Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Can't see HDD, get PUM.optional|NoDrives daily & ran FRST


  • This topic is locked This topic is locked
5 replies to this topic

#1 kelvinhanratty

kelvinhanratty

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:05:00 PM

Posted 21 March 2017 - 07:06 PM

Hi,

 

I'm not too technical, and have (for some months) been unable to access a 1TB hard disk with all my stored files (it was marked as J:) ... It doesn't appear in my computer.

 

I'd installed cybereason-ransomware, yet it always encounters an issue. Windows states that I need to enable the .net 2.5 framework (or something like that), I try to activate this windows feature, but it doesn't work. I keep getting a notification for FONDUE.exe, but don't understand what it means, so can't proceed.

 

Every day, MalwareBytes gives me a notification stating it's detected PUM.Optional|NoDrives (something like that!) and I quarantine it every time. Yet it keep picking it up when it runs.

 

I also am unable to access Windows settings, Seeing another thread it says to run FRST and here are the log files, they don't mean anything to me. I've not selected the option to FIX on FRST, as I don't wish to do anything that might upset my computer further. I'd not closed open programs (aside from anti-virus - Bullguard), not sure whether this affects the results? Apologies for my ignorance.

 

Any help/further instruction you can provide is greatly appreciated.  

 

FRST.txt

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-03-2017
Ran by kelvinhanratty (administrator) on KELVIN_MAIN_I7 (21-03-2017 23:11:56)
Running from C:\Users\kelvinhanratty\AppData\Local\Temp\scoped_dir8628_11194
Loaded Profiles: kelvinhanratty (Available Profiles: kelvinhanratty)
Platform: Windows 8.1 (Update) (X64) Language: English (United Kingdom)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(BullGuard Ltd.) C:\Program Files\BullGuard Ltd\BullGuard\BullGuardBhvScanner.exe
(BullGuard Ltd.) C:\Program Files\BullGuard Ltd\BullGuard\BullGuardScanner.exe
(BullGuard Ltd.) C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Cybereason) C:\Program Files (x86)\Cybereason\RansomFree\CybereasonRansomFreeServiceHost.exe
(Nero AG) C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe
() C:\Program Files (x86)\MSI\OTPService\OTPService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler64.exe
(Cybereason) C:\Program Files (x86)\Cybereason\RansomFree\CybereasonRansomFree.exe
(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
() C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Pixart Imaging Inc) C:\Windows\System32\TiltWheelMouse.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Pushbullet Inc) C:\Users\kelvinhanratty\AppData\Local\Pushbullet\bin\pushbullet_client.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Flux Software LLC) C:\Users\kelvinhanratty\AppData\Local\FluxSoftware\Flux\flux.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(RescueTime, Inc.) C:\Program Files (x86)\RescueTime\RescueTime.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Opera Software) C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\43.0.2442.1144\opera_crashreporter.exe
(Opera Software) C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Opera Software) C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Opera Software) C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Opera Software) C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Opera Software) C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Opera Software) C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Opera Software) C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Opera Software) C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Opera Software) C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Opera Software) C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Opera Software) C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Opera Software) C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Opera Software) C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Opera Software) C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe
(Microsoft Corporation) C:\Windows\System32\calc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Opera Software) C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe
(Evernote) C:\Program Files (x86)\Evernote\Skitch\Skitch.exe
(VideoLAN) C:\Program Files (x86)\VideoLAN\VLC\vlc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Opera Software) C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6463592 2012-02-03] (Realtek Semiconductor)
HKLM\...\Run: [MouseDriver] => C:\WINDOWS\system32\TiltWheelMouse.exe [241152 2012-12-19] (Pixart Imaging Inc)
HKLM\...\Run: [BullGuard] => C:\Program Files\BullGuard Ltd\BullGuard\BullGuard.exe [1519384 2017-03-01] (BullGuard Ltd.)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [1804432 2015-11-10] (NVIDIA Corporation)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes)
HKLM-x32\...\Run: [SPIRunE] => Rundll32 SPIRunE.dll,RunDLLEntry
HKU\S-1-5-21-3941133293-2002617813-2197103628-1002\...\Run: [Google Update] => C:\Users\kelvinhanratty\AppData\Local\Google\Update\1.3.32.7\GoogleUpdateCore.exe [601752 2016-12-16] (Google Inc.)
HKU\S-1-5-21-3941133293-2002617813-2197103628-1002\...\Run: [GoogleChromeAutoLaunch_33BB91A5A9C4FC153C9E8E292279F8BF] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1116504 2017-02-01] (Google Inc.)
HKU\S-1-5-21-3941133293-2002617813-2197103628-1002\...\Run: [Pushbullet] => C:\Program Files (x86)\Pushbullet\pushbullet.exe [345600 2015-07-01] (Pushbullet inc)
HKU\S-1-5-21-3941133293-2002617813-2197103628-1002\...\Run: [BgDelayStartup] => c:\program files\bullguard ltd\bullguard\BgDelayStartup.exe [123672 2017-03-01] (BullGuard Ltd.)
HKU\S-1-5-21-3941133293-2002617813-2197103628-1002\...\Run: [f.lux] => C:\Users\kelvinhanratty\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-23] (Flux Software LLC)
HKU\S-1-5-21-3941133293-2002617813-2197103628-1002\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9364696 2017-03-03] (Piriform Ltd)
HKU\S-1-5-21-3941133293-2002617813-2197103628-1002\...\Run: [Spotify] => C:\Users\kelvinhanratty\AppData\Roaming\Spotify\Spotify.exe [7114352 2017-03-14] (Spotify Ltd)
HKU\S-1-5-21-3941133293-2002617813-2197103628-1002\...\MountPoints2: {7502a317-5fe0-11e2-be6d-806e6f6e6963} - "E:\setup.exe" 
HKU\S-1-5-21-3941133293-2002617813-2197103628-1002\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\Ribbons.scr [132608 2014-10-29] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] (Google)
ShellIconOverlayIdentifiers: [ OneDrive1] -> {7AFDFDDB-F914-11E4-8377-6C3BE50D980C} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive4] -> {1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive5] -> {82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E} =>  -> No File
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  -> No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  -> No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  -> No File
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  -> No File
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  -> No File
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} =>  -> No File
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} =>  -> No File
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  -> No File
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} =>  -> No File
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  -> No File
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} =>  -> No File
ShellIconOverlayIdentifiers: [BackupOverlayErr] -> {8749448C-D907-45BF-A842-4D3898894AC8} => C:\Program Files\BullGuard Ltd\BullGuard\BackupShellHook.dll [2017-03-01] (BullGuard Ltd.)
ShellIconOverlayIdentifiers: [BackupOverlayInProgress] -> {3FFBF330-7839-476B-BE14-2C8597CE11B6} => C:\Program Files\BullGuard Ltd\BullGuard\BackupShellHook.dll [2017-03-01] (BullGuard Ltd.)
ShellIconOverlayIdentifiers: [BackupOverlaySynced] -> {C62CF4DB-48CB-4B03-BFD0-30A29125FA49} => C:\Program Files\BullGuard Ltd\BullGuard\BackupShellHook.dll [2017-03-01] (BullGuard Ltd.)
ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {7AFDFDDB-F914-11E4-8377-6C3BE50D980C} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  -> No File
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RescueTime.lnk [2016-09-04]
ShortcutTarget: RescueTime.lnk -> C:\Program Files (x86)\RescueTime\RescueTime.exe (RescueTime, Inc.)
Startup: C:\Users\kelvinhanratty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2016-09-11]
ShortcutTarget: Dropbox.lnk -> C:\Users\kelvinhanratty\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\kelvinhanratty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteTray.lnk [2016-09-11]
ShortcutTarget: EvernoteTray.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteTray.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
Startup: C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Uninstall LastPass RunOnce.lnk [2016-12-22]
ShortcutTarget: Uninstall LastPass RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass)
GroupPolicy: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{0FE714E1-5A62-4558-84DD-A2CE1BF0D338}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{3825790C-B5D8-4F37-8D9A-66ED1E901222}: [DhcpNameServer] 192.168.1.254
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = 
HKU\S-1-5-21-3941133293-2002617813-2197103628-1002\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM -> DefaultScope {58C42BA0-BBC6-4BCF-86E4-2D742DF462F9} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MNMTDF&pc=MANM&src=IE-SearchBox
SearchScopes: HKLM -> {58C42BA0-BBC6-4BCF-86E4-2D742DF462F9} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MNMTDF&pc=MANM&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {58C42BA0-BBC6-4BCF-86E4-2D742DF462F9} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MNMTDF&pc=MANM&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {58C42BA0-BBC6-4BCF-86E4-2D742DF462F9} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MNMTDF&pc=MANM&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-3941133293-2002617813-2197103628-1002 -> DefaultScope {58C42BA0-BBC6-4BCF-86E4-2D742DF462F9} URL = 
SearchScopes: HKU\S-1-5-21-3941133293-2002617813-2197103628-1002 -> {58C42BA0-BBC6-4BCF-86E4-2D742DF462F9} URL = 
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2017-01-29] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2017-01-29] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-05-22] (Oracle Corporation)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2016-10-31] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-05-22] (Oracle Corporation)
IE Session Restore: HKU\S-1-5-21-3941133293-2002617813-2197103628-1002 -> is enabled.
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-01-29] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-01-29] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-01-29] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-01-29] (Microsoft Corporation)
 
