakTool.exe [2016-03-22] ()
Task: {8D4CC7F0-55CD-4124-9071-1939FD999AD8} - System32\Tasks\{72D0F312-E5F1-4D3A-8F18-2FDF97C330C6} => C:\STAT\STA_BAS.EXE [1995-12-14] ()
Task: {95C24F6F-4353-41C2-B534-D22335DC48FF} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1435187640-4071721805-2113652602-1000UA => C:\Users\SD\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-16] (Dropbox, Inc.)
Task: {A53A59EF-5F65-4A06-BFEA-83DFF6A8D62A} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1435187640-4071721805-2113652602-1000Core => C:\Users\SD\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {A553968D-B7CA-4FC6-97C1-7ABF9897748E} - System32\Tasks\{8543325E-768C-40AF-B55B-6728574574E3} => C:\STAT\STA_BAS.EXE [1995-12-14] ()
Task: {AC69D728-0C06-4D97-86EF-34FA329959BB} - System32\Tasks\{BA0262CE-9EB3-4AA6-91EB-F6B849961DDB} => C:\STAT\STA_BAS.EXE [1995-12-14] ()
Task: {B59B09A1-737D-4345-9534-E08E1DED510F} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1435187640-4071721805-2113652602-1000UA => C:\Users\SD\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {B6F99914-A54B-49A6-B7D7-2D4B5D57A617} - System32\Tasks\{F32FD8CA-02C4-42CD-AC14-91CDAD479151} => pcalua.exe -a F:\Softwares\sp45191.exe -d F:\Softwares
Task: {BA0D22DD-914F-4616-A80D-421C39F82F20} - System32\Tasks\{04ECD668-8639-4961-B04E-60B035295D39} => C:\STAT\STA_BAS.EXE [1995-12-14] ()
Task: {D0FD8910-3225-481A-A6F9-DC19F60CEFEF} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.)
Task: {DA7AEB82-8347-49D2-83E4-70AF76416706} - System32\Tasks\{AC6497A7-358E-4F83-95C1-621210D972E1} => E:\DeyAtPune\ResearchRelated\qbasic\QB.EXE [1988-09-28] ()
Task: {DC135B8B-280E-4F88-93A2-5C234C0FF809} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.)
Task: {E53B4C8C-3F60-468A-9842-A20C161E4257} - System32\Tasks\{07C7D1A3-37A5-4918-90A3-917679C83D7C} => C:\STAT\STA_BAS.EXE [1995-12-14] ()
Task: {F569A633-3378-4C3B-BCC3-07D62A26370B} - System32\Tasks\{598F0CC9-8002-43CE-9AAD-F0F4C50CFA5F} => pcalua.exe -a C:\Users\SD\Desktop\Merge7zInstaller0028-465-920.exe -d C:\Users\SD\Desktop
Task: {F8E67D14-5BBC-4ACB-8CAB-E3AB9C1AF71A} - System32\Tasks\{41FDA522-DA87-491F-ABB8-2BD58F2A2EC4} => C:\STAT\STA_BAS.EXE [1995-12-14] ()

