ProblemsRBad

Members
  • Content count

    639
  • Joined

  • Last visited

  • Time Online

    15d 15h 14m 44s

About ProblemsRBad

  • Rank
    Member

Profile Information

  • OS Windows 7

ProblemsRBad's Activity

  1. ProblemsRBad added a post in a topic [RESOLVED] My Win 7 laptop having issues   

    Thanks for your help Broni laptop is not having connection issues anymore. Better now! :)
    • 0
  2. ProblemsRBad added a post in a topic [RESOLVED] My Win 7 laptop having issues   

    All finished, here is the logs:
     
     Results of screen317's Security Check version 1.005  
     Windows 7 Service Pack 1 x64 (UAC is disabled!)  
     Internet Explorer 11  
    ``````````````Antivirus/Firewall Check:``````````````
     Windows Firewall Enabled!  
     Windows Firewall Disabled!  
    Panda Antivirus Pro 2015   
     WMI entry may not exist for antivirus; attempting automatic update.
    `````````Anti-malware/Other Utilities Check:`````````
     Java 8 Update 51  
     Java version 32-bit out of Date!
     Adobe Flash Player 18.0.0.209  
     Mozilla Firefox 38.0.5 Firefox out of Date!  
     Google Chrome (43.0.2357.124)
     Google Chrome (43.0.2357.81)
    ````````Process Check: objlist.exe by Laurent````````  
     Malwarebytes Anti-Malware mbamservice.exe  
     Malwarebytes Anti-Malware mbam.exe  
     Malwarebytes Anti-Exploit mbae-svc.exe   
     Malwarebytes Anti-Malware mbamscheduler.exe   
     Malwarebytes Anti-Exploit mbae64.exe   
     Malwarebytes Anti-Exploit mbae.exe   
    `````````````````System Health check`````````````````
     Total Fragmentation on Drive C: 5%
    ````````````````````End of Log``````````````````````
     
     
    -----------------------------------------------------------------------------------------------------------------------------------------------------------------------
     
    Farbar Service Scanner Version: 17-01-2015
    Ran by Dan (administrator) on 22-07-2015 at 00:40:17
    Running from "C:\Users\Dan\Desktop"
    Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
    Boot Mode: Normal
    ****************************************************************
    Internet Services:
    ============
    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Google.com is accessible.
    Yahoo.com is accessible.

    Windows Firewall:
    =============
    Firewall Disabled Policy:
    ==================

    System Restore:
    ============
    System Restore Policy:
    ========================

    Action Center:
    ============

    Windows Update:
    ============
    Windows Autoupdate Disabled Policy:
    ============================

    Windows Defender:
    ==============
    Other Services:
    ==============

    File Check:
    ========
    C:\Windows\System32\nsisvc.dll => File is digitally signed
    C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
    C:\Windows\System32\dhcpcore.dll => File is digitally signed
    C:\Windows\System32\drivers\afd.sys => File is digitally signed
    C:\Windows\System32\drivers\tdx.sys => File is digitally signed
    C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
    C:\Windows\System32\dnsrslvr.dll => File is digitally signed
    C:\Windows\System32\mpssvc.dll => File is digitally signed
    C:\Windows\System32\bfe.dll => File is digitally signed
    C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
    C:\Windows\System32\SDRSVC.dll => File is digitally signed
    C:\Windows\System32\vssvc.exe => File is digitally signed
    C:\Windows\System32\wscsvc.dll => File is digitally signed
    C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
    C:\Windows\System32\wuaueng.dll => File is digitally signed
    C:\Windows\System32\qmgr.dll => File is digitally signed
    C:\Windows\System32\es.dll => File is digitally signed
    C:\Windows\System32\cryptsvc.dll => File is digitally signed
    C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
    C:\Windows\System32\ipnathlp.dll => File is digitally signed
    C:\Windows\System32\iphlpsvc.dll => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed

    **** End of log ****
     
    ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
     
    2015-02-05 01:16:12.851    Sophos Virus Removal Tool version 2.5.4
    2015-02-05 01:16:12.851    Copyright (c) 2009-2014 Sophos Limited. All rights reserved.
    2015-02-05 01:16:12.851    This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them.
    2015-02-05 01:16:12.851    Windows version 6.1 SP 1.0 Service Pack 1 build 7601 SM=0x300 PT=0x1 WOW64
    2015-02-05 01:16:12.867    Checking for updates...
    2015-02-05 01:16:13.054    Update progress: proxy server not available
    2015-02-05 01:16:13.101    Update error: failed to read remote metadata (error 4)
    Cannot locate server for http://dci.sophosupd.com/update/6/e6/6e6087bca49211c42e89c6017d870664.xml
    2015-02-05 01:16:22.414    Option all = no
    2015-02-05 01:16:22.414    Option recurse = yes
    2015-02-05 01:16:22.414    Option archive = no
    2015-02-05 01:16:22.414    Option service = yes
    2015-02-05 01:16:22.414    Option confirm = yes
    2015-02-05 01:16:22.414    Option sxl = yes
    2015-02-05 01:16:22.414    Option max-data-age = 35
    2015-02-05 01:16:22.414    Option EnableSafeClean = yes
    2015-02-05 01:16:23.568    Option vdl-logging = yes
    2015-02-05 01:16:23.584    Customer ID:    094260ca9b3af99f9d4a3909fc47a743
    2015-02-05 01:16:23.584    Machine ID:    9759d6f9cd9c4eff8f57e5f77e4dc7ea
    2015-02-05 01:16:23.615    Component SVRTcli.exe version 2.5.4
    2015-02-05 01:16:23.615    Component control.dll version 2.5.4
    2015-02-05 01:16:23.615    Component SVRTservice.exe version 2.5.4
    2015-02-05 01:16:23.615    Component engine\osdp.dll version 1.44.1.2183
    2015-02-05 01:16:23.615    Component engine\veex.dll version 3.58.3.2183
    2015-02-05 01:16:23.615    Component engine\savi.dll version 8.1.5.2183
    2015-02-05 01:16:23.615    Component rkdisk.dll version 1.5.30.0
    2015-02-05 01:16:23.631    Version info:    Product version    2.5.4
    2015-02-05 01:16:23.631    Version info:    Detection engine    3.58.3
    2015-02-05 01:16:23.631    Version info:    Detection data    5.10
    2015-02-05 01:16:23.631    Version info:    Build date    1/6/2015
    2015-02-05 01:16:23.631    Version info:    Data files added    342
    2015-02-05 01:16:23.631    Version info:    Last successful update    (not yet updated)
    2015-02-05 01:16:43.958    Couldn't apply option 'SXLLiveProtection' to the detection engine.
    2015-02-05 01:26:18.132    Could not open C:\hiberfil.sys
    2015-02-05 01:26:19.208    Could not open C:\pagefile.sys
    2015-02-05 01:33:12.757    >>> Virus 'Troj/Agent-AJTU' found in file C:\Program Files (x86)\The Sims 4\Game\Bin\rld.dll
    2015-02-05 01:33:12.757    >>> Virus 'Troj/Agent-AJTU' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA
    2015-02-05 01:33:12.757    >>> Virus 'Troj/Agent-AJTU' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA
    2015-02-05 01:33:12.757    >>> Virus 'Troj/Agent-AJTU' found in file HKU\S-1-5-21-3476291681-2796092440-1313146854-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
    2015-02-05 01:33:12.757    >>> Virus 'Troj/Agent-AJTU' found in file HKU\S-1-5-21-3476291681-2796092440-1313146854-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
    2015-02-05 01:33:12.757    >>> Virus 'Troj/Agent-AJTU' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
    2015-02-05 01:33:15.300    >>> Virus 'Mal/Scribble-D' found in file C:\Program Files (x86)\The Sims 4\Game\Bin\TS4.exe
    2015-02-05 01:33:15.300    Disinfection not offered
    2015-02-05 01:37:42.696    Could not open C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-02-05 01:37:42.696    Could not open C:\System Volume Information\{57b416de-ac2c-11e4-b431-701a04d3c446}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-02-05 01:37:42.696    Could not open C:\System Volume Information\{8339a8ed-a89c-11e4-b231-00266c41f5fc}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-02-05 01:37:42.696    Could not open C:\System Volume Information\{8c0326d5-a8d3-11e4-9322-00266c41f5fc}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-02-05 01:37:42.696    Could not open C:\System Volume Information\{8dd292e6-abd6-11e4-94d5-00266c41f5fc}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-02-05 01:37:42.696    Could not open C:\System Volume Information\{c9e81f3d-accc-11e4-b8fb-00266c41f5fc}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-02-05 01:37:42.696    Could not open C:\System Volume Information\{dea885f8-ac8a-11e4-8b79-00266c41f5fc}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-02-05 01:42:33.792    Could not open C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb
    2015-02-05 01:42:33.792    Could not open C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb
    2015-02-05 01:42:38.285    Could not open C:\Windows\System32\config\RegBack\DEFAULT
    2015-02-05 01:42:38.285    Could not open C:\Windows\System32\config\RegBack\SAM
    2015-02-05 01:42:38.285    Could not open C:\Windows\System32\config\RegBack\SECURITY
    2015-02-05 01:42:38.285    Could not open C:\Windows\System32\config\RegBack\SOFTWARE
    2015-02-05 01:42:38.285    Could not open C:\Windows\System32\config\RegBack\SYSTEM
    2015-02-05 01:58:24.583    The following items will be cleaned up:
    2015-02-05 01:58:24.583    Troj/Agent-AJTU
    2015-02-05 01:58:24.583    Mal/Scribble-D
    2015-02-05 02:02:05.886    Threat 'Troj/Agent-AJTU' has been cleaned up.
    2015-02-05 02:02:05.917    File "C:\Program Files (x86)\The Sims 4\Game\Bin\rld.dll" belongs to 'Troj/Agent-AJTU'.
    2015-02-05 02:02:05.917    File "C:\Program Files (x86)\The Sims 4\Game\Bin\rld.dll" has been cleaned up.
    2015-02-05 02:02:05.917    Registry value "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA" belongs to 'Troj/Agent-AJTU'.
    2015-02-05 02:02:05.917    Registry value "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA" has been cleaned up.
    2015-02-05 02:02:05.917    Registry value "HKU\S-1-5-21-3476291681-2796092440-1313146854-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect" belongs to 'Troj/Agent-AJTU'.
    2015-02-05 02:02:05.917    Registry value "HKU\S-1-5-21-3476291681-2796092440-1313146854-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect" has been cleaned up.
    2015-02-05 02:02:05.917    Registry value "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect" belongs to 'Troj/Agent-AJTU'.
    2015-02-05 02:02:05.917    Registry value "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect" has been cleaned up.
    2015-02-05 02:02:05.917    Removal successful
    2015-02-05 02:02:07.633    >>> Virus 'Mal/Scribble-D' found in file C:\Program Files (x86)\The Sims 4\Game\Bin\TS4.exe
    2015-02-05 02:02:07.633    Disinfection not offered
    2015-02-05 02:02:07.633    Disinfection failed [0xa0040208]
    2015-02-05 02:02:07.633    Error: cleanup failed.
    2015-02-05 02:02:07.664    Contents of SafeClean bin directory:
    2015-02-05 02:02:07.680    {
    2015-02-05 02:02:07.680        RecordID   : "0000000000000001",
    2015-02-05 02:02:07.680        ItemType   : "1",
    2015-02-05 02:02:07.680        Location   : "C:\Program Files (x86)\The Sims 4\Game\Bin\",
    2015-02-05 02:02:07.680        FileName   : "rld.dll",
    2015-02-05 02:02:07.680        ThreatName : "Troj/Agent-AJTU",
    2015-02-05 02:02:07.680        Checksum   : "d34825e894a8f8ea44c6436f1f3b640196a19ec6f55362a87c4cadc93c72d377",
    2015-02-05 02:02:07.680        TimeStamp  : "Wed Feb 04 21:02:02 2015"
    2015-02-05 02:02:07.680    }
    2015-02-05 02:02:08.663    Error level 0
    2015-02-05 02:02:15.761    
    ------------------------------------------------------------
    2015-03-26 17:32:33.646    Sophos Virus Removal Tool version 2.5.4
    2015-03-26 17:32:33.646    Copyright (c) 2009-2014 Sophos Limited. All rights reserved.
    2015-03-26 17:32:33.646    This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them.
    2015-03-26 17:32:33.646    Windows version 6.1 SP 1.0 Service Pack 1 build 7601 SM=0x300 PT=0x1 WOW64
    2015-03-26 17:32:33.646    Checking for updates...
    2015-03-26 17:32:33.896    Update progress: proxy server not available
    2015-03-26 17:32:34.036    Update error: failed to read remote metadata (error 4)
    Cannot locate server for http://dci.sophosupd.com/update/6/e6/6e6087bca49211c42e89c6017d870664.xml
    2015-03-26 17:32:55.800    Option all = no
    2015-03-26 17:32:55.800    Option recurse = yes
    2015-03-26 17:32:55.800    Option archive = no
    2015-03-26 17:32:55.800    Option service = yes
    2015-03-26 17:32:55.800    Option confirm = yes
    2015-03-26 17:32:55.800    Option sxl = yes
    2015-03-26 17:32:55.800    Option max-data-age = 35
    2015-03-26 17:32:55.800    Option EnableSafeClean = yes
    2015-03-26 17:32:55.940    Option vdl-logging = yes
    2015-03-26 17:32:55.950    Customer ID:    094260ca9b3af99f9d4a3909fc47a743
    2015-03-26 17:32:55.950    Machine ID:    9759d6f9cd9c4eff8f57e5f77e4dc7ea
    2015-03-26 17:32:55.970    Component SVRTcli.exe version 2.5.4
    2015-03-26 17:32:55.970    Component control.dll version 2.5.4
    2015-03-26 17:32:55.970    Component SVRTservice.exe version 2.5.4
    2015-03-26 17:32:55.970    Component engine\osdp.dll version 1.44.1.2183
    2015-03-26 17:32:55.970    Component engine\veex.dll version 3.58.3.2183
    2015-03-26 17:32:55.970    Component engine\savi.dll version 8.1.5.2183
    2015-03-26 17:32:55.980    Component rkdisk.dll version 1.5.30.0
    2015-03-26 17:32:55.980    Version info:    Product version    2.5.4
    2015-03-26 17:32:55.980    Version info:    Detection engine    3.58.3
    2015-03-26 17:32:55.980    Version info:    Detection data    5.10
    2015-03-26 17:32:55.980    Version info:    Build date    06/01/2015
    2015-03-26 17:32:55.980    Version info:    Data files added    342
    2015-03-26 17:32:55.980    Version info:    Last successful update    (not yet updated)
    2015-03-26 17:37:37.541    Sophos Virus Removal Tool version 2.5.4
    2015-03-26 17:37:37.541    Copyright (c) 2009-2014 Sophos Limited. All rights reserved.
    2015-03-26 17:37:37.541    This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them.
    2015-03-26 17:37:37.541    Windows version 6.1 SP 1.0 Service Pack 1 build 7601 SM=0x300 PT=0x1 WOW64
    2015-03-26 17:37:37.541    Checking for updates...
    2015-03-26 17:37:37.697    Update progress: proxy server not available
    2015-03-26 17:37:52.533    Option all = no
    2015-03-26 17:37:52.533    Option recurse = yes
    2015-03-26 17:37:52.533    Option archive = no
    2015-03-26 17:37:52.533    Option service = yes
    2015-03-26 17:37:52.533    Option confirm = yes
    2015-03-26 17:37:52.533    Option sxl = yes
    2015-03-26 17:37:52.533    Option max-data-age = 35
    2015-03-26 17:37:52.533    Option EnableSafeClean = yes
    2015-03-26 17:37:52.642    Option vdl-logging = yes
    2015-03-26 17:37:52.642    Customer ID:    094260ca9b3af99f9d4a3909fc47a743
    2015-03-26 17:37:52.642    Machine ID:    9759d6f9cd9c4eff8f57e5f77e4dc7ea
    2015-03-26 17:37:52.642    Component SVRTcli.exe version 2.5.4
    2015-03-26 17:37:52.642    Component control.dll version 2.5.4
    2015-03-26 17:37:52.642    Component SVRTservice.exe version 2.5.4
    2015-03-26 17:37:52.642    Component engine\osdp.dll version 1.44.1.2183
    2015-03-26 17:37:52.642    Component engine\veex.dll version 3.58.3.2183
    2015-03-26 17:37:52.642    Component engine\savi.dll version 8.1.5.2183
    2015-03-26 17:37:52.657    Component rkdisk.dll version 1.5.30.0
    2015-03-26 17:37:52.657    Version info:    Product version    2.5.4
    2015-03-26 17:37:52.657    Version info:    Detection engine    3.58.3
    2015-03-26 17:37:52.657    Version info:    Detection data    5.10
    2015-03-26 17:37:52.657    Version info:    Build date    06/01/2015
    2015-03-26 17:37:52.657    Version info:    Data files added    342
    2015-03-26 17:37:52.657    Version info:    Last successful update    (not yet updated)
    2015-03-26 17:38:09.724    Downloading updates...
    2015-03-26 17:38:09.724    Update progress: [I96736] Looking for package C1A903B2-E63E-483b-982D-04BB9C457C60 1.0
    2015-03-26 17:38:09.724    Update progress: [I49502] Found supplement SAVIW32 LATEST
    2015-03-26 17:38:09.724    Update progress: [I49502] Found supplement IDE512 LATEST
    2015-03-26 17:38:09.724    Update progress: [I49502] Found supplement IDE513 LATEST
    2015-03-26 17:38:09.724    Update progress: [I49502] Found supplement IDE514 LATEST
    2015-03-26 17:38:09.724    Update progress: [I49502] Found supplement IDE515 LATEST
    2015-03-26 17:38:09.724    Update progress: [I19463] Syncing product C1A903B2-E63E-483b-982D-04BB9C457C60 1
    2015-03-26 17:38:09.724    Update progress: [I19463] Syncing product SAVIW32 51
    2015-03-26 17:38:12.033    Update progress: [I19463] Syncing product IDE512 166
    2015-03-26 17:38:12.126    Update progress: [I19463] Syncing product IDE513 171
    2015-03-26 17:38:22.578    Update progress: [I19463] Syncing product IDE514 140
    2015-03-26 17:38:29.723    Installing updates...
    2015-03-26 17:38:30.550    Error level 1
    2015-03-26 17:38:30.565    Update progress: [I19463] Syncing product IDE515 1
    2015-03-26 17:38:55.182    Update successful
    2015-03-26 17:39:13.731    Option all = no
    2015-03-26 17:39:13.731    Option recurse = yes
    2015-03-26 17:39:13.731    Option archive = no
    2015-03-26 17:39:13.731    Option service = yes
    2015-03-26 17:39:13.731    Option confirm = yes
    2015-03-26 17:39:13.731    Option sxl = yes
    2015-03-26 17:39:13.731    Option max-data-age = 35
    2015-03-26 17:39:13.731    Option EnableSafeClean = yes
    2015-03-26 17:39:13.778    Option vdl-logging = yes
    2015-03-26 17:39:13.778    Customer ID:    094260ca9b3af99f9d4a3909fc47a743
    2015-03-26 17:39:13.778    Machine ID:    9759d6f9cd9c4eff8f57e5f77e4dc7ea
    2015-03-26 17:39:13.778    Component SVRTcli.exe version 2.5.4
    2015-03-26 17:39:13.778    Component control.dll version 2.5.4
    2015-03-26 17:39:13.778    Component SVRTservice.exe version 2.5.4
    2015-03-26 17:39:13.778    Component engine\osdp.dll version 1.44.1.2183
    2015-03-26 17:39:13.778    Component engine\veex.dll version 3.58.3.2183
    2015-03-26 17:39:13.778    Component engine\savi.dll version 8.1.5.2183
    2015-03-26 17:39:13.778    Component rkdisk.dll version 1.5.30.0
    2015-03-26 17:39:13.778    Version info:    Product version    2.5.4
    2015-03-26 17:39:13.793    Version info:    Detection engine    3.58.3
    2015-03-26 17:39:13.793    Version info:    Detection data    5.11G
    2015-03-26 17:39:13.793    Version info:    Build date    03/02/2015
    2015-03-26 17:39:13.793    Version info:    Data files added    472
    2015-03-26 17:39:13.793    Version info:    Last successful update    26/03/2015 13:38:55
    2015-03-26 17:39:54.587    Contents of SafeClean bin directory:
    2015-03-26 17:39:54.587    {
    2015-03-26 17:39:54.587        RecordID   : "0000000000000001",
    2015-03-26 17:39:54.587        ItemType   : "1",
    2015-03-26 17:39:54.587        Location   : "C:\Program Files (x86)\The Sims 4\Game\Bin\",
    2015-03-26 17:39:54.587        FileName   : "rld.dll",
    2015-03-26 17:39:54.587        ThreatName : "Troj/Agent-AJTU",
    2015-03-26 17:39:54.587        Checksum   : "d34825e894a8f8ea44c6436f1f3b640196a19ec6f55362a87c4cadc93c72d377",
    2015-03-26 17:39:54.587        TimeStamp  : "Wed Feb 04 21:02:02 2015"
    2015-03-26 17:39:54.587    }
    2015-03-26 17:39:54.587    Error level 0
    2015-03-26 17:39:54.587    Scan cancelled by user.
    2015-03-26 17:39:54.587    
    ------------------------------------------------------------
    2015-03-30 19:29:50.369    Sophos Virus Removal Tool version 2.5.4
    2015-03-30 19:29:50.369    Copyright (c) 2009-2014 Sophos Limited. All rights reserved.
    2015-03-30 19:29:50.369    This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them.
    2015-03-30 19:29:50.369    Windows version 6.1 SP 1.0 Service Pack 1 build 7601 SM=0x300 PT=0x1 WOW64
    2015-03-30 19:29:50.369    Checking for updates...
    2015-03-30 19:29:53.192    Update progress: proxy server not available
    2015-03-30 19:30:24.387    Option all = no
    2015-03-30 19:30:24.387    Option recurse = yes
    2015-03-30 19:30:24.387    Option archive = no
    2015-03-30 19:30:24.387    Option service = yes
    2015-03-30 19:30:24.387    Option confirm = yes
    2015-03-30 19:30:24.387    Option sxl = yes
    2015-03-30 19:30:24.387    Option max-data-age = 35
    2015-03-30 19:30:24.387    Option EnableSafeClean = yes
    2015-03-30 19:30:24.465    Option vdl-logging = yes
    2015-03-30 19:30:24.465    Customer ID:    094260ca9b3af99f9d4a3909fc47a743
    2015-03-30 19:30:24.465    Machine ID:    9759d6f9cd9c4eff8f57e5f77e4dc7ea
    2015-03-30 19:30:24.528    Component SVRTcli.exe version 2.5.4
    2015-03-30 19:30:24.528    Component control.dll version 2.5.4
    2015-03-30 19:30:24.528    Component SVRTservice.exe version 2.5.4
    2015-03-30 19:30:24.528    Component engine\osdp.dll version 1.44.1.2183
    2015-03-30 19:30:24.528    Component engine\veex.dll version 3.58.3.2183
    2015-03-30 19:30:24.528    Component engine\savi.dll version 8.1.5.2183
    2015-03-30 19:30:24.574    Component rkdisk.dll version 1.5.30.0
    2015-03-30 19:30:24.574    Version info:    Product version    2.5.4
    2015-03-30 19:30:24.574    Version info:    Detection engine    3.58.3
    2015-03-30 19:30:24.574    Version info:    Detection data    5.11G
    2015-03-30 19:30:24.574    Version info:    Build date    2/3/2015
    2015-03-30 19:30:24.574    Version info:    Data files added    472
    2015-03-30 19:30:24.574    Version info:    Last successful update    3/26/2015 1:38:55 PM
    2015-03-30 19:30:26.883    Downloading updates...
    2015-03-30 19:30:26.883    Update progress: [I96736] Looking for package C1A903B2-E63E-483b-982D-04BB9C457C60 1.0
    2015-03-30 19:30:26.883    Update progress: [I49502] Found supplement SAVIW32 LATEST
    2015-03-30 19:30:26.883    Update progress: [I49502] Found supplement IDE512 LATEST
    2015-03-30 19:30:26.883    Update progress: [I49502] Found supplement IDE513 LATEST
    2015-03-30 19:30:26.883    Update progress: [I49502] Found supplement IDE514 LATEST
    2015-03-30 19:30:26.883    Update progress: [I49502] Found supplement IDE515 LATEST
    2015-03-30 19:30:26.883    Update progress: [I19463] Syncing product C1A903B2-E63E-483b-982D-04BB9C457C60 1
    2015-03-30 19:30:26.883    Update progress: [I19463] Syncing product SAVIW32 51
    2015-03-30 19:30:26.883    Update progress: [I19463] Syncing product IDE512 166
    2015-03-30 19:30:27.117    Update progress: [I19463] Syncing product IDE513 171
    2015-03-30 19:30:27.117    Update progress: [I19463] Syncing product IDE514 161
    2015-03-30 19:30:28.225    Update progress: [I19463] Syncing product IDE515 3
    2015-03-30 19:30:28.365    Installing updates...
    2015-03-30 19:30:29.176    Error level 1
    2015-03-30 19:30:29.660    Update successful
    2015-03-30 19:30:39.628    Option all = no
    2015-03-30 19:30:39.628    Option recurse = yes
    2015-03-30 19:30:39.628    Option archive = no
    2015-03-30 19:30:39.628    Option service = yes
    2015-03-30 19:30:39.628    Option confirm = yes
    2015-03-30 19:30:39.628    Option sxl = yes
    2015-03-30 19:30:39.628    Option max-data-age = 35
    2015-03-30 19:30:39.628    Option EnableSafeClean = yes
    2015-03-30 19:30:39.675    Option vdl-logging = yes
    2015-03-30 19:30:39.675    Customer ID:    094260ca9b3af99f9d4a3909fc47a743
    2015-03-30 19:30:39.675    Machine ID:    9759d6f9cd9c4eff8f57e5f77e4dc7ea
    2015-03-30 19:30:39.675    Component SVRTcli.exe version 2.5.4
    2015-03-30 19:30:39.675    Component control.dll version 2.5.4
    2015-03-30 19:30:39.675    Component SVRTservice.exe version 2.5.4
    2015-03-30 19:30:39.675    Component engine\osdp.dll version 1.44.1.2183
    2015-03-30 19:30:39.675    Component engine\veex.dll version 3.58.3.2183
    2015-03-30 19:30:39.675    Component engine\savi.dll version 8.1.5.2183
    2015-03-30 19:30:39.675    Component rkdisk.dll version 1.5.30.0
    2015-03-30 19:30:39.675    Version info:    Product version    2.5.4
    2015-03-30 19:30:39.675    Version info:    Detection engine    3.58.3
    2015-03-30 19:30:39.675    Version info:    Detection data    5.11G
    2015-03-30 19:30:39.675    Version info:    Build date    2/3/2015
    2015-03-30 19:30:39.675    Version info:    Data files added    494
    2015-03-30 19:30:39.675    Version info:    Last successful update    3/30/2015 3:30:29 PM
    2015-03-30 19:42:22.915    Could not open C:\hiberfil.sys
    2015-03-30 19:42:24.958    Could not open C:\pagefile.sys
    2015-03-30 19:50:37.315    >>> Virus 'Troj/Agent-AJTU' found in file C:\Program Files (x86)\The Sims 4\Game\Bin\rld.dll
    2015-03-30 19:50:37.315    >>> Virus 'Troj/Agent-AJTU' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA
    2015-03-30 19:50:37.315    >>> Virus 'Troj/Agent-AJTU' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA
    2015-03-30 19:50:37.315    >>> Virus 'Troj/Agent-AJTU' found in file HKU\S-1-5-21-3476291681-2796092440-1313146854-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
    2015-03-30 19:50:37.315    >>> Virus 'Troj/Agent-AJTU' found in file HKU\S-1-5-21-3476291681-2796092440-1313146854-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
    2015-03-30 19:50:37.315    >>> Virus 'Troj/Agent-AJTU' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
    2015-03-30 19:50:41.215    >>> Virus 'Troj/Agent-AJTQ' found in file C:\Program Files (x86)\The Sims 4\Game\Bin\RldOrigin.dll
    2015-03-30 19:50:41.215    >>> Virus 'Troj/Agent-AJTQ' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA
    2015-03-30 19:50:41.215    >>> Virus 'Troj/Agent-AJTQ' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA
    2015-03-30 19:50:41.215    >>> Virus 'Troj/Agent-AJTQ' found in file HKU\S-1-5-21-3476291681-2796092440-1313146854-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
    2015-03-30 19:50:41.215    >>> Virus 'Troj/Agent-AJTQ' found in file HKU\S-1-5-21-3476291681-2796092440-1313146854-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
    2015-03-30 19:50:41.215    >>> Virus 'Troj/Agent-AJTQ' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
    2015-03-30 19:50:43.914    >>> Virus 'Mal/Scribble-D' found in file C:\Program Files (x86)\The Sims 4\Game\Bin\TS4.exe
    2015-03-30 19:50:43.914    Disinfection not offered
    2015-03-30 19:58:02.057    Could not open C:\System Volume Information\{2710e043-d48d-11e4-b040-00266c41f5fc}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-03-30 19:58:02.057    Could not open C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-03-30 19:58:02.057    Could not open C:\System Volume Information\{7526932f-d705-11e4-83ab-00266c41f5fc}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-03-30 19:58:02.057    Could not open C:\System Volume Information\{eea1d2a2-d162-11e4-92b8-00266c41f5fc}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-03-30 20:05:15.585    Could not open C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb
    2015-03-30 20:05:15.585    Could not open C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb
    2015-03-30 20:05:21.809    Could not open C:\Windows\System32\config\RegBack\DEFAULT
    2015-03-30 20:05:21.809    Could not open C:\Windows\System32\config\RegBack\SAM
    2015-03-30 20:05:21.825    Could not open C:\Windows\System32\config\RegBack\SECURITY
    2015-03-30 20:05:21.825    Could not open C:\Windows\System32\config\RegBack\SOFTWARE
    2015-03-30 20:05:21.825    Could not open C:\Windows\System32\config\RegBack\SYSTEM
    2015-03-30 20:27:27.298    The following items will be cleaned up:
    2015-03-30 20:27:27.298    Troj/Agent-AJTU
    2015-03-30 20:27:27.298    Troj/Agent-AJTQ
    2015-03-30 20:27:27.298    Mal/Scribble-D
    2015-03-30 20:32:34.409    Threat 'Troj/Agent-AJTU' has been cleaned up.
    2015-03-30 20:32:34.434    File "C:\Program Files (x86)\The Sims 4\Game\Bin\rld.dll" belongs to 'Troj/Agent-AJTU'.
    2015-03-30 20:32:34.434    File "C:\Program Files (x86)\The Sims 4\Game\Bin\rld.dll" has been cleaned up.
    2015-03-30 20:32:34.434    Registry value "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA" belongs to 'Troj/Agent-AJTU'.
    2015-03-30 20:32:34.434    Registry value "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA" has been cleaned up.
    2015-03-30 20:32:34.435    Registry value "HKU\S-1-5-21-3476291681-2796092440-1313146854-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect" belongs to 'Troj/Agent-AJTU'.
    2015-03-30 20:32:34.435    Registry value "HKU\S-1-5-21-3476291681-2796092440-1313146854-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect" has been cleaned up.
    2015-03-30 20:32:34.435    Registry value "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect" belongs to 'Troj/Agent-AJTU'.
    2015-03-30 20:32:34.435    Registry value "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect" has been cleaned up.
    2015-03-30 20:32:34.435    Removal successful
    2015-03-30 20:32:37.757    Threat 'Troj/Agent-AJTQ' has been cleaned up.
    2015-03-30 20:32:37.757    File "C:\Program Files (x86)\The Sims 4\Game\Bin\RldOrigin.dll" belongs to 'Troj/Agent-AJTQ'.
    2015-03-30 20:32:37.757    File "C:\Program Files (x86)\The Sims 4\Game\Bin\RldOrigin.dll" has been cleaned up.
    2015-03-30 20:32:37.758    Removal successful
    2015-03-30 20:32:45.973    >>> Virus 'Mal/Scribble-D' found in file C:\Program Files (x86)\The Sims 4\Game\Bin\TS4.exe
    2015-03-30 20:32:45.973    Disinfection not offered
    2015-03-30 20:32:45.973    Disinfection failed [0xa0040208]
    2015-03-30 20:32:45.975    Error: cleanup failed.
    2015-03-30 20:32:46.000    Contents of SafeClean bin directory:
    2015-03-30 20:32:46.030    {
    2015-03-30 20:32:46.030        RecordID   : "0000000000000001",
    2015-03-30 20:32:46.030        ItemType   : "1",
    2015-03-30 20:32:46.030        Location   : "C:\Program Files (x86)\The Sims 4\Game\Bin\",
    2015-03-30 20:32:46.030        FileName   : "rld.dll",
    2015-03-30 20:32:46.030        ThreatName : "Troj/Agent-AJTU",
    2015-03-30 20:32:46.030        Checksum   : "d34825e894a8f8ea44c6436f1f3b640196a19ec6f55362a87c4cadc93c72d377",
    2015-03-30 20:32:46.030        TimeStamp  : "Wed Feb 04 21:02:02 2015"
    2015-03-30 20:32:46.031    }
    2015-03-30 20:32:46.031    {
    2015-03-30 20:32:46.031        RecordID   : "0000000000000002",
    2015-03-30 20:32:46.031        ItemType   : "1",
    2015-03-30 20:32:46.031        Location   : "C:\Program Files (x86)\The Sims 4\Game\Bin\",
    2015-03-30 20:32:46.031        FileName   : "rld.dll",
    2015-03-30 20:32:46.031        ThreatName : "Troj/Agent-AJTU",
    2015-03-30 20:32:46.031        Checksum   : "d34825e894a8f8ea44c6436f1f3b640196a19ec6f55362a87c4cadc93c72d377",
    2015-03-30 20:32:46.031        TimeStamp  : "Mon Mar 30 16:32:27 2015"
    2015-03-30 20:32:46.031    }
    2015-03-30 20:32:46.031    {
    2015-03-30 20:32:46.031        RecordID   : "0000000000000003",
    2015-03-30 20:32:46.031        ItemType   : "1",
    2015-03-30 20:32:46.031        Location   : "C:\Program Files (x86)\The Sims 4\Game\Bin\",
    2015-03-30 20:32:46.031        FileName   : "RldOrigin.dll",
    2015-03-30 20:32:46.031        ThreatName : "Troj/Agent-AJTQ",
    2015-03-30 20:32:46.031        Checksum   : "a1ae1d23f5c82cb62c9a5baf2d9ee6920b7b7bd5752be7c5e08691ef455f894b",
    2015-03-30 20:32:46.031        TimeStamp  : "Mon Mar 30 16:32:34 2015"
    2015-03-30 20:32:46.031    }
    2015-03-30 20:32:46.987    Error level 0
    2015-03-30 20:33:46.960    
    ------------------------------------------------------------
    2015-05-11 00:55:48.807    Sophos Virus Removal Tool version 2.5.4
    2015-05-11 00:55:48.807    Copyright (c) 2009-2014 Sophos Limited. All rights reserved.
    2015-05-11 00:55:48.807    This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them.
    2015-05-11 00:55:48.807    Windows version 6.1 SP 1.0 Service Pack 1 build 7601 SM=0x300 PT=0x1 WOW64
    2015-05-11 00:55:55.281    Removed SafeClean bin directory.