FireFox:
========
FF DefaultProfile: p931pc4x.default-1410077907372
FF ProfilePath: C:\Users\kelvinhanratty\AppData\Roaming\Mozilla\Firefox\Profiles\p931pc4x.default-1410077907372 [2017-03-21]
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\p931pc4x.default-1410077907372 -> DuckDuckGo
FF Session Restore: Mozilla\Firefox\Profiles\p931pc4x.default-1410077907372 -> is enabled.
FF Extension: (German Dictionary (de-DE), classical spelling standards) - C:\Users\kelvinhanratty\AppData\Roaming\Mozilla\Firefox\Profiles\p931pc4x.default-1410077907372\Extensions\alterechtschreibung@googlemail.com [2015-08-25] [not signed]
FF Extension: (German Dictionary) - C:\Users\kelvinhanratty\AppData\Roaming\Mozilla\Firefox\Profiles\p931pc4x.default-1410077907372\Extensions\de-DE@dictionaries.addons.mozilla.org [2016-12-21]
FF Extension: (Wörterbuch Deutsch (de-DE), Hunspell-unterstützt) - C:\Users\kelvinhanratty\AppData\Roaming\Mozilla\Firefox\Profiles\p931pc4x.default-1410077907372\Extensions\de_DE@dicts.j3e.de [2017-03-12]
FF Extension: (British English Dictionary (Updated)) - C:\Users\kelvinhanratty\AppData\Roaming\Mozilla\Firefox\Profiles\p931pc4x.default-1410077907372\Extensions\en-gb@flyingtophat.co.uk [2015-01-06] [not signed]
FF Extension: (Dictionnaire français) - C:\Users\kelvinhanratty\AppData\Roaming\Mozilla\Firefox\Profiles\p931pc4x.default-1410077907372\Extensions\fr-dicollecte@dictionaries.addons.mozilla.org [2017-02-03]
FF Extension: (Hootsuite Hootlet) - C:\Users\kelvinhanratty\AppData\Roaming\Mozilla\Firefox\Profiles\p931pc4x.default-1410077907372\Extensions\hootsuite@hootsuite.com.xpi [2016-04-30]
FF Extension: (Pushbullet) - C:\Users\kelvinhanratty\AppData\Roaming\Mozilla\Firefox\Profiles\p931pc4x.default-1410077907372\Extensions\jid1-BYcQOfYfmBMd9A@jetpack.xpi [2017-01-08]
FF Extension: (Deutsch (DE) Language Pack) - C:\Users\kelvinhanratty\AppData\Roaming\Mozilla\Firefox\Profiles\p931pc4x.default-1410077907372\Extensions\langpack-de@firefox.mozilla.org.xpi [2017-01-31]
FF Extension: (English (GB) Language Pack) - C:\Users\kelvinhanratty\AppData\Roaming\Mozilla\Firefox\Profiles\p931pc4x.default-1410077907372\Extensions\langpack-en-GB@firefox.mozilla.org.xpi [2017-01-31]
FF Extension: (Français Language Pack) - C:\Users\kelvinhanratty\AppData\Roaming\Mozilla\Firefox\Profiles\p931pc4x.default-1410077907372\Extensions\langpack-fr@firefox.mozilla.org.xpi [2017-01-31]
FF Extension: (British English Dictionary (Marco Pinto)) - C:\Users\kelvinhanratty\AppData\Roaming\Mozilla\Firefox\Profiles\p931pc4x.default-1410077907372\Extensions\marcoagpinto@mail.telepac.pt [2017-03-03]
FF Extension: (RescueTime) - C:\Users\kelvinhanratty\AppData\Roaming\Mozilla\Firefox\Profiles\p931pc4x.default-1410077907372\Extensions\rescuetime_firefox@rescuetime.com.xpi [2016-06-30]
FF Extension: (ChatZilla) - C:\Users\kelvinhanratty\AppData\Roaming\Mozilla\Firefox\Profiles\p931pc4x.default-1410077907372\Extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2} [2017-03-14]
FF Extension: (Procon Latte Content Filter) - C:\Users\kelvinhanratty\AppData\Roaming\Mozilla\Firefox\Profiles\p931pc4x.default-1410077907372\Extensions\{9D6218B8-03C7-4b91-AA43-680B305DD35C}.xpi [2017-01-18]
FF SearchPlugin: C:\Users\kelvinhanratty\AppData\Roaming\Mozilla\Firefox\Profiles\p931pc4x.default-1410077907372\searchplugins\youtube-video-search.xml [2016-01-13]
FF HKLM-x32\...\Firefox\Extensions: [antiphishing@bullguard] - C:\Program Files\BullGuard Ltd\BullGuard\Files32\Antiphishing\FF\antiphishing@bullguard
FF Extension: (BullGuard Safe Browsing) - C:\Program Files\BullGuard Ltd\BullGuard\Files32\Antiphishing\FF\antiphishing@bullguard [2014-08-30] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_25_0_0_127.dll [2017-03-14] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll [2013-09-13] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_127.dll [2017-03-14] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2013-10-01] ()
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-05-22] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-05-22] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll [2013-09-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-01-29] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-12-29] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-12-29] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin HKU\S-1-5-21-3941133293-2002617813-2197103628-1002: @talk.google.com/GoogleTalkPlugin -> C:\Users\kelvinhanratty\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-3941133293-2002617813-2197103628-1002: @talk.google.com/O1DPlugin -> C:\Users\kelvinhanratty\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-3941133293-2002617813-2197103628-1002: @tools.google.com/Google Update;version=3 -> C:\Users\kelvinhanratty\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin HKU\S-1-5-21-3941133293-2002617813-2197103628-1002: @tools.google.com/Google Update;version=9 -> C:\Users\kelvinhanratty\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\kelvinhanratty\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\kelvinhanratty\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://www.google.com/ig
CHR StartupUrls: Default -> "hxxps://accounts.google.com/ServiceLogin?service=mail&passive=true&rm=false&continue=hxxps://mail.google.com/mail/&ss=1&scc=1&ltmpl=default&ltmplcache=2","hxxp://www.facebook.com/","hxxps://personal.co-operativebank.co.uk/CBIBSWeb/start.do","hxxp://en.wikipedia.org/wiki/Special:Randompage","hxxp://wordsmith.org/words/random.cgi","hxxp://fr.yahoo.com/","hxxp://www.google.com/ig/redirectdomain?brand=DSGQ&bmod=DSGQ","hxxp://uk.mg41.mail.yahoo.com/dc/launch","hxxp://www.google.com","hxxp://www.google.com/ig","hxxp://www.yahoo.com/","hxxp://www.google.com/reader/play/","hxxp://www.google.co.uk/ig"
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\kelvinhanratty\AppData\Local\Google\Chrome\User Data\Default [2017-03-21]
CHR Extension: (Google Translate) - C:\Users\kelvinhanratty\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2015-11-18]
CHR Extension: (Google Calendar - 21 – 27 Nov 2015) - C:\Users\kelvinhanratty\AppData\Local\Google\Chrome\User Data\Default\Extensions\abpmmcdejmgfbkoaficklhbbgnggpema [2015-11-21]
CHR Extension: (Clipboard) - C:\Users\kelvinhanratty\AppData\Local\Google\Chrome\User Data\Default\Extensions\afdkbjaecenbhbgjjocbjdjecfnignmj [2013-04-24]
CHR Extension: (Awesome Screenshot App) - C:\Users\kelvinhanratty\AppData\Local\Google\Chrome\User Data\Default\Extensions\afkccfnochoebimhhniekgcegeeiepmi [2015-01-07]
CHR Extension: (Kindle Cloud Reader) - C:\Users\kelvinhanratty\AppData\Local\Google\Chrome\User Data\Default\Extensions\aicjkkmjijnlncpkailhjcdfkechjbpl [2015-03-18]
CHR Extension: (Write Space) - C:\Users\kelvinhanratty\AppData\Local\Google\Chrome\User Data\Default\Extensions\aimodnlfiikjjnmdchihablmkdeobhad [2014-04-29]
CHR Extension: (No Name) - C:\Users\kelvinhanratty\AppData\Local\Google\Chrome\User Data\Default\Extensions\alelhddbbhepgpmgidjdcjakblofbmce [2015-05-08]
CHR Extension: (reddit) - C:\Users\kelvinhanratty\AppData\Local\Google\Chrome\User Data\Default\Extensions\anbjdcdemclgpcafgdehfmmakkhnopen [2013-04-24]
CHR Extension: (FollowUp.cc for Gmail) - C:\Users\kelvinhanratty\AppData\Local\Google\Chrome\User Data\Default\Extensions\annoaihhfdegphdkkkbahheignkgigpd [2017-01-25]
CHR Extension: (Lucidchart Diagrams) - C:\Users\kelvinhanratty\AppData\Local\Google\Chrome\User Data\Default\Extensions\apboafhkiegglekeafbckfjldecefkhn [2017-02-27]
CHR Extension: (Google Drive) - C:\Users\kelvinhanratty\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-24]
CHR Extension: (Trello) - C:\Users\kelvinhanratty\AppData\Local\Google\Chrome\User Data\Default\Extensions\bcippchgndagljinjmfoebjjpphlokjh [2015-11-01]
CHR Extension: (RescueTime for Chrome™ & ChromeOS™) - C:\Users\kelvinhanratty\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdakmnplckeopfghnlpocafcepegjeap [2016-02-22]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\kelvinhanratty\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-01-29]
CHR Extension: (Todoist for Chrome) - C:\Users\kelvinhanratty\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgjohebimpjdhhocbknplfelpmdhifhd [2016-05-10]
CHR Extension: (Hootsuite Hootlet) - C:\Users\kelvinhanratty\AppData\Local\Google\Chrome\User Data\Default\Extensions\bjgfdlplhmndoonmofmflcbiohgbkifn [2016-10-14]
CHR Extension: (DuckDuckGo Search) - C:\Users\kelvinhanratty\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkdgflcldnnnapblkhphbgpggdiikppg [2017-03-20]
CHR Extension: (YouTube) - C:\Users\kelvinhanratty\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-04]
CHR Extension: (Facebook) - C:\Users\kelvinhanratty\AppData\Local\Google\Chrome\User Data\Default\Extensions\boeajhmfdjldchidhphikilcgdacljfm [2013-04-24]
CHR Extension: (Adblock Plus) - C:\Users\kelvinhanratty\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2017-03-21]
CHR Extension: (Pushbullet) - C:\Users\kelvinhanratty\AppData\Local\Google\Chrome\User Data\Default\Extensions\chlffgpmiacpedhhbkiomidkjlcfhogd [2016-10-31]
CHR Extension: (Todoist for Gmail) - C:\Users\kelvinhanratty\AppData\Local\Google\Chrome\User Data\Default\Extensions\clgenfnodoocmhnlnpknojdbjjnmecff [2016-09-17]
CHR Extension: (Google Search) - C:\Users\kelvinhanratty\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-03]
CHR Extension: (Save to Drive) - C:\Users\kelvinhanratty\AppData\Local\Google\Chrome\User Data\Default\Extensions\deoibeabfchdpckcmamaadeccohilbkp [2013-04-24]
CHR Extension: (FLIXPICKER - Find best Movies and TV Shows) - C:\Users\kelvinhanratty\AppData\Local\Google\Chrome\User Data\Default\Extensions\dfhhaffkfckcjcjeoemhjocccdeicidi [2016-01-15]
CHR Extension: (Google+) - C:\Users\kelvinhanratty\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlppkpafhbajpcmmoheippocdidnckmm [2015-12-09]
CHR Extension: (Multicolumn for Feedly) - C:\Users\kelvinhanratty\AppData\Local\Google\Chrome\User Data\Default\Extensions\edblpojghnkfnoonkkbefcbeejhbcbhp [2014-10-14]
CHR Extension: (MindMup Desktop - Free Mind Mapping) - C:\Users\kelvinhanratty\AppData\Local\Google\Chrome\User Data\Default\Extensions\eealagocaipaflcjmeapmobpmilffopi [2015-02-04]
CHR Extension: (Tabs Outliner) - C:\Users\kelvinhanratty\AppData\Local\Google\Chrome\User Data\Default\Extensions\eggkanocgddhmamlbiijnphhppkpkmkl [2016-06-06]
CHR Extension: (Gmail Offline) - C:\Users\kelvinhanratty\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejidjjhkpiempkbhmpbfngldlkglhimk [2015-01-31]
CHR Extension: (Google Calendar) - C:\Users\kelvinhanratty\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2017-01-25]
CHR Extension: (Box) - C:\Users\kelvinhanratty\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejnkaeblpdcamcioiiabclakabcbjmbl [2015-05-08]
CHR Extension: (Add to Trello) - C:\Users\kelvinhanratty\AppData\Local\Google\Chrome\User Data\Default\Extensions\engmocckoohpopiacajolojeobefbcec [2017-01-25]
CHR Extension: (Invite All (for Facebook)) - C:\Users\kelvinhanratty\AppData\Local\Google\Chrome\User Data\Default\Extensions\eopekjehpibhfpjjcokfmhcaeiclddih [2016-06-24]
CHR Extension: (Chromello for Trello) - C:\Users\kelvinhanratty\AppData\Local\Google\Chrome\User Data\Default\Extensions\fconmkoajclilefnnpmfkcpfbicnppkj [2015-04-24]
CHR Extension: (Wayback Machine) - C:\Users\kelvinhanratty\AppData\Local\Google\Chrome\User Data\Default\Extensions\fpnmgdkabkmnadcjpehmlllkndpkmiak [2017-02-17]
CHR Extension: (Google Docs Offline) - C:\Users\kelvinhanratty\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-04-02]
CHR Extension: (Pinterest Save Button) - C:\Users\kelvinhanratty\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2017-02-27]
CHR Extension: (Ultimello, the features pack for Trello) - C:\Users\kelvinhanratty\AppData\Local\Google\Chrome\User Data\Default\Extensions\hahbfgjfimnmogoinnenhheepfcphnmm [2016-12-18]
CHR Extension: (G.lux) - C:\Users\kelvinhanratty\AppData\Local\Google\Chrome\User Data\Default\Extensions\hinolicfmhnjadpggledmhnffommefaf [2017-02-17]
CHR Extension: (feedly) - C:\Users\kelvinhanratty\AppData\Local\Google\Chrome\User Data\Default\Extensions\hipbfijinpcgfogaopmgehiegacbhmob [2016-09-17]
CHR Extension: (Vimeo Couch Mode) - C:\Users\kelvinhanratty\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjkdhkejcnlmkfdodbkdkelefnkobfif [2013-04-24]
CHR Extension: (Hush - private bookmarking) - C:\Users\kelvinhanratty\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjmoaenjknbdehbiaeeijcppnljflkff [2017-03-20]
CHR Extension: (Checker Plus for Google Calendar™) - C:\Users\kelvinhanratty\AppData\Local\Google\Chrome\User Data\Default\Extensions\hkhggnncdpfibdhinjiegagmopldibha [2017-03-19]
CHR Extension: (Google Keep - notes and lists) - C:\Users\kelvinhanratty\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki [2017-03-21]
CHR Extension: (Dropbox) - C:\Users\kelvinhanratty\AppData\Local\Google\Chrome\User Data\Default\Extensions\ioekoebejdcmnlefjiknokhhafglcjdl [2015-07-05]
CHR Extension: (Extensity) - C:\Users\kelvinhanratty\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjmflmamggggndanpgfnpelongoepncg [2017-02-17]
CHR Extension: (Todoist: To-Do list and Task Manager) - C:\Users\kelvinhanratty\AppData\Local\Google\Chrome\User Data\Default\Extensions\jldhpllghnbhlbpcmnajkpdmadaolakh [2016-04-02]
CHR Extension: (WordPress.com) - C:\Users\kelvinhanratty\AppData\Local\Google\Chrome\User Data\Default\Extensions\khjnjifipfkgglficmipimgjpbmlbemd [2013-04-24]
CHR Extension: (Google Docs Viewer (by Google)) - C:\Users\kelvinhanratty\AppData\Local\Google\Chrome\User Data\Default\Extensions\kkjmcfdcdbbkdacicmpokoddagejpknh [2013-04-24]
CHR Extension: (Hootsuite) - C:\Users\kelvinhanratty\AppData\Local\Google\Chrome\User Data\Default\Extensions\kneloppijbcidgidihgdjnooihjcdbij [2014-07-18]
CHR Extension: (Google Play) - C:\Users\kelvinhanratty\AppData\Local\Google\Chrome\User Data\Default\Extensions\komhbcfkdcgmcdoenjcjheifdiabikfi [2015-02-14]
CHR Extension: (StayFocusd) - C:\Users\kelvinhanratty\AppData\Local\Google\Chrome\User Data\Default\Extensions\laankejkbhbdhmipfmgcngdelahlfoji [2014-11-11]
CHR Extension: (Evernote Web) - C:\Users\kelvinhanratty\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbfehkoinhhcknnbdgnnmjhiladcgbol [2014-03-11]
CHR Extension: (Fix Hootsuite Ext) - C:\Users\kelvinhanratty\AppData\Local\Google\Chrome\User Data\Default\Extensions\libkeepfhbgiamhpajlgfcoljimloknk [2016-07-15]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\kelvinhanratty\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2015-12-09]
CHR Extension: (Google Maps) - C:\Users\kelvinhanratty\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2015-10-04]
CHR Extension: (Google Dictionary (by Google)) - C:\Users\kelvinhanratty\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgijmajocgfcbeboacabfgobmjgjcoja [2016-05-10]
CHR Extension: (CardCounter for Trello) - C:\Users\kelvinhanratty\AppData\Local\Google\Chrome\User Data\Default\Extensions\miejdnaildjcmahbhmfngfdoficmkdhi [2016-07-15]
CHR Extension: (Pocket) - C:\Users\kelvinhanratty\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjcnijlhddpbdemagnpefmlkjdagkogk [2015-06-22]
CHR Extension: (feedly) - C:\Users\kelvinhanratty\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndhinffkekpekljifjkkkkkhopnjodja [2016-09-17]
CHR Extension: (Save to Pocket) - C:\Users\kelvinhanratty\AppData\Local\Google\Chrome\User Data\Default\Extensions\niloccemoadcdkdjlinkgdfekeahmflj [2017-03-19]
CHR Extension: (Chrome Web Store Payments) - C:\Users\kelvinhanratty\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-12]
CHR Extension: (GMail to Trello) - C:\Users\kelvinhanratty\AppData\Local\Google\Chrome\User Data\Default\Extensions\oceoildfbiaeclndnjknjpfaoofeekgl [2017-03-19]
CHR Extension: (Adblock Pro) - C:\Users\kelvinhanratty\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocifcklkibdehekfnmflempfgjhbedch [2016-05-14]
CHR Extension: (Kanban WIP for Trello) - C:\Users\kelvinhanratty\AppData\Local\Google\Chrome\User Data\Default\Extensions\oekefjibcnongmmmmkdiofgeppfkmdii [2015-03-31]
CHR Extension: (Checker Plus for Gmail™) - C:\Users\kelvinhanratty\AppData\Local\Google\Chrome\User Data\Default\Extensions\oeopbcgkkoapgobdbedcemjljbihmemj [2017-03-19]
CHR Extension: (Trello) - C:\Users\kelvinhanratty\AppData\Local\Google\Chrome\User Data\Default\Extensions\oflhioojkbelepjlnafgmgkkjhojphcg [2015-03-23]
CHR Extension: (Assignments (by Hootsuite)) - C:\Users\kelvinhanratty\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohfcehdaekhnbkojcnjijopkecldfdcm [2014-11-11]
CHR Extension: (Pin Search 
 Image Search on Pinterest) - C:\Users\kelvinhanratty\AppData\Local\Google\Chrome\User Data\Default\Extensions\okiaciimfpgbpdhnfdllhdkicpmdoakm [2014-03-11]
CHR Extension: (vTabs) - C:\Users\kelvinhanratty\AppData\Local\Google\Chrome\User Data\Default\Extensions\okpnlgbgcfchbicbhjmmhldhkbkfilce [2017-02-07]
CHR Extension: (Evernote Web Clipper) - C:\Users\kelvinhanratty\AppData\Local\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc [2017-02-17]
CHR Extension: (Gmail) - C:\Users\kelvinhanratty\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-02]
CHR Extension: (Slim Lists for Trello) - C:\Users\kelvinhanratty\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjlejgbmijmafmobaofcgblpdbkaodod [2015-08-15]
CHR Extension: (Chrome Media Router) - C:\Users\kelvinhanratty\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-20]
CHR Extension: (Checker Plus for Google Drive™) - C:\Users\kelvinhanratty\AppData\Local\Google\Chrome\User Data\Default\Extensions\pppfmbnpgflleackdcojndfgpiboghga [2017-03-12]
CHR Profile: C:\Users\kelvinhanratty\AppData\Local\Google\Chrome\User Data\Guest Profile [2016-01-15]
CHR Profile: C:\Users\kelvinhanratty\AppData\Local\Google\Chrome\User Data\Profile 1 [2016-01-15]
CHR Extension: (Google Slides) - C:\Users\kelvinhanratty\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-12-18]
CHR Extension: (Google Docs) - C:\Users\kelvinhanratty\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2015-12-18]
CHR Extension: (Google Drive) - C:\Users\kelvinhanratty\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-12-18]
CHR Extension: (YouTube) - C:\Users\kelvinhanratty\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-12-18]
CHR Extension: (Google Search) - C:\Users\kelvinhanratty\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-18]
CHR Extension: (Google Sheets) - C:\Users\kelvinhanratty\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-12-18]
CHR Extension: (Google Docs Offline) - C:\Users\kelvinhanratty\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-12-18]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\kelvinhanratty\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2015-12-18]
CHR Extension: (Chrome Web Store Payments) - C:\Users\kelvinhanratty\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-12-18]
CHR Extension: (Gmail) - C:\Users\kelvinhanratty\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-12-18]
CHR Profile: C:\Users\kelvinhanratty\AppData\Local\Google\Chrome\User Data\System Profile [2016-01-15]
CHR HKU\S-1-5-21-3941133293-2002617813-2197103628-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
 