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1435187640-4071721805-2113652602-1000Core.job => C:\Users\SD\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1435187640-4071721805-2113652602-1000UA.job => C:\Users\SD\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1435187640-4071721805-2113652602-1000Core.job => C:\Users\SD\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1435187640-4071721805-2113652602-1000UA.job => C:\Users\SD\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\MATLAB R2015b Startup Accelerator.job => D:\Programs on D\MATLAB_R2015b\bin\win32\MATLABStartupAccelerator.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2013-12-17 09:58 - 2015-11-05 21:36 - 02216136 _____ () C:\Windows\system32\nvwmi.exe
2014-02-02 21:23 - 2013-10-23 15:23 - 00089136 _____ () C:\Windows\System32\cpwmon2k.dll
2013-12-17 09:57 - 2015-10-13 22:17 - 00113840 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax.dll
2015-07-08 23:18 - 2015-07-08 23:18 - 00794920 _____ () C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 16.0.0\kpcengine.2.3.dll
2010-03-23 13:26 - 2010-03-23 13:26 - 00201512 _____ () C:\Windows\system32\vpnapi.dll
2009-03-13 06:48 - 2014-08-06 06:31 - 01048576 _____ () D:\Programs on D\Everything\Everything.exe
2014-10-01 18:05 - 2014-10-01 18:05 - 06847824 _____ () D:\Programs on D\AtempoLiveNavigator\bin\HNagent.exe
2013-08-08 00:55 - 2013-08-08 00:55 - 00093696 _____ () D:\Programs on D\FileZilla FTP Client\fzshellext.dll
2013-11-26 22:10 - 2015-11-05 21:35 - 00690024 _____ () C:\Program Files\NVIDIA Corporation\nview\nvshell.dll
2013-11-26 19:59 - 2011-10-26 17:41 - 00305664 _____ () D:\Programs on D\TeraCopy\TeraCopyExt.dll
2016-03-28 23:37 - 2016-03-28 23:37 - 00267952 _____ () D:\Programs on D\Notepad++\NppShell_06.dll
2013-11-26 19:59 - 2011-10-26 17:41 - 00325120 _____ () D:\Programs on D\TeraCopy\TeraCopy.dll
2000-05-20 17:23 - 2000-05-20 17:23 - 00086016 _____ () C:\Windows\StartupMonitor.exe
2013-03-10 23:28 - 2013-03-10 23:28 - 02598496 _____ () D:\Programs on D\Rainlendar2\Rainlendar2.exe
2012-05-17 00:31 - 2012-05-17 00:31 - 00140800 _____ () D:\Programs on D\Rainlendar2\lua52.dll
2013-03-10 23:29 - 2013-03-10 23:29 - 00215648 _____ () D:\Programs on D\Rainlendar2\plugins\iCalendarPlugin.dll
2012-06-17 18:52 - 2012-06-17 18:52 - 00012800 _____ () D:\Programs on D\Rainlendar2\lfs.dll
2013-11-30 22:37 - 2010-04-03 14:05 - 00380928 _____ () D:\Programs on D\Launchy\Launchy.exe
2013-11-30 22:37 - 2009-12-16 23:13 - 08314880 _____ () D:\Programs on D\Launchy\QtGui4.dll
2013-11-30 22:37 - 2009-12-16 22:54 - 02236416 _____ () D:\Programs on D\Launchy\QtCore4.dll
2013-11-30 22:37 - 2009-12-16 22:56 - 00712704 _____ () D:\Programs on D\Launchy\QtNetwork4.dll
2013-11-30 22:37 - 2009-12-17 01:18 - 00233472 _____ () D:\Programs on D\Launchy\imageformats\qmng4.dll
2013-11-30 22:37 - 2010-04-03 14:06 - 00081920 _____ () D:\Programs on D\Launchy\plugins\calcy.dll
2013-11-30 22:37 - 2010-04-03 14:05 - 00090112 _____ () D:\Programs on D\Launchy\plugins\controly.dll
2013-11-30 22:37 - 2010-04-03 14:06 - 00024064 _____ () D:\Programs on D\Launchy\plugins\gcalc.dll
2013-11-30 22:37 - 2010-04-03 14:06 - 00094208 _____ () D:\Programs on D\Launchy\plugins\runner.dll
2013-11-30 22:37 - 2010-04-03 14:05 - 00057344 _____ () D:\Programs on D\Launchy\plugins\verby.dll
2013-11-30 22:37 - 2010-04-03 14:05 - 00122880 _____ () D:\Programs on D\Launchy\plugins\weby.dll
2016-04-16 09:50 - 2016-05-05 15:39 - 00034768 _____ () C:\Users\SD\AppData\Roaming\Dropbox\bin\_multiprocessing.pyd
2016-06-04 10:11 - 2016-05-05 15:40 - 00019408 _____ () C:\Users\SD\AppData\Roaming\Dropbox\bin\faulthandler.pyd
2016-06-04 10:11 - 2016-05-05 15:39 - 00116688 _____ () C:\Users\SD\AppData\Roaming\Dropbox\bin\pywintypes27.dll
2016-04-16 09:50 - 2016-05-05 15:39 - 00093640 _____ () C:\Users\SD\AppData\Roaming\Dropbox\bin\_ctypes.pyd
2016-04-16 09:50 - 2016-05-05 15:39 - 00018376 _____ () C:\Users\SD\AppData\Roaming\Dropbox\bin\select.pyd
2016-04-16 09:50 - 2016-06-01 00:04 - 00019760 _____ () C:\Users\SD\AppData\Roaming\Dropbox\bin\tornado.speedups.pyd
2016-04-16 09:50 - 2016-05-05 15:41 - 00105928 _____ () C:\Users\SD\AppData\Roaming\Dropbox\bin\win32api.pyd
2016-06-04 10:11 - 2016-05-05 15:39 - 00392144 _____ () C:\Users\SD\AppData\Roaming\Dropbox\bin\pythoncom27.dll
2016-04-16 09:50 - 2016-06-01 00:04 - 00381752 _____ () C:\Users\SD\AppData\Roaming\Dropbox\bin\win32com.shell.shell.pyd
2016-04-16 09:50 - 2016-05-05 15:39 - 00692688 _____ () C:\Users\SD\AppData\Roaming\Dropbox\bin\unicodedata.pyd
2016-06-04 10:11 - 2016-06-01 00:04 - 00020816 _____ () C:\Users\SD\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._constant_time.pyd
2016-04-16 09:50 - 2016-05-05 15:40 - 00123856 _____ () C:\Users\SD\AppData\Roaming\Dropbox\bin\_cffi_backend.pyd
2016-06-04 10:11 - 2016-06-01 00:04 - 01682760 _____ () C:\Users\SD\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._openssl.pyd
2016-06-04 10:11 - 2016-06-01 00:04 - 00020808 _____ () C:\Users\SD\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._padding.pyd
2016-04-16 09:50 - 2016-06-01 00:04 - 00021840 _____ () C:\Users\SD\AppData\Roaming\Dropbox\bin\_cffi_unicode_environ_win32_x8bf8e68bx9968e850.pyd
2016-06-04 10:11 - 2016-06-01 00:04 - 00038696 _____ () C:\Users\SD\AppData\Roaming\Dropbox\bin\fastpath.pyd
2016-06-04 10:11 - 2016-05-05 15:41 - 00020936 _____ () C:\Users\SD\AppData\Roaming\Dropbox\bin\mmapfile.pyd
2016-04-16 09:50 - 2016-05-05 15:41 - 00024528 _____ () C:\Users\SD\AppData\Roaming\Dropbox\bin\win32event.pyd
2016-04-16 09:50 - 2016-05-05 15:41 - 00114640 _____ () C:\Users\SD\AppData\Roaming\Dropbox\bin\win32security.pyd
2016-04-16 09:50 - 2016-05-05 15:41 - 00124880 _____ () C:\Users\SD\AppData\Roaming\Dropbox\bin\win32file.pyd
2016-04-16 09:50 - 2016-06-01 00:04 - 00021832 _____ () C:\Users\SD\AppData\Roaming\Dropbox\bin\_cffi_pywin_kernel32_x64d8f881xc8c369be.pyd
2016-04-16 09:50 - 2016-05-05 15:41 - 00024016 _____ () C:\Users\SD\AppData\Roaming\Dropbox\bin\win32clipboard.pyd
2016-04-16 09:50 - 2016-05-05 15:41 - 00175560 _____ () C:\Users\SD\AppData\Roaming\Dropbox\bin\win32gui.pyd
2016-04-16 09:50 - 2016-05-05 15:41 - 00030160 _____ () C:\Users\SD\AppData\Roaming\Dropbox\bin\win32pipe.pyd
2016-04-16 09:50 - 2016-05-05 15:41 - 00043472 _____ () C:\Users\SD\AppData\Roaming\Dropbox\bin\win32process.pyd
2016-04-16 09:50 - 2016-05-05 15:41 - 00048592 _____ () C:\Users\SD\AppData\Roaming\Dropbox\bin\win32service.pyd
2016-04-16 09:50 - 2016-06-01 00:04 - 00023872 _____ () C:\Users\SD\AppData\Roaming\Dropbox\bin\winffi.kernel32._winffi_kernel32.pyd
2016-06-04 10:11 - 2016-05-05 15:39 - 00134088 _____ () C:\Users\SD\AppData\Roaming\Dropbox\bin\pyexpat.pyd
2016-06-04 10:11 - 2016-06-01 00:04 - 00026456 _____ () C:\Users\SD\AppData\Roaming\Dropbox\bin\dropbox.infinite.win.compiled._driverinstallation.pyd
2016-04-16 09:50 - 2016-05-05 15:41 - 00057808 _____ () C:\Users\SD\AppData\Roaming\Dropbox\bin\win32evtlog.pyd
2016-04-16 09:50 - 2016-05-05 15:41 - 00024016 _____ () C:\Users\SD\AppData\Roaming\Dropbox\bin\win32profile.pyd