    2015-05-11 00:55:55.281    Scan completed.
    2015-05-11 00:55:55.281    
    ------------------------------------------------------------
    2015-05-11 01:02:15.812    Sophos Virus Removal Tool version 2.5.4
    2015-05-11 01:02:15.812    Copyright (c) 2009-2014 Sophos Limited. All rights reserved.
    2015-05-11 01:02:15.812    This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them.
    2015-05-11 01:02:15.812    Windows version 6.1 SP 1.0 Service Pack 1 build 7601 SM=0x300 PT=0x1 WOW64
    2015-05-11 01:02:15.812    Checking for updates...
    2015-05-11 01:02:18.542    Update progress: proxy server not available
    2015-05-11 01:02:25.905    Option all = no
    2015-05-11 01:02:25.905    Option recurse = yes
    2015-05-11 01:02:25.905    Option archive = no
    2015-05-11 01:02:25.905    Option service = yes
    2015-05-11 01:02:25.905    Option confirm = yes
    2015-05-11 01:02:25.905    Option sxl = yes
    2015-05-11 01:02:25.905    Option max-data-age = 35
    2015-05-11 01:02:25.905    Option EnableSafeClean = yes
    2015-05-11 01:02:26.997    Option vdl-logging = yes
    2015-05-11 01:02:26.997    Customer ID:    094260ca9b3af99f9d4a3909fc47a743
    2015-05-11 01:02:26.997    Machine ID:    2f2385066c7b49119423c43099d6efc3
    2015-05-11 01:02:26.997    Component SVRTcli.exe version 2.5.4
    2015-05-11 01:02:26.997    Component control.dll version 2.5.4
    2015-05-11 01:02:26.997    Component SVRTservice.exe version 2.5.4
    2015-05-11 01:02:26.997    Component engine\osdp.dll version 1.44.1.2200
    2015-05-11 01:02:26.997    Component engine\veex.dll version 3.60.0.2200
    2015-05-11 01:02:26.997    Component engine\savi.dll version 8.1.7.2200
    2015-05-11 01:02:26.997    Component rkdisk.dll version 1.5.30.0
    2015-05-11 01:02:26.997    Version info:    Product version    2.5.4
    2015-05-11 01:02:26.997    Version info:    Detection engine    3.60.0
    2015-05-11 01:02:26.997    Version info:    Detection data    5.13
    2015-05-11 01:02:26.997    Version info:    Build date    3/31/2015
    2015-05-11 01:02:26.997    Version info:    Data files added    402
    2015-05-11 01:02:26.997    Version info:    Last successful update    (not yet updated)
    2015-05-11 01:02:44.329    Downloading updates...
    2015-05-11 01:02:44.329    Update progress: [I96736] Looking for package C1A903B2-E63E-483b-982D-04BB9C457C60 1.0
    2015-05-11 01:02:44.329    Update progress: [I49502] Found supplement SAVIW32 LATEST
    2015-05-11 01:02:44.329    Update progress: [I49502] Found supplement IDE514 LATEST
    2015-05-11 01:02:44.329    Update progress: [I49502] Found supplement IDE515 LATEST
    2015-05-11 01:02:44.329    Update progress: [I49502] Found supplement IDE516 LATEST
    2015-05-11 01:02:44.329    Update progress: [I19463] Syncing product C1A903B2-E63E-483b-982D-04BB9C457C60 1
    2015-05-11 01:02:44.329    Update progress: [I19463] Syncing product SAVIW32 53
    2015-05-11 01:03:01.146    Update progress: [I19463] Syncing product IDE514 161
    2015-05-11 01:03:19.663    Installing updates...
    2015-05-11 01:03:20.474    Error level 1
    2015-05-11 01:03:20.505    Update progress: [I19463] Syncing product IDE515 171
    2015-05-11 01:03:20.505    Update progress: [I19463] Syncing product IDE516 75
    2015-05-11 01:03:57.218    Update successful
    2015-05-11 01:04:24.596    Option all = no
    2015-05-11 01:04:24.596    Option recurse = yes
    2015-05-11 01:04:24.596    Option archive = no
    2015-05-11 01:04:24.596    Option service = yes
    2015-05-11 01:04:24.596    Option confirm = yes
    2015-05-11 01:04:24.596    Option sxl = yes
    2015-05-11 01:04:24.612    Option max-data-age = 35
    2015-05-11 01:04:24.612    Option EnableSafeClean = yes
    2015-05-11 01:04:24.659    Option vdl-logging = yes
    2015-05-11 01:04:24.659    Customer ID:    094260ca9b3af99f9d4a3909fc47a743
    2015-05-11 01:04:24.659    Machine ID:    2f2385066c7b49119423c43099d6efc3
    2015-05-11 01:04:24.659    Component SVRTcli.exe version 2.5.4
    2015-05-11 01:04:24.659    Component control.dll version 2.5.4
    2015-05-11 01:04:24.659    Component SVRTservice.exe version 2.5.4
    2015-05-11 01:04:24.659    Component engine\osdp.dll version 1.44.1.2200
    2015-05-11 01:04:24.659    Component engine\veex.dll version 3.60.0.2200
    2015-05-11 01:04:24.659    Component engine\savi.dll version 8.1.7.2200
    2015-05-11 01:04:24.659    Component rkdisk.dll version 1.5.30.0
    2015-05-11 01:04:24.659    Version info:    Product version    2.5.4
    2015-05-11 01:04:24.659    Version info:    Detection engine    3.60.0
    2015-05-11 01:04:24.659    Version info:    Detection data    5.13G
    2015-05-11 01:04:24.659    Version info:    Build date    3/31/2015
    2015-05-11 01:04:24.659    Version info:    Data files added    402
    2015-05-11 01:04:24.659    Version info:    Last successful update    5/10/2015 9:03:57 PM
    2015-05-11 01:26:31.127    Could not open C:\hiberfil.sys
    2015-05-11 01:26:38.449    Could not open C:\pagefile.sys
    2015-05-11 01:40:15.785    >>> Virus 'Mal/Scribble-D' found in file C:\Program Files (x86)\The Sims 4\Game\Bin\TS4.exe
    2015-05-11 01:40:15.785    Disinfection not offered
    2015-05-11 01:49:24.633    Could not open C:\System Volume Information\{1f607ed9-f74f-11e4-814a-00266c41f5fc}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-05-11 01:49:24.633    Could not open C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-05-11 01:49:24.634    Could not open C:\System Volume Information\{7386c762-f5c0-11e4-bea8-00266c41f5fc}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-05-11 01:49:24.634    Could not open C:\System Volume Information\{cb11dda7-f777-11e4-be0e-00266c41f5fc}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-05-11 01:49:24.634    Could not open C:\System Volume Information\{cb11ddc7-f777-11e4-be0e-00266c41f5fc}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-05-11 01:49:24.634    Could not open C:\System Volume Information\{cb11ddd4-f777-11e4-be0e-00266c41f5fc}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-05-11 01:49:24.635    Could not open C:\System Volume Information\{cb11ddd8-f777-11e4-be0e-00266c41f5fc}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-05-11 01:49:24.635    Could not open C:\System Volume Information\{e546e2c8-f32c-11e4-a273-00266c41f5fc}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-05-11 02:00:22.380    Could not open C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb
    2015-05-11 02:00:22.381    Could not open C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb
    2015-05-11 02:00:29.860    Could not open C:\Windows\System32\config\RegBack\DEFAULT
    2015-05-11 02:00:29.883    Could not open C:\Windows\System32\config\RegBack\SAM
    2015-05-11 02:00:29.886    Could not open C:\Windows\System32\config\RegBack\SECURITY
    2015-05-11 02:00:29.901    Could not open C:\Windows\System32\config\RegBack\SOFTWARE
    2015-05-11 02:00:29.915    Could not open C:\Windows\System32\config\RegBack\SYSTEM
    2015-05-11 02:28:28.142    The following items will be cleaned up:
    2015-05-11 02:28:28.142    Mal/Scribble-D
    2015-05-11 02:35:31.529    >>> Virus 'Mal/Scribble-D' found in file C:\Program Files (x86)\The Sims 4\Game\Bin\TS4.exe
    2015-05-11 02:35:31.529    Disinfection not offered
    2015-05-11 02:35:31.530    Disinfection failed [0xa0040208]
    2015-05-11 02:35:31.531    Error: cleanup failed.
    2015-05-11 02:35:31.579    SafeClean bin directory is empty.
    2015-05-11 02:35:33.047    Error level 0
    2015-05-11 02:37:35.210    
    ------------------------------------------------------------
    2015-06-21 02:31:47.216    Sophos Virus Removal Tool version 2.5.4
    2015-06-21 02:31:47.217    Copyright (c) 2009-2014 Sophos Limited. All rights reserved.
    2015-06-21 02:31:47.217    This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them.
    2015-06-21 02:31:47.217    Windows version 6.1 SP 1.0 Service Pack 1 build 7601 SM=0x300 PT=0x1 WOW64
    2015-06-21 02:31:49.221    Removed SafeClean bin directory.