Opera: 
=======
OPR Extension: (RescueTime for Chrome™ & ChromeOS™) - C:\Users\kelvinhanratty\AppData\Roaming\Opera Software\Opera Stable\Extensions\bdakmnplckeopfghnlpocafcepegjeap [2016-02-22]
OPR Extension: (Hootsuite Hootlet) - C:\Users\kelvinhanratty\AppData\Roaming\Opera Software\Opera Stable\Extensions\bjgfdlplhmndoonmofmflcbiohgbkifn [2016-10-14]
OPR Extension: (Add to Trello) - C:\Users\kelvinhanratty\AppData\Roaming\Opera Software\Opera Stable\Extensions\engmocckoohpopiacajolojeobefbcec [2017-01-25]
OPR Extension: (Chromello for Trello) - C:\Users\kelvinhanratty\AppData\Roaming\Opera Software\Opera Stable\Extensions\fconmkoajclilefnnpmfkcpfbicnppkj [2016-02-22]
OPR Extension: (Ultimello, the features pack for Trello) - C:\Users\kelvinhanratty\AppData\Roaming\Opera Software\Opera Stable\Extensions\hahbfgjfimnmogoinnenhheepfcphnmm [2016-12-23]
OPR Extension: (Pocket (formerly Read It Later)) - C:\Users\kelvinhanratty\AppData\Roaming\Opera Software\Opera Stable\Extensions\hedlhkdmdlcjhiblbmfggdiaeekblnoi [2015-10-04]
OPR Extension: (RescueTime for Chrome™ & ChromeOS™) - C:\Users\kelvinhanratty\AppData\Roaming\Opera Software\Opera Stable\Extensions\jacmgnhcnfdmjdkdlfndaccecdegacba [2016-08-15]
OPR Extension: (Extensity) - C:\Users\kelvinhanratty\AppData\Roaming\Opera Software\Opera Stable\Extensions\jjmflmamggggndanpgfnpelongoepncg [2017-02-20]
OPR Extension: (Todoist: To-Do list and Task Manager) - C:\Users\kelvinhanratty\AppData\Roaming\Opera Software\Opera Stable\Extensions\jldhpllghnbhlbpcmnajkpdmadaolakh [2016-04-02]
OPR Extension: (Download Chrome Extension) - C:\Users\kelvinhanratty\AppData\Roaming\Opera Software\Opera Stable\Extensions\kipjbhgniklcnglfaldilecjomjaddfi [2017-02-20]
OPR Extension: (Noisli) - C:\Users\kelvinhanratty\AppData\Roaming\Opera Software\Opera Stable\Extensions\klejemegaoblahjdpcajmpcnjjmkmkkf [2017-03-12]
OPR Extension: (StayFocusd) - C:\Users\kelvinhanratty\AppData\Roaming\Opera Software\Opera Stable\Extensions\laankejkbhbdhmipfmgcngdelahlfoji [2016-02-22]
OPR Extension: (Amazon Assistant for Opera) - C:\Users\kelvinhanratty\AppData\Roaming\Opera Software\Opera Stable\Extensions\mmmbddcnnndpbdflpccgcknaaabgldak [2016-11-02]
OPR Extension: (Pinterest) - C:\Users\kelvinhanratty\AppData\Roaming\Opera Software\Opera Stable\Extensions\objncbokngchniifnaijjjilieiahogg [2014-02-21]
OPR Extension: (Adblock Plus) - C:\Users\kelvinhanratty\AppData\Roaming\Opera Software\Opera Stable\Extensions\oidhhegpmlfpoeialbgcdocjalghfpkp [2017-03-20]
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 BsBackup; C:\Program Files\BullGuard Ltd\BullGuard\BsBackup.dll [1542936 2017-03-01] (BullGuard Ltd.)
R2 BsBhvScan; C:\Program Files\BullGuard Ltd\BullGuard\BullGuardBhvScanner.exe [704792 2017-03-01] (BullGuard Ltd.)
R2 BsCache; C:\Program Files\BullGuard Ltd\BullGuard\BsCache.dll [185112 2017-03-01] (BullGuard Ltd.)
R2 BsFileScan; c:\program files\bullguard ltd\bullguard\BsFileScan.dll [487192 2017-03-01] (BullGuard Ltd.)
R2 BsFire; c:\program files\bullguard ltd\bullguard\BsFire.dll [821528 2017-03-01] (BullGuard Ltd.)
R2 BsMailProxy; c:\program files\bullguard ltd\bullguard\BsMailProxy\BsMailProxy.dll [5797144 2017-03-01] (BullGuard Ltd.)
R2 BsMain; c:\program files\bullguard ltd\bullguard\bsmain.dll [661272 2017-03-01] (BullGuard Ltd.)
R2 BsScanner; C:\Program Files\BullGuard Ltd\BullGuard\BullGuardScanner.exe [317208 2017-03-01] (BullGuard Ltd.)
R2 BsUpdate; C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe [409880 2017-03-01] (BullGuard Ltd.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [3704520 2017-02-18] (Microsoft Corporation)
S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2013-01-16] (Creative Labs) [File not signed]
R2 CybereasonRansomFree; C:\Program Files (x86)\Cybereason\RansomFree\CybereasonRansomFreeServiceHost.exe [13312 2017-01-09] (Cybereason) [File not signed]
R2 HTCMonitorService; C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [87368 2013-09-02] (Nero AG)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes)
R2 MSI_OTPService; C:\Program Files (x86)\MSI\OTPService\OTPService.exe [252432 2011-12-09] ()
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [458176 2016-12-29] (NVIDIA Corporation)
R2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [1919256 2014-12-15] (IBM Corp.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 AFW; C:\WINDOWS\system32\DRIVERS\afw.sys [52912 2015-06-17] (Agnitum Ltd.)
R3 afwcore; C:\WINDOWS\system32\DRIVERS\afwcore.sys [465072 2015-06-17] (Agnitum Ltd.)
R1 BdAgent; C:\WINDOWS\System32\DRIVERS\BdAgent.sys [174744 2016-09-20] (BullGuard Ltd.)
R3 BdNet; C:\WINDOWS\System32\drivers\BdNet.sys [51856 2015-10-15] (BullGuard Ltd.)
R1 BdSpy; C:\WINDOWS\System32\drivers\BdSpy.sys [94952 2015-10-15] (BullGuard Ltd.)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77408 2017-03-03] ()
S3 IntcAzAudAddService; C:\WINDOWS\system32\drivers\RTKVHD64.sys [4740456 2012-02-06] () [File not signed]
R0 MBAMChameleon; C:\WINDOWS\System32\drivers\MBAMChameleon.sys [186304 2017-03-18] (Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\system32\drivers\farflt.sys [111544 2017-03-18] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\drivers\mbam.sys [43968 2017-03-18] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [251840 2017-03-18] (Malwarebytes)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [92088 2017-03-21] (Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\drivers\mwac.sys [92088 2017-03-21] (Malwarebytes)
R1 NovaShieldFilterDriver; C:\WINDOWS\System32\DRIVERS\NSKernel.sys [276144 2016-07-27] (BullGuard Ltd.)
R4 RapportCerberus_80083; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_80083.sys [761720 2015-01-08] ()
R1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [445912 2014-12-15] (IBM Corp.)
R0 RapportHades64; C:\WINDOWS\System32\Drivers\RapportHades64.sys [289656 2014-12-15] (IBM Corp.)
R0 RapportKE64; C:\WINDOWS\System32\Drivers\RapportKE64.sys [534104 2014-12-15] (IBM Corp.)
R1 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [557656 2014-12-15] (IBM Corp.)
R3 Trufos; C:\WINDOWS\System32\DRIVERS\Trufos.sys [485512 2016-04-14] (BitDefender S.R.L.)
R3 t_mouse.sys; C:\WINDOWS\system32\DRIVERS\t_mouse.sys [6144 2012-12-19] ()
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-03-21 23:11 - 2017-03-21 23:11 - 00000000 ___DC C:\FRST
2017-03-21 23:08 - 2017-03-21 23:11 - 02424832 _____ (Farbar) C:\Users\kelvinhanratty\Desktop\FRST64.exe
2017-03-21 10:25 - 2017-03-21 10:25 - 00525079 _____ C:\Users\VlWX\derive-aristotle-under.xlsx
2017-03-21 10:25 - 2017-03-21 10:25 - 00522750 _____ C:\Users\Akxrbn\someone_formerly.xlsx
2017-03-21 10:25 - 2017-03-21 10:25 - 00214964 _____ C:\Users\Akxrbn\johnniehorizontalmealsastonish.mdb
2017-03-21 10:25 - 2017-03-21 10:25 - 00213137 _____ C:\Users\VlWX\windowgently.mdb
2017-03-21 10:25 - 2017-03-21 10:25 - 00068103 _____ C:\Users\Akxrbn\prohibit_offer_comb.xls
2017-03-21 10:25 - 2017-03-21 10:25 - 00066655 _____ C:\Users\VlWX\individuals-coating-temple-tent.xls
2017-03-21 10:25 - 2017-03-21 10:25 - 00054922 _____ C:\Users\VlWX\surprise-driving-regiment-woodruff.pem
2017-03-21 10:25 - 2017-03-21 10:25 - 00051336 _____ C:\Users\Akxrbn\ovd4yaxag8Cz.pem
2017-03-21 10:25 - 2017-03-21 10:25 - 00030007 _____ C:\Users\VlWX\continuous democracy.txt
2017-03-21 10:25 - 2017-03-21 10:25 - 00025264 _____ C:\Users\Akxrbn\faction civilization.sql
2017-03-21 10:25 - 2017-03-21 10:25 - 00021349 _____ C:\Users\Akxrbn\VWOGRP.txt
2017-03-21 10:25 - 2017-03-21 10:25 - 00018691 _____ C:\Users\VlWX\vacation routine adjacent.sql
2017-03-21 10:25 - 2017-03-21 10:25 - 00000000 __SHD C:\Users\kelvinhanratty\Desktop\ This folder protects against Ransomware. Just leave it here
2017-03-21 10:25 - 2017-03-21 10:25 - 00000000 ___HD C:\Users\VlWX
2017-03-21 10:25 - 2017-03-21 10:25 - 00000000 ___HD C:\Users\Akxrbn
2017-03-21 10:25 - 2017-03-21 10:25 - 00000000 ___DC C:\Xconfig14
2017-03-21 10:25 - 2017-03-21 10:25 - 00000000 ___DC C:\Aoorganized140
2017-03-20 19:55 - 2017-03-20 19:57 - 00000000 ____D C:\Users\kelvinhanratty\Desktop\IGOR
2017-03-14 22:25 - 2017-03-04 08:01 - 00576512 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2017-03-14 22:25 - 2017-03-04 07:59 - 02895360 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2017-03-14 22:25 - 2017-03-04 07:48 - 25746944 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-03-14 22:25 - 2017-03-04 07:44 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2017-03-14 22:25 - 2017-03-04 07:31 - 06045696 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-03-14 22:25 - 2017-03-04 07:05 - 01033216 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2017-03-14 22:25 - 2017-03-04 06:54 - 00806912 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2017-03-14 22:25 - 2017-03-04 06:26 - 15259648 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-03-14 22:25 - 2017-03-04 06:25 - 03241984 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2017-03-14 22:25 - 2017-03-04 06:12 - 01545728 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2017-03-14 22:25 - 2017-03-04 04:18 - 20281856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-03-14 22:25 - 2017-03-02 18:01 - 00499200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2017-03-14 22:25 - 2017-03-02 17:55 - 02287104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2017-03-14 22:25 - 2017-03-02 17:49 - 00663552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2017-03-14 22:25 - 2017-03-02 17:25 - 00880640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2017-03-14 22:25 - 2017-03-02 17:22 - 04604416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-03-14 22:25 - 2017-03-02 17:19 - 00693248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2017-03-14 22:25 - 2017-03-02 17:11 - 13654528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-03-14 22:25 - 2017-03-02 16:53 - 02767360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2017-03-14 22:25 - 2017-03-02 16:50 - 01312768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2017-03-14 22:25 - 2017-02-11 05:12 - 00315392 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2017-03-14 22:25 - 2017-02-11 05:12 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2017-03-14 22:25 - 2017-02-11 05:00 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2017-03-14 22:25 - 2017-02-11 04:58 - 00378880 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2017-03-14 22:25 - 2017-02-11 04:56 - 02131456 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2017-03-14 22:25 - 2017-02-10 19:09 - 04169728 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2017-03-14 22:25 - 2017-02-10 05:10 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2017-03-14 22:25 - 2017-02-10 05:09 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2017-03-14 22:25 - 2017-02-10 05:08 - 00279040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2017-03-14 22:25 - 2017-02-10 05:01 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2017-03-14 22:25 - 2017-02-10 05:00 - 00330752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2017-03-14 22:25 - 2017-02-10 04:59 - 02055680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2017-03-14 22:25 - 2017-02-04 20:32 - 07444832 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-03-14 22:24 - 2017-03-04 07:45 - 00114688 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollector.exe
2017-03-14 22:24 - 2017-03-04 06:02 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2017-03-14 22:24 - 2017-03-02 16:50 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2017-03-14 22:24 - 2017-02-11 19:25 - 00417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys
2017-03-14 22:24 - 2017-02-10 05:34 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2017-03-14 22:24 - 2017-02-10 01:31 - 01549144 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-03-14 22:24 - 2017-02-10 00:12 - 01375960 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2017-03-14 22:24 - 2017-02-09 15:28 - 01987584 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2017-03-14 22:24 - 2017-02-09 15:19 - 01377792 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2017-03-14 22:24 - 2017-02-09 15:16 - 01560064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2017-03-14 22:24 - 2017-02-09 15:16 - 01094656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2017-03-14 22:24 - 2017-02-09 14:59 - 00658432 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2017-03-14 22:24 - 2017-02-09 14:58 - 00499200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