2016-06-04 10:11 - 2016-06-01 00:03 - 00246592 _____ () C:\Users\SD\AppData\Roaming\Dropbox\bin\breakpad.client.windows.handler.pyd
2016-04-16 09:50 - 2016-05-05 15:41 - 00028616 _____ () C:\Users\SD\AppData\Roaming\Dropbox\bin\win32ts.pyd
2016-06-04 10:11 - 2016-06-01 00:04 - 00052024 _____ () C:\Users\SD\AppData\Roaming\Dropbox\bin\psutil._psutil_windows.pyd
2016-04-16 09:50 - 2016-05-05 15:39 - 00134608 _____ () C:\Users\SD\AppData\Roaming\Dropbox\bin\_elementtree.pyd
2016-06-04 10:11 - 2016-05-05 15:40 - 00240584 _____ () C:\Users\SD\AppData\Roaming\Dropbox\bin\jpegtran.pyd
2016-04-16 09:50 - 2016-06-01 00:04 - 00020800 _____ () C:\Users\SD\AppData\Roaming\Dropbox\bin\winffi.iphlpapi._winffi_iphlpapi.pyd
2016-04-16 09:50 - 2016-06-01 00:04 - 00019776 _____ () C:\Users\SD\AppData\Roaming\Dropbox\bin\winffi.winerror._winffi_winerror.pyd
2016-04-16 09:50 - 2016-06-01 00:04 - 00020800 _____ () C:\Users\SD\AppData\Roaming\Dropbox\bin\winffi.wininet._winffi_wininet.pyd
2016-06-04 10:11 - 2016-06-01 00:04 - 00020280 _____ () C:\Users\SD\AppData\Roaming\Dropbox\bin\cpuid.compiled._cpuid.pyd
2016-04-16 09:50 - 2016-06-01 00:04 - 00023376 _____ () C:\Users\SD\AppData\Roaming\Dropbox\bin\winscreenshot.compiled._CaptureScreenshot.pyd
2016-04-16 09:50 - 2016-05-05 15:41 - 00350152 _____ () C:\Users\SD\AppData\Roaming\Dropbox\bin\winxpgui.pyd
2016-04-16 09:50 - 2016-06-01 00:04 - 00022352 _____ () C:\Users\SD\AppData\Roaming\Dropbox\bin\winverifysignature.compiled._VerifySignature.pyd
2016-06-04 10:11 - 2016-06-01 00:04 - 00024392 _____ () C:\Users\SD\AppData\Roaming\Dropbox\bin\librsyncffi.compiled._librsyncffi.pyd
2016-06-04 10:11 - 2016-05-05 15:42 - 00036296 _____ () C:\Users\SD\AppData\Roaming\Dropbox\bin\librsync.dll
2016-06-04 10:11 - 2016-06-01 00:04 - 00084280 _____ () C:\Users\SD\AppData\Roaming\Dropbox\bin\dropbox_sqlite_ext.DLL
2016-06-04 10:11 - 2016-06-01 00:04 - 01826096 _____ () C:\Users\SD\AppData\Roaming\Dropbox\bin\PyQt5.QtCore.pyd
2016-04-16 09:50 - 2016-05-05 15:40 - 00083912 _____ () C:\Users\SD\AppData\Roaming\Dropbox\bin\sip.pyd
2016-06-04 10:11 - 2016-06-01 00:04 - 03928880 _____ () C:\Users\SD\AppData\Roaming\Dropbox\bin\PyQt5.QtWidgets.pyd
2016-06-04 10:11 - 2016-06-01 00:04 - 01971504 _____ () C:\Users\SD\AppData\Roaming\Dropbox\bin\PyQt5.QtGui.pyd
2016-06-04 10:11 - 2016-06-01 00:04 - 00531248 _____ () C:\Users\SD\AppData\Roaming\Dropbox\bin\PyQt5.QtNetwork.pyd
2016-06-04 10:11 - 2016-06-01 00:04 - 00132912 _____ () C:\Users\SD\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKit.pyd
2016-06-04 10:11 - 2016-06-01 00:04 - 00223544 _____ () C:\Users\SD\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKitWidgets.pyd
2016-06-04 10:11 - 2016-06-01 00:04 - 00207672 _____ () C:\Users\SD\AppData\Roaming\Dropbox\bin\PyQt5.QtPrintSupport.pyd
2016-04-16 09:50 - 2016-05-05 15:41 - 00060880 _____ () C:\Users\SD\AppData\Roaming\Dropbox\bin\win32print.pyd
2016-06-04 10:11 - 2016-06-01 00:04 - 00546096 _____ () C:\Users\SD\AppData\Roaming\Dropbox\bin\PyQt5.QtQuick.pyd
2016-06-04 10:11 - 2016-06-01 00:04 - 00357680 _____ () C:\Users\SD\AppData\Roaming\Dropbox\bin\PyQt5.QtQml.pyd
2014-12-10 12:25 - 2014-12-10 12:25 - 00774656 _____ () C:\Program Files\Box\Box Sync\_hashlib.pyd
2014-11-18 15:04 - 2014-11-18 15:04 - 00098816 _____ () C:\Program Files\Box\Box Sync\win32api.pyd
2014-11-18 15:04 - 2014-11-18 15:04 - 00110080 _____ () C:\Program Files\Box\Box Sync\pywintypes27.dll
2014-11-18 15:04 - 2014-11-18 15:04 - 00364544 _____ () C:\Program Files\Box\Box Sync\pythoncom27.dll
2014-12-10 12:25 - 2014-12-10 12:25 - 00087552 _____ () C:\Program Files\Box\Box Sync\_ctypes.pyd
2014-12-10 12:25 - 2014-12-10 12:25 - 00046080 _____ () C:\Program Files\Box\Box Sync\_socket.pyd
2014-12-10 12:25 - 2014-12-10 12:25 - 01201152 _____ () C:\Program Files\Box\Box Sync\_ssl.pyd
2015-05-28 15:16 - 2015-05-28 15:16 - 00036352 _____ () C:\Program Files\Box\Box Sync\_psutil_windows.pyd
2014-12-10 12:25 - 2014-12-10 12:25 - 00686080 _____ () C:\Program Files\Box\Box Sync\unicodedata.pyd
2015-05-28 16:37 - 2015-05-28 16:37 - 00003584 _____ () C:\Program Files\Box\Box Sync\clr.pyd
2015-05-28 15:17 - 2015-05-28 15:17 - 00024576 _____ () C:\Program Files\Box\Box Sync\ujson.pyd
2014-12-10 12:25 - 2014-12-10 12:25 - 00010240 _____ () C:\Program Files\Box\Box Sync\select.pyd
2014-12-10 12:25 - 2014-12-10 12:25 - 00128512 _____ () C:\Program Files\Box\Box Sync\_elementtree.pyd
2014-12-10 12:25 - 2014-12-10 12:25 - 00127488 _____ () C:\Program Files\Box\Box Sync\pyexpat.pyd
2014-11-18 15:04 - 2014-11-18 15:04 - 00320512 _____ () C:\Program Files\Box\Box Sync\win32com.shell.shell.pyd
2014-11-18 15:04 - 2014-11-18 15:04 - 00018432 _____ () C:\Program Files\Box\Box Sync\win32event.pyd
2015-08-11 22:39 - 2015-08-11 22:39 - 00048128 _____ () C:\Program Files\Box\Box Sync\_sqlite3.pyd
2014-11-18 15:04 - 2014-11-18 15:04 - 00119808 _____ () C:\Program Files\Box\Box Sync\win32file.pyd
2014-11-18 15:04 - 2014-11-18 15:04 - 00108544 _____ () C:\Program Files\Box\Box Sync\win32security.pyd
2014-11-18 15:04 - 2014-11-18 15:04 - 00035840 _____ () C:\Program Files\Box\Box Sync\win32process.pyd
2014-11-18 15:04 - 2014-11-18 15:04 - 00025600 _____ () C:\Program Files\Box\Box Sync\win32cred.pyd
2015-05-28 15:16 - 2015-05-28 15:16 - 00029184 _____ () C:\Program Files\Box\Box Sync\Crypto.Cipher._AES.pyd
2015-05-28 15:16 - 2015-05-28 15:16 - 00007168 _____ () C:\Program Files\Box\Box Sync\Crypto.Util.strxor.pyd
2015-05-28 15:16 - 2015-05-28 15:16 - 00009728 _____ () C:\Program Files\Box\Box Sync\Crypto.Random.OSRNG.winrandom.pyd
2015-05-28 15:16 - 2015-05-28 15:16 - 00010240 _____ () C:\Program Files\Box\Box Sync\Crypto.Util._counter.pyd
2014-11-18 15:04 - 2014-11-18 15:04 - 00042496 _____ () C:\Program Files\Box\Box Sync\win32service.pyd
2015-05-28 15:17 - 2015-05-28 15:17 - 00020480 _____ () C:\Program Files\Box\Box Sync\_yappi.pyd
2014-12-10 12:25 - 2014-12-10 12:25 - 00027136 _____ () C:\Program Files\Box\Box Sync\_multiprocessing.pyd
2014-11-18 15:04 - 2014-11-18 15:04 - 00017920 _____ () C:\Program Files\Box\Box Sync\win32clipboard.pyd
2014-11-18 15:04 - 2014-11-18 15:04 - 00167936 _____ () C:\Program Files\Box\Box Sync\win32gui.pyd
2016-04-26 13:07 - 2016-04-26 13:07 - 00022528 _____ () C:\Program Files\Box\Box Sync\BoxSyncMonitor.exe
2016-06-13 21:01 - 2016-06-04 07:26 - 01745560 _____ () C:\Program Files\Google\Chrome\Application\51.0.2704.84\libglesv2.dll
2016-06-13 21:01 - 2016-06-04 07:26 - 00091288 _____ () C:\Program Files\Google\Chrome\Application\51.0.2704.84\libegl.dll
2016-03-28 23:37 - 2016-03-28 23:37 - 00021680 _____ () D:\Programs on D\Notepad++\plugins\NppExport.dll
2015-05-15 19:54 - 2015-05-15 19:54 - 02873856 _____ () D:\Programs on D\Notepad++\plugins\NppFTP.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 07:34 - 2009-06-11 03:09 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1435187640-4071721805-2113652602-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\SD\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.130
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Search Everything.lnk => C:\Windows\pss\Search Everything.lnk.CommonStartup