    2015-06-21 02:31:49.221    Scan completed.
    2015-06-21 02:31:49.221    
    ------------------------------------------------------------
    2015-06-21 02:47:38.000    Sophos Virus Removal Tool version 2.5.4
    2015-06-21 02:47:38.000    Copyright (c) 2009-2014 Sophos Limited. All rights reserved.
    2015-06-21 02:47:38.000    This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them.
    2015-06-21 02:47:38.000    Windows version 6.1 SP 1.0 Service Pack 1 build 7601 SM=0x300 PT=0x1 WOW64
    2015-06-21 02:47:38.000    Checking for updates...
    2015-06-21 02:47:41.614    Update progress: proxy server not available
    2015-06-21 02:47:57.397    Option all = no
    2015-06-21 02:47:57.397    Option recurse = yes
    2015-06-21 02:47:57.397    Option archive = no
    2015-06-21 02:47:57.397    Option service = yes
    2015-06-21 02:47:57.397    Option confirm = yes
    2015-06-21 02:47:57.397    Option sxl = yes
    2015-06-21 02:47:57.397    Option max-data-age = 35
    2015-06-21 02:47:57.397    Option EnableSafeClean = yes
    2015-06-21 02:47:58.537    Option vdl-logging = yes
    2015-06-21 02:47:58.547    Customer ID:    094260ca9b3af99f9d4a3909fc47a743
    2015-06-21 02:47:58.547    Machine ID:    e459127c6d6b412795fe86810d6fc237
    2015-06-21 02:47:58.547    Component SVRTcli.exe version 2.5.4
    2015-06-21 02:47:58.547    Component control.dll version 2.5.4
    2015-06-21 02:47:58.547    Component SVRTservice.exe version 2.5.4
    2015-06-21 02:47:58.547    Component engine\osdp.dll version 1.44.1.2200
    2015-06-21 02:47:58.547    Component engine\veex.dll version 3.60.0.2200
    2015-06-21 02:47:58.547    Component engine\savi.dll version 8.1.7.2200
    2015-06-21 02:47:58.547    Component rkdisk.dll version 1.5.30.0
    2015-06-21 02:47:58.547    Version info:    Product version    2.5.4
    2015-06-21 02:47:58.547    Version info:    Detection engine    3.60.0
    2015-06-21 02:47:58.547    Version info:    Detection data    5.15
    2015-06-21 02:47:58.547    Version info:    Build date    5/26/2015
    2015-06-21 02:47:58.547    Version info:    Data files added    322
    2015-06-21 02:47:58.547    Version info:    Last successful update    (not yet updated)
    2015-06-21 02:48:08.568    Downloading updates...
    2015-06-21 02:48:08.568    Update progress: [I96736] Looking for package C1A903B2-E63E-483b-982D-04BB9C457C60 1.0
    2015-06-21 02:48:08.568    Update progress: [I49502] Found supplement SAVIW32 LATEST
    2015-06-21 02:48:08.568    Update progress: [I49502] Found supplement IDE516 LATEST
    2015-06-21 02:48:08.568    Update progress: [I49502] Found supplement IDE517 LATEST
    2015-06-21 02:48:08.568    Update progress: [I19463] Syncing product C1A903B2-E63E-483b-982D-04BB9C457C60 1
    2015-06-21 02:48:08.568    Update progress: [I19463] Syncing product SAVIW32 55
    2015-06-21 02:48:35.951    Update progress: [I19463] Syncing product IDE516 178
    2015-06-21 02:48:36.981    Installing updates...
    2015-06-21 02:48:37.781    Error level 1
    2015-06-21 02:48:38.771    Update progress: [I19463] Syncing product IDE517 148
    2015-06-21 02:48:56.906    Update successful
    2015-06-21 02:49:24.650    Option all = no
    2015-06-21 02:49:24.650    Option recurse = yes
    2015-06-21 02:49:24.650    Option archive = no
    2015-06-21 02:49:24.650    Option service = yes
    2015-06-21 02:49:24.650    Option confirm = yes
    2015-06-21 02:49:24.650    Option sxl = yes
    2015-06-21 02:49:24.650    Option max-data-age = 35
    2015-06-21 02:49:24.650    Option EnableSafeClean = yes
    2015-06-21 02:49:24.860    Option vdl-logging = yes
    2015-06-21 02:49:24.870    Customer ID:    094260ca9b3af99f9d4a3909fc47a743
    2015-06-21 02:49:24.870    Machine ID:    e459127c6d6b412795fe86810d6fc237
    2015-06-21 02:49:24.870    Component SVRTcli.exe version 2.5.4
    2015-06-21 02:49:24.870    Component control.dll version 2.5.4
    2015-06-21 02:49:24.870    Component SVRTservice.exe version 2.5.4
    2015-06-21 02:49:24.870    Component engine\osdp.dll version 1.44.1.2200
    2015-06-21 02:49:24.870    Component engine\veex.dll version 3.60.0.2200
    2015-06-21 02:49:24.870    Component engine\savi.dll version 8.1.7.2200
    2015-06-21 02:49:24.870    Component rkdisk.dll version 1.5.30.0
    2015-06-21 02:49:24.870    Version info:    Product version    2.5.4
    2015-06-21 02:49:24.870    Version info:    Detection engine    3.60.0
    2015-06-21 02:49:24.870    Version info:    Detection data    5.15G
    2015-06-21 02:49:24.870    Version info:    Build date    5/26/2015
    2015-06-21 02:49:24.870    Version info:    Data files added    322
    2015-06-21 02:49:24.870    Version info:    Last successful update    6/20/2015 10:48:56 PM
    2015-06-21 03:20:40.427    Could not open C:\hiberfil.sys
    2015-06-21 03:20:43.771    Could not open C:\pagefile.sys
    2015-06-21 03:38:49.179    >>> Virus 'Mal/Generic-S' found in file C:\Program Files (x86)\MultiTool V2\Bots\Digadz\Digadz_Holder.exe
    2015-06-21 03:38:49.180    >>> Virus 'Mal/Generic-S' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA
    2015-06-21 03:38:49.180    >>> Virus 'Mal/Generic-S' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA
    2015-06-21 03:38:49.180    >>> Virus 'Mal/Generic-S' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin
    2015-06-21 03:38:49.181    >>> Virus 'Mal/Generic-S' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin
    2015-06-21 03:38:49.181    >>> Virus 'Mal/Generic-S' found in file HKU\S-1-5-21-3476291681-2796092440-1313146854-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
    2015-06-21 03:38:49.182    >>> Virus 'Mal/Generic-S' found in file HKU\S-1-5-21-3476291681-2796092440-1313146854-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
    2015-06-21 03:38:49.182    >>> Virus 'Mal/Generic-S' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
    2015-06-21 03:39:11.535    >>> Virus 'Mal/Generic-S' found in file C:\Program Files (x86)\MultiTool V2\Data\CaptchaSolver.exe
    2015-06-21 03:39:11.535    >>> Virus 'Mal/Generic-S' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA
    2015-06-21 03:39:11.535    >>> Virus 'Mal/Generic-S' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA
    2015-06-21 03:39:11.535    >>> Virus 'Mal/Generic-S' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin
    2015-06-21 03:39:11.536    >>> Virus 'Mal/Generic-S' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin
    2015-06-21 03:39:11.536    >>> Virus 'Mal/Generic-S' found in file HKU\S-1-5-21-3476291681-2796092440-1313146854-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
    2015-06-21 03:39:11.536    >>> Virus 'Mal/Generic-S' found in file HKU\S-1-5-21-3476291681-2796092440-1313146854-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
    2015-06-21 03:39:11.537    >>> Virus 'Mal/Generic-S' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
    2015-06-21 03:42:35.538    >>> Virus 'Mal/Scribble-D' found in file C:\Program Files (x86)\The Sims 4\Game\Bin\TS4.exe
    2015-06-21 03:42:35.538    Disinfection not offered
    2015-06-21 03:57:51.389    Could not open C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-06-21 03:57:51.389    Could not open C:\System Volume Information\{5558105d-1652-11e5-9ccc-00266c41f5fc}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-06-21 03:57:51.389    Could not open C:\System Volume Information\{dd52055a-17ba-11e5-a43f-00266c41f5fc}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-06-21 03:57:51.389    Could not open C:\System Volume Information\{dd52055e-17ba-11e5-a43f-00266c41f5fc}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-06-21 04:19:01.587    Could not open C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb
    2015-06-21 04:19:01.588    Could not open C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb
    2015-06-21 04:19:07.011    Could not open C:\Windows\System32\config\RegBack\DEFAULT
    2015-06-21 04:19:07.027    Could not open C:\Windows\System32\config\RegBack\SAM
    2015-06-21 04:19:07.028    Could not open C:\Windows\System32\config\RegBack\SECURITY
    2015-06-21 04:19:07.032    Could not open C:\Windows\System32\config\RegBack\SOFTWARE
    2015-06-21 04:19:07.033    Could not open C:\Windows\System32\config\RegBack\SYSTEM
    2015-06-21 04:26:28.174    Could not open C:\Windows\temp\TMP000000320F64823A0CB4F292
    2015-06-21 04:52:36.967    The following items will be cleaned up:
    2015-06-21 04:52:36.989    Mal/Generic-S
    2015-06-21 04:52:36.989    Mal/Scribble-D
    2015-06-21 05:07:26.414    Threat 'Mal/Generic-S' has been cleaned up.
    2015-06-21 05:07:26.414    File "C:\Program Files (x86)\MultiTool V2\Bots\Digadz\Digadz_Holder.exe" belongs to malware 'Mal/Generic-S'.
    2015-06-21 05:07:26.414    File "C:\Program Files (x86)\MultiTool V2\Bots\Digadz\Digadz_Holder.exe" has been cleaned up.
    2015-06-21 05:07:26.523    File "C:\Program Files (x86)\MultiTool V2\Data\CaptchaSolver.exe" belongs to malware 'Mal/Generic-S'.
    2015-06-21 05:07:26.523    File "C:\Program Files (x86)\MultiTool V2\Data\CaptchaSolver.exe" has been cleaned up.
    2015-06-21 05:07:26.523    Removal successful
    2015-06-21 05:07:28.567    >>> Virus 'Mal/Scribble-D' found in file C:\Program Files (x86)\The Sims 4\Game\Bin\TS4.exe
    2015-06-21 05:07:28.567    Disinfection not offered
    2015-06-21 05:07:28.582    Disinfection failed [0xa0040208]
    2015-06-21 05:07:28.598    Error: cleanup failed.
    2015-06-21 05:07:28.707    Contents of SafeClean bin directory:
    2015-06-21 05:07:28.723    {
    2015-06-21 05:07:28.723        RecordID   : "0000000000000001",
    2015-06-21 05:07:28.723        ItemType   : "1",
    2015-06-21 05:07:28.723        Location   : "C:\Program Files (x86)\MultiTool V2\Bots\Digadz\",
    2015-06-21 05:07:28.723        FileName   : "Digadz_Holder.exe",
    2015-06-21 05:07:28.723        ThreatName : "Mal/Generic-S",
    2015-06-21 05:07:28.723        Checksum   : "13b729bd6c885ed9d28d616f79be151ebf8846e1683c291a711cf1dfe9af6cdc",
    2015-06-21 05:07:28.723        TimeStamp  : "Sun Jun 21 01:07:04 2015"
    2015-06-21 05:07:28.723    }
    2015-06-21 05:07:28.723    {
    2015-06-21 05:07:28.723        RecordID   : "0000000000000002",
    2015-06-21 05:07:28.723        ItemType   : "1",
    2015-06-21 05:07:28.723        Location   : "C:\Program Files (x86)\MultiTool V2\Data\",
    2015-06-21 05:07:28.723        FileName   : "CaptchaSolver.exe",
    2015-06-21 05:07:28.723        ThreatName : "Mal/Generic-S",
    2015-06-21 05:07:28.723        Checksum   : "d0af2f2c4cde55b472c152f167fa7fb601539a95ced76dc155ee95a161b1dda8",
    2015-06-21 05:07:28.723        TimeStamp  : "Sun Jun 21 01:07:04 2015"
    2015-06-21 05:07:28.723    }
    2015-06-21 05:07:32.061    Error level 0
    2015-06-21 05:09:19.125    
    ------------------------------------------------------------
    2015-06-21 05:09:28.095    Sophos Virus Removal Tool version 2.5.4
    2015-06-21 05:09:28.095    Copyright (c) 2009-2014 Sophos Limited. All rights reserved.
    2015-06-21 05:09:28.095    This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them.
    2015-06-21 05:09:28.095    Windows version 6.1 SP 1.0 Service Pack 1 build 7601 SM=0x300 PT=0x1 WOW64
    2015-06-21 05:09:28.095    Checking for updates...
    2015-06-21 05:09:30.732    Update progress: proxy server not available
    2015-06-21 05:10:07.532    Option all = no
    2015-06-21 05:10:07.532    Option recurse = yes
    2015-06-21 05:10:07.532    Option archive = no
    2015-06-21 05:10:07.532    Option service = yes
    2015-06-21 05:10:07.532    Option confirm = yes
    2015-06-21 05:10:07.532    Option sxl = yes
    2015-06-21 05:10:07.532    Option max-data-age = 35
    2015-06-21 05:10:07.532    Option EnableSafeClean = yes
    2015-06-21 05:10:07.595    Option vdl-logging = yes
    2015-06-21 05:10:07.595    Customer ID:    094260ca9b3af99f9d4a3909fc47a743
    2015-06-21 05:10:07.595    Machine ID:    e459127c6d6b412795fe86810d6fc237
    2015-06-21 05:10:07.641    Component SVRTcli.exe version 2.5.4
    2015-06-21 05:10:07.641    Component control.dll version 2.5.4
    2015-06-21 05:10:07.641    Component SVRTservice.exe version 2.5.4
    2015-06-21 05:10:07.641    Component engine\osdp.dll version 1.44.1.2200
    2015-06-21 05:10:07.641    Component engine\veex.dll version 3.60.0.2200
    2015-06-21 05:10:07.641    Component engine\savi.dll version 8.1.7.2200
    2015-06-21 05:10:07.657    Component rkdisk.dll version 1.5.30.0
    2015-06-21 05:10:07.657    Version info:    Product version    2.5.4
    2015-06-21 05:10:07.657    Version info:    Detection engine    3.60.0
    2015-06-21 05:10:07.657    Version info:    Detection data    5.15G
    2015-06-21 05:10:07.657    Version info:    Build date    5/26/2015
    2015-06-21 05:10:07.657    Version info:    Data files added    322
    2015-06-21 05:10:07.657    Version info:    Last successful update    6/20/2015 10:48:56 PM
    2015-06-21 05:10:07.688    Update not required
    2015-06-21 05:37:00.062    Could not open C:\hiberfil.sys
    2015-06-21 05:37:02.756    Could not open C:\pagefile.sys
    2015-06-21 05:51:52.764    >>> Virus 'Mal/Scribble-D' found in file C:\Program Files (x86)\The Sims 4\Game\Bin\TS4.exe
    2015-06-21 05:51:52.790    Disinfection not offered
    2015-06-21 06:02:56.285    Could not open C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-06-21 06:02:56.285    Could not open C:\System Volume Information\{5558105d-1652-11e5-9ccc-00266c41f5fc}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-06-21 06:02:56.286    Could not open C:\System Volume Information\{dd52055a-17ba-11e5-a43f-00266c41f5fc}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-06-21 06:02:56.286    Could not open C:\System Volume Information\{dd52055e-17ba-11e5-a43f-00266c41f5fc}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-06-21 06:15:33.426    Could not open C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb
    2015-06-21 06:15:33.426    Could not open C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb
    2015-06-21 06:15:35.695    Could not open C:\Windows\System32\config\RegBack\DEFAULT
    2015-06-21 06:15:35.696    Could not open C:\Windows\System32\config\RegBack\SAM
    2015-06-21 06:15:35.698    Could not open C:\Windows\System32\config\RegBack\SECURITY
    2015-06-21 06:15:35.699    Could not open C:\Windows\System32\config\RegBack\SOFTWARE
    2015-06-21 06:15:35.701    Could not open C:\Windows\System32\config\RegBack\SYSTEM
    2015-06-21 06:41:24.971    The following items will be cleaned up:
    2015-06-21 06:41:24.971    Mal/Scribble-D
    2015-06-21 12:46:05.525    >>> Virus 'Mal/Scribble-D' found in file C:\Program Files (x86)\The Sims 4\Game\Bin\TS4.exe
    2015-06-21 12:46:05.547    Disinfection not offered
    2015-06-21 12:46:05.548    Disinfection failed [0xa0040208]
    2015-06-21 12:46:05.550    Error: cleanup failed.
    2015-06-21 12:46:05.615    Contents of SafeClean bin directory:
    2015-06-21 12:46:05.637    {
    2015-06-21 12:46:05.637        RecordID   : "0000000000000001",
    2015-06-21 12:46:05.637        ItemType   : "1",
    2015-06-21 12:46:05.637        Location   : "C:\Program Files (x86)\MultiTool V2\Bots\Digadz\",
    2015-06-21 12:46:05.638        FileName   : "Digadz_Holder.exe",
    2015-06-21 12:46:05.638        ThreatName : "Mal/Generic-S",
    2015-06-21 12:46:05.638        Checksum   : "13b729bd6c885ed9d28d616f79be151ebf8846e1683c291a711cf1dfe9af6cdc",
    2015-06-21 12:46:05.638        TimeStamp  : "Sun Jun 21 01:07:04 2015"
    2015-06-21 12:46:05.638    }
    2015-06-21 12:46:05.638    {
    2015-06-21 12:46:05.638        RecordID   : "0000000000000002",
    2015-06-21 12:46:05.638        ItemType   : "1",
    2015-06-21 12:46:05.638        Location   : "C:\Program Files (x86)\MultiTool V2\Data\",
    2015-06-21 12:46:05.638        FileName   : "CaptchaSolver.exe",
    2015-06-21 12:46:05.638        ThreatName : "Mal/Generic-S",
    2015-06-21 12:46:05.638        Checksum   : "d0af2f2c4cde55b472c152f167fa7fb601539a95ced76dc155ee95a161b1dda8",
    2015-06-21 12:46:05.638        TimeStamp  : "Sun Jun 21 01:07:04 2015"
    2015-06-21 12:46:05.638    }
    2015-06-21 12:46:06.670    Error level 0
    2015-06-21 12:47:05.629    
    ------------------------------------------------------------
    2015-06-21 12:47:25.529    Sophos Virus Removal Tool version 2.5.4
    2015-06-21 12:47:25.529    Copyright (c) 2009-2014 Sophos Limited. All rights reserved.
    2015-06-21 12:47:25.529    This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them.
    2015-06-21 12:47:25.529    Windows version 6.1 SP 1.0 Service Pack 1 build 7601 SM=0x300 PT=0x1 WOW64
    2015-06-21 12:47:25.530    Checking for updates...
    2015-06-21 12:47:28.170    Update progress: proxy server not available
    2015-06-21 12:47:33.225    Downloading updates...
    2015-06-21 12:47:33.226    Update progress: [I96736] Looking for package C1A903B2-E63E-483b-982D-04BB9C457C60 1.0
    2015-06-21 12:47:33.227    Update progress: [I49502] Found supplement SAVIW32 LATEST
    2015-06-21 12:47:33.227    Update progress: [I49502] Found supplement IDE516 LATEST
    2015-06-21 12:47:33.227    Update progress: [I49502] Found supplement IDE517 LATEST
    2015-06-21 12:47:33.227    Update progress: [I19463] Syncing product C1A903B2-E63E-483b-982D-04BB9C457C60 1
    2015-06-21 12:47:33.227    Update progress: [I19463] Syncing product SAVIW32 55
    2015-06-21 12:47:33.227    Update progress: [I19463] Syncing product IDE516 178
    2015-06-21 12:47:33.348    Update progress: [I19463] Syncing product IDE517 149
    2015-06-21 12:47:33.484    Installing updates...
    2015-06-21 12:48:04.077    Update successful
    2015-06-21 12:48:05.693    Option all = no
    2015-06-21 12:48:05.693    Option recurse = yes
    2015-06-21 12:48:05.693    Option archive = no
    2015-06-21 12:48:05.693    Option service = yes
    2015-06-21 12:48:05.693    Option confirm = yes
    2015-06-21 12:48:05.693    Option sxl = yes
    2015-06-21 12:48:05.694    Option max-data-age = 35
    2015-06-21 12:48:05.694    Option EnableSafeClean = yes
    2015-06-21 12:48:05.748    Option vdl-logging = yes
    2015-06-21 12:48:05.752    Customer ID:    094260ca9b3af99f9d4a3909fc47a743
    2015-06-21 12:48:05.752    Machine ID:    e459127c6d6b412795fe86810d6fc237
    2015-06-21 12:48:05.774    Component SVRTcli.exe version 2.5.4
    2015-06-21 12:48:05.774    Component control.dll version 2.5.4
    2015-06-21 12:48:05.774    Component SVRTservice.exe version 2.5.4
    2015-06-21 12:48:05.775    Component engine\osdp.dll version 1.44.1.2200
    2015-06-21 12:48:05.775    Component engine\veex.dll version 3.60.0.2200
    2015-06-21 12:48:05.775    Component engine\savi.dll version 8.1.7.2200
    2015-06-21 12:48:05.775    Component rkdisk.dll version 1.5.30.0
    2015-06-21 12:48:05.775    Version info:    Product version    2.5.4
    2015-06-21 12:48:05.776    Version info:    Detection engine    3.60.0
    2015-06-21 12:48:05.776    Version info:    Detection data    5.15G
    2015-06-21 12:48:05.776    Version info:    Build date    5/26/2015
    2015-06-21 12:48:05.776    Version info:    Data files added    322
    2015-06-21 12:48:05.776    Version info:    Last successful update    6/21/2015 8:48:04 AM
    2015-06-21 12:48:08.078    Error: an instance of this application is already running.
    2015-06-21 12:48:08.881    Error level 1
    2015-06-21 12:48:32.642    Scan failed due to fatal error.
    2015-06-21 12:48:32.643    
    ------------------------------------------------------------
    2015-06-21 12:48:38.323    Sophos Virus Removal Tool version 2.5.4
    2015-06-21 12:48:38.323    Copyright (c) 2009-2014 Sophos Limited. All rights reserved.
    2015-06-21 12:48:38.323    This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them.
    2015-06-21 12:48:38.323    Windows version 6.1 SP 1.0 Service Pack 1 build 7601 SM=0x300 PT=0x1 WOW64
    2015-06-21 12:48:38.325    Checking for updates...
    2015-06-21 12:48:40.919    Update progress: proxy server not available
    2015-06-21 12:48:42.022    Update not required
    2015-06-21 12:48:49.947    Option all = no
    2015-06-21 12:48:49.947    Option recurse = yes
    2015-06-21 12:48:49.948    Option archive = no
    2015-06-21 12:48:49.948    Option service = yes
    2015-06-21 12:48:49.948    Option confirm = yes
    2015-06-21 12:48:49.948    Option sxl = yes
    2015-06-21 12:48:49.950    Option max-data-age = 35
    2015-06-21 12:48:49.950    Option EnableSafeClean = yes
    2015-06-21 12:48:50.007    Option vdl-logging = yes
    2015-06-21 12:48:50.012    Customer ID:    094260ca9b3af99f9d4a3909fc47a743
    2015-06-21 12:48:50.012    Machine ID:    e459127c6d6b412795fe86810d6fc237
    2015-06-21 12:48:50.013    Component SVRTcli.exe version 2.5.4
    2015-06-21 12:48:50.013    Component control.dll version 2.5.4
    2015-06-21 12:48:50.013    Component SVRTservice.exe version 2.5.4
    2015-06-21 12:48:50.014    Component engine\osdp.dll version 1.44.1.2200
    2015-06-21 12:48:50.014    Component engine\veex.dll version 3.60.0.2200
    2015-06-21 12:48:50.014    Component engine\savi.dll version 8.1.7.2200
    2015-06-21 12:48:50.014    Component rkdisk.dll version 1.5.30.0
    2015-06-21 12:48:50.014    Version info:    Product version    2.5.4
    2015-06-21 12:48:50.015    Version info:    Detection engine    3.60.0
    2015-06-21 12:48:50.015    Version info:    Detection data    5.15G
    2015-06-21 12:48:50.015    Version info:    Build date    5/26/2015
    2015-06-21 12:48:50.015    Version info:    Data files added    323
    2015-06-21 12:48:50.015    Version info:    Last successful update    6/21/2015 8:48:04 AM
    2015-06-21 13:13:23.886    Could not open C:\hiberfil.sys
    2015-06-21 13:13:26.390    Could not open C:\pagefile.sys
    2015-06-21 13:25:16.856    >>> Virus 'Mal/Scribble-D' found in file C:\Program Files (x86)\The Sims 4\Game\Bin\TS4.exe
    2015-06-21 13:25:16.856    Disinfection not offered
    2015-06-21 13:36:43.219    Could not open C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-06-21 13:36:43.219    Could not open C:\System Volume Information\{5558105d-1652-11e5-9ccc-00266c41f5fc}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-06-21 13:36:43.219    Could not open C:\System Volume Information\{dd52055a-17ba-11e5-a43f-00266c41f5fc}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-06-21 13:36:43.220    Could not open C:\System Volume Information\{dd52055e-17ba-11e5-a43f-00266c41f5fc}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-06-21 13:48:58.701    Could not open C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb
    2015-06-21 13:48:58.701    Could not open C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb
    2015-06-21 13:49:02.203    Could not open C:\Windows\System32\config\RegBack\DEFAULT
    2015-06-21 13:49:02.204    Could not open C:\Windows\System32\config\RegBack\SAM
    2015-06-21 13:49:02.206    Could not open C:\Windows\System32\config\RegBack\SECURITY
    2015-06-21 13:49:02.207    Could not open C:\Windows\System32\config\RegBack\SOFTWARE
    2015-06-21 13:49:02.209    Could not open C:\Windows\System32\config\RegBack\SYSTEM
    2015-06-21 14:15:53.369    The following items will be cleaned up:
    2015-06-21 14:15:53.369    Mal/Scribble-D
    2015-06-21 14:28:11.813    >>> Virus 'Mal/Scribble-D' found in file C:\Program Files (x86)\The Sims 4\Game\Bin\TS4.exe
    2015-06-21 14:28:11.813    Disinfection not offered
    2015-06-21 14:28:11.813    Disinfection failed [0xa0040208]
    2015-06-21 14:28:11.815    Error: cleanup failed.
    2015-06-21 14:28:11.882    Contents of SafeClean bin directory:
    2015-06-21 14:28:11.904    {
    2015-06-21 14:28:11.904        RecordID   : "0000000000000001",
    2015-06-21 14:28:11.904        ItemType   : "1",
    2015-06-21 14:28:11.904        Location   : "C:\Program Files (x86)\MultiTool V2\Bots\Digadz\",
    2015-06-21 14:28:11.904        FileName   : "Digadz_Holder.exe",
    2015-06-21 14:28:11.904        ThreatName : "Mal/Generic-S",
    2015-06-21 14:28:11.904        Checksum   : "13b729bd6c885ed9d28d616f79be151ebf8846e1683c291a711cf1dfe9af6cdc",
    2015-06-21 14:28:11.904        TimeStamp  : "Sun Jun 21 01:07:04 2015"
    2015-06-21 14:28:11.904    }
    2015-06-21 14:28:11.904    {
    2015-06-21 14:28:11.904        RecordID   : "0000000000000002",
    2015-06-21 14:28:11.904        ItemType   : "1",
    2015-06-21 14:28:11.904        Location   : "C:\Program Files (x86)\MultiTool V2\Data\",
    2015-06-21 14:28:11.904        FileName   : "CaptchaSolver.exe",
    2015-06-21 14:28:11.904        ThreatName : "Mal/Generic-S",
    2015-06-21 14:28:11.904        Checksum   : "d0af2f2c4cde55b472c152f167fa7fb601539a95ced76dc155ee95a161b1dda8",
    2015-06-21 14:28:11.904        TimeStamp  : "Sun Jun 21 01:07:04 2015"
    2015-06-21 14:28:11.905    }
    2015-06-21 14:28:13.387    Error level 0
    2015-06-21 14:38:03.611    Sophos Virus Removal Tool version 2.5.4
    2015-06-21 14:38:03.611    Copyright (c) 2009-2014 Sophos Limited. All rights reserved.
    2015-06-21 14:38:03.611    This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them.
    2015-06-21 14:38:03.611    Windows version 6.1 SP 1.0 Service Pack 1 build 7601 SM=0x300 PT=0x1 WOW64
    2015-06-21 14:38:03.612    Checking for updates...
    2015-06-21 14:38:06.490    Update progress: proxy server not available
    2015-06-21 14:38:22.729    Downloading updates...
    2015-06-21 14:38:22.732    Update progress: [I96736] Looking for package C1A903B2-E63E-483b-982D-04BB9C457C60 1.0
    2015-06-21 14:38:22.732    Update progress: [I49502] Found supplement SAVIW32 LATEST
    2015-06-21 14:38:22.732    Update progress: [I49502] Found supplement IDE516 LATEST
    2015-06-21 14:38:22.732    Update progress: [I49502] Found supplement IDE517 LATEST
    2015-06-21 14:38:22.733    Update progress: [I19463] Syncing product C1A903B2-E63E-483b-982D-04BB9C457C60 1
    2015-06-21 14:38:22.733    Update progress: [I19463] Syncing product SAVIW32 55
    2015-06-21 14:38:22.733    Update progress: [I19463] Syncing product IDE516 178
    2015-06-21 14:38:22.895    Update progress: [I19463] Syncing product IDE517 150
    2015-06-21 14:38:22.981    Installing updates...
    2015-06-21 14:38:51.179    Option all = no
    2015-06-21 14:38:52.181    Option recurse = yes
    2015-06-21 14:38:52.181    Option archive = no
    2015-06-21 14:38:52.181    Option service = yes
    2015-06-21 14:38:52.181    Option confirm = yes
    2015-06-21 14:38:52.181    Option sxl = yes
    2015-06-21 14:38:52.181    Option max-data-age = 35
    2015-06-21 14:38:52.181    Option EnableSafeClean = yes
    2015-06-21 14:38:52.181    Option vdl-logging = yes
    2015-06-21 14:38:52.181    Customer ID:    094260ca9b3af99f9d4a3909fc47a743
    2015-06-21 14:38:52.181    Machine ID:    e459127c6d6b412795fe86810d6fc237
    2015-06-21 14:38:52.181    Component SVRTcli.exe version 2.5.4
    2015-06-21 14:38:52.182    Component control.dll version 2.5.4
    2015-06-21 14:38:52.182    Component SVRTservice.exe version 2.5.4
    2015-06-21 14:38:52.182    Component engine\osdp.dll version 1.44.1.2200
    2015-06-21 14:38:52.182    Component engine\veex.dll version 3.60.0.2200
    2015-06-21 14:38:52.182    Component engine\savi.dll version 8.1.7.2200
    2015-06-21 14:38:52.182    Component rkdisk.dll version 1.5.30.0
    2015-06-21 14:38:52.182    Version info:    Product version    2.5.4
    2015-06-21 14:38:52.182    Version info:    Detection engine    3.60.0
    2015-06-21 14:38:52.182    Version info:    Detection data    5.15G
    2015-06-21 14:38:52.182    Version info:    Build date    5/26/2015
    2015-06-21 14:38:52.182    Version info:    Data files added    323
    2015-06-21 14:38:52.183    Version info:    Last successful update    6/21/2015 8:48:04 AM
    2015-06-21 14:38:52.183    Error level 1
    2015-06-21 14:38:52.708    Update successful
    2015-06-21 14:39:06.891    Option all = no
    2015-06-21 14:39:06.891    Option recurse = yes
    2015-06-21 14:39:06.891    Option archive = no
    2015-06-21 14:39:06.892    Option service = yes
    2015-06-21 14:39:06.892    Option confirm = yes
    2015-06-21 14:39:06.892    Option sxl = yes
    2015-06-21 14:39:06.894    Option max-data-age = 35
    2015-06-21 14:39:06.894    Option EnableSafeClean = yes
    2015-06-21 14:39:06.961    Option vdl-logging = yes
    2015-06-21 14:39:06.974    Customer ID:    094260ca9b3af99f9d4a3909fc47a743
    2015-06-21 14:39:06.974    Machine ID:    e459127c6d6b412795fe86810d6fc237
    2015-06-21 14:39:06.977    Component SVRTcli.exe version 2.5.4
    2015-06-21 14:39:06.977    Component control.dll version 2.5.4
    2015-06-21 14:39:06.977    Component SVRTservice.exe version 2.5.4
    2015-06-21 14:39:06.977    Component engine\osdp.dll version 1.44.1.2200
    2015-06-21 14:39:06.977    Component engine\veex.dll version 3.60.0.2200
    2015-06-21 14:39:06.977    Component engine\savi.dll version 8.1.7.2200
    2015-06-21 14:39:06.978    Component rkdisk.dll version 1.5.30.0
    2015-06-21 14:39:06.978    Version info:    Product version    2.5.4
    2015-06-21 14:39:06.979    Version info:    Detection engine    3.60.0
    2015-06-21 14:39:06.979    Version info:    Detection data    5.15G
    2015-06-21 14:39:06.979    Version info:    Build date    5/26/2015
    2015-06-21 14:39:06.979    Version info:    Data files added    324
    2015-06-21 14:39:06.979    Version info:    Last successful update    6/21/2015 10:38:52 AM
    2015-06-21 15:01:56.088    Error level 1
    2015-06-21 15:01:56.092    Scan completed.
    2015-06-21 15:01:56.092    
    ------------------------------------------------------------
    2015-06-21 15:19:20.335    Sophos Virus Removal Tool version 2.5.4
    2015-06-21 15:19:20.335    Copyright (c) 2009-2014 Sophos Limited. All rights reserved.
    2015-06-21 15:19:20.335    This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them.
    2015-06-21 15:19:20.335    Windows version 6.1 SP 1.0 Service Pack 1 build 7601 SM=0x300 PT=0x1 WOW64
    2015-06-21 15:19:20.335    Checking for updates...
    2015-06-21 15:19:23.268    Update progress: proxy server not available
    2015-06-21 15:19:24.937    Update not required
    2015-06-21 15:19:31.083    Option all = no
    2015-06-21 15:19:31.083    Option recurse = yes
    2015-06-21 15:19:31.083    Option archive = no
    2015-06-21 15:19:31.083    Option service = yes
    2015-06-21 15:19:31.083    Option confirm = yes
    2015-06-21 15:19:31.083    Option sxl = yes
    2015-06-21 15:19:31.083    Option max-data-age = 35
    2015-06-21 15:19:31.083    Option EnableSafeClean = yes
    2015-06-21 15:19:31.130    Option vdl-logging = yes
    2015-06-21 15:19:31.146    Customer ID:    094260ca9b3af99f9d4a3909fc47a743
    2015-06-21 15:19:31.146    Machine ID:    e459127c6d6b412795fe86810d6fc237
    2015-06-21 15:19:31.146    Component SVRTcli.exe version 2.5.4
    2015-06-21 15:19:31.146    Component control.dll version 2.5.4
    2015-06-21 15:19:31.146    Component SVRTservice.exe version 2.5.4
    2015-06-21 15:19:31.146    Component engine\osdp.dll version 1.44.1.2200
    2015-06-21 15:19:31.146    Component engine\veex.dll version 3.60.0.2200
    2015-06-21 15:19:31.146    Component engine\savi.dll version 8.1.7.2200
    2015-06-21 15:19:31.146    Component rkdisk.dll version 1.5.30.0
    2015-06-21 15:19:31.146    Version info:    Product version    2.5.4
    2015-06-21 15:19:31.146    Version info:    Detection engine    3.60.0
    2015-06-21 15:19:31.146    Version info:    Detection data    5.15G
    2015-06-21 15:19:31.146    Version info:    Build date    5/26/2015
    2015-06-21 15:19:31.146    Version info:    Data files added    324
    2015-06-21 15:19:31.146    Version info:    Last successful update    6/21/2015 10:38:52 AM
    2015-06-21 15:45:37.052    Could not open C:\hiberfil.sys
    2015-06-21 15:45:39.564    Could not open C:\pagefile.sys
    2015-06-21 16:11:01.664    Could not open C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-06-21 16:11:01.665    Could not open C:\System Volume Information\{5558105d-1652-11e5-9ccc-00266c41f5fc}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-06-21 16:11:01.665    Could not open C:\System Volume Information\{dd52055a-17ba-11e5-a43f-00266c41f5fc}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-06-21 16:11:01.665    Could not open C:\System Volume Information\{dd52055e-17ba-11e5-a43f-00266c41f5fc}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-06-21 16:25:46.047    Could not open C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb
    2015-06-21 16:25:46.116    Could not open C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb
    2015-06-21 16:25:49.729    Could not open C:\Windows\System32\config\RegBack\DEFAULT
    2015-06-21 16:25:49.744    Could not open C:\Windows\System32\config\RegBack\SAM
    2015-06-21 16:25:49.745    Could not open C:\Windows\System32\config\RegBack\SECURITY
    2015-06-21 16:25:49.746    Could not open C:\Windows\System32\config\RegBack\SOFTWARE
    2015-06-21 16:25:49.748    Could not open C:\Windows\System32\config\RegBack\SYSTEM
    2015-06-21 16:53:51.231    Contents of SafeClean bin directory:
    2015-06-21 16:53:51.254    {
    2015-06-21 16:53:51.254        RecordID   : "0000000000000001",
    2015-06-21 16:53:51.254        ItemType   : "1",
    2015-06-21 16:53:51.254        Location   : "C:\Program Files (x86)\MultiTool V2\Bots\Digadz\",
    2015-06-21 16:53:51.254        FileName   : "Digadz_Holder.exe",
    2015-06-21 16:53:51.254        ThreatName : "Mal/Generic-S",
    2015-06-21 16:53:51.254        Checksum   : "13b729bd6c885ed9d28d616f79be151ebf8846e1683c291a711cf1dfe9af6cdc",
    2015-06-21 16:53:51.254        TimeStamp  : "Sun Jun 21 01:07:04 2015"
    2015-06-21 16:53:51.254    }
    2015-06-21 16:53:51.254    {
    2015-06-21 16:53:51.254        RecordID   : "0000000000000002",
    2015-06-21 16:53:51.254        ItemType   : "1",
    2015-06-21 16:53:51.254        Location   : "C:\Program Files (x86)\MultiTool V2\Data\",
    2015-06-21 16:53:51.254        FileName   : "CaptchaSolver.exe",
    2015-06-21 16:53:51.254        ThreatName : "Mal/Generic-S",
    2015-06-21 16:53:51.254        Checksum   : "d0af2f2c4cde55b472c152f167fa7fb601539a95ced76dc155ee95a161b1dda8",
    2015-06-21 16:53:51.254        TimeStamp  : "Sun Jun 21 01:07:04 2015"
    2015-06-21 16:53:51.254    }
    2015-06-21 16:53:51.913    Error level 0
    2015-06-21 17:03:33.352    Scan completed.
    2015-06-21 17:03:33.352    
    ------------------------------------------------------------
    2015-07-16 21:47:56.316    Sophos Virus Removal Tool version 2.5.4
    2015-07-16 21:47:56.316    Copyright (c) 2009-2014 Sophos Limited. All rights reserved.
    2015-07-16 21:47:56.316    This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them.
    2015-07-16 21:47:56.316    Windows version 6.1 SP 1.0 Service Pack 1 build 7601 SM=0x300 PT=0x1 WOW64
    2015-07-16 21:47:56.316    Checking for updates...
    2015-07-16 21:47:59.109    Update progress: proxy server not available
    2015-07-16 21:48:31.307    Option all = no
    2015-07-16 21:48:31.307    Option recurse = yes
    2015-07-16 21:48:31.307    Option archive = no
    2015-07-16 21:48:31.307    Option service = yes
    2015-07-16 21:48:31.307    Option confirm = yes
    2015-07-16 21:48:31.307    Option sxl = yes
    2015-07-16 21:48:31.307    Option max-data-age = 35
    2015-07-16 21:48:31.307    Option EnableSafeClean = yes
    2015-07-16 21:48:31.448    Option vdl-logging = yes
    2015-07-16 21:48:31.448    Customer ID:    094260ca9b3af99f9d4a3909fc47a743
    2015-07-16 21:48:31.448    Machine ID:    e459127c6d6b412795fe86810d6fc237
    2015-07-16 21:48:31.479    Component SVRTcli.exe version 2.5.4
    2015-07-16 21:48:31.479    Component control.dll version 2.5.4
    2015-07-16 21:48:31.479    Component SVRTservice.exe version 2.5.4
    2015-07-16 21:48:31.479    Component engine\osdp.dll version 1.44.1.2200
    2015-07-16 21:48:31.479    Component engine\veex.dll version 3.60.0.2200
    2015-07-16 21:48:31.479    Component engine\savi.dll version 8.1.7.2200
    2015-07-16 21:48:31.494    Component rkdisk.dll version 1.5.30.0
    2015-07-16 21:48:31.494    Version info:    Product version    2.5.4
    2015-07-16 21:48:31.494    Version info:    Detection engine    3.60.0
    2015-07-16 21:48:31.494    Version info:    Detection data    5.15G
    2015-07-16 21:48:31.494    Version info:    Build date    5/26/2015
    2015-07-16 21:48:31.494    Version info:    Data files added    324
    2015-07-16 21:48:31.494    Version info:    Last successful update    6/21/2015 10:38:52 AM
    2015-07-16 21:49:59.246    Downloading updates...
    2015-07-16 21:49:59.246    Update progress: [I96736] Looking for package C1A903B2-E63E-483b-982D-04BB9C457C60 1.0
    2015-07-16 21:49:59.246    Update progress: [I49502] Found supplement SAVIW32 LATEST
    2015-07-16 21:49:59.246    Update progress: [I49502] Found supplement IDE517 LATEST
    2015-07-16 21:49:59.246    Update progress: [I49502] Found supplement IDE518 LATEST
    2015-07-16 21:49:59.246    Update progress: [I49502] Found supplement IDE519 LATEST
    2015-07-16 21:49:59.246    Update progress: [I19463] Syncing product C1A903B2-E63E-483b-982D-04BB9C457C60 1
    2015-07-16 21:49:59.246    Update progress: [I19463] Syncing product SAVIW32 56
    2015-07-16 21:53:00.786    Update progress: [E59264] Cannot locate server for http://d1.sophosupd.com/update/cfe6be7ac1845cc4080447b88c79f66ex000.dat
    2015-07-16 21:53:00.786    Update progress: [I96736] Looking for package C1A903B2-E63E-483b-982D-04BB9C457C60 1.0
    2015-07-16 21:53:00.786    Update progress: [I49502] Found supplement SAVIW32 LATEST
    2015-07-16 21:53:00.786    Update progress: [I49502] Found supplement IDE517 LATEST
    2015-07-16 21:53:00.786    Update progress: [I49502] Found supplement IDE518 LATEST
    2015-07-16 21:53:00.786    Update progress: [I49502] Found supplement IDE519 LATEST
    2015-07-16 21:53:00.786    Update progress: [I19463] Syncing product C1A903B2-E63E-483b-982D-04BB9C457C60 1
    2015-07-16 21:53:00.786    Update progress: [I19463] Syncing product SAVIW32 56
    2015-07-16 21:56:28.127    Update error: failed to synchronise product - http server exception (error 4)
    [E59264] Cannot locate server for http://d1.sophosupd.net/update/cfe6be7ac1845cc4080447b88c79f66ex000.dat
    2015-07-16 22:24:56.842    Error level 1
    2015-07-16 22:24:56.858    Scan completed.
    2015-07-16 22:24:56.858    
    ------------------------------------------------------------
    2015-07-22 04:48:28.315    Sophos Virus Removal Tool version 2.5.4
    2015-07-22 04:48:28.315    Copyright (c) 2009-2014 Sophos Limited. All rights reserved.
    2015-07-22 04:48:28.315    This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them.
    2015-07-22 04:48:28.315    Windows version 6.1 SP 1.0 Service Pack 1 build 7601 SM=0x300 PT=0x1 WOW64
    2015-07-22 04:48:28.315    Checking for updates...
    2015-07-22 04:48:31.108    Update progress: proxy server not available
    2015-07-22 04:48:35.366    Downloading updates...
    2015-07-22 04:48:35.382    Update progress: [I96736] Looking for package C1A903B2-E63E-483b-982D-04BB9C457C60 1.0
    2015-07-22 04:48:35.382    Update progress: [I49502] Found supplement SAVIW32 LATEST
    2015-07-22 04:48:35.382    Update progress: [I49502] Found supplement IDE517 LATEST
    2015-07-22 04:48:35.382    Update progress: [I49502] Found supplement IDE518 LATEST
    2015-07-22 04:48:35.382    Update progress: [I49502] Found supplement IDE519 LATEST
    2015-07-22 04:48:35.382    Update progress: [I49502] Found supplement IDE520 LATEST
    2015-07-22 04:48:35.382    Update progress: [I19463] Syncing product C1A903B2-E63E-483b-982D-04BB9C457C60 1
    2015-07-22 04:48:35.382    Update progress: [I19463] Syncing product SAVIW32 56
    2015-07-22 04:48:37.129    Update progress: [I19463] Syncing product IDE517 162
    2015-07-22 04:48:42.464    Update progress: [I19463] Syncing product IDE518 171
    2015-07-22 04:48:50.732    Update progress: [I19463] Syncing product IDE519 14
    2015-07-22 04:48:52.168    Installing updates...
    2015-07-22 04:49:06.613    Option all = no
    2015-07-22 04:49:07.424    Option recurse = yes
    2015-07-22 04:49:07.424    Option archive = no
    2015-07-22 04:49:07.424    Option service = yes
    2015-07-22 04:49:07.424    Option confirm = yes
    2015-07-22 04:49:07.424    Option sxl = yes
    2015-07-22 04:49:07.424    Option max-data-age = 35
    2015-07-22 04:49:07.424    Option EnableSafeClean = yes
    2015-07-22 04:49:07.424    Option vdl-logging = yes
    2015-07-22 04:49:07.424    Customer ID:    094260ca9b3af99f9d4a3909fc47a743
    2015-07-22 04:49:07.424    Machine ID:    e459127c6d6b412795fe86810d6fc237
    2015-07-22 04:49:07.424    Component SVRTcli.exe version 2.5.4
    2015-07-22 04:49:07.424    Component control.dll version 2.5.4
    2015-07-22 04:49:07.424    Component SVRTservice.exe version 2.5.4
    2015-07-22 04:49:07.424    Component engine\osdp.dll version 1.44.1.2200
    2015-07-22 04:49:07.424    Component engine\veex.dll version 3.60.0.2200
    2015-07-22 04:49:07.424    Component engine\savi.dll version 8.1.7.2200
    2015-07-22 04:49:07.424    Component rkdisk.dll version 1.5.30.0
    2015-07-22 04:49:07.424    Version info:    Product version    2.5.4
    2015-07-22 04:49:07.424    Version info:    Detection engine    3.60.0
    2015-07-22 04:49:07.424    Version info:    Detection data    5.15G
    2015-07-22 04:49:07.424    Version info:    Build date    5/26/2015
    2015-07-22 04:49:07.424    Version info:    Data files added    324
    2015-07-22 04:49:07.424    Version info:    Last successful update    6/21/2015 10:38:52 AM
    2015-07-22 04:49:07.424    Error level 1
    2015-07-22 04:49:07.518    Update progress: [I19463] Syncing product IDE520 1
    2015-07-22 04:49:08.438    Update successful
    2015-07-22 04:49:18.844    Option all = no
    2015-07-22 04:49:18.844    Option recurse = yes
    2015-07-22 04:49:18.844    Option archive = no
    2015-07-22 04:49:18.844    Option service = yes
    2015-07-22 04:49:18.844    Option confirm = yes
    2015-07-22 04:49:18.844    Option sxl = yes
    2015-07-22 04:49:18.844    Option max-data-age = 35
    2015-07-22 04:49:18.844    Option EnableSafeClean = yes
    2015-07-22 04:49:18.906    Option vdl-logging = yes
    2015-07-22 04:49:18.906    Customer ID:    094260ca9b3af99f9d4a3909fc47a743
    2015-07-22 04:49:18.906    Machine ID:    e459127c6d6b412795fe86810d6fc237
    2015-07-22 04:49:18.906    Component SVRTcli.exe version 2.5.4
    2015-07-22 04:49:18.906    Component control.dll version 2.5.4
    2015-07-22 04:49:18.906    Component SVRTservice.exe version 2.5.4
    2015-07-22 04:49:18.906    Component engine\osdp.dll version 1.44.1.2200
    2015-07-22 04:49:18.906    Component engine\veex.dll version 3.60.0.2200
    2015-07-22 04:49:18.906    Component engine\savi.dll version 8.1.7.2200
    2015-07-22 04:49:18.906    Component rkdisk.dll version 1.5.30.0
    2015-07-22 04:49:18.906    Version info:    Product version    2.5.4
    2015-07-22 04:49:18.906    Version info:    Detection engine    3.60.0
    2015-07-22 04:49:18.906    Version info:    Detection data    5.16G
    2015-07-22 04:49:18.906    Version info:    Build date    6/23/2015
    2015-07-22 04:49:18.906    Version info:    Data files added    343
    2015-07-22 04:49:18.906    Version info:    Last successful update    7/22/2015 12:49:08 AM
    2015-07-22 05:22:08.186    Could not open C:\hiberfil.sys
    2015-07-22 05:22:11.731    Could not open C:\pagefile.sys
    2015-07-22 05:37:27.726    >>> Virus 'Mal/Generic-S' found in file C:\Program Files (x86)\Panda Security\Panda Security Protection\LostandFound\Buxvertise_Holder.exe
    2015-07-22 05:37:27.726    >>> Virus 'Mal/Generic-S' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA
    2015-07-22 05:37:27.726    >>> Virus 'Mal/Generic-S' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA
    2015-07-22 05:37:27.726    >>> Virus 'Mal/Generic-S' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin
    2015-07-22 05:37:27.726    >>> Virus 'Mal/Generic-S' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin
    2015-07-22 05:37:27.727    >>> Virus 'Mal/Generic-S' found in file HKU\S-1-5-21-3476291681-2796092440-1313146854-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
    2015-07-22 05:37:27.727    >>> Virus 'Mal/Generic-S' found in file HKU\S-1-5-21-3476291681-2796092440-1313146854-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
    2015-07-22 05:37:27.727    >>> Virus 'Mal/Generic-S' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
    2015-07-22 05:53:41.697    Could not open C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-07-22 05:53:41.697    Could not open C:\System Volume Information\{42908faf-3016-11e5-b67b-00266c41f5fc}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-07-22 05:58:06.698    >>> Virus 'Mal/Generic-S' found in file C:\Users\Dan\Desktop\Updater.exe
    2015-07-22 05:58:06.699    >>> Virus 'Mal/Generic-S' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA
    2015-07-22 05:58:06.700    >>> Virus 'Mal/Generic-S' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA
    2015-07-22 05:58:06.700    >>> Virus 'Mal/Generic-S' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin
    2015-07-22 05:58:06.700    >>> Virus 'Mal/Generic-S' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin
    2015-07-22 05:58:06.700    >>> Virus 'Mal/Generic-S' found in file HKU\S-1-5-21-3476291681-2796092440-1313146854-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
    2015-07-22 05:58:06.700    >>> Virus 'Mal/Generic-S' found in file HKU\S-1-5-21-3476291681-2796092440-1313146854-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
    2015-07-22 05:58:06.700    >>> Virus 'Mal/Generic-S' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
    2015-07-22 05:59:41.247    >>> Virus 'Mal/Generic-S' found in file C:\Users\Dan\Downloads\MultiTool V2.0.0.0\MultiTool V2\Data\CaptchaSolver.exe
    2015-07-22 05:59:41.247    >>> Virus 'Mal/Generic-S' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA
    2015-07-22 05:59:41.247    >>> Virus 'Mal/Generic-S' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA
    2015-07-22 05:59:41.247    >>> Virus 'Mal/Generic-S' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin
    2015-07-22 05:59:41.247    >>> Virus 'Mal/Generic-S' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin
    2015-07-22 05:59:41.248    >>> Virus 'Mal/Generic-S' found in file HKU\S-1-5-21-3476291681-2796092440-1313146854-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
    2015-07-22 05:59:41.248    >>> Virus 'Mal/Generic-S' found in file HKU\S-1-5-21-3476291681-2796092440-1313146854-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
    2015-07-22 05:59:41.248    >>> Virus 'Mal/Generic-S' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
    2015-07-22 06:09:44.321    Could not open C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb
    2015-07-22 06:09:44.321    Could not open C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb
    2015-07-22 06:09:51.163    Could not open C:\Windows\System32\config\components
    2015-07-22 06:09:51.200    Could not open C:\Windows\System32\config\RegBack\DEFAULT
    2015-07-22 06:09:51.213    Could not open C:\Windows\System32\config\RegBack\SAM
    2015-07-22 06:09:51.215    Could not open C:\Windows\System32\config\RegBack\SECURITY
    2015-07-22 06:09:51.217    Could not open C:\Windows\System32\config\RegBack\SOFTWARE
    2015-07-22 06:09:51.219    Could not open C:\Windows\System32\config\RegBack\SYSTEM
    2015-07-22 06:39:29.153    The following items will be cleaned up:
    2015-07-22 06:39:29.153    Mal/Generic-S
    2015-07-22 16:44:46.922    Sophos Virus Removal Tool version 2.5.4
    2015-07-22 16:44:46.922    Copyright (c) 2009-2014 Sophos Limited. All rights reserved.
    2015-07-22 16:44:46.922    This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them.
    2015-07-22 16:44:46.922    Windows version 6.1 SP 1.0 Service Pack 1 build 7601 SM=0x300 PT=0x1 WOW64
    2015-07-22 16:44:46.925    Checking for updates...
    2015-07-22 16:44:49.711    Update progress: proxy server not available
    2015-07-22 16:45:24.139    Downloading updates...
    2015-07-22 16:45:24.156    Update progress: [I96736] Looking for package C1A903B2-E63E-483b-982D-04BB9C457C60 1.0
    2015-07-22 16:45:24.156    Update progress: [I49502] Found supplement SAVIW32 LATEST
    2015-07-22 16:45:24.156    Update progress: [I49502] Found supplement IDE517 LATEST
    2015-07-22 16:45:24.156    Update progress: [I49502] Found supplement IDE518 LATEST
    2015-07-22 16:45:24.156    Update progress: [I49502] Found supplement IDE519 LATEST
    2015-07-22 16:45:24.156    Update progress: [I49502] Found supplement IDE520 LATEST
    2015-07-22 16:45:24.156    Update progress: [I19463] Syncing product C1A903B2-E63E-483b-982D-04BB9C457C60 1
    2015-07-22 16:45:24.156    Update progress: [I19463] Syncing product SAVIW32 56
    2015-07-22 16:45:24.156    Update progress: [I19463] Syncing product IDE517 162
    2015-07-22 16:45:24.388    Update progress: [I19463] Syncing product IDE518 171
    2015-07-22 16:45:24.388    Update progress: [I19463] Syncing product IDE519 17
    2015-07-22 16:45:24.698    Installing updates...
    2015-07-22 16:45:31.147    Option all = no
    2015-07-22 16:45:32.148    Option recurse = yes
    2015-07-22 16:45:32.148    Option archive = no
    2015-07-22 16:45:32.148    Option service = yes
    2015-07-22 16:45:32.148    Option confirm = yes
    2015-07-22 16:45:32.148    Option sxl = yes
    2015-07-22 16:45:32.148    Option max-data-age = 35
    2015-07-22 16:45:32.148    Option EnableSafeClean = yes
    2015-07-22 16:45:32.148    Option vdl-logging = yes
    2015-07-22 16:45:32.148    Customer ID:    094260ca9b3af99f9d4a3909fc47a743
    2015-07-22 16:45:32.148    Machine ID:    e459127c6d6b412795fe86810d6fc237
    2015-07-22 16:45:32.148    Component SVRTcli.exe version 2.5.4
    2015-07-22 16:45:32.148    Component control.dll version 2.5.4
    2015-07-22 16:45:32.149    Component SVRTservice.exe version 2.5.4
    2015-07-22 16:45:32.149    Component engine\osdp.dll version 1.44.1.2200
    2015-07-22 16:45:32.149    Component engine\veex.dll version 3.60.0.2200
    2015-07-22 16:45:32.149    Component engine\savi.dll version 8.1.7.2200
    2015-07-22 16:45:32.149    Component rkdisk.dll version 1.5.30.0
    2015-07-22 16:45:32.149    Version info:    Product version    2.5.4
    2015-07-22 16:45:32.149    Version info:    Detection engine    3.60.0
    2015-07-22 16:45:32.149    Version info:    Detection data    5.16G
    2015-07-22 16:45:32.149    Version info:    Build date    6/23/2015
    2015-07-22 16:45:32.149    Version info:    Data files added    343
    2015-07-22 16:45:32.149    Version info:    Last successful update    7/22/2015 12:49:08 AM
    2015-07-22 16:45:32.149    Error level 1
    2015-07-22 16:45:32.486    Update progress: [I19463] Syncing product IDE520 1
    2015-07-22 16:45:32.537    Update successful
    2015-07-22 16:45:45.826    Option all = no
    2015-07-22 16:45:45.826    Option recurse = yes
    2015-07-22 16:45:45.826    Option archive = no
    2015-07-22 16:45:45.826    Option service = yes
    2015-07-22 16:45:45.826    Option confirm = yes
    2015-07-22 16:45:45.827    Option sxl = yes
    2015-07-22 16:45:45.828    Option max-data-age = 35
    2015-07-22 16:45:45.828    Option EnableSafeClean = yes
    2015-07-22 16:45:45.886    Option vdl-logging = yes
    2015-07-22 16:45:45.891    Customer ID:    094260ca9b3af99f9d4a3909fc47a743
    2015-07-22 16:45:45.891    Machine ID:    e459127c6d6b412795fe86810d6fc237
    2015-07-22 16:45:45.892    Component SVRTcli.exe version 2.5.4
    2015-07-22 16:45:45.892    Component control.dll version 2.5.4
    2015-07-22 16:45:45.893    Component SVRTservice.exe version 2.5.4
    2015-07-22 16:45:45.893    Component engine\osdp.dll version 1.44.1.2200
    2015-07-22 16:45:45.893    Component engine\veex.dll version 3.60.0.2200
    2015-07-22 16:45:45.893    Component engine\savi.dll version 8.1.7.2200
    2015-07-22 16:45:45.893    Component rkdisk.dll version 1.5.30.0
    2015-07-22 16:45:45.893    Version info:    Product version    2.5.4
    2015-07-22 16:45:45.894    Version info:    Detection engine    3.60.0
    2015-07-22 16:45:45.894    Version info:    Detection data    5.16G
    2015-07-22 16:45:45.894    Version info:    Build date    6/23/2015
    2015-07-22 16:45:45.894    Version info:    Data files added    346
    2015-07-22 16:45:45.894    Version info:    Last successful update    7/22/2015 12:45:32 PM
    2015-07-22 17:21:40.128    Could not open C:\hiberfil.sys
    2015-07-22 17:21:43.726    Could not open C:\pagefile.sys
    2015-07-22 17:35:48.375    >>> Virus 'Mal/Generic-S' found in file C:\Program Files (x86)\Panda Security\Panda Security Protection\LostandFound\Buxvertise_Holder.exe
    2015-07-22 17:35:48.377    >>> Virus 'Mal/Generic-S' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA
    2015-07-22 17:35:48.377    >>> Virus 'Mal/Generic-S' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA
    2015-07-22 17:35:48.377    >>> Virus 'Mal/Generic-S' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin
    2015-07-22 17:35:48.378    >>> Virus 'Mal/Generic-S' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin
    2015-07-22 17:35:48.380    >>> Virus 'Mal/Generic-S' found in file HKU\S-1-5-21-3476291681-2796092440-1313146854-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
    2015-07-22 17:35:48.381    >>> Virus 'Mal/Generic-S' found in file HKU\S-1-5-21-3476291681-2796092440-1313146854-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
    2015-07-22 17:35:48.386    >>> Virus 'Mal/Generic-S' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
    2015-07-22 17:53:14.568    Could not open C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-07-22 17:53:14.569    Could not open C:\System Volume Information\{42908faf-3016-11e5-b67b-00266c41f5fc}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-07-22 17:53:14.569    Could not open C:\System Volume Information\{42908fce-3016-11e5-b67b-00266c41f5fc}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-07-22 17:58:51.168    >>> Virus 'Mal/Generic-S' found in file C:\Users\Dan\Desktop\Updater.exe
    2015-07-22 17:58:51.169    >>> Virus 'Mal/Generic-S' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA
    2015-07-22 17:58:51.169    >>> Virus 'Mal/Generic-S' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA
    2015-07-22 17:58:51.170    >>> Virus 'Mal/Generic-S' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin
    2015-07-22 17:58:51.170    >>> Virus 'Mal/Generic-S' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin
    2015-07-22 17:58:51.170    >>> Virus 'Mal/Generic-S' found in file HKU\S-1-5-21-3476291681-2796092440-1313146854-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
    2015-07-22 17:58:51.173    >>> Virus 'Mal/Generic-S' found in file HKU\S-1-5-21-3476291681-2796092440-1313146854-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
    2015-07-22 17:58:51.174    >>> Virus 'Mal/Generic-S' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
    2015-07-22 18:00:27.122    >>> Virus 'Mal/Generic-S' found in file C:\Users\Dan\Downloads\MultiTool V2.0.0.0\MultiTool V2\Data\CaptchaSolver.exe
    2015-07-22 18:00:27.123    >>> Virus 'Mal/Generic-S' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA
    2015-07-22 18:00:27.123    >>> Virus 'Mal/Generic-S' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA
    2015-07-22 18:00:27.123    >>> Virus 'Mal/Generic-S' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin
    2015-07-22 18:00:27.123    >>> Virus 'Mal/Generic-S' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin
    2015-07-22 18:00:27.124    >>> Virus 'Mal/Generic-S' found in file HKU\S-1-5-21-3476291681-2796092440-1313146854-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
    2015-07-22 18:00:27.124    >>> Virus 'Mal/Generic-S' found in file HKU\S-1-5-21-3476291681-2796092440-1313146854-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
    2015-07-22 18:00:27.125    >>> Virus 'Mal/Generic-S' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
    2015-07-22 18:10:00.038    Could not open C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb
    2015-07-22 18:10:00.039    Could not open C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb
    2015-07-22 18:10:05.579    Could not open C:\Windows\System32\config\components
    2015-07-22 18:10:05.617    Could not open C:\Windows\System32\config\RegBack\DEFAULT
    2015-07-22 18:10:05.619    Could not open C:\Windows\System32\config\RegBack\SAM
    2015-07-22 18:10:05.622    Could not open C:\Windows\System32\config\RegBack\SECURITY
    2015-07-22 18:10:05.624    Could not open C:\Windows\System32\config\RegBack\SOFTWARE
    2015-07-22 18:10:05.625    Could not open C:\Windows\System32\config\RegBack\SYSTEM
    2015-07-22 18:50:44.824    The following items will be cleaned up:
    2015-07-22 18:50:44.824    Mal/Generic-S
     