2017-03-14 22:24 - 2017-02-09 14:58 - 00252416 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll
2017-03-14 22:24 - 2017-02-04 20:30 - 01663184 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2017-03-14 22:24 - 2017-02-04 20:30 - 01523216 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2017-03-14 22:24 - 2017-02-04 20:30 - 01490128 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2017-03-14 22:24 - 2017-02-04 20:30 - 01358960 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2017-03-14 22:24 - 2017-02-04 19:32 - 00251392 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-system-events.dll
2017-03-14 22:24 - 2017-02-04 19:30 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2017-03-14 22:24 - 2017-02-04 18:14 - 01001472 _____ (Microsoft Corporation) C:\WINDOWS\HelpPane.exe
2017-03-14 22:24 - 2017-02-04 17:50 - 00243712 _____ (Microsoft Corporation) C:\WINDOWS\system32\icm32.dll
2017-03-14 22:24 - 2017-02-04 17:40 - 01754112 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2017-03-14 22:24 - 2017-02-04 17:32 - 00584704 _____ (Microsoft Corporation) C:\WINDOWS\system32\mscms.dll
2017-03-14 22:24 - 2017-02-04 17:17 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\icm32.dll
2017-03-14 22:24 - 2017-02-04 17:10 - 01491456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2017-03-14 22:24 - 2017-02-04 17:05 - 00503808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mscms.dll
2017-03-14 22:24 - 2017-01-21 21:37 - 00567152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2017-03-14 22:24 - 2017-01-21 19:27 - 00756736 _____ (Microsoft Corporation) C:\WINDOWS\system32\adtschema.dll
2017-03-14 22:24 - 2017-01-21 19:27 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\system32\msobjs.dll
2017-03-14 22:24 - 2017-01-21 19:22 - 00201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2017-03-14 22:24 - 2017-01-21 19:20 - 00401920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2017-03-14 22:24 - 2017-01-21 18:40 - 00756736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\adtschema.dll
2017-03-14 22:24 - 2017-01-21 18:40 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msobjs.dll
2017-03-14 22:24 - 2017-01-21 18:37 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2017-03-14 22:24 - 2017-01-21 17:58 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2017-03-14 22:24 - 2017-01-21 17:48 - 01437696 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2017-03-14 22:24 - 2017-01-14 17:49 - 00146944 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininit.exe
2017-03-14 22:24 - 2017-01-11 19:37 - 02345984 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2017-03-14 22:24 - 2017-01-10 19:08 - 01549312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2017-03-14 22:24 - 2017-01-05 18:20 - 01697792 _____ (Microsoft Corporation) C:\WINDOWS\system32\quartz.dll
2017-03-14 22:24 - 2017-01-05 18:09 - 07076864 _____ (Microsoft Corporation) C:\WINDOWS\system32\glcndFilter.dll
2017-03-14 22:24 - 2017-01-05 17:36 - 01501184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\quartz.dll
2017-03-14 22:24 - 2017-01-05 17:29 - 05273600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\glcndFilter.dll
2017-03-14 22:24 - 2017-01-05 17:13 - 07796224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2017-03-14 22:24 - 2017-01-05 16:57 - 05268480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2017-03-14 22:24 - 2016-11-09 19:22 - 00681472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2017-03-14 22:16 - 2017-02-23 14:50 - 00093360 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2017-03-14 22:16 - 2017-02-22 14:35 - 01609216 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2017-03-14 22:16 - 2017-02-22 14:35 - 00646656 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2017-03-14 13:01 - 2017-03-14 13:01 - 00276176 _____ (Spotify Ltd) C:\Users\kelvinhanratty\Desktop\SpotifySetup.exe
2017-03-03 13:28 - 2017-03-03 13:28 - 00232692 _____ C:\Users\kelvinhanratty\Desktop\2017-03-03 windows crapping about.txt
2017-03-03 13:24 - 2017-03-03 13:24 - 00009587 _____ C:\Users\kelvinhanratty\Desktop\energy bill calculation.xlsx
2017-03-02 14:03 - 2017-03-02 14:03 - 00001129 _____ C:\Users\kelvinhanratty\Desktop\malwarebytes summary 2017-03-02-1402.txt
2017-03-02 14:02 - 2017-03-02 14:02 - 00000000 ____D C:\Users\kelvinhanratty\Desktop\Malware Bytes
2017-03-01 14:26 - 2017-03-01 14:26 - 00003992 _____ C:\WINDOWS\System32\Tasks\Cybereason RansomFree Keepalive
2017-03-01 14:26 - 2017-03-01 14:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cybereason RansomFree
2017-03-01 10:43 - 2017-03-01 10:43 - 00171192 _____ (BullGuard Ltd.) C:\WINDOWS\system32\BgGamingMonitor.dll
2017-03-01 10:43 - 2017-03-01 10:43 - 00152128 _____ (BullGuard Ltd.) C:\WINDOWS\SysWOW64\BgGamingMonitor.dll
2017-03-01 10:43 - 2017-03-01 10:43 - 00076568 _____ (BullGuard Ltd.) C:\WINDOWS\system32\BGLsp.dll
2017-03-01 10:43 - 2017-03-01 10:43 - 00061720 _____ (BullGuard Ltd.) C:\WINDOWS\SysWOW64\BGLsp.dll
2017-02-27 16:20 - 2017-03-01 14:26 - 00003098 _____ C:\WINDOWS\System32\Tasks\Cybereason RansomFree Autostart
2017-02-26 13:38 - 2017-03-10 15:04 - 00000000 ____D C:\Users\kelvinhanratty\Desktop\Richard
2017-02-24 00:49 - 2017-01-18 14:35 - 01286144 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2017-02-24 00:49 - 2017-01-18 14:35 - 00556544 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2017-02-24 00:49 - 2017-01-18 14:35 - 00335360 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2017-02-24 00:49 - 2017-01-18 14:35 - 00293376 _____ (Microsoft Corporation) C:\WINDOWS\system32\centel.dll
2017-02-24 00:49 - 2017-01-18 14:35 - 00233984 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2017-02-24 00:49 - 2017-01-18 14:35 - 00133632 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2017-02-20 15:55 - 2017-02-20 15:55 - 07058526 _____ C:\Users\kelvinhanratty\Desktop\new-ways-of-seeing-fb.pdf
2017-02-20 11:20 - 2017-02-20 11:20 - 00001223 _____ C:\Users\kelvinhanratty\Desktop\2017-02-20 TEXT.txt
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-03-21 23:11 - 2014-01-10 15:15 - 00000356 _____ C:\WINDOWS\system32\config\afw_hm.conf
2017-03-21 23:11 - 2014-01-10 15:15 - 00000004 _____ C:\WINDOWS\system32\config\afw_db.conf
2017-03-21 23:11 - 2013-01-16 13:27 - 00000000 ____D C:\ProgramData\BullGuard
2017-03-21 22:59 - 2014-10-04 12:49 - 00003986 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{8F0D7A76-1559-42CB-8CFD-C6A07224D869}
2017-03-21 20:29 - 2017-01-25 19:20 - 00092088 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2017-03-21 10:47 - 2013-03-09 09:54 - 00000000 ____D C:\Users\kelvinhanratty\AppData\Local\Skitch
2017-03-21 10:25 - 2014-01-10 16:46 - 00000258 __RSH C:\ProgramData\ntuser.pol
2017-03-21 05:11 - 2013-08-22 15:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-03-20 21:46 - 2013-11-14 12:45 - 00863592 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-03-20 21:46 - 2013-08-22 13:36 - 00000000 ____D C:\WINDOWS\Inf
2017-03-20 10:25 - 2015-03-24 15:07 - 01460736 ___SH C:\Users\kelvinhanratty\Desktop\Thumbs.db
2017-03-19 22:44 - 2017-01-25 21:31 - 00000000 ____D C:\Users\kelvinhanratty\AppData\Local\CrashDumps
2017-03-19 22:39 - 2013-03-25 21:21 - 00000000 ___RD C:\Users\kelvinhanratty\Google Drive
2017-03-19 22:38 - 2015-11-14 14:05 - 00000000 ____D C:\Users\kelvinhanratty\AppData\Local\Pushbullet
2017-03-18 10:49 - 2013-08-22 15:36 - 00000000 ____D C:\WINDOWS\rescache
2017-03-18 10:26 - 2017-01-25 19:20 - 00186304 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMChameleon.sys
2017-03-18 10:26 - 2017-01-25 19:20 - 00111544 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2017-03-18 10:26 - 2017-01-25 19:19 - 00043968 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-03-18 10:25 - 2017-01-25 19:19 - 00251840 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-03-18 10:25 - 2014-01-10 15:11 - 00000000 ____D C:\ProgramData\NVIDIA
2017-03-18 10:25 - 2013-08-22 14:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-03-18 10:23 - 2013-08-22 13:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2017-03-17 21:52 - 2017-01-25 21:31 - 00000000 ____D C:\Users\kelvinhanratty\Desktop\Benefits
2017-03-16 19:10 - 2012-07-26 07:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-03-16 19:01 - 2017-01-29 13:41 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-03-16 04:46 - 2013-08-22 15:36 - 00000000 ___HD C:\Program Files\WindowsApps
2017-03-15 04:15 - 2014-12-14 00:25 - 00000000 ____D C:\WINDOWS\system32\appraiser
2017-03-15 04:15 - 2013-07-17 02:05 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-03-15 04:11 - 2013-03-04 00:13 - 138634176 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-03-14 21:24 - 2016-01-15 00:38 - 00000000 ____D C:\Program Files\CCleaner
2017-03-14 19:07 - 2015-02-08 13:16 - 00000000 ____D C:\Users\kelvinhanratty\AppData\Local\Spotify
2017-03-14 18:58 - 2017-01-05 12:01 - 00000000 ____D C:\Users\kelvinhanratty\AppData\LocalLow\Mozilla
2017-03-14 18:33 - 2015-02-08 13:16 - 00000000 ____D C:\Users\kelvinhanratty\AppData\Roaming\Spotify
2017-03-14 16:30 - 2015-07-25 17:53 - 00004456 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier
2017-03-14 16:30 - 2015-07-25 17:53 - 00004288 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2017-03-14 16:30 - 2013-08-22 15:36 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-03-14 16:30 - 2013-08-22 15:36 - 00000000 ____D C:\WINDOWS\system32\Macromed
2017-03-14 13:22 - 2013-01-21 23:58 - 00003600 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3941133293-2002617813-2197103628-1002
2017-03-14 13:03 - 2015-02-08 13:16 - 00001910 _____ C:\Users\kelvinhanratty\Desktop\Spotify.lnk
2017-03-14 13:03 - 2015-02-08 13:16 - 00001896 _____ C:\Users\kelvinhanratty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2017-03-12 13:27 - 2015-03-19 18:55 - 00000000 ____D C:\Users\kelvinhanratty\AppData\Roaming\Slack
2017-03-12 13:27 - 2013-03-04 08:32 - 00000000 ____D C:\Users\kelvinhanratty\AppData\Roaming\vlc
2017-03-10 04:34 - 2016-12-17 09:37 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-03-10 04:34 - 2016-12-17 09:37 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-03-09 17:16 - 2015-03-19 18:55 - 00002233 _____ C:\Users\kelvinhanratty\Desktop\Slack.lnk
2017-03-09 17:16 - 2015-03-19 18:55 - 00000000 ____D C:\Users\kelvinhanratty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Slack Technologies
2017-03-09 17:16 - 2015-03-19 18:54 - 00000000 ____D C:\Users\kelvinhanratty\AppData\Local\slack
2017-03-09 17:14 - 2015-03-19 02:33 - 00000000 ____D C:\Users\kelvinhanratty\AppData\Local\SquirrelTemp
2017-03-04 09:08 - 2013-08-04 03:24 - 00001094 _____ C:\Users\Public\Desktop\VLC media player.lnk
2017-03-03 17:24 - 2017-01-25 19:19 - 00077408 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-03-03 09:00 - 2013-01-27 00:35 - 00000000 ____D C:\Users\kelvinhanratty\AppData\Local\ElevatedDiagnostics
2017-03-03 06:38 - 2013-08-22 15:36 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-03-03 06:32 - 2012-11-24 20:21 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2017-03-03 01:08 - 2013-04-23 00:59 - 00000000 ____D C:\Temp
2017-03-01 17:31 - 2014-06-03 14:06 - 00003858 _____ C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1379003573
2017-03-01 17:31 - 2013-09-12 16:32 - 00001071 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2017-03-01 17:31 - 2013-09-12 16:32 - 00000000 ____D C:\Program Files (x86)\Opera
2017-02-22 21:25 - 2016-12-10 16:49 - 00003202 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
2017-02-22 21:25 - 2016-04-22 14:57 - 00002381 _____ C:\Users\kelvinhanratty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive for Business.lnk
2017-02-22 21:25 - 2014-02-20 01:56 - 00003210 _____ C:\WINDOWS\System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-3941133293-2002617813-2197103628-1002
2017-02-22 21:24 - 2014-02-10 00:43 - 00000000 ____D C:\WINDOWS\Minidump
2017-02-20 14:32 - 2017-02-16 11:27 - 00000000 ____D C:\Users\kelvinhanratty\Desktop\Islington Mill Prints
2017-02-20 11:25 - 2013-03-03 23:13 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
 