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{B6659186-6C94-4CB2-854F-958A976ACC16}] => (Allow) D:\Programs on D\Winamp\winamp.exe
FirewallRules: [{2CD3833F-4C8E-48D8-8E07-1B6844111769}] => (Allow) D:\Programs on D\Winamp\winamp.exe
FirewallRules: [{C1DEBC08-BE1C-4DD9-9EBE-AAE53C8B436A}] => (Allow) C:\Users\SD\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{6AFF1CEF-3553-4520-8AE1-F93A6EB1E58A}] => (Allow) C:\Users\SD\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{D8F7AE10-DB7B-4954-9593-B3B35D8A1F43}] => (Allow) C:\Users\SD\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{4C7891F2-C306-4CF5-8AAA-B6E9E968E937}] => (Allow) C:\Users\SD\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{0ABEA87C-6B65-4929-B1D8-E26E611F9533}] => (Allow) D:\Programs on D\Microsoft Office\Office12\outlook.exe
FirewallRules: [{1074D3BB-E492-4CD1-9B4D-27F844F093DF}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{BC1F194F-1962-4BF7-B7CD-8694B458D60F}] => (Allow) D:\Programs on D\SPSS21\stats.exe
FirewallRules: [{F85081D3-74C3-4EA8-B1C3-8C4214EB9AFD}] => (Allow) D:\Programs on D\SPSS21\WinWrapIDE.exe
FirewallRules: [{864FA32B-9550-4E25-BB8F-0574DF41A0B0}] => (Allow) D:\Programs on D\SPSS21\stats.com
FirewallRules: [{52C962DC-8FD8-4302-9DBC-1DC2B196A618}] => (Allow) D:\Programs on D\SPSS21\stats.exe
FirewallRules: [{79577281-6AAF-47A6-9573-129CEC656642}] => (Allow) D:\Programs on D\SPSS21\WinWrapIDE.exe
FirewallRules: [{D5F06E88-E1C5-430F-801B-46C57F8F1DA2}] => (Allow) D:\Programs on D\SPSS21\stats.com
FirewallRules: [{75B3E1DD-CECF-42B7-A917-FE2F06170094}] => (Allow) C:\Program Files\HP\HP Deskjet 3540 series\Bin\DeviceSetup.exe
FirewallRules: [{5691296A-AE61-4B93-91EA-D199C6F0DDEF}] => (Allow) LPort=5357
FirewallRules: [{744847DD-E3DB-4482-888E-A48F7C970EF0}] => (Allow) C:\Program Files\HP\HP Deskjet 3540 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{57EFCC4B-398C-44A4-A7B6-AF5D7E26376C}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{250A7654-4F78-4231-9208-FD27B1B21BEC}] => (Allow) D:\Programs on D\Mozilla Firefox\firefox.exe
FirewallRules: [{74E4C8BB-18A2-4654-A63E-BB8AB4909CAE}] => (Allow) D:\Programs on D\Mozilla Firefox\firefox.exe
FirewallRules: [{DB857B1A-9548-4358-9667-B37D2FAE281E}] => (Allow) C:\Program Files\wePresent WiPG-1000\wePresent WiPG-1000.exe
FirewallRules: [{1A5EC10C-34D6-4FCF-899C-21DCC83A597E}] => (Allow) C:\Program Files\wePresent WiPG-1000\wePresent WiPG-1000.exe
FirewallRules: [{14ADEF72-3769-4FF3-A9D0-1825679E3420}] => (Allow) C:\Program Files\wePresent WiPG-1000\SidePadLite.exe
FirewallRules: [{8E4C6877-98B8-459F-AC33-241B5AFCB9F6}] => (Allow) C:\Program Files\wePresent WiPG-1000\SidePadLite.exe
FirewallRules: [{76B69942-E506-4CAE-B870-77B900517D96}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{58C857A4-F05B-4C62-B4C3-8AE686623A2D}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{CE326224-4C56-40BE-BF08-02E8B7D0358B}] => (Allow) C:\HP_LaserJet_Pro_M201-M202\Installer\hpbcsiInstaller.exe
FirewallRules: [{125E3605-5409-421C-8E4E-EF3666276AF8}] => (Allow) C:\HP_LaserJet_Pro_M201-M202\Installer\hpbcsiInstaller.exe
FirewallRules: [{A2AAA08B-6B58-4409-A311-60CB3BAA83E1}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