    • 0
  3. ProblemsRBad added a post in a topic [RESOLVED] My Win 7 laptop having issues   

    ok here is the log:
     
    Fix result of Farbar Recovery Scan Tool (x64) Version:18-07-2015 01
    Ran by Dan at 2015-07-20 08:21:23 Run:1
    Running from C:\Users\Dan\Desktop
    Loaded Profiles: Dan (Available Profiles: Dan & DefaultAppPool)
    Boot Mode: Normal
    ==============================================
    fixlist content:
    *****************
    GroupPolicyScripts-x32: Group Policy detected <======= ATTENTION
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKU\S-1-5-21-3476291681-2796092440-1313146854-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    Hosts:
    S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
    S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
    CustomCLSID: HKU\S-1-5-21-3476291681-2796092440-1313146854-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Dan\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll No File
    *****************
    C:\windows\SysWOW64\GroupPolicy\Machine => moved successfully.
    C:\windows\system32\GroupPolicy\GPT.ini => moved successfully.
    C:\windows\SysWOW64\GroupPolicy\GPT.ini => moved successfully.
    "HKLM\SOFTWARE\Policies\Google" => key removed successfully
    "HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
    "HKU\S-1-5-21-3476291681-2796092440-1313146854-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
    Hosts restored successfully.
    gupdate => Service removed successfully
    gupdatem => Service removed successfully
    "HKU\S-1-5-21-3476291681-2796092440-1313146854-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}" => key removed successfully

    The system needed a reboot..
    ==== End of Fixlog 08:21:23 ====
    • 0
  4. ProblemsRBad added a post in a topic [RESOLVED] My Win 7 laptop having issues   

    Ok, here is the logs:
     
    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:18-07-2015 01
    Ran by Dan (administrator) on DAN-PC on 19-07-2015 20:21:55
    Running from C:\Users\Dan\Desktop
    Loaded Profiles: Dan (Available Profiles: Dan & DefaultAppPool)
    Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
    Internet Explorer Version 11 (Default browser: FF)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
    ==================== Processes (Whitelisted) =================
    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    (tzuk) C:\Program Files\Sandboxie\SbieSvc.exe
    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (Camshare Inc.) C:\Program Files (x86)\Camfrog\Camfrog Video Chat\update\cf_update_service.exe
    (Foxit Software Inc.) C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
    (Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe
    (Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe
    (Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe
    (DEVGURU Co., LTD.) C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe
    (TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    (Google Inc.) C:\Program Files (x86)\Google\Google Sitemap Generator\SitemapService.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    (Siber Systems) C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe
    (Logitech Inc.) C:\Program Files (x86)\Logitech\Video\LogiTray.exe
    (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    (Logitech Inc.) C:\Program Files (x86)\Logitech\Video\FxSvr2.exe
    (Microsoft Corporation) C:\Windows\System32\alg.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe

    ==================== Registry (Whitelisted) ==================
    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
    HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8312352 2009-11-02] (Realtek Semiconductor)
    HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\windows\system32\NvCpl.dll,NvStartup
    HKLM-x32\...\Run: [PSUAMain] => C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe [40184 2015-02-26] (Panda Security, S.L.)
    HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe [2618680 2015-04-08] (Malwarebytes Corporation)
    HKLM-x32\...\Run: [LogitechVideoRepair] => C:\Program Files (x86)\Logitech\Video\ISStart.exe [458752 2005-06-08] (Logitech Inc.)
    HKLM-x32\...\Run: [LogitechVideoTray] => C:\Program Files (x86)\Logitech\Video\LogiTray.exe [217088 2005-06-08] (Logitech Inc.)
    HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-06-08] (Oracle Corporation)
    HKU\S-1-5-21-3476291681-2796092440-1313146854-1000\...\Run: [RoboForm] => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [110160 2015-04-09] (Siber Systems)
    HKU\S-1-5-21-3476291681-2796092440-1313146854-1000\...\Run: [LogitechSoftwareUpdate] => C:\Program Files (x86)\Logitech\Video\ManifestEngine.exe [196608 2005-06-08] (Logitech Inc.)
    HKU\S-1-5-21-3476291681-2796092440-1313146854-1000\...\Run: [ManyCam] => C:\Program Files (x86)\ManyCam\ManyCam.exe [9726760 2015-06-08] (Visicom Media Inc.)
    ShellIconOverlayIdentifiers: [SmartFTP Drop] -> {EA5A76F7-8138-4B53-B0F5-ADCC730CAFBD} => C:\Program Files\SmartFTP Client\ShellTools.dll [2014-11-20] (SmartSoft Ltd.)
    GroupPolicyScripts-x32: Group Policy detected <======= ATTENTION
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
    ==================== Internet (Whitelisted) ====================
    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKU\S-1-5-21-3476291681-2796092440-1313146854-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
    HKU\S-1-5-21-3476291681-2796092440-1313146854-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    SearchScopes: HKLM -> {88B1022D-34D8-49BE-8A5B-535422D035A1} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA
    SearchScopes: HKLM-x32 -> {B1D1EC45-E08F-4184-8807-C75BE7B98131} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-3476291681-2796092440-1313146854-1000 -> {1B67FD76-466C-4AB1-96F2-EDEEACB2E436} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA
    BHO: iMacros Browser Helper Object -> {34D5A80A-992D-4F07-9509-66E9E133BAAF} -> C:\Program Files\Ipswitch\iMacros\iMacrosBHO.dll [2015-03-26] ()
    BHO: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2015-04-09] (Siber Systems Inc.)
    BHO-x32: iMacros Browser Helper Object -> {34D5A80A-992D-4F07-9509-66E9E133BAAF} -> C:\Program Files (x86)\Ipswitch\iMacros\iMacrosBHO.dll [2015-03-26] ()
    BHO-x32: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll [2015-04-09] (Siber Systems Inc.)
    BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\ssv.dll [2015-07-17] (Oracle Corporation)
    BHO-x32: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22] (Microsoft Corporation)
    BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\jp2ssv.dll [2015-07-17] (Oracle Corporation)
    Toolbar: HKLM - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2015-04-09] (Siber Systems Inc.)
    Toolbar: HKLM-x32 - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll [2015-04-09] (Siber Systems Inc.)
    Toolbar: HKU\S-1-5-21-3476291681-2796092440-1313146854-1000 -> &RoboForm Toolbar - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2015-04-09] (Siber Systems Inc.)
    Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)
    Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)
    Hosts: Hosts file not detected in the default directory
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
    Tcpip\..\Interfaces\{E9A8016C-DB52-4631-8397-50AFC0C28F43}: [DhcpNameServer] 192.168.1.1
    Tcpip\..\Interfaces\{ED3FCD13-558F-4CF5-B88E-39B9B954072B}: [DhcpNameServer] 10.3.0.1
    Tcpip\..\Interfaces\{F4FE6A86-0552-4606-866B-4D5D78C5FEE8}: [DhcpNameServer] 192.168.1.1
    FireFox:
    ========
    FF ProfilePath: C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\bj93ez97.default-1427226481790
    FF Homepage: google.com
    FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_18_0_0_209.dll [2015-07-18] ()
    FF Plugin: @microsoft.com/GENUINE -> disabled No File
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_209.dll [2015-07-18] ()
    FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] ()
    FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
    FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
    FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
    FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
    FF Plugin-x32: @java.com/DTPlugin,version=11.51.2 -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\dtplugin\npDeployJava1.dll [2015-07-17] (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=11.51.2 -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\plugin2\npjp2.dll [2015-07-17] (Oracle Corporation)
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2009-07-10] (Microsoft Corporation)
    FF Plugin-x32: @siber.com/RoboForm -> C:\Program Files (x86)\Siber Systems\AI RoboForm\chrome\plugin\np-rf-plugin.dll [2015-04-09] (Siber Systems Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
    FF Plugin-x32: @videolan.org/vlc,version=2.2.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-02-27] (VideoLAN)
    FF Plugin HKU\S-1-5-21-3476291681-2796092440-1313146854-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\Dan\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
    FF Plugin HKU\S-1-5-21-3476291681-2796092440-1313146854-1000: @talk.google.com/O1DPlugin -> C:\Users\Dan\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-04-17] (Google)
    FF Plugin HKU\S-1-5-21-3476291681-2796092440-1313146854-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Dan\AppData\Local\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-17] (Google Inc.)
    FF Plugin HKU\S-1-5-21-3476291681-2796092440-1313146854-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Dan\AppData\Local\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-17] (Google Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Users\Dan\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
    FF Plugin ProgramFiles/Appdata: C:\Users\Dan\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-04-17] (Google)
    FF Extension: iMacros for Firefox - C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\bj93ez97.default-1427226481790\Extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670} [2015-05-29]
    FF HKLM-x32\...\Firefox\Extensions: [fiddlerhook@fiddler2.com] - C:\Program Files (x86)\Fiddler2\FiddlerHook
    FF Extension: FiddlerHook - C:\Program Files (x86)\Fiddler2\FiddlerHook [2015-04-06]
    FF HKLM-x32\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox
    FF Extension: RoboForm Toolbar for Firefox - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox [2015-04-09]
    FF HKU\S-1-5-21-3476291681-2796092440-1313146854-1000\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox
    Chrome:
    =======
    CHR dev: Chrome dev build detected! <======= ATTENTION
    CHR Profile: C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Google Slides) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-06-04]
    CHR Extension: (Google Docs) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-06-04]
    CHR Extension: (Google Drive) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-06-04]
    CHR Extension: (YouTube) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-06-04]
    CHR Extension: (Google Search) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-06-04]
    CHR Extension: (Google Sheets) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-06-04]
    CHR Extension: (Chrome Remote Desktop) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2015-06-04]
    CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-06-04]
    CHR Extension: (Chrome RDP for Google Cloud Platform) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpbbnannobiobpnfblimoapbephgifkm [2015-06-04]
    CHR Extension: (Google Wallet) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-06-04]
    CHR Extension: (Gmail) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-06-04]
    Opera:
    =======
    OPR Extension: (2048 AI - bitcoin) - C:\Users\Dan\AppData\Roaming\Opera Software\Opera Stable\Extensions\chfnopmklmpinabemlmldefhbhgkglmc [2015-04-04]
    OPR Extension: (RoboForm) - C:\Program Files (x86)\Siber Systems\AI RoboForm\Opera [2015-04-09]
    ==================== Services (Whitelisted) =================
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
    R2 camfrog_update_service; C:\Program Files (x86)\Camfrog\Camfrog Video Chat\update\cf_update_service.exe [1035768 2015-07-14] (Camshare Inc.)
    S4 fbdpinger; c:\Program Files (x86)\TOSHIBA\ToshibaFB\fdbpinger.exe [322416 2009-09-15] (Toshiba America Information Systems)
    R2 FoxitCloudUpdateService; C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [244392 2015-06-02] (Foxit Software Inc.)
    R2 GoogleSitemapGenerator; C:\Program Files (x86)\Google\Google Sitemap Generator\SitemapService.exe [704512 2009-12-31] (Google Inc.) [File not signed]
    S4 iRacingService; C:\Program Files (x86)\iRacing\iRacingService.exe [804640 2015-03-13] (iRacing.com Motorsport Simulations, LLC
    Bedford, MA 01730)
    R2 LMS; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [262144 2009-09-30] (Intel Corporation) [File not signed]
    R2 MbaeSvc; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [656184 2015-04-08] (Malwarebytes Corporation)
    R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation)
    R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
    R2 NanoServiceMain; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe [142584 2015-02-26] (Panda Security, S.L.)
    S3 OpenVPNService; C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe [33080 2014-12-01] (The OpenVPN Project)
    R2 PandaAgent; C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe [66808 2014-10-09] (Panda Security, S.L.)
    R2 PSUAService; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe [38136 2015-02-26] (Panda Security, S.L.)
    R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [99048 2010-07-04] (tzuk)
    R2 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2014-10-13] (DEVGURU Co., LTD.)
    S4 taisregispinger; C:\Program Files (x86)\TOSHIBA\ToshibaRegistration\TaisRegistPinger.exe [297344 2009-08-13] ()
    S4 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5448464 2015-03-30] (TeamViewer GmbH)
    R2 UNS; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2314240 2009-09-30] (Intel Corporation) [File not signed]
    R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [453120 2010-11-20] (Microsoft Corporation)
    R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
    S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
    S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
    ==================== Drivers (Whitelisted) ====================
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
    U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
    R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-11-15] (Disc Soft Ltd)
    R1 ESProtectionDriver; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [63064 2015-04-08] ()
    R3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv.sys [49304 2014-12-15] (Visicom Media Inc.)
    R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
    R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [113880 2015-07-19] (Malwarebytes Corporation)
    S3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation)
    R3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv_x64.sys [35992 2014-12-15] (Visicom Media Inc.)
    R1 NNSALPC; C:\Windows\System32\DRIVERS\NNSAlpc.sys [93968 2015-02-09] (Panda Security, S.L.)
    R1 NNSHTTP; C:\Windows\System32\DRIVERS\NNSHttp.sys [202000 2015-02-09] (Panda Security, S.L.)
    R1 NNSHTTPS; C:\Windows\System32\DRIVERS\NNSHttps.sys [110864 2015-02-09] (Panda Security, S.L.)
    R1 NNSIDS; C:\Windows\System32\DRIVERS\NNSIds.sys [116496 2015-02-09] (Panda Security, S.L.)
    R1 NNSNAHSL; C:\Windows\System32\DRIVERS\NNSNAHSL.sys [48400 2014-12-31] (Panda Security, S.L.)
    R1 NNSPICC; C:\Windows\System32\DRIVERS\NNSPicc.sys [99600 2015-02-09] (Panda Security, S.L.)
    R1 NNSPIHSW; C:\Windows\System32\DRIVERS\NNSPihsw.sys [69904 2015-02-09] (Panda Security, S.L.)
    R1 NNSPOP3; C:\Windows\System32\DRIVERS\NNSPop3.sys [124176 2015-02-09] (Panda Security, S.L.)
    R1 NNSPROT; C:\Windows\System32\DRIVERS\NNSProt.sys [299792 2015-02-09] (Panda Security, S.L.)
    R1 NNSPRV; C:\Windows\System32\DRIVERS\NNSPrv.sys [166160 2015-02-09] (Panda Security, S.L.)
    R1 NNSSMTP; C:\Windows\System32\DRIVERS\NNSSmtp.sys [113424 2015-02-09] (Panda Security, S.L.)
    R1 NNSSTRM; C:\Windows\System32\DRIVERS\NNSStrm.sys [257296 2015-02-09] (Panda Security, S.L.)
    R1 NNSTLSC; C:\Windows\System32\DRIVERS\NNSTlsc.sys [106256 2015-02-09] (Panda Security, S.L.)
    S3 NWUSBModem; C:\Windows\System32\DRIVERS\nwusbmdm.sys [213376 2009-12-18] (Novatel Wireless Inc.)
    S3 NWUSBPort; C:\Windows\System32\DRIVERS\nwusbser.sys [213376 2009-12-18] (Novatel Wireless Inc.)
    S3 NWUSBPort2; C:\Windows\System32\DRIVERS\nwusbser2.sys [213376 2009-12-18] (Novatel Wireless Inc.)
    R2 PSINAflt; C:\Windows\System32\DRIVERS\PSINAflt.sys [163088 2015-02-25] (Panda Security, S.L.)
    R2 PSINFile; C:\Windows\System32\DRIVERS\PSINFile.sys [121616 2015-02-25] (Panda Security, S.L.)
    R1 PSINKNC; C:\Windows\System32\DRIVERS\psinknc.sys [197392 2015-02-25] (Panda Security, S.L.)
    R2 PSINProc; C:\Windows\System32\DRIVERS\PSINProc.sys [124176 2015-02-25] (Panda Security, S.L.)
    R2 PSINProt; C:\Windows\System32\DRIVERS\PSINProt.sys [133904 2015-02-25] (Panda Security, S.L.)
    R2 PSINReg; C:\Windows\System32\DRIVERS\PSINReg.sys [107792 2015-02-25] (Panda Security, S.L.)
    R3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [61712 2015-01-29] (Panda Security, S.L.)
    R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [139880 2010-07-04] (tzuk)
    U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-07-17] ()
    ==================== NetSvcs (Whitelisted) ===================
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    ==================== One Month Created files and folders ========
    (If an entry is included in the fixlist, the file/folder will be moved.)
    2015-07-19 20:21 - 2015-07-19 20:21 - 00000000 ____D C:\Users\Dan\Desktop\FRST-OlderVersion
    2015-07-19 14:14 - 2015-07-19 14:14 - 00000012 _____ C:\Users\Dan\Desktop\interserver password.txt
    2015-07-19 12:12 - 2015-07-19 12:23 - 00000000 ____D C:\Users\Dan\AppData\Roaming\vlc
    2015-07-18 22:41 - 2015-07-19 20:21 - 00000000 ____D C:\Users\Dan\AppData\Local\ManyCam
    2015-07-18 22:40 - 2015-07-18 22:42 - 00000000 ____D C:\ProgramData\ManyCam
    2015-07-18 22:40 - 2015-07-18 22:40 - 00000990 _____ C:\Users\Public\Desktop\ManyCam.lnk
    2015-07-18 22:40 - 2015-07-18 22:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ManyCam
    2015-07-18 21:14 - 2015-07-18 21:14 - 00295960 _____ (Visicom Media inc.) C:\Users\Dan\Downloads\ManyCamWebInstaller(2).exe
    2015-07-18 20:48 - 2015-07-18 20:48 - 00000000 ____D C:\Users\Dan\AppData\Local\CrashRpt
    2015-07-18 20:14 - 2015-07-18 20:14 - 00030444 _____ C:\ComboFix.txt
    2015-07-18 19:42 - 2015-07-18 20:15 - 00000000 ____D C:\Qoobox
    2015-07-18 19:42 - 2011-06-26 02:45 - 00256000 _____ C:\windows\PEV.exe
    2015-07-18 19:42 - 2010-11-07 13:20 - 00208896 _____ C:\windows\MBR.exe
    2015-07-18 19:42 - 2009-04-20 00:56 - 00060416 _____ (NirSoft) C:\windows\NIRCMD.exe
    2015-07-18 19:42 - 2000-08-30 20:00 - 00518144 _____ (SteelWerX) C:\windows\SWREG.exe
    2015-07-18 19:42 - 2000-08-30 20:00 - 00406528 _____ (SteelWerX) C:\windows\SWSC.exe
    2015-07-18 19:42 - 2000-08-30 20:00 - 00098816 _____ C:\windows\sed.exe
    2015-07-18 19:42 - 2000-08-30 20:00 - 00080412 _____ C:\windows\grep.exe
    2015-07-18 19:42 - 2000-08-30 20:00 - 00068096 _____ C:\windows\zip.exe
    2015-07-18 19:40 - 2015-07-18 19:40 - 05633411 ____R (Swearware) C:\Users\Dan\Desktop\ComboFix.exe
    2015-07-18 19:29 - 2015-07-18 19:29 - 00000000 ____D C:\ProgramData\GeoComply
    2015-07-18 16:26 - 2015-07-18 16:27 - 00001131 _____ C:\Users\Dan\Desktop\JRT.txt
    2015-07-18 16:18 - 2015-07-18 16:18 - 00001551 _____ C:\Users\Dan\Desktop\AdwCleaner[S1].txt
    2015-07-17 16:19 - 2015-07-17 16:19 - 00242712 _____ C:\Users\Dan\Downloads\Firefox Setup Stub 39.0.exe
    2015-07-17 15:51 - 2015-07-17 15:51 - 00003148 _____ C:\windows\System32\Tasks\{69747253-5E66-4A83-9329-DA7A058E0BA1}
    2015-07-17 15:50 - 2015-07-17 15:50 - 00000000 ____D C:\windows\DEA314C409294250BC9298E4C105F28D.TMP
    2015-07-17 15:47 - 2015-07-17 15:47 - 00002561 _____ C:\Users\Dan\Desktop\rkill.txt
    2015-07-17 15:32 - 2015-07-17 15:37 - 123017552 _____ C:\Users\Dan\Downloads\TCA0027600J_os2010160b_64(1).exe
    2015-07-17 15:07 - 2015-07-17 15:07 - 02248704 _____ C:\Users\Dan\Desktop\adwcleaner_4.208.exe
    2015-07-17 15:06 - 2015-07-17 15:07 - 18070088 _____ C:\Users\Dan\Desktop\RogueKiller.exe
    2015-07-17 14:58 - 2015-07-17 14:59 - 00048930 _____ C:\Users\Dan\Desktop\Addition.txt
    2015-07-17 14:57 - 2015-07-19 20:24 - 00022595 _____ C:\Users\Dan\Desktop\FRST.txt
    2015-07-17 14:55 - 2015-07-19 20:22 - 00000000 ____D C:\FRST
    2015-07-17 14:51 - 2015-06-26 22:47 - 00814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
    2015-07-17 14:51 - 2015-06-26 22:43 - 05923840 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
    2015-07-17 14:51 - 2015-06-26 21:58 - 00620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
    2015-07-17 14:51 - 2015-06-26 21:39 - 04520448 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
    2015-07-17 14:51 - 2015-06-25 04:57 - 03207168 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
    2015-07-17 14:51 - 2015-06-17 13:47 - 00404992 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll
    2015-07-17 14:51 - 2015-06-17 13:37 - 00312320 _____ (Microsoft Corporation) C:\windows\SysWOW64\gdi32.dll
    2015-07-17 14:51 - 2015-06-01 20:07 - 00254976 _____ (Microsoft Corporation) C:\windows\system32\cewmdm.dll
    2015-07-17 14:51 - 2015-06-01 19:47 - 00210432 _____ (Microsoft Corporation) C:\windows\SysWOW64\cewmdm.dll
    2015-07-17 14:50 - 2015-07-04 14:07 - 02087424 _____ (Microsoft Corporation) C:\windows\system32\ole32.dll
    2015-07-17 14:50 - 2015-07-04 13:48 - 01414656 _____ (Microsoft Corporation) C:\windows\SysWOW64\ole32.dll
    2015-07-17 14:50 - 2015-07-02 17:21 - 19877376 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
    2015-07-17 14:50 - 2015-07-02 17:08 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
    2015-07-17 14:50 - 2015-07-02 16:50 - 02279424 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
    2015-07-17 14:50 - 2015-07-02 16:49 - 25193984 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
    2015-07-17 14:50 - 2015-07-02 16:46 - 00479232 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
    2015-07-17 14:50 - 2015-07-02 16:40 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
    2015-07-17 14:50 - 2015-07-02 16:23 - 02885632 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
    2015-07-17 14:50 - 2015-07-02 16:19 - 12855296 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
    2015-07-17 14:50 - 2015-07-02 16:12 - 00615936 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
    2015-07-17 14:50 - 2015-07-02 15:55 - 01310720 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
    2015-07-17 14:50 - 2015-07-02 15:20 - 14453248 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
    2015-07-17 14:50 - 2015-07-02 14:59 - 01545728 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
    2015-07-17 14:50 - 2015-06-25 14:09 - 00389832 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
    2015-07-17 14:50 - 2015-06-25 13:43 - 00342736 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
    2015-07-17 14:50 - 2015-06-20 16:06 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
    2015-07-17 14:50 - 2015-06-20 15:50 - 00066560 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
    2015-07-17 14:50 - 2015-06-20 15:49 - 00584192 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
    2015-07-17 14:50 - 2015-06-20 15:49 - 00417792 _____ (Microsoft Corporation) C:\windows\system32\html.iec
    2015-07-17 14:50 - 2015-06-20 15:49 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
    2015-07-17 14:50 - 2015-06-20 15:48 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
    2015-07-17 14:50 - 2015-06-20 15:40 - 00054784 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
    2015-07-17 14:50 - 2015-06-20 15:39 - 00034304 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
    2015-07-17 14:50 - 2015-06-20 15:34 - 00816640 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
    2015-07-17 14:50 - 2015-06-20 15:34 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
    2015-07-17 14:50 - 2015-06-20 15:34 - 00114688 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
    2015-07-17 14:50 - 2015-06-20 15:25 - 00968704 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
    2015-07-17 14:50 - 2015-06-20 15:21 - 00490496 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
    2015-07-17 14:50 - 2015-06-20 15:13 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
    2015-07-17 14:50 - 2015-06-20 15:08 - 00199680 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
    2015-07-17 14:50 - 2015-06-20 15:07 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
    2015-07-17 14:50 - 2015-06-20 15:05 - 00316928 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
    2015-07-17 14:50 - 2015-06-20 14:48 - 00801280 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
    2015-07-17 14:50 - 2015-06-20 14:48 - 00720384 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
    2015-07-17 14:50 - 2015-06-20 14:46 - 02125824 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
    2015-07-17 14:50 - 2015-06-20 14:46 - 01359360 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
    2015-07-17 14:50 - 2015-06-20 14:26 - 02427392 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
    2015-07-17 14:50 - 2015-06-20 14:02 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
    2015-07-17 14:50 - 2015-06-19 14:25 - 00504320 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
    2015-07-17 14:50 - 2015-06-19 14:25 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
    2015-07-17 14:50 - 2015-06-19 14:24 - 00341504 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec
    2015-07-17 14:50 - 2015-06-19 14:24 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
    2015-07-17 14:50 - 2015-06-19 14:23 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
    2015-07-17 14:50 - 2015-06-19 14:17 - 00047104 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
    2015-07-17 14:50 - 2015-06-19 14:16 - 00030720 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
    2015-07-17 14:50 - 2015-06-19 14:13 - 00664064 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
    2015-07-17 14:50 - 2015-06-19 14:13 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
    2015-07-17 14:50 - 2015-06-19 14:03 - 00418304 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
    2015-07-17 14:50 - 2015-06-19 13:57 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
    2015-07-17 14:50 - 2015-06-19 13:53 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
    2015-07-17 14:50 - 2015-06-19 13:52 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
    2015-07-17 14:50 - 2015-06-19 13:51 - 00285696 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
    2015-07-17 14:50 - 2015-06-19 13:40 - 02052608 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
    2015-07-17 14:50 - 2015-06-19 13:40 - 00689152 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
    2015-07-17 14:50 - 2015-06-19 13:39 - 01155072 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
    2015-07-17 14:50 - 2015-06-19 13:15 - 01951232 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
    2015-07-17 14:50 - 2015-06-19 13:11 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
    2015-07-17 14:49 - 2015-07-01 16:56 - 00155584 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
    2015-07-17 14:49 - 2015-07-01 16:56 - 00095680 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
    2015-07-17 14:49 - 2015-07-01 16:49 - 01461760 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
    2015-07-17 14:49 - 2015-07-01 16:49 - 01216512 _____ (Microsoft Corporation) C:\windows\system32\rpcrt4.dll
    2015-07-17 14:49 - 2015-07-01 16:49 - 00729088 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
    2015-07-17 14:49 - 2015-07-01 16:49 - 00342016 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
    2015-07-17 14:49 - 2015-07-01 16:49 - 00315392 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
    2015-07-17 14:49 - 2015-07-01 16:49 - 00309760 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
    2015-07-17 14:49 - 2015-07-01 16:49 - 00210944 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
    2015-07-17 14:49 - 2015-07-01 16:49 - 00136192 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
    2015-07-17 14:49 - 2015-07-01 16:49 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
    2015-07-17 14:49 - 2015-07-01 16:49 - 00029184 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
    2015-07-17 14:49 - 2015-07-01 16:49 - 00028160 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
    2015-07-17 14:49 - 2015-07-01 16:48 - 00044032 _____ (Microsoft Corporation) C:\windows\system32\cryptbase.dll
    2015-07-17 14:49 - 2015-07-01 16:48 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
    2015-07-17 14:49 - 2015-07-01 16:47 - 00064000 _____ (Microsoft Corporation) C:\windows\system32\auditpol.exe
    2015-07-17 14:49 - 2015-07-01 16:47 - 00031232 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
    2015-07-17 14:49 - 2015-07-01 16:43 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
    2015-07-17 14:49 - 2015-07-01 16:43 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\msobjs.dll
    2015-07-17 14:49 - 2015-07-01 16:39 - 00686080 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
    2015-07-17 14:49 - 2015-07-01 16:30 - 00552960 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
    2015-07-17 14:49 - 2015-07-01 16:30 - 00259584 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
    2015-07-17 14:49 - 2015-07-01 16:30 - 00248832 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
    2015-07-17 14:49 - 2015-07-01 16:30 - 00221184 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
    2015-07-17 14:49 - 2015-07-01 16:30 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
    2015-07-17 14:49 - 2015-07-01 16:30 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
    2015-07-17 14:49 - 2015-07-01 16:30 - 00036864 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptbase.dll
    2015-07-17 14:49 - 2015-07-01 16:30 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
    2015-07-17 14:49 - 2015-07-01 16:30 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
    2015-07-17 14:49 - 2015-07-01 16:29 - 00665088 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpcrt4.dll
    2015-07-17 14:49 - 2015-07-01 16:29 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
    2015-07-17 14:49 - 2015-07-01 16:29 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\auditpol.exe
    2015-07-17 14:49 - 2015-07-01 16:27 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\msobjs.dll
    2015-07-17 14:49 - 2015-07-01 16:26 - 00146432 _____ (Microsoft Corporation) C:\windows\SysWOW64\msaudite.dll
    2015-07-17 14:49 - 2015-07-01 16:24 - 00686080 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll
    2015-07-17 14:49 - 2015-07-01 15:27 - 00159232 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb.sys
    2015-07-17 14:49 - 2015-07-01 15:26 - 00290816 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb10.sys
    2015-07-17 14:49 - 2015-07-01 15:26 - 00129024 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb20.sys
    2015-07-17 14:49 - 2015-06-15 17:50 - 00112064 _____ (Microsoft Corporation) C:\windows\system32\consent.exe
    2015-07-17 14:49 - 2015-06-15 17:45 - 03242496 _____ (Microsoft Corporation) C:\windows\system32\msi.dll
    2015-07-17 14:49 - 2015-06-15 17:45 - 01941504 _____ (Microsoft Corporation) C:\windows\system32\authui.dll
    2015-07-17 14:49 - 2015-06-15 17:45 - 00504320 _____ (Microsoft Corporation) C:\windows\system32\msihnd.dll
    2015-07-17 14:49 - 2015-06-15 17:45 - 00070656 _____ (Microsoft Corporation) C:\windows\system32\appinfo.dll
    2015-07-17 14:49 - 2015-06-15 17:44 - 00128000 _____ (Microsoft Corporation) C:\windows\system32\msiexec.exe
    2015-07-17 14:49 - 2015-06-15 17:43 - 02364416 _____ (Microsoft Corporation) C:\windows\SysWOW64\msi.dll
    2015-07-17 14:49 - 2015-06-15 17:43 - 01805824 _____ (Microsoft Corporation) C:\windows\SysWOW64\authui.dll
    2015-07-17 14:49 - 2015-06-15 17:43 - 00337408 _____ (Microsoft Corporation) C:\windows\SysWOW64\msihnd.dll
    2015-07-17 14:49 - 2015-06-15 17:42 - 00073216 _____ (Microsoft Corporation) C:\windows\SysWOW64\msiexec.exe
    2015-07-17 14:49 - 2015-06-15 17:42 - 00025088 _____ (Microsoft Corporation) C:\windows\system32\msimsg.dll
    2015-07-17 14:49 - 2015-06-15 17:37 - 00025088 _____ (Microsoft Corporation) C:\windows\SysWOW64\msimsg.dll
    2015-07-17 14:47 - 2015-07-19 20:21 - 02134528 _____ (Farbar) C:\Users\Dan\Desktop\FRST64.exe
    2015-07-17 14:46 - 2015-07-03 14:05 - 00100864 _____ (Microsoft Corporation) C:\windows\system32\fontsub.dll
    2015-07-17 14:46 - 2015-07-03 14:05 - 00046080 _____ (Adobe Systems) C:\windows\system32\atmlib.dll
    2015-07-17 14:46 - 2015-07-03 14:05 - 00041984 _____ (Microsoft Corporation) C:\windows\system32\lpk.dll
    2015-07-17 14:46 - 2015-07-03 14:05 - 00014336 _____ (Microsoft Corporation) C:\windows\system32\dciman32.dll
    2015-07-17 14:46 - 2015-07-03 13:56 - 00070656 _____ (Microsoft Corporation) C:\windows\SysWOW64\fontsub.dll
    2015-07-17 14:46 - 2015-07-03 13:56 - 00034304 _____ (Adobe Systems) C:\windows\SysWOW64\atmlib.dll
    2015-07-17 14:46 - 2015-07-03 13:56 - 00010240 _____ (Microsoft Corporation) C:\windows\SysWOW64\dciman32.dll
    2015-07-17 14:46 - 2015-07-03 13:55 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\lpk.dll
    2015-07-17 14:46 - 2015-07-03 12:52 - 00372224 _____ (Adobe Systems Incorporated) C:\windows\system32\atmfd.dll
    2015-07-17 14:46 - 2015-07-03 12:42 - 00299008 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\atmfd.dll
    2015-07-17 13:37 - 2015-07-17 13:40 - 00000000 ____D C:\Users\Dan\AppData\Local\CyberGhost
    2015-07-17 13:36 - 2015-07-17 14:08 - 00000000 ____D C:\Program Files\CyberGhost 5
    2015-07-06 10:43 - 2015-07-06 06:35 - 02953457 _____ (Malwarebytes Corporation) C:\Users\Dan\Desktop\JRT.exe
    2015-07-06 08:25 - 2015-01-29 13:21 - 00061712 _____ (Panda Security, S.L.) C:\windows\system32\Drivers\PSKMAD.sys
    2015-07-02 11:06 - 2015-07-02 11:15 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\Dan\Downloads\mbam-setup-2.1.8.1057.exe
    2015-07-01 20:51 - 2015-07-01 20:51 - 00000000 ____D C:\Users\Dan\AppData\Roaming\Verizon Wireless
    2015-07-01 20:48 - 2015-07-01 20:48 - 00001271 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VZAccess Manager.lnk
    2015-07-01 20:48 - 2015-07-01 20:48 - 00001259 _____ C:\Users\Public\Desktop\VZAccess Manager.lnk
    2015-07-01 20:48 - 2015-07-01 20:48 - 00000000 ____D C:\ProgramData\WEngineLite
    2015-07-01 20:48 - 2015-07-01 20:48 - 00000000 ____D C:\ProgramData\Verizon Wireless
    2015-07-01 20:46 - 2015-07-01 20:48 - 00000000 ____D C:\Program Files (x86)\Verizon Wireless
    2015-07-01 20:46 - 2015-07-01 20:46 - 00002635 _____ C:\Users\Dan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Verizon Wireless MiFi-2200 Firmware Updates.lnk
    2015-07-01 20:29 - 2015-07-01 20:29 - 00000000 ____D C:\Program Files (x86)\Novatel Wireless
    2015-06-30 11:02 - 2015-06-30 11:02 - 00262144 _____ C:\windows\Minidump\063015-24694-01.dmp
    2015-06-29 08:22 - 2015-06-29 08:22 - 00697408 _____ C:\Users\Dan\Downloads\odysseusOTA-v1.0.1.zip
    2015-06-29 08:22 - 2015-06-29 08:22 - 00000000 ____D C:\Users\Dan\Downloads\odysseusOTA-v1.0.1
    2015-06-28 18:54 - 2015-06-28 18:54 - 00000000 ____D C:\Users\Dan\AppData\Local\iMobie_Inc
    2015-06-28 18:53 - 2015-06-28 18:53 - 00001185 _____ C:\Users\Public\Desktop\AnyTrans.lnk
    2015-06-28 18:52 - 2015-06-28 18:52 - 15016920 _____ (iMobie Inc. ) C:\Users\Dan\Downloads\anytrans-setup.exe
    2015-06-28 18:47 - 2015-06-28 18:54 - 00000000 ____D C:\Users\Dan\AppData\Roaming\iMobie
    2015-06-28 18:47 - 2015-06-28 18:47 - 00000000 ____D C:\Users\Dan\AppData\Local\iMobie_PhoneRescue
    2015-06-28 18:46 - 2015-06-28 18:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iMobie
    2015-06-28 18:46 - 2015-06-28 18:53 - 00000000 ____D C:\Program Files (x86)\iMobie
    2015-06-28 18:46 - 2015-06-28 18:46 - 00001227 _____ C:\Users\Public\Desktop\PhoneRescue.lnk
    2015-06-28 18:45 - 2015-06-28 18:45 - 04017112 _____ (iMobie Inc. ) C:\Users\Dan\Downloads\phonerescue-64-setup.exe
    2015-06-28 18:37 - 2015-06-28 18:38 - 00000000 ____D C:\Users\Dan\Downloads\R4z3r's Activator v1.0.1
    2015-06-28 18:36 - 2015-06-28 18:37 - 47022199 _____ C:\Users\Dan\Downloads\R4z3r's Activator v1.0.1.zip
    2015-06-28 16:11 - 2015-06-28 16:11 - 00001179 _____ C:\Users\Dan\Desktop\Tenorshare iPad Data Recovery.lnk
    2015-06-28 16:11 - 2015-06-28 16:11 - 00000000 ____D C:\Users\Dan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tenorshare iPad Data Recovery
    2015-06-28 16:11 - 2015-06-28 16:11 - 00000000 ____D C:\Program Files (x86)\Tenorshare iPad Data Recovery
    2015-06-28 16:09 - 2015-06-28 16:09 - 13805304 _____ C:\Users\Dan\Downloads\TenorshareiPadDataRecoverytrial147.exe
    2015-06-28 10:58 - 2015-06-28 21:20 - 00000000 ____D C:\Users\Dan\Desktop\new ibypass
    2015-06-28 10:38 - 2015-06-28 10:38 - 00604625 _____ C:\Users\Dan\Downloads\SurveyBypassTools.zip
    2015-06-28 10:38 - 2015-06-28 10:38 - 00000000 ____D C:\Users\Dan\Downloads\SurveyBypassTools
    2015-06-26 13:23 - 2015-06-26 13:23 - 00000000 ____D C:\Users\Dan\Downloads\iCL0udin_icloud_bypass_v1.0(2)
    2015-06-26 13:18 - 2015-06-26 13:19 - 00446555 _____ C:\Users\Dan\Downloads\iCL0udin_icloud_bypass_v1.0(2).zip
    2015-06-23 18:15 - 2015-06-23 18:15 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Dan\Downloads\mbam-setup-2.1.6.1022.exe
    2015-06-23 18:15 - 2015-06-23 18:15 - 03020968 _____ (Malwarebytes ) C:\Users\Dan\Downloads\mbae-setup-1.06.1.1019.exe
    2015-06-23 18:07 - 2015-06-23 18:07 - 00000151 _____ C:\Users\Dan\Desktop\malwarebytes keys.txt
    2015-06-23 03:23 - 2015-07-17 22:16 - 00001202 _____ C:\Users\Dan\Desktop\MultiTool V2.lnk
    2015-06-23 00:39 - 2015-07-18 22:45 - 00000000 ____D C:\Program Files (x86)\ManyCam
    2015-06-23 00:39 - 2015-06-23 00:39 - 00000000 ____D C:\Users\Dan\AppData\Roaming\ManyCam
    2015-06-22 22:28 - 2015-06-22 23:55 - 00000000 ____D C:\Program Files (x86)\MultiTool V2
    2015-06-22 22:27 - 2015-06-22 22:27 - 00280064 _____ C:\Users\Dan\Desktop\Updater.exe
    2015-06-22 21:57 - 2015-06-22 21:57 - 00000000 ____D C:\RegBackup
    2015-06-22 15:41 - 2015-06-21 19:39 - 02950454 _____ (Thisisu) C:\Users\Dan\Desktop\JRT_NEW.exe
    2015-06-22 15:14 - 2015-07-18 15:32 - 00000000 ____D C:\AdwCleaner
    2015-06-21 14:17 - 2015-06-21 14:17 - 00000000 ____D C:\Users\Dan\Downloads\MBAE Patch + RegKeys+ Setup
    2015-06-21 14:03 - 2015-06-21 14:03 - 01582824 _____ C:\Users\Dan\Desktop\PANDAAP15.exe
    2015-06-21 13:58 - 2015-06-21 13:58 - 00000000 ____D C:\Program Files (x86)\Search by Image by
    2015-06-20 22:53 - 2015-06-20 22:53 - 00295960 _____ (Visicom Media inc.) C:\Users\Dan\Downloads\ManyCamWebInstaller(1).exe
    2015-06-20 22:42 - 2015-06-20 22:42 - 00002777 _____ C:\Users\Dan\Desktop\Sophos Virus Removal Tool.lnk
    2015-06-20 22:42 - 2015-06-20 22:42 - 00002759 _____ C:\Users\Public\Desktop\Sophos Virus Removal Tool.lnk
    2015-06-20 22:42 - 2015-06-20 22:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
    2015-06-20 22:42 - 2015-06-20 22:42 - 00000000 ____D C:\Program Files (x86)\Sophos
    2015-06-20 21:48 - 2015-06-20 21:48 - 124217352 _____ (Sophos Limited) C:\Users\Dan\Desktop\Sophos Virus Removal Tool.exe
    2015-06-20 11:39 - 2015-06-20 11:39 - 00000000 ____D C:\Users\Dan\Desktop\text docs
    ==================== One Month Modified files and folders ========
    (If an entry is included in the fixlist, the file/folder will be moved.)
    2015-07-19 20:23 - 2014-10-10 20:57 - 01519579 _____ C:\windows\WindowsUpdate.log
    2015-07-19 20:22 - 2014-12-01 09:09 - 00113880 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
    2015-07-19 20:21 - 2009-07-14 00:45 - 00015792 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2015-07-19 20:21 - 2009-07-14 00:45 - 00015792 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2015-07-19 20:20 - 2014-10-12 19:33 - 00000000 ____D C:\Users\Dan\AppData\Roaming\Bitcoin
    2015-07-19 20:17 - 2015-04-04 10:51 - 00000000 ____D C:\Program Files (x86)\Opera
    2015-07-19 20:13 - 2015-05-30 17:24 - 00000433 _____ C:\windows\system32\Drivers\etc\hosts.ics
    2015-07-19 20:11 - 2014-12-02 01:21 - 00067142 _____ C:\windows\setupact.log
    2015-07-19 20:11 - 2009-12-12 02:43 - 00297714 _____ C:\windows\PFRO.log
    2015-07-19 20:11 - 2009-07-14 01:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
    2015-07-19 17:44 - 2015-05-14 23:22 - 00000900 _____ C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3476291681-2796092440-1313146854-1000UA.job
    2015-07-19 17:33 - 2015-03-30 20:51 - 00000830 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
    2015-07-19 14:44 - 2015-05-14 23:22 - 00000848 _____ C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3476291681-2796092440-1313146854-1000Core.job
    2015-07-19 14:24 - 2015-04-22 07:08 - 00000000 ____D C:\ProgramData\Malwarebytes Anti-Exploit
    2015-07-19 12:24 - 2014-10-12 19:43 - 00000000 ____D C:\Users\Dan\AppData\Roaming\Azureus
    2015-07-18 23:49 - 2014-10-25 23:35 - 00000000 ____D C:\Users\Dan\AppData\Roaming\DAoC Portal
    2015-07-18 23:48 - 2015-02-28 14:32 - 00000000 ____D C:\Program Files (x86)\betternet
    2015-07-18 23:42 - 2014-11-05 01:37 - 00000000 ____D C:\Users\Dan\AppData\Roaming\Skype
    2015-07-18 22:46 - 2014-10-14 23:11 - 00000000 ____D C:\Users\Dan\AppData\Roaming\Camfrog
    2015-07-18 20:00 - 2009-07-13 22:34 - 00000215 _____ C:\windows\system.ini
    2015-07-18 19:34 - 2015-02-18 01:32 - 00000000 ____D C:\Users\Dan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
    2015-07-18 16:19 - 2009-07-13 23:20 - 00000000 ____D C:\windows\rescache
    2015-07-18 16:18 - 2014-11-13 12:14 - 00000000 ____D C:\Users\Dan\AppData\Local\CrashDumps
    2015-07-18 14:33 - 2015-03-30 20:51 - 00778416 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
    2015-07-18 14:33 - 2015-03-30 20:51 - 00142512 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
    2015-07-18 14:33 - 2015-03-30 20:51 - 00003768 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
    2015-07-18 01:21 - 2014-11-04 15:24 - 00003490 _____ C:\windows\Sandboxie.ini
    2015-07-18 00:26 - 2014-10-14 23:11 - 00000000 ____D C:\ProgramData\Camfrog Update
    2015-07-17 17:41 - 2015-05-24 20:36 - 00000000 ____D C:\Program Files (x86)\Java
    2015-07-17 17:40 - 2015-05-24 20:37 - 00097888 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll
    2015-07-17 16:18 - 2009-07-14 01:13 - 00824886 _____ C:\windows\system32\PerfStringBackup.INI
    2015-07-17 16:13 - 2009-07-14 00:45 - 00407720 _____ C:\windows\system32\FNTCACHE.DAT
    2015-07-17 16:09 - 2014-10-10 21:01 - 00000000 ____D C:\ProgramData\Microsoft Help
    2015-07-17 16:03 - 2014-10-10 19:48 - 00000000 ____D C:\windows\system32\MRT
    2015-07-17 15:55 - 2015-02-10 14:51 - 00000000 ____D C:\ProgramData\NVIDIA
    2015-07-17 15:16 - 2015-02-03 01:40 - 00035064 _____ C:\windows\system32\Drivers\TrueSight.sys
    2015-07-17 14:38 - 2015-05-14 23:22 - 00003870 _____ C:\windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3476291681-2796092440-1313146854-1000UA
    2015-07-17 14:38 - 2015-05-14 23:22 - 00003474 _____ C:\windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3476291681-2796092440-1313146854-1000Core
    2015-07-17 14:27 - 2014-10-10 17:53 - 00000000 ____D C:\Users\Dan
    2015-07-17 14:14 - 2009-07-13 23:20 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
    2015-07-17 14:09 - 2015-02-24 21:13 - 00000000 ____D C:\Users\DefaultAppPool
    2015-07-17 14:09 - 2014-10-10 22:01 - 00000000 ____D C:\windows\system32\Macromed
    2015-07-17 14:09 - 2009-07-13 23:20 - 00000000 ____D C:\windows\PolicyDefinitions
    2015-07-17 14:08 - 2014-10-25 23:35 - 00000000 ____D C:\Program Files (x86)\DAoC Portal
    2015-07-17 14:08 - 2009-07-13 23:20 - 00000000 ____D C:\windows\AppCompat
    2015-07-17 14:08 - 2009-07-13 23:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
    2015-07-17 14:07 - 2009-07-13 23:20 - 00000000 ____D C:\windows\registration
    2015-07-06 15:05 - 2014-11-28 08:42 - 00001038 _____ C:\ProgramData\Microsoft\Windows\Start Menu\LINE.lnk
    2015-07-06 15:05 - 2014-11-28 08:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LINE
    2015-07-05 23:00 - 2014-12-03 11:25 - 00000000 ___RD C:\Program Files (x86)\Skype
    2015-07-05 22:59 - 2014-11-05 01:36 - 00000000 ____D C:\ProgramData\Skype
    2015-07-03 08:43 - 2014-10-10 19:48 - 130333168 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
    2015-07-01 20:28 - 2015-05-15 14:33 - 00000000 ____D C:\Users\Dan\AppData\Local\Downloaded Installations
    2015-06-30 11:02 - 2014-12-03 15:54 - 463113392 _____ C:\windows\MEMORY.DMP
    2015-06-30 11:02 - 2014-10-18 01:52 - 00000000 ____D C:\windows\Minidump
    2015-06-28 22:11 - 2014-10-10 22:00 - 00000000 ____D C:\Users\Dan\AppData\Local\Adobe
    2015-06-28 21:30 - 2015-02-11 01:31 - 00000000 ____D C:\Users\Dan\AppData\Local\pangu
    2015-06-28 18:08 - 2009-07-13 22:34 - 00000088 _____ C:\windows\system32\Drivers\etc\hosts.bkup
    2015-06-27 20:00 - 2014-11-22 10:42 - 00000000 ____D C:\Users\Dan\AppData\Roaming\Dogecoin
    2015-06-25 14:48 - 2015-04-04 10:51 - 00003826 _____ C:\windows\System32\Tasks\Opera scheduled Autoupdate 1428159094
    2015-06-24 14:45 - 2014-12-01 09:09 - 00001077 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2015-06-24 14:45 - 2014-12-01 09:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    2015-06-24 14:45 - 2014-12-01 09:09 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
    2015-06-23 18:03 - 2009-07-13 23:20 - 00000000 __RHD C:\Users\Public\Libraries
    2015-06-23 13:30 - 2014-10-10 18:55 - 00300704 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe
    2015-06-22 21:53 - 2014-10-10 18:28 - 00000000 ____D C:\Program Installers
    2015-06-21 22:20 - 2015-02-04 22:30 - 00001890 _____ C:\DelFix.txt
    2015-06-21 11:12 - 2014-10-10 23:41 - 00000000 ____D C:\Users\Dan\Documents\Electronic Arts
    2015-06-21 11:10 - 2009-07-14 01:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
    2015-06-21 10:32 - 2014-10-10 17:55 - 00000000 ____D C:\Users\Dan\AppData\Local\VirtualStore
    2015-06-20 23:04 - 2015-03-10 00:40 - 00000000 ____D C:\Users\Dan\Downloads\DoulCi activator
    2015-06-20 22:47 - 2015-02-04 21:16 - 00000000 ____D C:\ProgramData\Sophos
    2015-06-20 12:34 - 2015-02-03 01:40 - 00000000 ____D C:\ProgramData\RogueKiller
    2015-06-20 12:01 - 2009-07-13 23:20 - 00000000 ____D C:\windows\L2Schemas
    2015-06-20 11:21 - 2009-07-14 01:09 - 00000000 ____D C:\windows\System32\Tasks\WPD
    2015-06-20 09:48 - 2009-07-14 00:57 - 00001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
    2015-06-19 10:49 - 2009-07-14 01:08 - 00032630 _____ C:\windows\Tasks\SCHEDLGU.TXT
    ==================== Bamital & volsnap Check =================
    (There is no automatic fix for files that do not pass verification.)
    C:\Windows\System32\winlogon.exe => File is digitally signed
    C:\Windows\System32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\System32\services.exe => File is digitally signed
    C:\Windows\System32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\System32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed
    C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