==================== Files in the root of some directories =======
 
2014-05-22 20:02 - 2014-05-22 20:02 - 14936064 _____ (LastPass) C:\Program Files (x86)\Common Files\lpuninstall.exe
2015-08-10 20:10 - 2015-08-10 20:10 - 13545694 _____ () C:\Users\kelvinhanratty\AppData\Local\package.nw.new
2015-03-19 00:45 - 2015-03-19 00:45 - 0001481 _____ () C:\Users\kelvinhanratty\AppData\Local\recently-used.xbel
2014-05-04 08:53 - 2014-05-04 08:53 - 0002682 _____ () C:\Users\kelvinhanratty\AppData\Local\recently-used.xbel.Z0KLFX
2013-03-18 17:09 - 2013-03-18 17:09 - 0007627 _____ () C:\Users\kelvinhanratty\AppData\Local\Resmon.ResmonCfg
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-03-18 10:36
 

==================== End of FRST.txt ============================

 

addition.txt

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-03-2017
Ran by kelvinhanratty (21-03-2017 23:14:16)
Running from C:\Users\kelvinhanratty\AppData\Local\Temp\scoped_dir8628_11194
Windows 8.1 (Update) (X64) (2014-01-10 16:46:28)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-3941133293-2002617813-2197103628-500 - Administrator - Disabled)
Guest (S-1-5-21-3941133293-2002617813-2197103628-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3941133293-2002617813-2197103628-1006 - Limited - Enabled)
kelvinhanratty (S-1-5-21-3941133293-2002617813-2197103628-1002 - Administrator - Enabled) => C:\Users\kelvinhanratty
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: BullGuard Antivirus (Enabled - Up to date) {13E9CAA5-762A-794E-2DA9-245D5622A105}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: BullGuard Antispyware (Enabled - Up to date) {A8882B41-5010-76C0-1719-1F2F2DA5EBB8}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: BullGuard Firewall (Disabled) {2BD24B80-3C45-7816-06F6-8D68A8F1E67E}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Flash Player 25 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 25.0.0.127 - Adobe Systems Incorporated)
Adobe Flash Player 25 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 25.0.0.127 - Adobe Systems Incorporated)
Adobe SVG Viewer 3.0 (HKLM-x32\...\Adobe SVG Viewer) (Version:  3.0 - Adobe Systems, Inc.)
Amazon Kindle (HKU\S-1-5-21-3941133293-2002617813-2197103628-1002\...\Amazon Kindle) (Version:  - Amazon)
BullGuard (HKLM\...\BullGuard) (Version: 16.0 - BullGuard Ltd.)
CCleaner (HKLM\...\CCleaner) (Version: 5.28 - Piriform)
Creative Audio Control Panel (HKLM-x32\...\AudioCS) (Version: 3.00 - Creative Technology Limited)
Creative Software AutoUpdate (HKLM-x32\...\Creative Software AutoUpdate) (Version: 1.40 - Creative Technology Limited)
Creative Sound Blaster Properties x64 Edition (HKLM-x32\...\Creative Sound Blaster Properties x64 Edition) (Version:  - Creative Technology Limited)
Cybereason RansomFree 2.2.5.1 (HKLM-x32\...\{293377E6-76A1-43A8-9AF3-77AE0124F9FF}) (Version: 2.2.5.1 - Cybereason Inc.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Defraggler (HKLM\...\Defraggler) (Version: 2.19 - Piriform)
Dropbox (HKU\S-1-5-21-3941133293-2002617813-2197103628-1002\...\Dropbox) (Version: 3.2.9 - Dropbox, Inc.)
Evernote v. 6.4.2 (HKLM-x32\...\{E74F0DCA-9FC8-11E6-9D98-005056950253}) (Version: 6.4.2.3788 - Evernote Corp.)
f.lux (HKU\S-1-5-21-3941133293-2002617813-2197103628-1002\...\Flux) (Version:  - )
ffdshow v1.2.4422 [2012-04-09] (HKLM-x32\...\ffdshow_is1) (Version: 1.2.4422.0 - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 56.0.2924.87 - Google Inc.)
Google Drive (HKLM-x32\...\{07A12123-B717-496B-B471-48AF6407B433}) (Version: 1.32.4066.7445 - Google, Inc.)
Google Talk Plugin (HKLM-x32\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 5.41.3.0 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
Host OpenAL (HKLM-x32\...\Host OpenAL) (Version: 1.00 - Creative Technology Limited)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.1.1399 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.0.0.1032 - Intel Corporation)
Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217055FF}) (Version: 7.0.550 - Oracle)
Junk Mail filter update (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Kodi (HKU\S-1-5-21-3941133293-2002617813-2197103628-1002\...\Kodi) (Version:  - XBMC-Foundation)
Malwarebytes version 3.0.6.1469 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.6.1469 - Malwarebytes)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.7766.2060 - Microsoft Corporation)
Microsoft OneDrive (HKU\.DEFAULT\...\OneDriveSetup.exe) (Version: 17.3.6390.0509 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3941133293-2002617813-2197103628-1002\...\OneDriveSetup.exe) (Version: 17.3.6798.0207 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox 51.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 51.0.1 (x86 en-US)) (Version: 51.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 51.0.1.6234 - Mozilla)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
NVIDIA 3D Vision Controller Driver 306.97 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 306.97 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 376.53 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 376.53 - NVIDIA Corporation)
NVIDIA Graphics Driver 376.53 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 376.53 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.17 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.17 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.12.0604 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.0604 - NVIDIA Corporation)
NVIDIA Update 10.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 10.4.0 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.7766.2047 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (Version: 16.0.7766.2047 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.7766.2047 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (x32 Version: 16.0.7668.2074 - Microsoft Corporation) Hidden
Opera Stable 43.0.2442.1144 (HKLM-x32\...\Opera 43.0.2442.1144) (Version: 43.0.2442.1144 - Opera Software)
OTPService (HKLM-x32\...\{B05F7750-8800-4520-9732-9C841246C8E2}_is1) (Version: 1.0.002 - MSI)
Popcorn Time (HKU\S-1-5-21-3941133293-2002617813-2197103628-1002\...\Popcorn Time) (Version:  - Popcorn Official) <==== ATTENTION
Pushbullet version 338 (HKLM-x32\...\{7578F204-49E7-4830-B051-14C23F408BFE}_is1) (Version: 338 - Pushbullet Inc)
Rapport (x32 Version: 3.5.1404.37 - Trusteer) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6564 - Realtek Semiconductor Corp.)
RescueTime 2.12.3.1430 (HKLM-x32\...\{2505571C-03B3-4F9F-AC35-33F1CB4B5E9E}_is1) (Version:  - RescueTime.com)
Skitch (HKLM-x32\...\Skitch 2.3.2.176) (Version: 2.3.2.176 - Evernote Corp.)
Slack (HKU\S-1-5-21-3941133293-2002617813-2197103628-1002\...\slack) (Version: 2.5.1 - Slack Technologies)
Spotify (HKU\S-1-5-21-3941133293-2002617813-2197103628-1002\...\Spotify) (Version: 1.0.50.41368.gbd68dbef - Spotify AB)
THX TruStudio Pro (HKLM-x32\...\{4FA6CB9A-2972-4AAF-A36E-3C40FCC22395}) (Version: 1.04.00 - Creative Technology Limited)
Trusteer Endpoint Protection (HKLM-x32\...\Rapport_msi) (Version: 3.5.1404.37 - Trusteer)
Visual C++ Runtime for Dragon NaturallySpeaking 64bit (x64) (HKLM\...\{4A5A427F-BA39-4BF0-9A47-7777FBE60C9F}) (Version: 10.00.800.228 - Nuance Communications Inc.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {09F035F6-DF94-49E8-B79C-5FC5B1C17BEF} - System32\Tasks\Cybereason RansomFree Autostart => C:\Program Files (x86)\Cybereason\RansomFree\CybereasonRansomFree.exe [2017-01-09] (Cybereason)
Task: {1A15E486-0A29-4A23-8250-1F3C9777D81A} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-02-18] (Microsoft Corporation)
Task: {3E36EC7E-4CA7-443B-BD55-226C16F646EA} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3941133293-2002617813-2197103628-1002UA => C:\Users\kelvinhanratty\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {4576C8D9-D03F-47DD-863F-165D4A77D1C9} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-02-18] (Microsoft Corporation)
Task: {52B7AB36-7623-4EDE-A525-E781BDA38154} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {57AD33AC-BD7A-46B8-BDA7-67F46140F677} - System32\Tasks\BullGuard\BullGuardUpdate2 => c:\program files\bullguard ltd\bullguard\BullGuardUpdate2.exe [2017-03-01] (BullGuard Ltd.)
Task: {5C3CEE37-7CA9-4BAF-844F-433C7156D580} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2017-02-19] (Microsoft Corporation)
Task: {5DF9CBD4-8075-4CA8-AC01-DBB158FF58FF} - \Start Registry Reviver for Kelvin_main_i7@kelvinhanratty(logon) -> No File <==== ATTENTION
Task: {64223E62-9B9F-4910-85FF-72CEC5CC57FF} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-03-14] (Adobe Systems Incorporated)
Task: {72F0A653-B69D-4EEE-BD3C-93EC98F5C465} - System32\Tasks\Cybereason RansomFree Keepalive => C:\Program Files (x86)\Cybereason\RansomFree\CybereasonRansomFree.exe [2017-01-09] (Cybereason)
Task: {7B2B8510-4DAA-4C5C-AB57-0AAA0B6EF136} - System32\Tasks\{0CAFA76D-882C-479B-B262-A45B3C27DBF2} => pcalua.exe -a C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_19_0_0_115_pepper.exe -c -maintain pepperplugin
Task: {7C5E313C-9C4C-4093-93F6-A038FE8B5C7B} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2017-03-15] (Microsoft Corporation)
Task: {853C5069-BF88-4E1B-B306-559FA653E3C0} - System32\Tasks\Opera scheduled Autoupdate 1379003573 => C:\Program Files (x86)\Opera\launcher.exe [2017-02-27] (Opera Software)
Task: {AF70FEBB-F6DD-4FBB-8526-D8157BEBBD67} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3941133293-2002617813-2197103628-1002Core => C:\Users\kelvinhanratty\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {D3F01752-CB2E-4453-8539-76A86DD5EA42} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {E5B8B6F5-589B-44FC-A9EC-BBB269586096} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-03-03] (Piriform Ltd)
Task: {F9F053FE-B227-4C47-B3BA-64EEE4BFC224} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_25_0_0_127_pepper.exe [2017-03-14] (Adobe Systems Incorporated)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
ShortcutWithArgument: C:\Users\kelvinhanratty\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_oflhioojkbelepjlnafgmgkkjhojphcg\Trello.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=oflhioojkbelepjlnafgmgkkjhojphcg
ShortcutWithArgument: C:\Users\kelvinhanratty\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_kneloppijbcidgidihgdjnooihjcdbij\Hootsuite.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=kneloppijbcidgidihgdjnooihjcdbij
ShortcutWithArgument: C:\Users\kelvinhanratty\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_khjnjifipfkgglficmipimgjpbmlbemd\WordPress.com.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=khjnjifipfkgglficmipimgjpbmlbemd
ShortcutWithArgument: C:\Users\kelvinhanratty\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_hipbfijinpcgfogaopmgehiegacbhmob\feedly.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=hipbfijinpcgfogaopmgehiegacbhmob
ShortcutWithArgument: C:\Users\kelvinhanratty\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_ejnkaeblpdcamcioiiabclakabcbjmbl\Box.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=ejnkaeblpdcamcioiiabclakabcbjmbl
ShortcutWithArgument: C:\Users\kelvinhanratty\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_ejjicmeblgpmajnghnpcppodonldlgfn\Google Calendar.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=ejjicmeblgpmajnghnpcppodonldlgfn
ShortcutWithArgument: C:\Users\kelvinhanratty\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_coobgpohoikkiipiblmjeljniedjpjpf\Google Search.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=coobgpohoikkiipiblmjeljniedjpjpf
ShortcutWithArgument: C:\Users\kelvinhanratty\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_bcippchgndagljinjmfoebjjpphlokjh\Trello.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=bcippchgndagljinjmfoebjjpphlokjh
ShortcutWithArgument: C:\Users\kelvinhanratty\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_aimodnlfiikjjnmdchihablmkdeobhad\Write Space.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=aimodnlfiikjjnmdchihablmkdeobhad
ShortcutWithArgument: C:\Users\kelvinhanratty\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_ahfgeienlihckogmohjhadlkjgocpleb\Store.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=ahfgeienlihckogmohjhadlkjgocpleb
ShortcutWithArgument: C:\Users\kelvinhanratty\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_abpmmcdejmgfbkoaficklhbbgnggpema\Google Calendar - 21 – 27 Nov 2015.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=abpmmcdejmgfbkoaficklhbbgnggpema
ShortcutWithArgument: C:\Users\kelvinhanratty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Calendar - 21 – 27 Nov 2015.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=abpmmcdejmgfbkoaficklhbbgnggpema
ShortcutWithArgument: C:\Users\kelvinhanratty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Todoist for Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  
ShortcutWithArgument: C:\Users\kelvinhanratty\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Calendar - 21 – 27 Nov 2015.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=abpmmcdejmgfbkoaficklhbbgnggpema
 