11-06-2016 11:31:52 Windows Update
12-06-2016 15:32:36 JRT Pre-Junkware Removal
12-06-2016 18:46:01 Windows Update

==================== Faulty Device Manager Devices =============

Name: Cisco Systems VPN Adapter
Description: Cisco Systems VPN Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: CVirtA
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Broadcom 802.11 Multiband Network Adapter
Description: Broadcom 802.11 Multiband Network Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Broadcom
Service: BCM43XX
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: ZAM Helper Driver
Description: ZAM Helper Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: ZAM
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: ZAM Guard Driver
Description: ZAM Guard Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: ZAM_Guard
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (06/13/2016 08:48:41 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/13/2016 02:03:23 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/13/2016 09:24:57 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/13/2016 08:26:38 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/12/2016 05:33:50 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.1.7601.23418, time stamp: 0x570896a1
Faulting module name: msieftp.dll, version: 6.1.7601.18300, time stamp: 0x52706d33
Exception code: 0xc0000005
Fault offset: 0x00014a37
Faulting process id: 0x%9
Faulting application start time: 0xExplorer.EXE0
Faulting application path: Explorer.EXE1
Faulting module path: Explorer.EXE2
Report Id: Explorer.EXE3

Error: (06/12/2016 05:33:48 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: Explorer.EXE
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: exception code c0000005, exception address 0EF04A37

Error: (06/12/2016 05:15:52 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/12/2016 05:12:02 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine OpenSCManager(NULL,NULL,SC_MANAGER_CONNECT). hr = 0x8007045b, A system shutdown is in progress.
.