    LastRegBack: 2015-07-15 22:16
    ==================== End of log ============================
    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
     
    Additional scan result of Farbar Recovery Scan Tool (x64) Version:18-07-2015 01
    Ran by Dan at 2015-07-19 20:25:20
    Running from C:\Users\Dan\Desktop
    Boot Mode: Normal
    ==========================================================

    ==================== Accounts: =============================
    Administrator (S-1-5-21-3476291681-2796092440-1313146854-500 - Administrator - Disabled)
    Dan (S-1-5-21-3476291681-2796092440-1313146854-1000 - Administrator - Enabled) => C:\Users\Dan
    Guest (S-1-5-21-3476291681-2796092440-1313146854-501 - Limited - Disabled)
    HomeGroupUser$ (S-1-5-21-3476291681-2796092440-1313146854-1004 - Limited - Enabled)
    ==================== Security Center ========================
    (If an entry is included in the fixlist, it will be removed.)
    AV: Panda Antivirus Pro 2015 (Enabled - Up to date) {3456760B-FDAA-FFFD-06C2-7BB528D2066C}
    AS: Panda Antivirus Pro 2015 (Enabled - Up to date) {8F3797EF-DB90-F073-3C72-40C753554CD1}
    AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    FW: Panda Firewall (Enabled) {0C6DF72E-B7C5-FEA5-2D9D-D280D6014117}
    ==================== Installed Programs ======================
    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
    4K Video Downloader 3.5 (HKLM-x32\...\4K Video Downloader_is1) (Version: 3.5.6.1730 - Open Media LLC)
    Active@ KillDisk 9.1 (HKLM\...\{81B939C1-0219-42B6-A352-D5E43F2BDFAE}_is1) (Version: 9.1 - LSoft Technologies Inc)
    Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.209 - Adobe Systems Incorporated)
    AnalogX Proxy (HKLM-x32\...\AnalogX Proxy_is1) (Version: 4.15 - AnalogX, LLC)
    AnyTrans 4.5.0 (HKLM-x32\...\{E580ED1F-AAF8-4F7E-B174-54BFA2B94E0B}}_is1) (Version: 4.5.0 - iMobie Inc.)
    Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
    Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 5.2 - Atheros)
    Betternet (HKLM-x32\...\Betternet) (Version:  - )
    Bitcoin Core (64-bit) (HKU\S-1-5-21-3476291681-2796092440-1313146854-1000\...\Bitcoin Core (64-bit)) (Version: 0.10.2 - Bitcoin Core project)
    Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
    Camfrog Video Chat 6.11 (HKLM-x32\...\Camfrog) (Version: 6.11.492 - Camshare, Inc.)
    Coinbot (HKLM-x32\...\Coinbot_is1) (Version:  - )
    Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
    DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
    DAoC Portal (HKLM-x32\...\{EC9359B3-2548-4DB1-B322-6D71A17501F9}) (Version: 2.8.2 - Dawn of Light)
    Direct DiscRecorder (x32 Version: 1.00.0000 - Corel Corporation) Hidden
    Dogecoin Core (32-bit) (HKU\S-1-5-21-3476291681-2796092440-1313146854-1000\...\Dogecoin Core (32-bit)) (Version: 1.8.0 - Dogecoin project)
    Dolby Control Center (HKLM\...\{20387B45-18A4-4D48-ABD9-A23D2CBE42B3}) (Version: 2.2.1 - Dolby)
    Dragon's Tale (HKLM-x32\...\Dragon's Tale) (Version: 1.00 - eGenesis)
    DVD MovieFactory for TOSHIBA (HKLM-x32\...\InstallShield_{50F68032-B5B7-4513-9116-C978DBD8F27A}) (Version: 7.0.0 - Corel Corporation)
    DVD MovieFactory for TOSHIBA (x32 Version: 7.0.0 - Corel Corporation) Hidden
    EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
    Eyeball Chat (HKLM-x32\...\{FDE9FAF8-E1EA-4EBC-A10C-A730F45C7258}) (Version: 58.26.1 - Eyeball Networks)
    Fiddler (HKLM-x32\...\Fiddler2) (Version: 4.5.0.0 - Telerik)
    Fiddler Syntax-Highlighting Addons (HKLM-x32\...\FiddlerSyntaxAddons) (Version:  - )
    Foundstone Hash Calculator (Fiddler Extension) (HKLM-x32\...\{D206D869-2C99-4E36-8B87-7BDEC994999D}) (Version: 1.0.0 - Foundstone Inc., A Division Of McAfee)
    Foxit Cloud (HKLM-x32\...\{41914D8B-9D6E-4764-A1F9-BC43FB6782C1}_is1) (Version: 3.5.116.602 - Foxit Software Inc.)
    Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 7.1.5.425 - Foxit Software Inc.)
    Free FLV to MP4 Converter version 1.0 (HKLM-x32\...\{74054B18-A989-49D4-A34A-5DC405F99983}_is1) (Version: 1.0 - )
    GadgetWide Cloud Control Service (HKLM-x32\...\{6147344A-2A3D-4CE0-9F09-E99CE1C45573}) (Version: 1.2.0.6 - GadgetWide)
    Genesis version Genesis Launcher 1.009 (HKLM-x32\...\{975e7799-c584-47f0-9c12-c1551f3e95f2}_is1) (Version: Genesis Launcher 1.009 - Pawel D. alias Laplume for Genesis.)
    Genesis version Patch (HKLM-x32\...\{9db86e9a-0b05-4202-a76c-5a795f698408}_is1) (Version: Patch - Pawel D. alias Laplume for Genesis.)
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.124 - Google Inc.)
    Google Sitemap Generator (Beta) (HKLM-x32\...\{D2B963D9-9957-452C-BEB3-DA0FD7F9DA16}) (Version: 1.0.0 - Google)
    Google Talk Plugin (HKLM-x32\...\{CA3DD97D-1FD7-37A7-BD5C-FC4430C8B8E6}) (Version: 5.41.2.0 - Google)
    Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
    Grand Theft Auto V v.1.0.333.1 (HKLM-x32\...\Grand Theft Auto V_is1) (Version:  - )
    HunterCoin (HKLM-x32\...\{9845CAD9-BF76-4F22-A437-FF33990B0CCB}) (Version: 1.2.0.0 - HunterCoin)
    iMacros Version 10.4.28.1074 (x64) (HKLM\...\{9C5118F7-E26D-4fc0-B7F4-4A067A0808FA}_is1) (Version: 10.4.28.1074 - Ipswitch, Inc)
    ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
    Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.0.1006 - Intel Corporation)
    Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
    Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.5.0.1037 - Intel Corporation)
    Intel(R) Turbo Boost Technology Driver (HKLM-x32\...\{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}) (Version: 01.00.01.1002 - Intel Corporation)
    iRacing.com Race Simulation (HKLM-x32\...\{CBBB3C80-76F5-42B5-92A6-C4BF84796DCB}) (Version: 1.01.0528 - iRacing.com Motorsport Simulations)
    iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
    Java 8 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218051F0}) (Version: 8.0.510 - Oracle Corporation)
    Junk Mail filter update (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden
    LINE (HKLM-x32\...\LINE) (Version: 4.0.3.369 - LINE Corporation)
    Logitech Gaming Software 5.04 (HKLM\...\{8753DF4D-64B0-474E-9A97-0AB5585D9A53}) (Version: 5.04.110 - Logitech)
    Logitech QuickCam Software (HKLM-x32\...\{C43048A9-742C-4DAD-90D2-E3B53C9DB825}) (Version: 8.47.0000 - Logitech, Inc.)
    Malwarebytes Anti-Exploit version 1.06.1.1019 (HKLM\...\Malwarebytes Anti-Exploit_is1) (Version: 1.06.1.1019 - Malwarebytes)
    Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
    ManyCam 4.1.0 (HKLM-x32\...\ManyCam) (Version: 4.1.0 - Visicom Media Inc.)
    Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
    Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
    Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
    Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
    Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
    Microsoft Office Suite Activation Assistant (HKLM-x32\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
    Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
    Mobile Broadband Generic Drivers (HKLM-x32\...\Mobile Broadband Generic Drivers) (Version: 2.03.09.005.14 - Novatel Wireless)
    Mobile Broadband Generic Drivers (x32 Version: 2.03.09.005.14 - Novatel Wireless) Hidden
    Mozilla Firefox 38.0.5 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 38.0.5 (x86 en-US)) (Version: 38.0.5 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 32.0.3 - Mozilla)
    MPC-HC 1.7.7 (HKLM-x32\...\{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1) (Version: 1.7.7 - MPC-HC Team)
    MultiBit 0.5.18 (HKLM-x32\...\MultiBit 0.5.18) (Version: 0.5.18 - )
    MultiTool V2 (HKLM-x32\...\MultiTool V2) (Version: 2.0.0.8 - )
    NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.56.34 - NVIDIA Corporation)
    NVIDIA PhysX System Software 9.13.0725 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0725 - NVIDIA Corporation)
    OE Classic 2.1 (HKLM-x32\...\OEClassic) (Version: 2.1 - OE Classic)
    ooVoo (HKLM-x32\...\{FAA7F8FF-3C05-4A61-8F14-D8A6E9ED6623}) (Version: 3.6.5001 - ooVoo LLC.)
    OpenVPN 2.3.6-I001  (HKLM-x32\...\OpenVPN) (Version: 2.3.6-I001 - )
    Opera Stable 30.0.1835.88 (HKLM-x32\...\Opera 30.0.1835.88) (Version: 30.0.1835.88 - Opera Software)
    Paltalk Messenger  11.6 (HKLM-x32\...\Paltalk Messenger) (Version: 11.6.607.17218 - AVM Software Inc.)
    Panda Antivirus Pro 2015 (HKLM-x32\...\Panda Universal Agent Endpoint) (Version: 15.1.0 - Panda Security)
    Panda Antivirus Pro 2015 (Version: 7.82.00.0000 - Panda Security) Hidden
    Panda Devices Agent (HKLM-x32\...\Panda Devices Agent) (Version: 1.03.04 - Panda Security)
    Panda Devices Agent (x32 Version: 1.05.00 - Panda Security) Hidden
    Paycoin (HKU\S-1-5-21-3476291681-2796092440-1313146854-1000\...\Paycoin) (Version: 0.1.2.26 - Paycoin project)
    PdaNet+ for Android 4.15 (HKLM-x32\...\PdaNet_is1) (Version:  - June Fabrics Technology Inc)
    Peerunity (HKU\S-1-5-21-3476291681-2796092440-1313146854-1000\...\Peerunity) (Version: 0.1.1.0 - Peerunity project)
    PhoneRescue 1.9.0 (HKLM-x32\...\{2FAFFE02-4D6B-4C0A-906B-1B33DAF0DD14}}_is1) (Version: 1.9.0 - iMobie Inc.)
    PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
    ProfitCoin 1.1 (HKLM-x32\...\ProfitCoin 1.1) (Version: 1.1 - Hashprofit)
    Python 2.7.6 (64-bit) (HKLM\...\{C3CC4DF5-39A5-4027-B136-2B3E1F5AB6E3}) (Version: 2.7.6150 - Python Software Foundation)
    Quark wallet (HKLM-x32\...\Quark wallet) (Version:  - )
    Quickbooks Financial Center (HKLM-x32\...\{3B843B38-04B1-4CE6-8888-586273E0F289}) (Version: 2.02 - TOSHIBA Corporation)
    Realtek Ethernet Controller  Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0008 - Realtek)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5972 - Realtek Semiconductor Corp.)
    Realtek WLAN Driver (HKLM-x32\...\{0FB630AB-7BD8-40AE-B223-60397D57C3C9}) (Version: 2.00.0006 - Realtek)
    RICOH R5U230 Media Driver ver.2.06.03.02 (HKLM-x32\...\{022CBB38-CEF0-42BA-906A-A49BEFAE0BEE}) (Version: 2.06.03.02 - RICOH)
    RoboForm 7-9-11-1 (All Users) (HKLM-x32\...\AI RoboForm) (Version: 7-9-11-1 - Siber Systems)
    Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.5.6 - Rockstar Games)
    RuneScape Launcher 1.2.3 (HKLM-x32\...\{FAE99C85-0732-4C58-9C6B-10B5B12FA2E9}) (Version: 1.2.3 - Jagex Ltd)
    Samsung Kies3 (HKLM-x32\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.15041.2 - Samsung Electronics Co., Ltd.)
    Samsung Kies3 (x32 Version: 3.2.15041.2 - Samsung Electronics Co., Ltd.) Hidden
    SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.49.0 - SAMSUNG Electronics Co., Ltd.)
    Sandboxie 3.46 (64-bit) (HKLM\...\Sandboxie) (Version:  - )
    Skype Launcher (HKLM-x32\...\{DA84ECBF-4B79-47F2-B34C-95C38484C058}) (Version: 2.01 - TOSHIBA Corporation)
    Skype™ 7.6 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.6.105 - Skype Technologies S.A.)
    SmartFTP Client (HKLM\...\{155F9DF4-7F8D-4B49-9B18-D9C882D0E847}) (Version: 6.0.2096.0 - SmartSoft Ltd.)
    Snagit 12 (HKLM-x32\...\{979028FC-2DBF-4BB4-A9EC-4627A9D63D50}) (Version: 12.2.2 - TechSmith Corporation)
    Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.5.4 - Sophos Limited)
    Speccy (HKLM\...\Speccy) (Version: 1.28 - Piriform)
    Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 14.0.11.0 - Synaptics Incorporated)
    TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - )
    TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.40798 - TeamViewer)
    Tenorshare iPad Data Recovery  (HKLM-x32\...\Tenorshare iPad Data Recovery) (Version:  - Tenorshare, Inc.)
    Time Stopper (HKLM-x32\...\Time Stopper4.0) (Version: 4.0 - DilSoft)
    Toshiba Application Installer (HKLM-x32\...\{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}) (Version: 9.0.0.9 - Toshiba)
    TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.2 for x64 - TOSHIBA Corporation)
    TOSHIBA DVD PLAYER (HKLM-x32\...\{6C5F3BDC-0A1B-4436-A696-5939629D5C31}) (Version: 3.01.1.07-A - TOSHIBA Corporation)
    TOSHIBA eco Utility (HKLM-x32\...\InstallShield_{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}) (Version: 1.1.12.64 - TOSHIBA Corporation)
    TOSHIBA Extended Tiles for Windows Mobility Center (HKLM-x32\...\InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}) (Version:  - )
    TOSHIBA Face Recognition (HKLM-x32\...\InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}) (Version: 3.1.3.64 - TOSHIBA Corporation)
    TOSHIBA Hardware Setup (HKLM-x32\...\{D0387727-C89D-4774-B643-B9333EAA09DE}) (Version: 2.00.15 - TOSHIBA Corporation)
    TOSHIBA HDD Protection (HKLM\...\{94A90C69-71C1-470A-88F5-AA47ECC96B40}) (Version: 2.2.0.3 - TOSHIBA Corporation)
    TOSHIBA Media Controller (HKLM-x32\...\{983CD6FE-8320-4B80-A8F6-0D0366E0AA22}) (Version: 1.0.65 - TOSHIBA CORPORATION)
    Toshiba Online Backup (HKLM-x32\...\{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}) (Version: 1.2.0.38 - Toshiba)
    TOSHIBA Quality Application (HKLM-x32\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.0.1 - TOSHIBA)
    TOSHIBA Recovery Media Creator (HKLM\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.0.4 for x64 - TOSHIBA Corporation)
    TOSHIBA ReelTime (HKLM-x32\...\InstallShield_{5BCC94A1-DEF1-4AB4-8046-BC13048E929A}) (Version: 1.5.07.64 - TOSHIBA Corporation)
    TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.1.40 - TOSHIBA)
    TOSHIBA Speech System Applications (HKLM-x32\...\{EE033C1F-443E-41EC-A0E2-559B539A4E4D}) (Version: 1.00.2518 - )
    TOSHIBA Speech System SR Engine(U.S.) Version1.0 (HKLM-x32\...\{008D69EB-70FF-46AB-9C75-924620DF191A}) (Version:  - )
    TOSHIBA Speech System TTS Engine(U.S.) Version1.0 (HKLM-x32\...\{3FBF6F99-8EC6-41B4-8527-0A32241B5496}) (Version:  - )
    TOSHIBA Supervisor Password (HKLM-x32\...\{A208044D-A88B-4ACF-AE95-E4F213E6EDC0}) (Version: 2.00.11 - TOSHIBA Corporation)
    TOSHIBA USB Sleep and Charge Utility (HKLM-x32\...\{E487EE7D-EAAA-4E2A-9116-E3B477D8A74F}) (Version: 1.3.2.0 - TOSHIBA Corporation)
    TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.2.32.64 - TOSHIBA Corporation)
    TOSHIBA Web Camera Application (HKLM-x32\...\{5E6F6CF3-BACC-4144-868C-E14622C658F3}) (Version: 1.1.1.7 - TOSHIBA Corporation)
    ToshibaRegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.0.3 - Toshiba)
    Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
    USB Scale PC Program Version 1.10 (HKLM-x32\...\USB Scale PC Program_is1) (Version: 1.1.0 - Xiamen Elane Electronics Company Ltd.)
    Verizon Wireless MiFi-2200 Firmware Updates (HKLM-x32\...\{0E433CFD-B6FF-4D4E-A081-BB1A680D19A1}) (Version: 1.0.3 - Smith Micro Software, Inc.)
    VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.0 - VideoLAN)
    Vuze (HKLM-x32\...\8461-7759-5462-8226) (Version: 5.6.0.0 - Azureus Software, Inc.)
    VZAccess Manager (HKLM-x32\...\{3A8FE746-19BA-4168-8D01-D45897C7310E}) (Version: 7.3.5.1 - Smith Micro Software Inc.)
    Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
    Windows Live Sign-in Assistant (HKLM-x32\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)
    Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
    Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
    WinRAR 5.20 beta 1 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.20.1 - win.rar GmbH)
    WinSCP 5.7.3 (HKLM-x32\...\winscp3_is1) (Version: 5.7.3 - Martin Prikryl)
    XAMPP (HKLM-x32\...\xampp) (Version: 5.5.19-0 - Bitnami)
    ==================== Custom CLSID (Whitelisted): ==========================
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
    CustomCLSID: HKU\S-1-5-21-3476291681-2796092440-1313146854-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Dan\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll No File
    CustomCLSID: HKU\S-1-5-21-3476291681-2796092440-1313146854-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Dan\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-3476291681-2796092440-1313146854-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Dan\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll (Google Inc.)
    ==================== Restore Points =========================

    ==================== Scheduled Tasks (Whitelisted) =============
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
    Task: {188BE237-3573-48D5-8C72-0A5151642C19} - System32\Tasks\TechSmith Updater => C:\Program Files (x86)\Common Files\TechSmith Shared\Updater\TSCUpdClt.exe [2014-07-31] (TechSmith Corporation)
    Task: {207A9441-30AE-47E0-A2F9-D29A8E0F6648} - System32\Tasks\{69747253-5E66-4A83-9329-DA7A058E0BA1} => pcalua.exe -a C:\Users\Dan\Downloads\TCA0027600J_os2010160b_64(1).exe -d C:\Users\Dan\Downloads
    Task: {7AAADE0B-7962-401A-93FD-DB9AF9C56C92} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-07-18] (Adobe Systems Incorporated)
    Task: {85711BC5-1A78-435B-9364-C04A4C8DB0D6} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3476291681-2796092440-1313146854-1000UA => C:\Users\Dan\AppData\Local\Google\Update\GoogleUpdate.exe [2015-05-14] (Google Inc.)
    Task: {98780D36-4994-4C36-B09E-8907A85C92AB} - System32\Tasks\Opera scheduled Autoupdate 1428159094 => C:\Program Files (x86)\Opera\launcher.exe [2015-06-19] (Opera Software)
    Task: {AD873B5F-6952-49C5-9316-B54E138B3731} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3476291681-2796092440-1313146854-1000Core => C:\Users\Dan\AppData\Local\Google\Update\GoogleUpdate.exe [2015-05-14] (Google Inc.)
    Task: {CFA8336C-029A-48A3-B1E6-2538EB941CE8} - System32\Tasks\{58C9B70C-2DDF-44F7-99E2-7129893F5876} => pcalua.exe -a "C:\Users\Dan\Desktop\IPAD unlock\doulCi™ iCloud Activator V2\DoulCi™ Activator Official For Windows  v2.0.14\iCloud Bypass Doulci Activator Setup.exe" -d "C:\Users\Dan\Desktop\IPAD unlock\doulCi™ iCloud Activator V2\DoulCi™ Activator Official For Windows  v2.0.14"
    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
    Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3476291681-2796092440-1313146854-1000Core.job => C:\Users\Dan\AppData\Local\Google\Update\GoogleUpdate.exe
    Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3476291681-2796092440-1313146854-1000UA.job => C:\Users\Dan\AppData\Local\Google\Update\GoogleUpdate.exe
    ==================== Loaded Modules (Whitelisted) ==============
    2014-10-11 14:06 - 2014-10-11 14:06 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
    2014-10-11 14:05 - 2014-10-11 14:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
    2013-04-12 13:23 - 2013-04-12 13:23 - 00612664 _____ () C:\Program Files (x86)\Panda Security\Panda Security Protection\SQLite3.dll
    2014-10-10 21:16 - 2009-10-02 16:18 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
    ==================== Alternate Data Streams (Whitelisted) =========
    (If an entry is included in the fixlist, only the ADS will be removed.)