==================== Loaded Modules (Whitelisted) ==============
 
2014-01-10 15:11 - 2016-12-29 12:44 - 00134712 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2017-03-01 10:43 - 2017-03-01 10:43 - 00727320 _____ () c:\program files\bullguard ltd\bullguard\SQLite.dll
2017-03-01 10:43 - 2017-03-01 10:43 - 00084248 _____ () c:\program files\bullguard ltd\bullguard\zlib1.dll
2017-03-01 10:43 - 2017-03-01 10:43 - 00644888 _____ () c:\program files\bullguard ltd\bullguard\LibXml2.dll
2017-03-01 10:43 - 2017-03-01 10:43 - 00644888 _____ () C:\Program Files\BullGuard Ltd\BullGuard\LibXml2.dll
2017-03-01 10:43 - 2017-03-01 10:43 - 00064792 _____ () C:\Program Files\BullGuard Ltd\BullGuard\LIBBZ2.dll
2017-03-01 10:43 - 2017-03-01 10:43 - 00084248 _____ () C:\Program Files\BullGuard Ltd\BullGuard\zlib1.dll
2013-01-16 13:25 - 2011-12-09 10:15 - 00252432 _____ () C:\Program Files (x86)\MSI\OTPService\OTPService.exe
2017-01-25 19:19 - 2017-03-03 17:24 - 02264352 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll
2017-01-25 19:19 - 2017-03-03 17:24 - 02264528 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2017-02-02 12:55 - 2017-01-29 13:55 - 08930504 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2013-11-14 21:32 - 2013-11-14 21:32 - 00821600 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe
2010-01-02 14:42 - 2010-01-02 14:42 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2017-02-06 20:30 - 2017-02-01 09:47 - 02459992 _____ () C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\libglesv2.dll
2017-02-06 20:30 - 2017-02-01 09:47 - 00099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\libegl.dll
2016-12-16 20:03 - 2016-12-16 20:03 - 00054488 _____ () C:\Program Files\CCleaner\branding.dll
2013-08-07 19:25 - 2013-08-07 19:25 - 00093696 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll
2013-10-17 15:40 - 2013-10-17 15:40 - 00031080 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\DbAccess.dll
2013-11-14 21:31 - 2013-11-14 21:31 - 00607376 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\sqlite3.dll
2013-10-17 15:40 - 2013-10-17 15:40 - 00044392 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\NAdvLog.dll
2013-10-17 15:40 - 2013-10-17 15:40 - 00036216 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\NFileCacheDBAccess.dll
2013-10-17 15:40 - 2013-10-17 15:40 - 00080248 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\ninstallerhelper.dll
2013-10-17 15:42 - 2013-10-17 15:42 - 00129376 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\zlib1.dll
2013-11-14 21:34 - 2013-11-14 21:34 - 00223592 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\DevConnMon.dll
2016-05-12 05:49 - 2016-05-12 05:49 - 00172032 _____ () C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\IsdiInterop\c1f17d528a3d64660628517be5ee379c\IsdiInterop.ni.dll
2013-01-16 13:24 - 2011-11-29 20:00 - 00059392 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2014-03-23 16:04 - 2014-03-23 16:04 - 00557056 _____ () C:\Program Files (x86)\Trusteer\Rapport\bin\js32.dll
2017-03-19 22:38 - 2017-03-19 22:38 - 00098816 ____R () C:\Users\kelvinhanratty\AppData\Local\Temp\_MEI80442\win32api.pyd
2017-03-19 22:38 - 2017-03-19 22:38 - 00110080 ____R () C:\Users\kelvinhanratty\AppData\Local\Temp\_MEI80442\pywintypes27.dll
2017-03-19 22:38 - 2017-03-19 22:38 - 00364544 ____R () C:\Users\kelvinhanratty\AppData\Local\Temp\_MEI80442\pythoncom27.dll
2017-03-19 22:38 - 2017-03-19 22:38 - 00320512 ____R () C:\Users\kelvinhanratty\AppData\Local\Temp\_MEI80442\win32com.shell.shell.pyd
2017-03-19 22:38 - 2017-03-19 22:38 - 00914432 ____R () C:\Users\kelvinhanratty\AppData\Local\Temp\_MEI80442\_hashlib.pyd
2017-03-19 22:38 - 2017-03-19 22:38 - 01176576 ____R () C:\Users\kelvinhanratty\AppData\Local\Temp\_MEI80442\wx._core_.pyd
2017-03-19 22:38 - 2017-03-19 22:38 - 00806400 ____R () C:\Users\kelvinhanratty\AppData\Local\Temp\_MEI80442\wx._gdi_.pyd
2017-03-19 22:38 - 2017-03-19 22:38 - 00816128 ____R () C:\Users\kelvinhanratty\AppData\Local\Temp\_MEI80442\wx._windows_.pyd
2017-03-19 22:38 - 2017-03-19 22:38 - 01067008 ____R () C:\Users\kelvinhanratty\AppData\Local\Temp\_MEI80442\wx._controls_.pyd
2017-03-19 22:38 - 2017-03-19 22:38 - 00733184 ____R () C:\Users\kelvinhanratty\AppData\Local\Temp\_MEI80442\wx._misc_.pyd
2017-03-19 22:38 - 2017-03-19 22:38 - 00682496 ____R () C:\Users\kelvinhanratty\AppData\Local\Temp\_MEI80442\pysqlite2._sqlite.pyd
2017-03-19 22:38 - 2017-03-19 22:38 - 00088064 ____R () C:\Users\kelvinhanratty\AppData\Local\Temp\_MEI80442\_ctypes.pyd
2017-03-19 22:38 - 2017-03-19 22:38 - 00686080 ____R () C:\Users\kelvinhanratty\AppData\Local\Temp\_MEI80442\unicodedata.pyd
2017-03-19 22:38 - 2017-03-19 22:38 - 00119808 ____R () C:\Users\kelvinhanratty\AppData\Local\Temp\_MEI80442\win32file.pyd
2017-03-19 22:38 - 2017-03-19 22:38 - 00108544 ____R () C:\Users\kelvinhanratty\AppData\Local\Temp\_MEI80442\win32security.pyd
2017-03-19 22:38 - 2017-03-19 22:38 - 00007168 ____R () C:\Users\kelvinhanratty\AppData\Local\Temp\_MEI80442\hashobjs_ext.pyd
2017-03-19 22:38 - 2017-03-19 22:38 - 00017920 ____R () C:\Users\kelvinhanratty\AppData\Local\Temp\_MEI80442\thumbnails_ext.pyd
2017-03-19 22:38 - 2017-03-19 22:38 - 00088064 ____R () C:\Users\kelvinhanratty\AppData\Local\Temp\_MEI80442\usb_ext.pyd
2017-03-19 22:38 - 2017-03-19 22:38 - 00012800 ____R () C:\Users\kelvinhanratty\AppData\Local\Temp\_MEI80442\common.time34.pyd
2017-03-19 22:38 - 2017-03-19 22:38 - 00018432 ____R () C:\Users\kelvinhanratty\AppData\Local\Temp\_MEI80442\win32event.pyd
2017-03-19 22:38 - 2017-03-19 22:38 - 00167936 ____R () C:\Users\kelvinhanratty\AppData\Local\Temp\_MEI80442\win32gui.pyd
2017-03-19 22:38 - 2017-03-19 22:38 - 00046080 ____R () C:\Users\kelvinhanratty\AppData\Local\Temp\_MEI80442\_socket.pyd
2017-03-19 22:38 - 2017-03-19 22:38 - 01303552 ____R () C:\Users\kelvinhanratty\AppData\Local\Temp\_MEI80442\_ssl.pyd
2017-03-19 22:38 - 2017-03-19 22:38 - 00128512 ____R () C:\Users\kelvinhanratty\AppData\Local\Temp\_MEI80442\_elementtree.pyd
2017-03-19 22:38 - 2017-03-19 22:38 - 00127488 ____R () C:\Users\kelvinhanratty\AppData\Local\Temp\_MEI80442\pyexpat.pyd
2017-03-19 22:38 - 2017-03-19 22:38 - 00038912 ____R () C:\Users\kelvinhanratty\AppData\Local\Temp\_MEI80442\win32inet.pyd
2017-03-19 22:38 - 2017-03-19 22:38 - 00036864 ____R () C:\Users\kelvinhanratty\AppData\Local\Temp\_MEI80442\_psutil_windows.pyd
2017-03-19 22:38 - 2017-03-19 22:38 - 00524248 ____R () C:\Users\kelvinhanratty\AppData\Local\Temp\_MEI80442\windows._lib_cacheinvalidation.pyd
2017-03-19 22:38 - 2017-03-19 22:38 - 00011264 ____R () C:\Users\kelvinhanratty\AppData\Local\Temp\_MEI80442\win32crypt.pyd
2017-03-19 22:38 - 2017-03-19 22:38 - 00123392 ____R () C:\Users\kelvinhanratty\AppData\Local\Temp\_MEI80442\wx._wizard.pyd
2017-03-19 22:38 - 2017-03-19 22:38 - 00077312 ____R () C:\Users\kelvinhanratty\AppData\Local\Temp\_MEI80442\wx._html2.pyd
2017-03-19 22:38 - 2017-03-19 22:38 - 00027648 ____R () C:\Users\kelvinhanratty\AppData\Local\Temp\_MEI80442\_multiprocessing.pyd
2017-03-19 22:38 - 2017-03-19 22:38 - 00020480 ____R () C:\Users\kelvinhanratty\AppData\Local\Temp\_MEI80442\_yappi.pyd
2017-03-19 22:38 - 2017-03-19 22:38 - 00035840 ____R () C:\Users\kelvinhanratty\AppData\Local\Temp\_MEI80442\win32process.pyd
2017-03-19 22:38 - 2017-03-19 22:38 - 00078848 ____R () C:\Users\kelvinhanratty\AppData\Local\Temp\_MEI80442\wx._animate.pyd
2017-03-19 22:38 - 2017-03-19 22:38 - 00024064 ____R () C:\Users\kelvinhanratty\AppData\Local\Temp\_MEI80442\win32pipe.pyd
2017-03-19 22:38 - 2017-03-19 22:38 - 00010240 ____R () C:\Users\kelvinhanratty\AppData\Local\Temp\_MEI80442\select.pyd
2017-03-19 22:38 - 2017-03-19 22:38 - 00025600 ____R () C:\Users\kelvinhanratty\AppData\Local\Temp\_MEI80442\win32pdh.pyd
2017-03-19 22:38 - 2017-03-19 22:38 - 00017408 ____R () C:\Users\kelvinhanratty\AppData\Local\Temp\_MEI80442\win32profile.pyd
2017-03-19 22:38 - 2017-03-19 22:38 - 00022528 ____R () C:\Users\kelvinhanratty\AppData\Local\Temp\_MEI80442\win32ts.pyd
2017-03-01 17:30 - 2017-03-01 17:30 - 39821912 _____ () C:\Program Files (x86)\Opera\43.0.2442.1144\opera_browser.dll
2017-03-01 17:30 - 2017-03-01 17:30 - 45842008 _____ () C:\Program Files (x86)\Opera\43.0.2442.1144\opera_child.dll
2017-03-01 17:30 - 2017-03-01 17:30 - 01930328 _____ () C:\Program Files (x86)\Opera\43.0.2442.1144\libglesv2.dll
2017-03-01 17:30 - 2017-03-01 17:30 - 00087640 _____ () C:\Program Files (x86)\Opera\43.0.2442.1144\libegl.dll
2015-11-12 21:30 - 2015-04-30 20:21 - 00011362 _____ () C:\Program Files (x86)\Evernote\Skitch\mingwm10.dll
2015-11-12 21:30 - 2015-04-30 20:21 - 00043008 _____ () C:\Program Files (x86)\Evernote\Skitch\libgcc_s_dw2-1.dll
2016-06-01 14:17 - 2016-06-01 14:17 - 00144832 _____ () C:\Program Files (x86)\VideoLAN\VLC\libvlc.dll
2016-06-01 14:19 - 2016-06-01 14:19 - 02632640 _____ () C:\Program Files (x86)\VideoLAN\VLC\libvlccore.dll
2016-06-01 14:18 - 2016-06-01 14:18 - 00554944 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libdshow_plugin.dll
2016-06-01 14:19 - 2016-06-01 14:19 - 00041920 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_output\libdirectsound_plugin.dll
2016-06-01 14:19 - 2016-06-01 14:19 - 00039872 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_output\libwaveout_plugin.dll
2016-06-01 14:18 - 2016-06-01 14:18 - 00086464 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\video_output\libdirect3d_plugin.dll
2016-06-01 14:18 - 2016-06-01 14:18 - 00078272 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\video_output\libdirectdraw_plugin.dll
2016-06-01 14:18 - 2016-06-01 14:18 - 02231744 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\access\liblibbluray_plugin.dll
2016-06-01 14:18 - 2016-06-01 14:18 - 00114112 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libaccess_bd_plugin.dll
2016-06-01 14:18 - 2016-06-01 14:18 - 00245184 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libdvdnav_plugin.dll
2016-06-01 14:18 - 2016-06-01 14:18 - 00089536 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libvdr_plugin.dll
2016-06-01 14:18 - 2016-06-01 14:18 - 00055744 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libfilesystem_plugin.dll
2016-06-01 14:18 - 2016-06-01 14:18 - 00072128 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\stream_filter\libsmooth_plugin.dll
2016-06-01 14:18 - 2016-06-01 14:18 - 00598976 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\stream_filter\libhttplive_plugin.dll
2016-06-01 14:18 - 2016-06-01 14:18 - 00771520 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\stream_filter\libdash_plugin.dll
2016-06-01 14:18 - 2016-06-01 14:18 - 00131520 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libzip_plugin.dll
2016-06-01 14:18 - 2016-06-01 14:18 - 00052672 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\access\librar_plugin.dll
2016-06-01 14:18 - 2016-06-01 14:18 - 00023488 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\stream_filter\librecord_plugin.dll
2016-06-01 14:18 - 2016-06-01 14:18 - 00145856 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libplaylist_plugin.dll
2016-06-01 14:18 - 2016-06-01 14:18 - 01566656 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\meta_engine\libtaglib_plugin.dll
2016-06-01 14:19 - 2016-06-01 14:19 - 00334784 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\lua\liblua_plugin.dll
2016-06-01 14:18 - 2016-06-01 14:18 - 01265600 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\misc\libxml_plugin.dll
2016-06-01 14:19 - 2016-06-01 14:19 - 00024512 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\control\libwin_msg_plugin.dll
2016-06-01 14:19 - 2016-06-01 14:19 - 00069568 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\control\libhotkeys_plugin.dll
2016-06-01 14:18 - 2016-06-01 14:18 - 00036800 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libes_plugin.dll
2016-06-01 14:19 - 2016-06-01 14:19 - 00048576 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\control\libwin_hotkeys_plugin.dll
2016-06-01 14:19 - 2016-06-01 14:19 - 00344512 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libtheora_plugin.dll
2016-06-01 14:19 - 2016-06-01 14:19 - 12001728 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\gui\libqt4_plugin.dll
2016-06-01 14:19 - 2016-06-01 14:19 - 00024512 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\librawvideo_plugin.dll
2016-06-01 14:19 - 2016-06-01 14:19 - 00157632 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libspeex_plugin.dll
2016-06-01 14:18 - 2016-06-01 14:18 - 00127936 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libhttp_plugin.dll
2016-06-01 14:19 - 2016-06-01 14:19 - 00754624 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libvorbis_plugin.dll
2016-06-01 14:18 - 2016-06-01 14:18 - 00681408 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\services_discovery\libupnp_plugin.dll
2016-06-01 14:19 - 2016-06-01 14:19 - 00024512 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libaes3_plugin.dll
2016-06-01 14:18 - 2016-06-01 14:18 - 00137152 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\services_discovery\libsap_plugin.dll
2016-06-01 14:19 - 2016-06-01 14:19 - 00031680 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\liblpcm_plugin.dll
2016-06-01 14:18 - 2016-06-01 14:18 - 00030144 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\services_discovery\libpodcast_plugin.dll
2016-06-01 14:19 - 2016-06-01 14:19 - 00089024 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\packetizer\libpacketizer_h264_plugin.dll
2016-06-01 14:18 - 2016-06-01 14:18 - 00026560 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\services_discovery\libmediadirs_plugin.dll
2016-06-01 14:19 - 2016-06-01 14:19 - 00032192 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\packetizer\libpacketizer_flac_plugin.dll
2016-06-01 14:19 - 2016-06-01 14:19 - 00040384 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\packetizer\libpacketizer_dirac_plugin.dll
2016-06-01 14:18 - 2016-06-01 14:18 - 00023488 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\services_discovery\libwindrive_plugin.dll
2016-06-01 14:19 - 2016-06-01 14:19 - 00030144 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\packetizer\libpacketizer_mlp_plugin.dll
2016-06-01 14:19 - 2016-06-01 14:19 - 00078272 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\packetizer\libpacketizer_mpeg4audio_plugin.dll
2016-06-01 14:19 - 2016-06-01 14:19 - 00044992 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\packetizer\libpacketizer_vc1_plugin.dll
2016-06-01 14:18 - 2016-06-01 14:18 - 00242624 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libmp4_plugin.dll
2016-06-01 14:19 - 2016-06-01 14:19 - 00026048 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libsvcdsub_plugin.dll
2016-06-01 14:18 - 2016-06-01 14:18 - 00046528 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\meta_engine\libfolder_plugin.dll
2016-06-01 14:18 - 2016-06-01 14:18 - 00108992 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libavi_plugin.dll
2016-06-01 14:19 - 2016-06-01 14:19 - 00028608 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libspudec_plugin.dll
2016-06-01 14:18 - 2016-06-01 14:18 - 00096704 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libasf_plugin.dll
2016-06-01 14:19 - 2016-06-01 14:19 - 00035264 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\packetizer\libpacketizer_mpeg4video_plugin.dll
2016-06-01 14:18 - 2016-06-01 14:18 - 00091584 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libflacsys_plugin.dll
2016-06-01 14:19 - 2016-06-01 14:19 - 00037312 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\packetizer\libpacketizer_mpegvideo_plugin.dll
2016-06-01 14:19 - 2016-06-01 14:19 - 00028096 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libcvdsub_plugin.dll
2016-06-01 14:19 - 2016-06-01 14:19 - 00025536 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\packetizer\libpacketizer_hevc_plugin.dll
2016-06-01 14:19 - 2016-06-01 14:19 - 14929344 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libavcodec_plugin.dll
2016-06-01 14:19 - 2016-06-01 14:19 - 00028096 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libmpeg_audio_plugin.dll
2016-06-01 14:19 - 2016-06-01 14:19 - 00261056 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libjpeg_plugin.dll
2016-06-01 14:19 - 2016-06-01 14:19 - 00027072 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libcdg_plugin.dll
2016-06-01 14:19 - 2016-06-01 14:19 - 00298944 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libpng_plugin.dll
2016-06-01 14:19 - 2016-06-01 14:19 - 01291200 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libschroedinger_plugin.dll
2016-06-01 14:19 - 2016-06-01 14:19 - 00028608 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libdts_plugin.dll
2016-06-01 14:19 - 2016-06-01 14:19 - 00036800 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libaraw_plugin.dll
2016-06-01 14:19 - 2016-06-01 14:19 - 00052160 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libsubstx3g_plugin.dll
2016-06-01 14:19 - 2016-06-01 14:19 - 00456128 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libflac_plugin.dll
2016-06-01 14:19 - 2016-06-01 14:19 - 00035776 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libg711_plugin.dll
2016-06-01 14:19 - 2016-06-01 14:19 - 02680768 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\liblibass_plugin.dll
2016-06-01 14:19 - 2016-06-01 14:19 - 00356288 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libfaad_plugin.dll
2016-06-01 14:19 - 2016-06-01 14:19 - 00028096 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\liba52_plugin.dll
2016-06-01 14:19 - 2016-06-01 14:19 - 00022464 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_mixer\libfloat_mixer_plugin.dll
2016-06-01 14:18 - 2016-06-01 14:18 - 00027072 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libscaletempo_plugin.dll
2016-06-01 14:18 - 2016-06-01 14:18 - 00140224 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libmpgatofixed32_plugin.dll
2016-06-01 14:18 - 2016-06-01 14:18 - 00176576 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libdtstofloat32_plugin.dll
2016-06-01 14:18 - 2016-06-01 14:18 - 00067520 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\liba52tofloat32_plugin.dll
2016-06-01 14:18 - 2016-06-01 14:18 - 01504704 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libsamplerate_plugin.dll
2016-06-01 14:18 - 2016-06-01 14:18 - 00028096 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libsimple_channel_mixer_plugin.dll
2016-06-01 14:18 - 2016-06-01 14:18 - 00022464 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\liba52tospdif_plugin.dll
2016-06-01 14:18 - 2016-06-01 14:18 - 00022976 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libdtstospdif_plugin.dll
2016-06-01 14:18 - 2016-06-01 14:18 - 00029632 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libdolby_surround_decoder_plugin.dll
2016-06-01 14:18 - 2016-06-01 14:18 - 00022464 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libugly_resampler_plugin.dll
2016-06-01 14:18 - 2016-06-01 14:18 - 00024512 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libtrivial_channel_mixer_plugin.dll
2016-06-01 14:18 - 2016-06-01 14:18 - 00034240 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libaudio_format_plugin.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2012-07-26 05:26 - 2013-08-27 01:34 - 00000851 ____A C:\WINDOWS\system32\Drivers\etc\hosts
 