Operation:
Initialize For Backup

Error: (06/12/2016 05:12:02 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine OpenSCManager(NULL,NULL,SC_MANAGER_CONNECT). hr = 0x8007045b, A system shutdown is in progress.
.


Operation:
Initialize For Backup

Error: (06/12/2016 05:12:02 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine OpenSCManager(NULL,NULL,SC_MANAGER_CONNECT). hr = 0x8007045b, A system shutdown is in progress.
.


Operation:
Initialize For Backup


System errors:
=============
Error: (06/13/2016 08:48:38 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (06/13/2016 02:02:52 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (06/13/2016 09:24:34 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (06/13/2016 08:26:47 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (06/12/2016 05:15:42 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (06/12/2016 03:33:25 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Everything service terminated unexpectedly. It has done this 1 time(s).

Error: (06/12/2016 03:33:21 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The NVIDIA WMI Provider service terminated unexpectedly. It has done this 1 time(s).

Error: (06/12/2016 03:33:21 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).

Error: (06/12/2016 12:49:50 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (06/12/2016 12:46:56 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error:
%%109


CodeIntegrity:
===================================
Date: 2014-10-14 12:38:33.151
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-10-14 12:38:33.151
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-10-14 12:38:33.151
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-10-14 12:38:33.135
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-10-14 12:38:33.135
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-10-14 12:38:33.135
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-10-14 12:38:33.120
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX86\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-10-14 12:38:33.120
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX86\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-10-14 12:38:33.120
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX86\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-10-14 12:38:33.120
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX86\klelam.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel® Core™2 Duo CPU T7800 @ 2.60GHz
Percentage of memory in use: 75%
Total physical RAM: 3071.3 MB
Available physical RAM: 753.42 MB
Total Virtual: 6140.93 MB
Available Virtual: 2381.29 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:97.56 GB) (Free:47.8 GB) NTFS
Drive d: (New Volume) (Fixed) (Total:97.66 GB) (Free:60.9 GB) NTFS
Drive e: (New Volume) (Fixed) (Total:97.66 GB) (Free:50.18 GB) NTFS
Drive f: (New Volume) (Fixed) (Total:172.79 GB) (Free:44.29 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: EE1E1188)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=97.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=97.7 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=270.4 GB) - (Type=OF Extended)

==================== End of Addition.txt ============================

Attached Files


Edited by Oh My!, 15 June 2016 - 03:40 PM.


BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,754 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:24 PM

Posted 15 June 2016 - 03:48 PM

Greetings troubledsoul and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far.

Please do this.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Click Format and check Word Wrap
  • Please copy and paste the contents of the below code box into the open notepad and save it to your Desktop as fixlist.txt. If FRST.exe is not on your Deskptop please move it to that location. (<<<Important)
CreateRestorePoint:
CloseProcesses:
(Google Inc.) C:\Users\SD\AppData\Local\Temp\GUM387D.tmp
(Google Inc.) C:\Program Files\GUM67A7.tmp
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
S2 ZAMSvc; "C:\Program Files\Zemana AntiMalware\ZAM.exe" /service [X]
S1 ZAM; \??\C:\Windows\System32\drivers\zam32.sys [X]
S1 ZAM_Guard; \??\C:\Windows\System32\drivers\zamguard32.sys [X]
C:\Users\SD\AppData\Local\Temp\GURA38E.exe
2015-03-30 09:33 - 2015-03-30 09:37 - 0000000 _____ () C:\Users\SD\AppData\Local\{FE477C15-EB29-4FB4-B656-DD5B899261CF}
emptytemp:
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Zoek by Smeenk - Scan and Automatic Cleanup

--------------------
  • Download Zoek and save it to your Desktop
  • Right click the icon, select Run as Admistrator, and wait for the Program to appear on your Desktop (may take 15 seconds or so)
  • Verify Scan All Users is selected then click Run Script
  • Type 4 in the lower box to Do a Deep Scan and Automated Cleanup then click OK
  • Wait patiently for the program to run
  • Do not use your computer while the scan is running
  • When completed a zoek-results.txt report will appear on your desktop. Copy and paste the contents in your reply
===================================================

RogueKiller by Tigzy

--------------------
  • Download RogueKiller and save it to your desktop
  • Close all running programs
  • Right click on the icon and select Run as Administrator
  • For Windows XP simply double click on the icon
  • If you receive a warning you are running a 32 bit version, ignore the warning and click Yes to continue anywar
  • The program will conduct a prescan and when finished you wlll see Prescan Finished. Please hit the scan button
  • Click Scan
  • If, during the scan, you receive a request to upload a file to Virustotal please click Yes
  • A report should open and a copy of the report will be placed on your desktop. If not, hit the Report button.
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If it really won't run, rename it winlogon.exe (or winlogon.com) and try again
  • Copy and paste the contents of the report in your reply
===================================================

System Summary Information

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msinfo32 and press Enter
  • Left click on System Summary
  • Click File, Save, and name the file Summary
  • Zip and attach the file to your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • Zoek log
  • RogueKiller log
  • System Summary Information
  • Update on computer behavior

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 troubledsoul

troubledsoul
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:12:54 AM

Posted 16 June 2016 - 05:06 AM

Hi

1. Thanks for your reply.

 

2. Call me Dey. You may not remember this, but recently you helped me to get my computer back on track after it was failing to connect to the internet. Nice to meet you again.

 

3. Would be grateful if you could briefly tell me what it is that you are finding and what steps you are taking to solve them. I understand that this means extra effort for you, but would seriously appreciate if you agree.  

 

4. As per your instructions, I did the FRST thing, which went without a glitch.

 

5. However, the Zoek scan is stuck at a point (Check -> Firefox extensions) for the last two hours. I am not sure whether I should stop it or let it continue. Therefore, I have not been able to follow the rest of your instructions till now. I am writing this post from a different computer.