    ==================== Safe Mode (Whitelisted) ===================
    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NanoServiceMain => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSUAService => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NanoServiceMain => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PSUAService => ""="Service"
    ==================== EXE Association (Whitelisted) ===============
    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)

    ==================== Internet Explorer trusted/restricted ===============
    (If an entry is included in the fixlist, it will be removed from the registry.)

    ==================== Other Areas ============================
    (Currently there is no automatic fix for this section.)
    HKU\S-1-5-21-3476291681-2796092440-1313146854-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Dan\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
    DNS Servers: 192.168.1.1
    ==================== MSCONFIG/TASK MANAGER disabled items ==
    (Currently there is no automatic fix for this section.)
    MSCONFIG\Services: camfrog_update_service => 2
    MSCONFIG\Services: cfWiMAXService => 2
    MSCONFIG\Services: ConfigFree Service => 2
    MSCONFIG\Services: fbdpinger => 2
    MSCONFIG\Services: iRacingService => 2
    MSCONFIG\Services: SkypeUpdate => 2
    MSCONFIG\Services: taisregispinger => 2
    MSCONFIG\Services: TeamViewer => 2
    MSCONFIG\Services: Thpsrv => 2
    MSCONFIG\Services: TMachInfo => 3
    MSCONFIG\Services: TODDSrv => 2
    MSCONFIG\Services: TOSHIBA eco Utility Service => 2
    MSCONFIG\Services: TOSHIBA HDD SSD Alert Service => 3
    MSCONFIG\startupfolder: C:^Users^Dan^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^PalTalk.lnk => C:\windows\pss\PalTalk.lnk.Startup
    MSCONFIG\startupfolder: C:^Users^Dan^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^PdaNet Desktop.lnk => C:\windows\pss\PdaNet Desktop.lnk.Startup
    MSCONFIG\startupreg: 00TCrdMain => %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
    MSCONFIG\startupreg: Application Experience => C:\Users\Dan\AppData\Roaming\Microsoft\AeLookupSvi.exe
    MSCONFIG\startupreg: HSON => %ProgramFiles%\TOSHIBA\TBS\HSON.exe
    MSCONFIG\startupreg: IAStorIcon => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    MSCONFIG\startupreg: MurGee.com Auto Clicker => C:\Users\Dan\AppData\Local\Auto Clicker\AutoClicker.exe :silent
    MSCONFIG\startupreg: NortonOnlineBackupReminder => "C:\Program Files (x86)\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe" UNATTENDED
    MSCONFIG\startupreg: SandboxieControl => "C:\Program Files\Sandboxie\SbieCtrl.exe"
    MSCONFIG\startupreg: SmartFaceVWatcher => %ProgramFiles%\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
    MSCONFIG\startupreg: SmoothView => %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
    MSCONFIG\startupreg: Start WingMan Profiler => C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui
    MSCONFIG\startupreg: SynTPEnh => %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
    MSCONFIG\startupreg: Teco => "%ProgramFiles%\TOSHIBA\TECO\Teco.exe" /r
    MSCONFIG\startupreg: ThpSrv => C:\windows\system32\thpsrv /logon
    MSCONFIG\startupreg: ToshibaServiceStation => "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
    MSCONFIG\startupreg: TosReelTimeMonitor => %ProgramFiles%\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
    MSCONFIG\startupreg: TPwrMain => %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
    MSCONFIG\startupreg: TUSBSleepChargeSrv => %ProgramFiles(x86)%\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe
    MSCONFIG\startupreg: TWebCamera => "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
    ==================== FirewallRules (Whitelisted) ===============
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
    FirewallRules: [TCP Query User{7E097C68-0FD9-4FC9-B2D5-E641DCDCE35C}C:\program files (x86)\camfrog\camfrog video chat\camfrog video chat.exe] => (Allow) C:\program files (x86)\camfrog\camfrog video chat\camfrog video chat.exe
    FirewallRules: [UDP Query User{0409F56D-68FE-42CB-91FD-82D11AE229DA}C:\program files (x86)\camfrog\camfrog video chat\camfrog video chat.exe] => (Allow) C:\program files (x86)\camfrog\camfrog video chat\camfrog video chat.exe
    FirewallRules: [TCP Query User{F4FF90B7-6A72-4127-9F4F-0CE161DDFD19}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
    FirewallRules: [UDP Query User{0D95B1A8-7002-42D9-83DA-1B6F6EB71430}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
    FirewallRules: [TCP Query User{4E932DD0-9FA0-48B2-A612-9092051DD111}C:\program files (x86)\dogecoin\dogecoin-qt.exe] => (Allow) C:\program files (x86)\dogecoin\dogecoin-qt.exe
    FirewallRules: [UDP Query User{8F4419C7-837D-4ABF-90FC-1B5D7868E1E3}C:\program files (x86)\dogecoin\dogecoin-qt.exe] => (Allow) C:\program files (x86)\dogecoin\dogecoin-qt.exe
    FirewallRules: [TCP Query User{0155E8D8-568B-4322-9241-4CA641320B31}C:\program files\bitcoin\bitcoin-qt.exe] => (Allow) C:\program files\bitcoin\bitcoin-qt.exe
    FirewallRules: [UDP Query User{8BBCE6E3-05EE-47A7-9A9B-1DEC058AA7D0}C:\program files\bitcoin\bitcoin-qt.exe] => (Allow) C:\program files\bitcoin\bitcoin-qt.exe
    FirewallRules: [TCP Query User{E23A0796-1231-4C28-A288-488866DBCBCE}F:\bitcoins\dogecoin\dogecoin-qt.exe] => (Allow) F:\bitcoins\dogecoin\dogecoin-qt.exe
    FirewallRules: [UDP Query User{3DBB2C7A-2ED0-4476-845E-5514523B50F2}F:\bitcoins\dogecoin\dogecoin-qt.exe] => (Allow) F:\bitcoins\dogecoin\dogecoin-qt.exe
    FirewallRules: [TCP Query User{B716E153-A905-4BEB-8777-B6C0E6D96401}F:\e-currencys\quarkcoin\quarkcoin-qt.exe] => (Allow) F:\e-currencys\quarkcoin\quarkcoin-qt.exe
    FirewallRules: [UDP Query User{6DCBDF40-F763-4364-ACEC-E0160D48CD35}F:\e-currencys\quarkcoin\quarkcoin-qt.exe] => (Allow) F:\e-currencys\quarkcoin\quarkcoin-qt.exe
    FirewallRules: [TCP Query User{ABE029C0-7BD3-425B-A886-7E8CBCD7B6E8}C:\program files (x86)\paycoin\paycoin.exe] => (Allow) C:\program files (x86)\paycoin\paycoin.exe
    FirewallRules: [UDP Query User{A1F832CD-6118-4F7B-8AC7-FCA1FF6A827E}C:\program files (x86)\paycoin\paycoin.exe] => (Allow) C:\program files (x86)\paycoin\paycoin.exe
    FirewallRules: [TCP Query User{6190AC66-CF36-4434-895E-FA80A4A1B5A1}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
    FirewallRules: [UDP Query User{E12CE1E4-6018-4D64-8551-2A38C7B71BA5}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
    FirewallRules: [TCP Query User{D67F8877-930A-49AA-8E96-0F5923F3565A}C:\program files (x86)\paycoin\paycoin.exe] => (Allow) C:\program files (x86)\paycoin\paycoin.exe
    FirewallRules: [UDP Query User{371F154F-D1CD-40A8-AE47-5D200F9B295E}C:\program files (x86)\paycoin\paycoin.exe] => (Allow) C:\program files (x86)\paycoin\paycoin.exe
    FirewallRules: [TCP Query User{B9139CB5-7D9B-4368-897C-266FA08CD8FB}C:\users\dan\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe] => (Block) C:\users\dan\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe
    FirewallRules: [UDP Query User{AC6162A9-F647-4250-8775-0C3E4C2AFCD6}C:\users\dan\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe] => (Block) C:\users\dan\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe
    FirewallRules: [TCP Query User{943405E3-0C3F-4EFE-860A-4FDCACD04AD9}C:\program files\bitcoin\bitcoin-qt.exe] => (Allow) C:\program files\bitcoin\bitcoin-qt.exe
    FirewallRules: [UDP Query User{7119C0A7-9483-434B-8F14-8F28FC0D39AC}C:\program files\bitcoin\bitcoin-qt.exe] => (Allow) C:\program files\bitcoin\bitcoin-qt.exe
    FirewallRules: [TCP Query User{A0B70BDB-77C0-4382-B4EA-9C96DBC3BE3E}C:\program files (x86)\camfrog\camfrog video chat\camfrog video chat.exe] => (Block) C:\program files (x86)\camfrog\camfrog video chat\camfrog video chat.exe
    FirewallRules: [UDP Query User{1C4365BE-3505-449D-9F7D-9EAFB4B20AE4}C:\program files (x86)\camfrog\camfrog video chat\camfrog video chat.exe] => (Block) C:\program files (x86)\camfrog\camfrog video chat\camfrog video chat.exe
    FirewallRules: [{7C1154A3-AA4A-4C90-AB3F-E3060D7DB9C5}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
    FirewallRules: [{E5ACC65C-B4CA-4FD8-8A90-62E93113658D}] => (Allow) C:\Program Files (x86)\DTLSoft\DriveTheLife\DriveTheLife.exe
    FirewallRules: [{E2622863-3207-4880-964D-7BD7D33F9FE5}] => (Allow) C:\Program Files (x86)\DTLSoft\DriveTheLife\DTLService.exe
    FirewallRules: [{4EB637AF-7AAD-4A1E-B0C5-73C2ABE7B4E6}] => (Allow) C:\Program Files (x86)\DTLSoft\DriveTheLife\download\MiniThunderPlatform.exe
    FirewallRules: [TCP Query User{4216ACCD-CBA0-4E17-9533-C2F0EFD04F7C}C:\program files (x86)\dogecoin\dogecoin-qt.exe] => (Allow) C:\program files (x86)\dogecoin\dogecoin-qt.exe
    FirewallRules: [UDP Query User{024AE92D-D783-4744-A956-3B228F4562C3}C:\program files (x86)\dogecoin\dogecoin-qt.exe] => (Allow) C:\program files (x86)\dogecoin\dogecoin-qt.exe
    FirewallRules: [{CFEA6052-80A5-42C1-859A-2D2B5BE3708E}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{0B8D8B44-BD54-4BCC-82C0-54409558B759}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{BE2CC715-F6E1-496A-903E-8C50EAECEA54}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{AB08FFC9-1DA7-4F94-AE32-C5CC76BDBD0A}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{FC1F660B-688D-4924-8566-BB2974A509AA}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{849B581F-4293-4BE1-B02B-1E9BF319955E}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{4285960A-CBE1-4DB3-9095-191E85F1F1AB}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{5069F59E-CB6F-43B8-93A0-F07702870259}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{CB68F697-494E-4251-8CEB-E36E7A05A6EB}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
    FirewallRules: [{8DB29B7B-BEBA-4E79-82D9-138EB1870934}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{2B0A9CD2-BBE3-43C4-BE2F-74EF522E90CD}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{6C330BB5-0C96-4FF5-951C-8CB6F3CDFDCE}] => (Allow) C:\Program Files (x86)\Naver\LINE\Line.exe
    FirewallRules: [{9C3DCE6D-90B4-49FF-BB29-96DDBB6642D7}] => (Allow) C:\Program Files (x86)\Naver\LINE\Line.exe
    FirewallRules: [{15D59E53-E5FA-4F04-9135-8837328F22DE}] => (Allow) C:\Program Files (x86)\Fiddler2\Fiddler.exe
    FirewallRules: [{4CD02CE6-0A50-4C38-9ACC-599887ED1E81}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
    FirewallRules: [{5F5B3C9F-5F51-4B57-9920-CF62F2FF0CEE}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
    FirewallRules: [{62AB357C-ACCC-463D-BF92-76AF4032D4DD}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
    FirewallRules: [{2E048F7B-BADC-401D-B42C-4EBCDCDC4F9B}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
    FirewallRules: [{9BBA9312-6158-48FE-BD0F-83621CFAF46A}] => (Allow) C:\Program Files (x86)\Vuze\Azureus.exe
    FirewallRules: [{4933C144-A0E9-400E-9525-0626BBE4E321}] => (Allow) C:\Program Files (x86)\Vuze\Azureus.exe
    FirewallRules: [TCP Query User{F2ADD05A-8589-4644-9AD1-4FA275E7411D}C:\xampp\apache\bin\httpd.exe] => (Allow) C:\xampp\apache\bin\httpd.exe
    FirewallRules: [UDP Query User{8BE6C761-757C-418E-A153-4BC1103CC44A}C:\xampp\apache\bin\httpd.exe] => (Allow) C:\xampp\apache\bin\httpd.exe
    FirewallRules: [TCP Query User{3227BCC3-4339-43C9-933F-021828564E6B}C:\program files (x86)\huntercoin\huntercoin-qt.exe] => (Allow) C:\program files (x86)\huntercoin\huntercoin-qt.exe
    FirewallRules: [UDP Query User{365FAF24-A8AC-4099-85F2-A337E8D975A0}C:\program files (x86)\huntercoin\huntercoin-qt.exe] => (Allow) C:\program files (x86)\huntercoin\huntercoin-qt.exe
    FirewallRules: [TCP Query User{8B5066A1-BC8E-442A-B40D-2EDBA50B1C44}C:\program files (x86)\paltalk messenger\paltalk.exe] => (Allow) C:\program files (x86)\paltalk messenger\paltalk.exe
    FirewallRules: [UDP Query User{39DE6EC8-05F8-4097-B06F-75750CE53C96}C:\program files (x86)\paltalk messenger\paltalk.exe] => (Allow) C:\program files (x86)\paltalk messenger\paltalk.exe
    FirewallRules: [TCP Query User{FC927C80-A0E0-4F1F-A65F-C5D31AD1E580}C:\program files (x86)\manycam\manycam.exe] => (Allow) C:\program files (x86)\manycam\manycam.exe
    FirewallRules: [UDP Query User{F7CCECFE-A733-4A0F-A5FF-31B086EAB3D0}C:\program files (x86)\manycam\manycam.exe] => (Allow) C:\program files (x86)\manycam\manycam.exe
    FirewallRules: [{13C703F7-2A8D-44AB-AF67-2828CC22A5F5}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    FirewallRules: [{61301D62-466C-462C-AD4C-65B61B8F3C1E}] => (Allow) %ProgramFiles% (x86)\MultiTool V2\MultiTool.exe
    FirewallRules: [{6EBA80BF-6D84-4B5C-AA1C-B431D3C0428B}] => (Allow) %ProgramFiles% (x86)\MultiTool V2\MultiTool.exe
    FirewallRules: [TCP Query User{423D0705-D32A-4308-9D26-01FE0E0FCB1A}C:\program files (x86)\litecoin\litecoin-qt.exe] => (Allow) C:\program files (x86)\litecoin\litecoin-qt.exe
    FirewallRules: [UDP Query User{1F21AF50-F4CF-4351-A343-A370F60E53E2}C:\program files (x86)\litecoin\litecoin-qt.exe] => (Allow) C:\program files (x86)\litecoin\litecoin-qt.exe
    FirewallRules: [TCP Query User{B9D7F293-EAED-4519-BBBA-F4C51A693983}C:\program files (x86)\primecoin\primecoin-qt.exe] => (Allow) C:\program files (x86)\primecoin\primecoin-qt.exe
    FirewallRules: [UDP Query User{A1E56447-F348-4D92-B67C-6C7A7029C787}C:\program files (x86)\primecoin\primecoin-qt.exe] => (Allow) C:\program files (x86)\primecoin\primecoin-qt.exe
    FirewallRules: [TCP Query User{4BD39E76-691E-464D-8F94-5394CED0138E}C:\users\dan\appdata\roaming\quarkcoin\quarkcoin-qt.exe] => (Allow) C:\users\dan\appdata\roaming\quarkcoin\quarkcoin-qt.exe
    FirewallRules: [UDP Query User{CC14FE42-BF9E-40E2-B84B-257AE8266B87}C:\users\dan\appdata\roaming\quarkcoin\quarkcoin-qt.exe] => (Allow) C:\users\dan\appdata\roaming\quarkcoin\quarkcoin-qt.exe
    FirewallRules: [TCP Query User{4A14BFF1-CB80-42BA-A0E6-33823C906F7F}C:\program files (x86)\peerunity\peerunity.exe] => (Allow) C:\program files (x86)\peerunity\peerunity.exe
    FirewallRules: [UDP Query User{E757250F-A42C-4677-BDAD-249C01D1A130}C:\program files (x86)\peerunity\peerunity.exe] => (Allow) C:\program files (x86)\peerunity\peerunity.exe
    FirewallRules: [{B1CE1354-FF59-4A46-AA7F-4F593535F352}] => (Allow) C:\Program Files (x86)\Naver\LINE\Line.exe
    FirewallRules: [{3603665B-8EAE-41CA-9938-D1614B6804FD}] => (Allow) C:\Program Files (x86)\Naver\LINE\Line.exe
    ==================== Faulty Device Manager Devices =============
    Name: Microsoft Virtual WiFi Miniport Adapter
    Description: Microsoft Virtual WiFi Miniport Adapter
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Microsoft
    Service: vwifimp
    Problem: : This device is disabled. (Code 22)
    Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

    ==================== Event log errors: =========================
    Application errors:
    ==================
    Error: (07/18/2015 03:36:38 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: mbam.exe, version: 2.3.55.0, time stamp: 0x557a2a02
    Faulting module name: mbam.exe, version: 2.3.55.0, time stamp: 0x557a2a02
    Exception code: 0xc0000005
    Fault offset: 0x001cb520
    Faulting process id: 0x1218
    Faulting application start time: 0xmbam.exe0
    Faulting application path: mbam.exe1
    Faulting module path: mbam.exe2
    Report Id: mbam.exe3
    Error: (07/17/2015 03:54:44 PM) (Source: MsiInstaller) (EventID: 1013) (User: NT AUTHORITY)
    Description: Product: NVIDIA PhysX -- Installation terminated
    Error: (07/17/2015 03:50:03 PM) (Source: MsiInstaller) (EventID: 1013) (User: NT AUTHORITY)
    Description: Product: NVIDIA PhysX -- Installation terminated
    Error: (07/17/2015 02:33:11 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: betternet.exe, version: 0.0.0.0, time stamp: 0x01285dc0
    Faulting module name: Qt5Core.dll, version: 5.3.2.0, time stamp: 0x777a675f
    Exception code: 0xc0000005
    Fault offset: 0x0011ebe0
    Faulting process id: 0xde4
    Faulting application start time: 0xbetternet.exe0
    Faulting application path: betternet.exe1
    Faulting module path: betternet.exe2
    Report Id: betternet.exe3
    Error: (07/16/2015 07:16:52 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: c0xTral_v2.0_help.exe, version: 1.0.0.0, time stamp: 0x54e916c1
    Faulting module name: KERNELBASE.dll, version: 6.1.7601.18847, time stamp: 0x554d7bd0
    Exception code: 0xe0434352
    Fault offset: 0x0000c42d
    Faulting process id: 0x1190
    Faulting application start time: 0xc0xTral_v2.0_help.exe0
    Faulting application path: c0xTral_v2.0_help.exe1
    Faulting module path: c0xTral_v2.0_help.exe2
    Report Id: c0xTral_v2.0_help.exe3
    Error: (07/16/2015 07:16:47 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
    Description: Application: c0xTral_v2.0_help.exe
    Framework Version: v4.0.30319
    Description: The process was terminated due to an unhandled exception.
    Exception Info: System.Net.WebException
    Stack:
       at System.Windows.Forms.Control.MarshaledInvoke(System.Windows.Forms.Control, System.Delegate, System.Object[], Boolean)
       at System.Windows.Forms.Control.Invoke(System.Delegate, System.Object[])
       at System.Windows.Forms.Control.Invoke(System.Delegate)
       at c0xTral_v2_0_help.Form1.getInfo(System.Object, System.EventArgs)
       at MobileDevice.iPhone.OnConnect(MobileDevice.ConnectEventArgs)
       at MobileDevice.iPhone.NotifyCallback(MobileDevice.AMDeviceNotificationCallbackInfo ByRef)
    Error: (07/16/2015 05:36:28 PM) (Source: RasClient) (EventID: 20227) (User: )
    Description: CoId={C84675B1-42C6-4034-AD52-2C0470D4430B}: The user Dan-PC\Dan dialed a connection named PdaNet Modem which has failed. The error code returned on failure is 633.
    Error: (07/16/2015 03:41:16 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: betternet.exe, version: 0.0.0.0, time stamp: 0x01285dc0
    Faulting module name: Qt5Core.dll, version: 5.3.2.0, time stamp: 0x777a675f
    Exception code: 0xc0000005
    Fault offset: 0x00179a60
    Faulting process id: 0x1364
    Faulting application start time: 0xbetternet.exe0
    Faulting application path: betternet.exe1
    Faulting module path: betternet.exe2
    Report Id: betternet.exe3
    Error: (07/16/2015 01:25:08 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: Updater.exe, version: 1.0.0.0, time stamp: 0x557f7d83
    Faulting module name: KERNELBASE.dll, version: 6.1.7601.18847, time stamp: 0x554d7bd0
    Exception code: 0xe0434352
    Fault offset: 0x0000c42d
    Faulting process id: 0x22c4
    Faulting application start time: 0xUpdater.exe0
    Faulting application path: Updater.exe1
    Faulting module path: Updater.exe2
    Report Id: Updater.exe3
    Error: (07/16/2015 01:25:02 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
    Description: Application: Updater.exe
    Framework Version: v4.0.30319
    Description: The process was terminated due to an unhandled exception.
    Exception Info: System.OutOfMemoryException
    Stack:
       at System.Text.StringBuilder..ctor(System.String, Int32, Int32, Int32)
       at System.Diagnostics.StackTrace.ToString(TraceFormat)
       at System.Environment.GetStackTrace(System.Exception, Boolean)
       at System.Exception.GetStackTrace(Boolean)
       at System.Exception.ToString(Boolean, Boolean)
       at System.Exception.ToString()
       at ‏‎‌‌‪‫‎‪‎‍‫‬‫‬‭‎‮‮.‪‫‍‌‍‮‌‭‎‫‫‌‍‌‪‮()
       at System.Threading.ThreadHelper.ThreadStart_Context(System.Object)
       at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
       at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
       at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
       at System.Threading.ThreadHelper.ThreadStart()

    System errors:
    =============
    Error: (07/19/2015 08:15:27 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The Google Update Service (gupdate) service failed to start due to the following error:
    %%2
    Error: (07/19/2015 08:13:25 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
    Description: The ScRegSetValueExW call failed for FailureActions with the following error:
    %%5
    Error: (07/19/2015 08:12:42 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
    Description: There was an error while attempting to read the local hosts file.
    Error: (07/19/2015 08:12:12 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
    Description: There was an error while attempting to read the local hosts file.
    Error: (07/19/2015 08:12:12 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
    Description: There was an error while attempting to read the local hosts file.
    Error: (07/19/2015 08:12:06 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
    Description: There was an error while attempting to read the local hosts file.
    Error: (07/19/2015 12:35:24 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
    Description: There was an error while attempting to read the local hosts file.
    Error: (07/19/2015 12:35:24 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
    Description: There was an error while attempting to read the local hosts file.
    Error: (07/19/2015 12:35:10 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
    Description: There was an error while attempting to read the local hosts file.
    Error: (07/19/2015 12:34:52 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
    Description: There was an error while attempting to read the local hosts file.

    Microsoft Office:
    =========================
    CodeIntegrity Errors:
    ===================================
      Date: 2015-03-30 14:23:09.899
      Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
      Date: 2015-03-30 14:23:09.852
      Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    ==================== Memory info ===========================
    Processor: Intel(R) Core(TM) i5 CPU M 430 @ 2.27GHz
    Percentage of memory in use: 37%
    Total physical RAM: 3958.84 MB
    Available physical RAM: 2471.55 MB
    Total Virtual: 7915.88 MB
    Available Virtual: 5553.5 MB
    ==================== Drives ================================
    Drive c: (TI105322W0F) (Fixed) (Total:453.89 GB) (Free:105.62 GB) NTFS ==>[system with boot components (obtained from reading drive)]
    Drive d: (Now.You.See.Me.2) (CDROM) (Total:0.68 GB) (Free:0 GB) CDFS
    ==================== MBR & Partition Table ==================
    ========================================================
    Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: B9FF68F3)
    Partition 1: (Active) - (Size=1.5 GB) - (Type=27)
    Partition 2: (Not Active) - (Size=453.9 GB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=10.4 GB) - (Type=17)
    ==================== End of log ============================
    • 0
  5. ProblemsRBad added a post in a topic [RESOLVED] My Win 7 laptop having issues   

    Ok i did not need Rkill, here is the Combofix log thanks:
     