127.0.0.1       localhost
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3941133293-2002617813-2197103628-1002\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^StartUp^Install LastPass FF RunOnce.lnk => C:\WINDOWS\pss\Install LastPass FF RunOnce.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^StartUp^Install LastPass IE RunOnce.lnk => C:\WINDOWS\pss\Install LastPass IE RunOnce.lnk.CommonStartup
MSCONFIG\startupreg: FeedDemon => "C:\Program Files (x86)\FeedDemon\FeedDemon.exe" /startminimized
MSCONFIG\startupreg: Skitch => C:\Program Files (x86)\Evernote\Skitch\Skitch.exe -start-on-hide
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKLM\...\StartupApproved\Run32: => "APSDaemon"
HKLM\...\StartupApproved\Run32: => "QuickTime Task"
HKU\S-1-5-21-3941133293-2002617813-2197103628-1002\...\StartupApproved\StartupFolder: => "EvernoteTray.lnk"
HKU\S-1-5-21-3941133293-2002617813-2197103628-1002\...\StartupApproved\StartupFolder: => "Dropbox.lnk"
HKU\S-1-5-21-3941133293-2002617813-2197103628-1002\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-3941133293-2002617813-2197103628-1002\...\StartupApproved\Run: => "GoogleDriveSync"
HKU\S-1-5-21-3941133293-2002617813-2197103628-1002\...\StartupApproved\Run: => "Yontoo Desktop"
HKU\S-1-5-21-3941133293-2002617813-2197103628-1002\...\StartupApproved\Run: => "Skitch"
HKU\S-1-5-21-3941133293-2002617813-2197103628-1002\...\StartupApproved\Run: => "SkyDrive"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{075731E6-A4A6-4D86-9177-D38A25226104}] => (Allow) C:\Users\kelvinhanratty\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
FirewallRules: [{3F020C3E-CEC0-4573-8973-D5158E7A9739}] => (Allow) C:\Users\kelvinhanratty\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
FirewallRules: [{2DFF83DD-25B8-4888-978B-43B118826D9A}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [UDP Query User{CBDBD5E7-1F03-46FD-9275-CDC6D95B75C1}C:\users\kelvinhanratty\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\kelvinhanratty\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [TCP Query User{BB8B77BE-A81D-4D8A-B405-CC84D1657BAA}C:\users\kelvinhanratty\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\kelvinhanratty\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{38E62565-7F12-4D0A-A791-035B85884A92}C:\users\kelvinhanratty\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\kelvinhanratty\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{DE1AE133-CE59-4DEA-83B5-2C7C383BE5BA}C:\users\kelvinhanratty\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\kelvinhanratty\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{FFE8DD3A-09A5-4B5A-873C-9705A419AF7C}C:\users\kelvinhanratty\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\kelvinhanratty\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{09E3E87D-5BF2-47DF-8E1E-07A907723682}C:\users\kelvinhanratty\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\kelvinhanratty\appdata\roaming\spotify\spotify.exe
FirewallRules: [{CA6F5DA7-0638-4864-89CF-7C915CDB8105}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{A8602057-0DDD-4F17-9AE3-CB80B0661654}] => (Allow) LPort=1900
FirewallRules: [{C90C8F1A-9088-4C32-9B3C-8747133E9B07}] => (Allow) LPort=2869
FirewallRules: [{D752CB7E-8855-4482-8190-2194D7503CE6}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{97ED00EB-B79A-4C14-9ABD-5468596218AE}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [{55A89666-E712-449E-B285-A7DF174F50AC}] => (Allow) C:\Users\kelvinhanratty\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{28396186-C4FE-4757-95F0-C6F27F411E20}] => (Allow) C:\Users\kelvinhanratty\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{C20027AA-B649-4D82-BDAE-788731A7C1C8}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{B52E279D-9D8A-4040-9FCF-96DCE2CDB2B0}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{FC70C859-F37A-4D30-BBA3-BA5C90B1B40F}C:\program files (x86)\videolan\vlc\vlc.exe] => (Allow) C:\program files (x86)\videolan\vlc\vlc.exe
FirewallRules: [UDP Query User{1AA66A10-0569-4DD8-9402-549B1BBA8219}C:\program files (x86)\videolan\vlc\vlc.exe] => (Allow) C:\program files (x86)\videolan\vlc\vlc.exe
FirewallRules: [TCP Query User{C6F9CCC8-195E-4DBD-9F09-91B34BFF0F2D}C:\users\kelvinhanratty\appdata\local\popcorn time\nw.exe] => (Allow) C:\users\kelvinhanratty\appdata\local\popcorn time\nw.exe
FirewallRules: [UDP Query User{4F163C74-053A-4F1B-9D21-5C4B7BD0EC0E}C:\users\kelvinhanratty\appdata\local\popcorn time\nw.exe] => (Allow) C:\users\kelvinhanratty\appdata\local\popcorn time\nw.exe
FirewallRules: [{FD872EF6-1270-4041-B6A3-49FD6D9825FC}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{4EE67055-C2B0-4FC4-83CA-6F46E56B282F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{ADEE4656-7004-4A54-B06E-9158FC584DB0}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe
FirewallRules: [UDP Query User{2646081B-A72A-465C-A705-9819B478E2D5}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe
FirewallRules: [{8B1C821E-4DD9-4ECE-A5A1-416FD7C7F199}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{1D622C98-AB9B-4B4E-9A74-CE519314B68C}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{AF265424-85AE-460C-A504-CE3547BD80D7}] => (Allow) C:\Program Files (x86)\Opera\43.0.2442.991\opera.exe
FirewallRules: [{6FCF6C57-711F-4502-B165-8C48D9568F64}] => (Allow) C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe
 
==================== Restore Points =========================
 
21-03-2017 05:06:32 Windows Update
 
==================== Faulty Device Manager Devices =============
 
Name: Unknown USB Device (Device Descriptor Request Failed)
Description: Unknown USB Device (Device Descriptor Request Failed)
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service: 
Problem: : Windows has stopped this device because it has reported problems. (Code 43)
Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation. 
 