 

6. Please let me know how to proceed.

 

7. There is a major problem with net connectivity in our area (all the connections are very slow). Therefore, in case of an outage, I might have to go out of touch for a while. Please bear with me if that happens.

 

Thanks once more

Dey



#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,754 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:24 PM

Posted 16 June 2016 - 08:34 AM

Greetings Dey and nice to work with you again.

There are a few questionable file we are removing plus some orphaned entries.

Skip Zoek and run RogueKiller.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 troubledsoul

troubledsoul
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:12:54 AM

Posted 16 June 2016 - 12:42 PM

Hi

 

1. Had to skip Zoek by forcibly shutting down the machine. Finished the other steps.

 

2. The problem still persists.

 

3. All logs pasted / attached below.

 

4. RogueKiller is detecting Trojans for AutoRunEater. I have been running this program for a long time now. After seeing the scan results, I ran these two files through Jotti. 3 AV engines detected something while others did not (see attached picture). Is there a possibility of this being a false positive?

 

Regards

Dey

 

Fix result of Farbar Recovery Scan Tool (x86) Version:15-06-2016
Ran by SD (2016-06-16 12:09:18) Run:4
Running from C:\Users\SD\Desktop
Loaded Profiles: SD (Available Profiles: SD)
Boot Mode: Normal
 
==============================================
 
fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
(Google Inc.) C:\Users\SD\AppData\Local\Temp\GUM387D.tmp
(Google Inc.) C:\Program Files\GUM67A7.tmp
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
S2 ZAMSvc; "C:\Program Files\Zemana AntiMalware\ZAM.exe" /service [X]
S1 ZAM; \??\C:\Windows\System32\drivers\zam32.sys [X]
S1 ZAM_Guard; \??\C:\Windows\System32\drivers\zamguard32.sys [X]
C:\Users\SD\AppData\Local\Temp\GURA38E.exe
2015-03-30 09:33 - 2015-03-30 09:37 - 0000000 _____ () C:\Users\SD\AppData\Local\{FE477C15-EB29-4FB4-B656-DD5B899261CF}
emptytemp:
*****************
 
Restore point was successfully created.
Processes closed successfully.
C:\Users\SD\AppData\Local\Temp\GUM387D.tmp
C:\Users\SD\AppData\Local\Temp\GUM387D.tmp => No running process found
C:\Program Files\GUM67A7.tmp
C:\Program Files\GUM67A7.tmp => No running process found
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully.
ZAMSvc => service removed successfully.
ZAM => service removed successfully.
ZAM_Guard => service removed successfully.
C:\Users\SD\AppData\Local\Temp\GURA38E.exe => moved successfully
C:\Users\SD\AppData\Local\{FE477C15-EB29-4FB4-B656-DD5B899261CF} => moved successfully
EmptyTemp: => 1.3 GB temporary data Removed.
 
 
The system needed a reboot.
 
==== End of Fixlog 12:11:19 ====
 
RogueKiller V12.3.3.0 [Jun 13 2016] (Free) by Adlice Software
 
Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User : SD [Administrator]
Started from : C:\Users\SD\Desktop\RogueKiller.exe
Mode : Scan -- Date : 06/16/2016 22:51:14
 
¤¤¤ Processes : 2 ¤¤¤
[VT.Win32.Trojan.WisdomEyes.151026.9950.9994] oldmcdonald.exe(2668) -- D:\Programs on D\Autorun Eater\oldmcdonald.exe[x] -> Found
[VT.Troj.W32.Autoit.lL9t] billy.exe(2720) -- D:\Programs on D\Autorun Eater\billy.exe[x] -> Found
 
¤¤¤ Registry : 11 ¤¤¤
[VT.Win32.Trojan.WisdomEyes.151026.9950.9994] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | Autorun Eater : D:\Programs on D\Autorun Eater\oldmcdonald.exe [-] -> Found
[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 192.168.1.130 218.248.241.3 ([-][India])  -> Found
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 192.168.1.130 218.248.241.3 ([-][India])  -> Found
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 192.168.1.130 218.248.241.3 ([-][India])  -> Found
[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{2AE9FE49-4B41-43E2-9FE8-B4704FE984FE} | DhcpNameServer : 192.168.1.130 218.248.241.3 ([-][India])  -> Found
[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{7E28CD10-44DD-466C-8AC3-E7D7BDED979C} | DhcpNameServer : 192.168.1.130 218.248.241.3 8.8.8.8 ([-][India][-])  -> Found
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{2AE9FE49-4B41-43E2-9FE8-B4704FE984FE} | DhcpNameServer : 192.168.1.130 218.248.241.3 ([-][India])  -> Found
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{7E28CD10-44DD-466C-8AC3-E7D7BDED979C} | DhcpNameServer : 192.168.1.130 218.248.241.3 8.8.8.8 ([-][India][-])  -> Found
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{2AE9FE49-4B41-43E2-9FE8-B4704FE984FE} | DhcpNameServer : 192.168.1.130 218.248.241.3 ([-][India])  -> Found
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{7E28CD10-44DD-466C-8AC3-E7D7BDED979C} | DhcpNameServer : 192.168.1.130 218.248.241.3 8.8.8.8 ([-][India][-])  -> Found
[PUM.StartMenu] HKEY_USERS\S-1-5-21-1435187640-4071721805-2113652602-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0  -> Found
 
¤¤¤ Tasks : 0 ¤¤¤
 
¤¤¤ Files : 0 ¤¤¤
 
¤¤¤ Hosts File : 0 ¤¤¤
 
¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: TOSHIBA MQ01ABD050 ATA Device +++++
--- User ---
[MBR] 8229733a2927b7a351070342b64519e2
[BSP] 2992bc401b7cf2544365ba84610581ea : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 99899 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 204800000 | Size: 100000 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
3 - [XXXXXX] EXTEN-LBA (0xf) [VISIBLE] Offset (sectors): 409600000 | Size: 276939 MB
User = LL1 ... OK
User = LL2 ... OK
 
System Update: Problem still persists.
 
 

Attached Files



#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,754 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:24 PM

Posted 16 June 2016 - 02:07 PM

Yes that is a false positive.

Does this happen with all of your browsers? Are you having any other issues at all?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#7 troubledsoul

troubledsoul
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:12:54 AM

Posted 16 June 2016 - 10:59 PM

Yes, this is happening with my other browser (Mozilla Firefox) as well. Some of my other friends have reported this on Opera too.

 

My computer has been slow in general of late. Some programs (Foxit, MS Office etc) have had trouble in opening. The CPU is often running at 70-80%. Apart from that, there is nothing major that I can see. I was more worried whether this can lead to other breaches or not.

 

Regards

Dey



#8 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,754 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:24 PM

Posted 17 June 2016 - 08:49 AM

Thank you,

Please do this.

===================================================

Running Combofix in Vista/7

--------------------
  • Please download ComboFix and save it to your Desktop <-- Important!!!
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Note: If after disabling Combofix warns you an Antivirus program is still running ignore the warning and run Combofix.
  • Double click on Combofix.exe and follow the prompts. It is important you do not mouse click while the program is running or it may stall.
  • Patiently allow the program to run. At times it may appear nothing is happening
  • Copy and paste the report in your reply
  • If Combofix fails to run completely stop and let me know
===================================================

aswMBR

--------------------
  • Download aswMBR and save it to your desktop.
  • Please disable your real time protection of any Antivirus, Antispyware or Antimalware programs temporarily. They will interfere and may cause unexpected results.
  • If you need help to disable your protection programs see here and here.
  • Double click the aswMBR.exe file to run it. Please allow when you are asked to download AVAST antivirus engine defs.
  • Wait until the AV update is done, then click on the Scan button to start. The program will launch a scan.

aswMBR1.png

  • When done, you will see Scan finished successfully. Please click on Save log and save the file to your desktop.

aswMBR2.png

  • Please post the contents of the log in your next reply.
NOTE: aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Combofix log
  • aswMBR log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#9 troubledsoul

troubledsoul
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:12:54 AM

Posted 17 June 2016 - 10:43 AM

Dear Gary

1. Thanks for your continued help.

 

2. I failed to run Combofix. The program downloaded without a hitch. I disabled my antivirus and  double-clicked Combofix.exe. It extracted the files and backed up everything. Then there was a message saying that this version of Combofix has expired because the date is 17-06-2016. Then it said that the software would run with reduced functionality. I clicked OK. The program window vanished and the Combofix file on my desktop got automatically deleted. That's it. No response from the software after that.

 

3. As per your instructions, I did not run the other one.

 

Regards

Dey


Edited by troubledsoul, 17 June 2016 - 10:45 AM.


#10 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,754 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:24 PM

Posted 17 June 2016 - 10:54 AM

Try to complete the Combofix steps in Safe Mode.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#11 troubledsoul

troubledsoul
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:12:54 AM

Posted 17 June 2016 - 11:33 AM

Can not run ComboFix even in Safe Mode. Same issue.



#12 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,754 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:24 PM

Posted 17 June 2016 - 11:39 AM

Please do this.

===================================================

Rkill

-------------------
  • Please download Rkill by Grinler from one of the 4 links below (if one of them does not work try another...) and save it to your desktop:

rkill.scr
rkill.com
rkill.exe

  • In order for Rkill to run properly you must disable your anti-malware software. Please refer to this page if you are not sure how.
  • Double-click on Rkill. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
  • Note: You may have to run Rkill a few times before it is successful. You may also have to download Rkill from a different link which will save it as a different file name.
  • A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
  • An Rkill.log will appear. Please copy and paste the contents in your reply (file also located at c:\rkill.log)
  • Do not reboot your computer after running Rkill as the malware programs will start again. If your computer reboots, run Rkill again before continuing on to the next step.
  • If nothing happens or if the tool does not run, please let me know in your next reply.
  • While in this state attempt to run Combofix
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • RKill log
  • Combofix?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#13 troubledsoul

troubledsoul
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:12:54 AM

Posted 17 June 2016 - 11:54 AM

Was able to run Rkill properly. But was unable to run Combofix, even post  Rkill. Same problem. As far as the message is concerned, it looks like a version issue. Is there an alternate safe location to download Combofix from?

 

 

Rkill 2.8.4 by Lawrence Abrams (Grinler)
Copyright 2008-2016 BleepingComputer.com
More Information about Rkill can be found at this link:
 
Program started at: 06/17/2016 10:16:17 PM in x86 mode.
Windows Version: Windows 7 Professional Service Pack 1
 
Checking for Windows services to stop:
 
 * No malware services found to stop.
 
Checking for processes to terminate:
 
 * C:\Windows\StartupMonitor.exe (PID: 4428) [WD-HEUR]
 
1 proccess terminated!
 
Checking Registry for malware related settings:
 
 * No issues found in the Registry.
 
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
 
Performing miscellaneous checks:
 
 * No issues found.
 
Checking Windows Service Integrity: 
 
 * TBS [Missing Service]
 
Searching for Missing Digital Signatures: 
 
 * No issues found.
 
Checking HOSTS File: 
 
 * No issues found.
 
Program finished at: 06/17/2016 10:20:03 PM
Execution time: 0 hours(s), 3 minute(s), and 46 seconds(s)


#14 troubledsoul

troubledsoul
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:12:54 AM

Posted 17 June 2016 - 11:56 AM

Sorry, made a mistake. Forgot to run RKill as an administrator. Do you want me to run it again?

 

Edit: I am on Win 7 and the Run as admin thing is for Vista. So I guess that I did not mess up after all!


Edited by troubledsoul, 17 June 2016 - 11:58 AM.


#15 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,754 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:24 PM

Posted 17 June 2016 - 12:14 PM

Try to run aswMBR and then run/post fresh FRST and Addition logs.

Edited by Oh My!, 17 June 2016 - 12:14 PM.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users