Name: Realtek High Definition Audio
Description: Realtek High Definition Audio
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: Realtek
Service: IntcAzAudAddService
Problem: : Windows cannot load the device driver for this hardware. The driver may be corrupted or missing. (Code 39)
Resolution: Reasons for this error include a driver that is not present; a binary file that is corrupt; a file I/O problem, or a driver that references an entry point in another binary file that could not be loaded.
Uninstall the driver, and then click "Scan for hardware changes" to reinstall or upgrade the driver.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (03/21/2017 11:11:42 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
Description: Windows cannot load classes registry file.
 DETAIL - The configuration registry database is corrupt.
 
Error: (03/21/2017 11:11:42 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1508) (User: NT AUTHORITY)
Description: Windows was unable to load the registry. This problem is often caused by insufficient memory or insufficient security rights. 
 
 DETAIL - The configuration registry database is corrupt.
 for C:\Users\kelvinhanratty\AppData\Local\Microsoft\Windows\\UsrClass.dat
 
Error: (03/21/2017 11:11:42 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
Description: Windows cannot load classes registry file.
 DETAIL - The configuration registry database is corrupt.
 
Error: (03/21/2017 11:11:42 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1508) (User: NT AUTHORITY)
Description: Windows was unable to load the registry. This problem is often caused by insufficient memory or insufficient security rights. 
 
 DETAIL - The configuration registry database is corrupt.
 for C:\Users\kelvinhanratty\AppData\Local\Microsoft\Windows\\UsrClass.dat
 
Error: (03/21/2017 11:10:53 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
Description: Windows cannot load classes registry file.
 DETAIL - The configuration registry database is corrupt.
 
Error: (03/21/2017 11:10:53 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1508) (User: NT AUTHORITY)
Description: Windows was unable to load the registry. This problem is often caused by insufficient memory or insufficient security rights. 
 
 DETAIL - The configuration registry database is corrupt.
 for C:\Users\kelvinhanratty\AppData\Local\Microsoft\Windows\\UsrClass.dat
 
Error: (03/21/2017 11:10:53 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
Description: Windows cannot load classes registry file.
 DETAIL - The configuration registry database is corrupt.
 
Error: (03/21/2017 11:10:53 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1508) (User: NT AUTHORITY)
Description: Windows was unable to load the registry. This problem is often caused by insufficient memory or insufficient security rights. 
 
 DETAIL - The configuration registry database is corrupt.
 for C:\Users\kelvinhanratty\AppData\Local\Microsoft\Windows\\UsrClass.dat
 
Error: (03/21/2017 10:58:19 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: KELVIN_MAIN_I7)
Description: Activation of application windows.immersivecontrolpanel_cw5n1h2txyewy!microsoft.windows.immersivecontrolpanel failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (03/21/2017 10:25:48 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
Description: Windows cannot load classes registry file.
 DETAIL - The configuration registry database is corrupt.
 
 
System errors:
=============
Error: (03/21/2017 05:08:00 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070002: AMZNMobileLLC.KindleforWindows8.
 
Error: (03/21/2017 05:08:00 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070002: Microsoft.BingFinance.
 
Error: (03/21/2017 05:07:19 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070002: Microsoft.WindowsReadingList.
 
Error: (03/21/2017 05:07:19 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070002: Microsoft.BingTravel.
 
Error: (03/21/2017 05:07:19 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070002: Microsoft.Reader.
 
Error: (03/21/2017 05:07:19 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070002: Microsoft.BingFinance.
 
Error: (03/21/2017 05:07:19 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070002: Microsoft.HelpAndTips.
 
Error: (03/21/2017 05:07:16 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070002: Microsoft.BingFinance.
 
Error: (03/21/2017 05:07:16 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070002: Microsoft.BingMaps.
 
Error: (03/21/2017 05:07:12 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070002: Microsoft.WindowsScan.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-3770K CPU @ 3.50GHz
Percentage of memory in use: 98%
Total physical RAM: 16328.84 MB
Available physical RAM: 323 MB
Total Virtual: 32657.67 MB
Available Virtual: 8425.37 MB
 
==================== Drives ================================
 
Drive a: (Windows8) (Network) (Total:92.26 GB) (Free:24.26 GB) NTFS
Drive c: (Windows8) (Fixed) (Total:92.26 GB) (Free:24.26 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (WinRE) (Fixed) (Total:19.53 GB) (Free:19.39 GB) NTFS
Drive j: (RED POETRY) (Removable) (Total:7.45 GB) (Free:4.24 GB) FAT32
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: 5E62EB16)
Partition 1: (Not Active) - (Size=19.5 GB) - (Type=07 NTFS)
Partition 2: (Active) - (Size=92.3 GB) - (Type=07 NTFS)
 
========================================================
Disk: 2 (Size: 1920 KB) (Disk ID: 00000000)
 
Partition: GPT.
 
========================================================
Disk: 5 (Size: 7.5 GB) (Disk ID: 00000000)
 
Partition: GPT.
 
==================== End of Addition.txt ============================

Edited by Chris Cosgrove, 21 March 2017 - 07:13 PM.
Moved from Win 8/8.1 to Virus, trojan, etc. logs


BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,140 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:00 AM

Posted 22 March 2017 - 08:00 PM

Greetings kelvinhanratty and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. Please allow me just a bit of time to review what you have posted.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 kelvinhanratty

kelvinhanratty
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:05:00 PM

Posted 23 March 2017 - 06:28 AM

Thank you so much, I understand that you are busy and really appreciate the time and effort you're able to devote to this thread and helping me with my computer issue. Interestingly, MalwareBytes came up with a malware warning in its next scan after running FRST - screenshot attached.

 

Malwarebytes
www.malwarebytes.com
 
-Log Details-
Scan Date: 3/22/17
Scan Time: 2:20 AM
Logfile: MalwareBytes-adware-yontoo.txt
Administrator: Yes
 
-Software Information-
Version: 3.0.6.1469
Components Version: 1.0.75
Update Package Version: 1.0.1563
License: Premium
 
-System Information-
OS: Windows 8.1
CPU: x64
File System: NTFS
User: System
 
-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 454892
Time Elapsed: 6 min, 19 sec
 
-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
-Scan Details-
Process: 0
(No malicious items detected)
 
Module: 0
(No malicious items detected)
 
Registry Key: 1
Adware.Yontoo, HKLM\SOFTWARE\Tarma Installer, No Action By User, [2368], [382206],1.0.1563
 
Registry Value: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Data Stream: 0
(No malicious items detected)
 
Folder: 0
(No malicious items detected)
 
File: 2
Adware.Yontoo, C:\PROGRAMDATA\NTUSER.POL, No Action By User, [2368], [-1],0.0.0
Adware.Yontoo, C:\WINDOWS\SYSTEM32\GROUPPOLICY\MACHINE\REGISTRY.POL, No Action By User, [2368], [-1],0.0.0
 
Physical Sector: 0
(No malicious items detected)
 
 
(end)

Attached Files


Edited by kelvinhanratty, 23 March 2017 - 06:29 AM.


#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,140 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:00 AM

Posted 23 March 2017 - 11:38 AM

Thank you for the information. Let's restrict ourselves to the steps I post so that we can stay in sync.

Please do this.

===================================================

Uninstalling a Program using Add/Remove Program

--------------------

I recommend the uninstalling of the below listed program(s). If you desire to keep the program I would ask that you reinstall it following our efforts here.
  • Press windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type appwiz.cpl and press Enter
  • A list of installed programs will be displayed
  • Uninstall the following by clicking on the program(s) below (and any other similar names) and selecting Remove or Uninstall

Popcorn Time

  • Reboot your computer
===================================================

Malwarebytes AdwCleaner

-------------------
  • Please download AdwCleaner and save it on your desktop.
  • Close all open programs and browsers
  • Double click on AdwCleaner.exe, click Run, then select I agree if it appears
  • Click Scan
  • Once the scan has completed if there are threats found you will see Found 3 threats or something similar above the progress bar
  • Click each tab under Results and uncheck any items you want to keep
  • Click on Clean
  • Confirm the cleaning and rebooting of your computer by clicking OK
  • Click OK twice to finish the removal process by automatically rebooting your computer
  • Once completed an AdwCleaner document will open on your desktop
  • Copy and paste the contents in your reply
===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Boot your computer into Safe Mode
  • Press the Windows Key + R on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it as fixlist.txt in the same location/folder as FRST.exe (<<<Important)
CloseProcesses:
GroupPolicy: Restriction <======= ATTENTION
SearchScopes: HKU\S-1-5-21-3941133293-2002617813-2197103628-1002 -> DefaultScope {58C42BA0-BBC6-4BCF-86E4-2D742DF462F9} URL = 
SearchScopes: HKU\S-1-5-21-3941133293-2002617813-2197103628-1002 -> {58C42BA0-BBC6-4BCF-86E4-2D742DF462F9} URL = 
2017-03-21 10:25 - 2017-03-21 10:25 - 00525079 _____ C:\Users\VlWX\derive-aristotle-under.xlsx
2017-03-21 10:25 - 2017-03-21 10:25 - 00522750 _____ C:\Users\Akxrbn\someone_formerly.xlsx
2017-03-21 10:25 - 2017-03-21 10:25 - 00214964 _____ C:\Users\Akxrbn\johnniehorizontalmealsastonish.mdb
2017-03-21 10:25 - 2017-03-21 10:25 - 00213137 _____ C:\Users\VlWX\windowgently.mdb
2017-03-21 10:25 - 2017-03-21 10:25 - 00068103 _____ C:\Users\Akxrbn\prohibit_offer_comb.xls
2017-03-21 10:25 - 2017-03-21 10:25 - 00066655 _____ C:\Users\VlWX\individuals-coating-temple-tent.xls
2017-03-21 10:25 - 2017-03-21 10:25 - 00054922 _____ C:\Users\VlWX\surprise-driving-regiment-woodruff.pem
2017-03-21 10:25 - 2017-03-21 10:25 - 00051336 _____ C:\Users\Akxrbn\ovd4yaxag8Cz.pem
2017-03-21 10:25 - 2017-03-21 10:25 - 00030007 _____ C:\Users\VlWX\continuous democracy.txt
2017-03-21 10:25 - 2017-03-21 10:25 - 00025264 _____ C:\Users\Akxrbn\faction civilization.sql
2017-03-21 10:25 - 2017-03-21 10:25 - 00021349 _____ C:\Users\Akxrbn\VWOGRP.txt
2017-03-21 10:25 - 2017-03-21 10:25 - 00018691 _____ C:\Users\VlWX\vacation routine adjacent.sql
2017-03-21 10:25 - 2017-03-21 10:25 - 00000000 __SHD C:\Users\kelvinhanratty\Desktop\ This folder protects against Ransomware. Just leave it here
2017-03-21 10:25 - 2017-03-21 10:25 - 00000000 ___HD C:\Users\VlWX
2017-03-21 10:25 - 2017-03-21 10:25 - 00000000 ___HD C:\Users\Akxrbn
2017-03-21 10:25 - 2017-03-21 10:25 - 00000000 ___DC C:\Xconfig14
2017-03-21 10:25 - 2017-03-21 10:25 - 00000000 ___DC C:\Aoorganized140
Task: {5DF9CBD4-8075-4CA8-AC01-DBB158FF58FF} - \Start Registry Reviver for Kelvin_main_i7@kelvinhanratty(logon) -> No File <==== ATTENTION
  • Right click on FRST.exe, select Run as administrator then press the Fix button
  • When completed he tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Device Cleanup Utility

--------------------
  • Detach all external USB hard drives or external storage devices
  • Download DeviceCleanup.zip and save it to your desktop
  • Unzip the folder to your desktop
  • You will see 2 folders, one named Win32 (for 32 bit) and the other x64 (for 64 bit)
  • Double click on the appropriate folder for your computer
  • Right click on the DriveCleanup.exe icon and select Run as administrator
  • Holding down the Shift key left click on every entry containing USB to highlight them all
  • Click Devices, then Remove selected
  • Reboot your computer
===================================================

Run a fresh FRST scan in Normal Boot and copy/paste both reports in your reply. If necessary use multiple posts.

===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Did Popcorn uninstall?
  • AdwCleaner log
  • Fixlog
  • Drive Cleanup run properly?
  • FRST and Addition logs
  • Update on computer performance

Edited by Oh My!, 26 March 2017 - 07:48 PM.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,140 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:00 AM

Posted 26 March 2017 - 01:45 PM

Greetings,

===================================================

Do You Still Need Help?

It has been 3 days since my last post.
  • Do you still need help with this?
  • If you have not replied within 48 hours I will assume you have abandoned the Topic and it will be closed.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,140 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:00 AM

Posted 28 March 2017 - 07:40 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users