    ComboFix 15-07-18.01 - Dan 07/18/2015  19:44:58.1.4 - x64
    Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3959.2526 [GMT -4:00]
    Running from: c:\users\Dan\Desktop\ComboFix.exe
    AV: Panda Antivirus Pro 2015 *Disabled/Updated* {3456760B-FDAA-FFFD-06C2-7BB528D2066C}
    FW: Panda Firewall *Enabled* {0C6DF72E-B7C5-FEA5-2D9D-D280D6014117}
    SP: Panda Antivirus Pro 2015 *Disabled/Updated* {8F3797EF-DB90-F073-3C72-40C753554CD1}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    (((((((((((((((((((((((((   Files Created from 2015-06-19 to 2015-07-19  )))))))))))))))))))))))))))))))
    .
    .
    2015-07-18 23:29 . 2015-07-18 23:29    --------    d-----w-    c:\programdata\GeoComply
    2015-07-17 21:41 . 2015-07-17 21:41    --------    d-----w-    c:\program files (x86)\Common Files\Java
    2015-07-17 19:50 . 2015-07-17 19:50    --------    d-----w-    c:\windows\DEA314C409294250BC9298E4C105F28D.TMP
    2015-07-17 18:55 . 2015-07-17 18:59    --------    d-----w-    C:\FRST
    2015-07-17 18:51 . 2015-06-12 07:50    12221144    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{D258F72B-324C-415E-96EB-FA895B162515}\mpengine.dll
    2015-07-17 18:51 . 2015-06-02 00:07    254976    ----a-w-    c:\windows\system32\cewmdm.dll
    2015-07-17 18:51 . 2015-06-01 23:47    210432    ----a-w-    c:\windows\SysWow64\cewmdm.dll
    2015-07-17 18:51 . 2015-06-25 08:57    3207168    ----a-w-    c:\windows\system32\win32k.sys
    2015-07-17 18:51 . 2015-06-27 02:47    814080    ----a-w-    c:\windows\system32\jscript9diag.dll
    2015-07-17 18:51 . 2015-06-27 02:43    5923840    ----a-w-    c:\windows\system32\jscript9.dll
    2015-07-17 18:51 . 2015-06-17 17:47    404992    ----a-w-    c:\windows\system32\gdi32.dll
    2015-07-17 18:51 . 2015-06-17 17:37    312320    ----a-w-    c:\windows\SysWow64\gdi32.dll
    2015-07-17 18:51 . 2015-06-27 01:58    620032    ----a-w-    c:\windows\SysWow64\jscript9diag.dll
    2015-07-17 18:51 . 2015-06-27 01:39    4520448    ----a-w-    c:\windows\SysWow64\jscript9.dll
    2015-07-17 18:49 . 2015-06-15 21:45    3242496    ----a-w-    c:\windows\system32\msi.dll
    2015-07-17 18:46 . 2015-07-03 18:05    41984    ----a-w-    c:\windows\system32\lpk.dll
    2015-07-17 18:46 . 2015-07-03 18:05    14336    ----a-w-    c:\windows\system32\dciman32.dll
    2015-07-17 18:46 . 2015-07-03 18:05    46080    ----a-w-    c:\windows\system32\atmlib.dll
    2015-07-17 18:46 . 2015-07-03 17:56    34304    ----a-w-    c:\windows\SysWow64\atmlib.dll
    2015-07-17 18:46 . 2015-07-03 16:52    372224    ----a-w-    c:\windows\system32\atmfd.dll
    2015-07-17 18:46 . 2015-07-03 16:42    299008    ----a-w-    c:\windows\SysWow64\atmfd.dll
    2015-07-17 18:46 . 2015-07-03 18:05    100864    ----a-w-    c:\windows\system32\fontsub.dll
    2015-07-17 18:46 . 2015-07-03 17:56    70656    ----a-w-    c:\windows\SysWow64\fontsub.dll
    2015-07-17 18:46 . 2015-07-03 17:56    10240    ----a-w-    c:\windows\SysWow64\dciman32.dll
    2015-07-17 18:46 . 2015-07-03 17:55    25600    ----a-w-    c:\windows\SysWow64\lpk.dll
    2015-07-17 17:37 . 2015-07-17 17:40    --------    d-----w-    c:\users\Dan\AppData\Local\CyberGhost
    2015-07-17 17:36 . 2015-07-17 18:08    --------    d-----w-    c:\program files\CyberGhost 5
    2015-07-06 12:25 . 2015-01-29 17:21    61712    ----a-w-    c:\windows\system32\drivers\PSKMAD.sys
    2015-07-02 00:51 . 2015-07-02 00:51    --------    d-----w-    c:\users\Dan\AppData\Roaming\Verizon Wireless
    2015-07-02 00:48 . 2015-07-02 00:48    --------    d-----w-    c:\programdata\WEngineLite
    2015-07-02 00:48 . 2015-07-02 00:48    --------    d-----w-    c:\programdata\Verizon Wireless
    2015-07-02 00:46 . 2015-07-02 00:48    --------    d-----w-    c:\program files (x86)\Verizon Wireless
    2015-07-02 00:29 . 2015-07-02 00:29    --------    d-----w-    c:\program files (x86)\Novatel Wireless
    2015-06-28 22:54 . 2015-06-28 22:54    --------    d-----w-    c:\users\Dan\AppData\Local\iMobie_Inc
    2015-06-28 22:47 . 2015-06-28 22:47    --------    d-----w-    c:\users\Dan\AppData\Local\iMobie_PhoneRescue
    2015-06-28 22:47 . 2015-06-28 22:54    --------    d-----w-    c:\users\Dan\AppData\Roaming\iMobie
    2015-06-28 22:46 . 2015-06-28 22:53    --------    d-----w-    c:\program files (x86)\iMobie
    2015-06-28 20:11 . 2015-06-28 20:11    --------    d-----w-    c:\program files (x86)\Tenorshare iPad Data Recovery
    2015-06-23 04:43 . 2015-07-18 15:15    --------    d-----w-    c:\users\Dan\AppData\Local\ManyCam
    2015-06-23 04:39 . 2015-06-23 04:39    --------    d-----w-    c:\users\Dan\AppData\Roaming\ManyCam
    2015-06-23 04:39 . 2015-06-23 04:44    --------    d-----w-    c:\programdata\ManyCam
    2015-06-23 04:39 . 2015-06-23 04:51    --------    d-----w-    c:\program files (x86)\ManyCam
    2015-06-23 02:28 . 2015-06-23 03:55    --------    d-----w-    c:\program files (x86)\MultiTool V2
    2015-06-23 01:57 . 2015-06-23 01:57    --------    d-----w-    C:\RegBackup
    2015-06-22 19:14 . 2015-07-18 19:32    --------    d-----w-    C:\AdwCleaner
    2015-06-21 17:58 . 2015-06-21 17:58    --------    d-----w-    c:\program files (x86)\Search by Image by
    2015-06-21 02:42 . 2015-06-21 02:42    --------    d-----w-    c:\program files (x86)\Sophos
    .
    .
    .
    ((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2015-07-18 22:20 . 2014-12-01 13:09    113880    ----a-w-    c:\windows\system32\drivers\MBAMSwissArmy.sys
    2015-07-18 18:33 . 2015-03-31 00:51    778416    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
    2015-07-18 18:33 . 2015-03-31 00:51    142512    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2015-07-17 21:40 . 2015-05-25 00:37    97888    ----a-w-    c:\windows\SysWow64\WindowsAccessBridge-32.dll
    2015-07-17 19:16 . 2015-02-03 05:40    35064    ----a-w-    c:\windows\system32\drivers\TrueSight.sys
    2015-07-03 12:43 . 2014-10-10 23:48    130333168    ----a-w-    c:\windows\system32\MRT.exe
    2015-06-23 17:30 . 2014-10-10 22:55    300704    ------w-    c:\windows\system32\MpSigStub.exe
    2015-06-18 12:41 . 2014-12-01 13:09    63704    ----a-w-    c:\windows\system32\drivers\mwac.sys
    2015-06-18 12:41 . 2014-12-01 13:09    109272    ----a-w-    c:\windows\system32\drivers\mbamchameleon.sys
    2015-06-18 12:41 . 2014-12-01 13:09    25816    ----a-w-    c:\windows\system32\drivers\mbam.sys
    2015-06-17 05:01 . 2015-06-17 05:01    1202856    ----a-w-    c:\windows\SysWow64\FM20.DLL
    2015-05-09 03:27 . 2015-06-10 06:08    362496    ----a-w-    c:\windows\system32\wow64win.dll
    2015-05-09 03:27 . 2015-06-10 06:08    243712    ----a-w-    c:\windows\system32\wow64.dll
    2015-05-09 03:27 . 2015-06-10 06:08    215040    ----a-w-    c:\windows\system32\winsrv.dll
    2015-05-09 03:27 . 2015-06-10 06:08    13312    ----a-w-    c:\windows\system32\wow64cpu.dll
    2015-05-09 03:26 . 2015-06-10 06:08    16384    ----a-w-    c:\windows\system32\ntvdm64.dll
    2015-05-09 03:26 . 2015-06-10 06:08    424960    ----a-w-    c:\windows\system32\KernelBase.dll
    2015-05-09 03:26 . 2015-06-10 06:08    1162752    ----a-w-    c:\windows\system32\kernel32.dll
    2015-05-09 03:25 . 2015-06-10 06:08    338432    ----a-w-    c:\windows\system32\conhost.exe
    2015-05-09 03:20 . 2015-06-10 06:08    3072    ---ha-w-    c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
    2015-05-09 03:20 . 2015-06-10 06:08    3072    ---ha-w-    c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
    2015-05-09 03:20 . 2015-06-10 06:08    6144    ---ha-w-    c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
    2015-05-09 03:20 . 2015-06-10 06:08    4608    ---ha-w-    c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
    2015-05-09 03:20 . 2015-06-10 06:08    4608    ---ha-w-    c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
    2015-05-09 03:20 . 2015-06-10 06:08    4096    ---ha-w-    c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
    2015-05-09 03:20 . 2015-06-10 06:08    4096    ---ha-w-    c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
    2015-05-09 03:20 . 2015-06-10 06:08    4096    ---ha-w-    c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
    2015-05-09 03:20 . 2015-06-10 06:08    3584    ---ha-w-    c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
    2015-05-09 03:20 . 2015-06-10 06:08    3584    ---ha-w-    c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
    2015-05-09 03:20 . 2015-06-10 06:08    3584    ---ha-w-    c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
    2015-05-09 03:20 . 2015-06-10 06:08    3584    ---ha-w-    c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
    2015-05-09 03:20 . 2015-06-10 06:08    3584    ---ha-w-    c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
    2015-05-09 03:20 . 2015-06-10 06:08    3584    ---ha-w-    c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
    2015-05-09 03:20 . 2015-06-10 06:08    3072    ---ha-w-    c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
    2015-05-09 03:20 . 2015-06-10 06:08    3072    ---ha-w-    c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
    2015-05-09 03:20 . 2015-06-10 06:08    3072    ---ha-w-    c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
    2015-05-09 03:20 . 2015-06-10 06:08    5120    ---ha-w-    c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
    2015-05-09 03:20 . 2015-06-10 06:08    4096    ---ha-w-    c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
    2015-05-09 03:20 . 2015-06-10 06:08    3584    ---ha-w-    c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
    2015-05-09 03:20 . 2015-06-10 06:08    3072    ---ha-w-    c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
    2015-05-09 03:20 . 2015-06-10 06:08    3072    ---ha-w-    c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
    2015-05-09 03:20 . 2015-06-10 06:08    3072    ---ha-w-    c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
    2015-05-09 03:20 . 2015-06-10 06:08    3072    ---ha-w-    c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
    2015-05-09 03:20 . 2015-06-10 06:08    3072    ---ha-w-    c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
    2015-05-09 03:20 . 2015-06-10 06:08    3072    ---ha-w-    c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
    2015-05-09 03:20 . 2015-06-10 06:08    3072    ---ha-w-    c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
    2015-05-09 03:20 . 2015-06-10 06:08    3072    ---ha-w-    c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
    2015-05-09 03:13 . 2015-06-10 06:08    14336    ----a-w-    c:\windows\SysWow64\ntvdm64.dll
    2015-05-09 03:13 . 2015-06-10 06:08    44032    ----a-w-    c:\windows\apppatch\acwow64.dll
    2015-05-09 03:13 . 2015-06-10 06:08    25600    ----a-w-    c:\windows\SysWow64\setup16.exe
    2015-05-09 03:12 . 2015-06-10 06:08    5120    ----a-w-    c:\windows\SysWow64\wow32.dll
    2015-05-09 03:12 . 2015-06-10 06:08    274944    ----a-w-    c:\windows\SysWow64\KernelBase.dll
    2015-05-09 03:08 . 2015-06-10 06:08    4608    ---ha-w-    c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
    2015-05-09 03:08 . 2015-06-10 06:08    4096    ---ha-w-    c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
    2015-05-09 03:08 . 2015-06-10 06:08    4096    ---ha-w-    c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
    2015-05-09 03:08 . 2015-06-10 06:08    4096    ---ha-w-    c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
    2015-05-09 03:08 . 2015-06-10 06:08    4096    ---ha-w-    c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
    2015-05-09 03:08 . 2015-06-10 06:08    3584    ---ha-w-    c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
    2015-05-09 03:08 . 2015-06-10 06:08    3584    ---ha-w-    c:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
    2015-05-09 03:08 . 2015-06-10 06:08    3584    ---ha-w-    c:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
    2015-05-09 03:08 . 2015-06-10 06:08    3584    ---ha-w-    c:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
    2015-05-09 03:08 . 2015-06-10 06:08    3072    ---ha-w-    c:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
    2015-05-09 03:08 . 2015-06-10 06:08    3072    ---ha-w-    c:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
    2015-05-09 03:08 . 2015-06-10 06:08    3072    ---ha-w-    c:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
    2015-05-09 03:08 . 2015-06-10 06:08    3072    ---ha-w-    c:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
    2015-05-09 03:08 . 2015-06-10 06:08    3072    ---ha-w-    c:\windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
    2015-05-09 03:08 . 2015-06-10 06:08    3072    ---ha-w-    c:\windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
    2015-05-09 03:08 . 2015-06-10 06:08    5120    ---ha-w-    c:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
    2015-05-09 03:08 . 2015-06-10 06:08    4096    ---ha-w-    c:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
    2015-05-09 03:08 . 2015-06-10 06:08    3584    ---ha-w-    c:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
    2015-05-09 03:08 . 2015-06-10 06:08    3584    ---ha-w-    c:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
    2015-05-09 03:08 . 2015-06-10 06:08    3072    ---ha-w-    c:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
    2015-05-09 03:08 . 2015-06-10 06:08    3072    ---ha-w-    c:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
    2015-05-09 03:08 . 2015-06-10 06:08    3072    ---ha-w-    c:\windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
    2015-05-09 03:08 . 2015-06-10 06:08    3072    ---ha-w-    c:\windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
    2015-05-09 03:08 . 2015-06-10 06:08    3072    ---ha-w-    c:\windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
    2015-05-09 02:01 . 2015-06-10 06:08    7680    ----a-w-    c:\windows\SysWow64\instnm.exe
    2015-05-09 02:01 . 2015-06-10 06:08    2048    ----a-w-    c:\windows\SysWow64\user.exe
    2015-05-09 01:59 . 2015-06-10 06:08    6144    ---ha-w-    c:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
    2015-05-09 01:59 . 2015-06-10 06:08    4608    ---ha-w-    c:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
    2015-05-09 01:59 . 2015-06-10 06:08    3584    ---ha-w-    c:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
    2015-05-09 01:59 . 2015-06-10 06:08    3072    ---ha-w-    c:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
    2015-05-04 00:38 . 2015-05-04 00:38    137421    ----a-w-    c:\windows\Dragon's Tale Uninstaller.exe
    2015-05-03 21:34 . 2015-05-03 21:34    6334478    ----a-r-    c:\users\Dan\AppData\Roaming\Microsoft\Installer\{9845CAD9-BF76-4F22-A437-FF33990B0CCB}\HunterCoinD.exe
    2015-05-03 21:34 . 2015-05-03 21:34    10374656    ----a-r-    c:\users\Dan\AppData\Roaming\Microsoft\Installer\{9845CAD9-BF76-4F22-A437-FF33990B0CCB}\HunterCoinQTD.exe
    2015-05-03 21:34 . 2015-05-03 21:34    10374656    ----a-r-    c:\users\Dan\AppData\Roaming\Microsoft\Installer\{9845CAD9-BF76-4F22-A437-FF33990B0CCB}\HunterCoinQT.exe
    2015-05-01 13:17 . 2015-05-13 05:29    124112    ----a-w-    c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
    2015-05-01 13:16 . 2015-05-13 05:29    102608    ----a-w-    c:\windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
    2015-04-29 18:22 . 2015-06-10 06:08    14635008    ----a-w-    c:\windows\system32\wmp.dll
    2015-04-29 18:21 . 2015-06-10 06:08    5120    ----a-w-    c:\windows\system32\msdxm.ocx
    2015-04-29 18:21 . 2015-06-10 06:08    5120    ----a-w-    c:\windows\system32\dxmasf.dll
    2015-04-29 18:21 . 2015-06-10 06:08    9728    ----a-w-    c:\windows\system32\spwmp.dll
    2015-04-29 18:19 . 2015-06-10 06:08    12625920    ----a-w-    c:\windows\system32\wmploc.DLL
    2015-04-29 18:07 . 2015-06-10 06:08    4096    ----a-w-    c:\windows\SysWow64\msdxm.ocx
    2015-04-29 18:07 . 2015-06-10 06:08    4096    ----a-w-    c:\windows\SysWow64\dxmasf.dll
    2015-04-29 18:07 . 2015-06-10 06:08    8192    ----a-w-    c:\windows\SysWow64\spwmp.dll
    2015-04-29 18:05 . 2015-06-10 06:08    12625408    ----a-w-    c:\windows\SysWow64\wmploc.DLL
    2015-04-24 18:17 . 2015-06-10 06:08    633856    ----a-w-    c:\windows\system32\comctl32.dll
    2015-04-24 17:56 . 2015-06-10 06:08    530432    ----a-w-    c:\windows\SysWow64\comctl32.dll
    2015-04-20 03:17 . 2015-05-13 04:04    1647104    ----a-w-    c:\windows\system32\DWrite.dll
    .
    .
    (((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RoboForm"="c:\program files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2015-04-09 110160]
    "LogitechSoftwareUpdate"="c:\program files (x86)\Logitech\Video\ManifestEngine.exe" [2005-06-08 196608]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "PSUAMain"="c:\program files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe" [2015-02-26 40184]
    "Malwarebytes Anti-Exploit"="c:\program files (x86)\Malwarebytes Anti-Exploit\mbae.exe" [2015-04-08 2618680]
    "LogitechVideoRepair"="c:\program files (x86)\Logitech\Video\ISStart.exe" [2005-06-08 458752]
    "LogitechVideoTray"="c:\program files (x86)\Logitech\Video\LogiTray.exe" [2005-06-08 217088]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2015-06-08 334896]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    "MaxGPOScriptWait"= 600 (0x258)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
    "LoadAppInit_DLLs"=1 (0x1)
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NanoServiceMain]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSUAService]
    @="Service"
    .
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
    R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
    R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
    R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
    R3 NWUSBCDFIL64;Novatel Wireless Installation CD;c:\windows\system32\DRIVERS\NwUsbCdFil64.sys;c:\windows\SYSNATIVE\DRIVERS\NwUsbCdFil64.sys [x]
    R3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;c:\windows\system32\DRIVERS\nwusbser2.sys;c:\windows\SYSNATIVE\DRIVERS\nwusbser2.sys [x]
    R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]
    R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]
    R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
    R4 fbdpinger;fbdpinger;c:\program files (x86)\TOSHIBA\ToshibaFB\fdbpinger.exe;c:\program files (x86)\TOSHIBA\ToshibaFB\fdbpinger.exe [x]
    R4 iRacingService;iRacing helper service;c:\program files (x86)\iRacing\iRacingService.exe;c:\program files (x86)\iRacing\iRacingService.exe [x]
    R4 taisregispinger;taisregispinger;c:\program files (x86)\TOSHIBA\ToshibaRegistration\TaisRegistPinger.exe;c:\program files (x86)\TOSHIBA\ToshibaRegistration\TaisRegistPinger.exe [x]
    R4 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [x]
    R4 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe;c:\program files\TOSHIBA\TECO\TecoService.exe [x]
    S0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\DRIVERS\thpdrv.sys;c:\windows\SYSNATIVE\DRIVERS\thpdrv.sys [x]
    S0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\DRIVERS\Thpevm.SYS;c:\windows\SYSNATIVE\DRIVERS\Thpevm.SYS [x]
    S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys;c:\windows\SYSNATIVE\DRIVERS\tos_sps64.sys [x]
    S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
    S1 ESProtectionDriver;Malwarebytes Anti-Exploit;c:\program files (x86)\Malwarebytes Anti-Exploit\mbae64.sys;c:\program files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [x]
    S1 NNSALPC;NNSALPC;c:\windows\system32\DRIVERS\NNSAlpc.sys;c:\windows\SYSNATIVE\DRIVERS\NNSAlpc.sys [x]
    S1 NNSHTTP;NNSHTTP;c:\windows\system32\DRIVERS\NNSHttp.sys;c:\windows\SYSNATIVE\DRIVERS\NNSHttp.sys [x]
    S1 NNSHTTPS;NNSHTTPS;c:\windows\system32\DRIVERS\NNSHttps.sys;c:\windows\SYSNATIVE\DRIVERS\NNSHttps.sys [x]
    S1 NNSIDS;NNSIDS;c:\windows\system32\DRIVERS\NNSIds.sys;c:\windows\SYSNATIVE\DRIVERS\NNSIds.sys [x]
    S1 NNSNAHSL;Network Activity Hook Server LightWeight Filter Driver;c:\windows\system32\DRIVERS\NNSNAHSL.sys;c:\windows\SYSNATIVE\DRIVERS\NNSNAHSL.sys [x]
    S1 NNSPICC;NNSPICC;c:\windows\system32\DRIVERS\NNSPicc.sys;c:\windows\SYSNATIVE\DRIVERS\NNSPicc.sys [x]
    S1 NNSPIHSW;NNSPIHSW;c:\windows\system32\DRIVERS\NNSPihsw.sys;c:\windows\SYSNATIVE\DRIVERS\NNSPihsw.sys [x]
    S1 NNSPOP3;NNSPOP3;c:\windows\system32\DRIVERS\NNSPop3.sys;c:\windows\SYSNATIVE\DRIVERS\NNSPop3.sys [x]
    S1 NNSPROT;NNSPROT;c:\windows\system32\DRIVERS\NNSProt.sys;c:\windows\SYSNATIVE\DRIVERS\NNSProt.sys [x]
    S1 NNSPRV;NNSPRV;c:\windows\system32\DRIVERS\NNSPrv.sys;c:\windows\SYSNATIVE\DRIVERS\NNSPrv.sys [x]
    S1 NNSSMTP;NNSSMTP;c:\windows\system32\DRIVERS\NNSSmtp.sys;c:\windows\SYSNATIVE\DRIVERS\NNSSmtp.sys [x]
    S1 NNSSTRM;NNSSTRM;c:\windows\system32\DRIVERS\NNSStrm.sys;c:\windows\SYSNATIVE\DRIVERS\NNSStrm.sys [x]
    S1 NNSTLSC;NNSTLSC;c:\windows\system32\DRIVERS\NNSTlsc.sys;c:\windows\SYSNATIVE\DRIVERS\NNSTlsc.sys [x]
    S1 PSINKNC;PSINKNC;c:\windows\system32\DRIVERS\psinknc.sys;c:\windows\SYSNATIVE\DRIVERS\psinknc.sys [x]
    S2 camfrog_update_service;Camfrog Update Service;c:\program files (x86)\Camfrog\Camfrog Video Chat\update\cf_update_service.exe;c:\program files (x86)\Camfrog\Camfrog Video Chat\update\cf_update_service.exe [x]
    S2 FoxitCloudUpdateService;Foxit Cloud Safe Update Service;c:\program files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe;c:\program files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [x]
    S2 GoogleSitemapGenerator;Google Sitemap Generator;c:\program files (x86)\Google\Google Sitemap Generator\SitemapService.exe;c:\program files (x86)\Google\Google Sitemap Generator\SitemapService.exe [x]
    S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
    S2 MbaeSvc;Malwarebytes Anti-Exploit Service;c:\program files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe;c:\program files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [x]
    S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
    S2 NanoServiceMain;Panda Protection Service;c:\program files (x86)\Panda Security\Panda Security Protection\PSANHost.exe;c:\program files (x86)\Panda Security\Panda Security Protection\PSANHost.exe [x]
    S2 PandaAgent;Panda Devices Agent;c:\program files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe;c:\program files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe [x]
    S2 PSINAflt;PSINAflt;c:\windows\system32\DRIVERS\PSINAflt.sys;c:\windows\SYSNATIVE\DRIVERS\PSINAflt.sys [x]
    S2 PSINFile;PSINFile;c:\windows\system32\DRIVERS\PSINFile.sys;c:\windows\SYSNATIVE\DRIVERS\PSINFile.sys [x]
    S2 PSINProc;PSINProc;c:\windows\system32\DRIVERS\PSINProc.sys;c:\windows\SYSNATIVE\DRIVERS\PSINProc.sys [x]
    S2 PSINProt;PSINProt;c:\windows\system32\DRIVERS\PSINProt.sys;c:\windows\SYSNATIVE\DRIVERS\PSINProt.sys [x]
    S2 PSINReg;PSINReg;c:\windows\system32\DRIVERS\PSINReg.sys;c:\windows\SYSNATIVE\DRIVERS\PSINReg.sys [x]
    S2 PSUAService;Panda Product Service;c:\program files (x86)\Panda Security\Panda Security Protection\PSUAService.exe;c:\program files (x86)\Panda Security\Panda Security Protection\PSUAService.exe [x]
    S2 rimspci;rimspci;c:\windows\system32\DRIVERS\rimspe64.sys;c:\windows\SYSNATIVE\DRIVERS\rimspe64.sys [x]
    S2 risdpcie;risdpcie;c:\windows\system32\DRIVERS\risdpe64.sys;c:\windows\SYSNATIVE\DRIVERS\risdpe64.sys [x]
    S2 rixdpcie;rixdpcie;c:\windows\system32\DRIVERS\rixdpe64.sys;c:\windows\SYSNATIVE\DRIVERS\rixdpe64.sys [x]
    S2 ss_conn_service;SAMSUNG Mobile Connectivity Service;c:\program files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe;c:\program files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe [x]
    S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
    S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
    S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys;c:\windows\SYSNATIVE\DRIVERS\FwLnk.sys [x]
    S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
    S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]
    S3 LVUSBS64;Logitech USB Monitor Filter;c:\windows\system32\drivers\LVUSBS64.sys;c:\windows\SYSNATIVE\drivers\LVUSBS64.sys [x]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
    S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
    S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys;c:\windows\SYSNATIVE\DRIVERS\pgeffect.sys [x]
    S3 pneteth;PdaNet Broadband;c:\windows\system32\DRIVERS\pneteth.sys;c:\windows\SYSNATIVE\DRIVERS\pneteth.sys [x]
    S3 pnetmdm;PdaNet Modem;c:\windows\system32\DRIVERS\pnetmdm64.sys;c:\windows\SYSNATIVE\DRIVERS\pnetmdm64.sys [x]
    S3 PSKMAD;PSKMAD;c:\windows\system32\DRIVERS\PSKMAD.sys;c:\windows\SYSNATIVE\DRIVERS\PSKMAD.sys [x]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
    S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys;c:\windows\SYSNATIVE\DRIVERS\rtl8192se.sys [x]
    S3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
    S4 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - MBAMSWISSARMY
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
    iissvcs    REG_MULTI_SZ       w3svc was
    apphost    REG_MULTI_SZ       apphostsvc
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
    2015-06-10 04:02    986440    ----a-w-    c:\program files (x86)\Google\Chrome\Application\43.0.2357.124\Installer\chrmstp.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2015-07-18 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-03-31 18:33]
    .
    2015-07-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3476291681-2796092440-1313146854-1000Core.job
    - c:\users\Dan\AppData\Local\Google\Update\GoogleUpdate.exe [2015-05-15 03:22]
    .
    2015-07-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3476291681-2796092440-1313146854-1000UA.job
    - c:\users\Dan\AppData\Local\Google\Update\GoogleUpdate.exe [2015-05-15 03:22]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-11-03 8312352]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-01-18 16414824]
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://google.com/
    mStart Page = www.google.com
    mLocal Page = c:\windows\SysWOW64\blank.htm
    IE: Customize Menu - file://C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComCustomizeIEMenu.html
    IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office12\EXCEL.EXE/3000
    IE: Fill Forms - file://C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComFillForms.html
    IE: Save Forms - file://C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComSavePass.html
    IE: Show RoboForm Toolbar - file://C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComShowToolbar.html
    TCP: DhcpNameServer = 192.168.1.1
    FF - ProfilePath - c:\users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\bj93ez97.default-1427226481790\
    FF - prefs.js: browser.startup.homepage - google.com
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-Locked - (no file)
    AddRemove-MultiBit 0.5.18 - c:\program files (x86)\Java\jre1.8.0_25\bin\javaw.exe
    AddRemove-ProfitCoin 1.1 - f:\e-currencys\Profitcoin\ProfitCoin\Uninstall.exe
    AddRemove-{1B9604EE-B104-45C8-8551-5F63BA631E23} - c:\programdata\{FA77A43D-F6ED-4924-87B5-517C061388C6}\WeatherBugSetup.exe
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2015-07-18  20:14:22
    ComboFix-quarantined-files.txt  2015-07-19 00:14
    .
    Pre-Run: 96,125,247,488 bytes free
    Post-Run: 96,020,996,096 bytes free
    .
    - - End Of File - - 25CFBEB61146884CD53DC01977071775
     
    • 0
  6. ProblemsRBad added a post in a topic [RESOLVED] My Win 7 laptop having issues   

    Funny, meaning I was having issues with my network connection. After these scans its better.
    RogueKiller V10.9.1.0 [Jul  9 2015] by Adlice Software
    mail : http://www.adlice.com/contact/
    Feedback : http://forum.adlice.com
    Website : http://www.adlice.com/softwares/roguekiller/
    Blog : http://www.adlice.com
    Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User : Dan [Administrator]
    Started from : C:\Users\Dan\Desktop\RogueKiller.exe
    Mode : Scan -- Date : 07/17/2015 15:23:44
    ¤¤¤ Processes : 0 ¤¤¤
    ¤¤¤ Registry : 5 ¤¤¤
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{ED3FCD13-558F-4CF5-B88E-39B9B954072B} | DhcpNameServer : 10.3.0.1 ([(Private Address) (XX)])  -> Found
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{ED3FCD13-558F-4CF5-B88E-39B9B954072B} | DhcpNameServer : 10.3.0.1 ([(Private Address) (XX)])  -> Found
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{ED3FCD13-558F-4CF5-B88E-39B9B954072B} | DhcpNameServer : 10.8.0.1 ([(Private Address) (XX)])  -> Found
    [PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0  -> Found
    [PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0  -> Found
    ¤¤¤ Tasks : 0 ¤¤¤
    ¤¤¤ Files : 0 ¤¤¤
    ¤¤¤ Hosts File : 0 ¤¤¤
    ¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤
    ¤¤¤ Web browsers : 0 ¤¤¤
    ¤¤¤ MBR Check : ¤¤¤
    +++++ PhysicalDrive0: Hitachi HTS545050B9A300 +++++
    --- User ---
    [MBR] 5907ba1df80cd8c9d3e7aebeb8273567
    [BSP] 33e8435467f816891a07df950e551886 : HP|VT.Unknown MBR Code
    Partition table:
    0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 MB
    1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 3074048 | Size: 464784 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
    2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 954951680 | Size: 10655 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
    User = LL1 ... OK
    User = LL2 ... OK
    +++++ PhysicalDrive1: WD Elements 1023 USB Device +++++
    --- User ---
    [MBR] e7ccb5480f0a82dc27a18e1e948dea29
    [BSP] 3a7415fee4fd405422c5909fe014b87a : Windows XP|VT.Unknown MBR Code
    Partition table:
    0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 610477 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
    User = LL1 ... OK
    Error reading LL2 MBR! ([32] The request is not supported. )

    -----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
     
    Malwarebytes Anti-Malware
    www.malwarebytes.org
    Scan Date: 7/16/2015
    Scan Time: 5:48 PM
    Logfile: logformbam.txt
    Administrator: Yes
    Version: 2.1.8.1057
    Malware Database: v2015.07.16.05
    Rootkit Database: v2015.07.16.01
    License: Premium
    Malware Protection: Enabled
    Malicious Website Protection: Enabled
    Self-protection: Disabled
    OS: Windows 7 Service Pack 1
    CPU: x64
    File System: NTFS
    User: Dan
    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 424108
    Time Elapsed: 27 min, 59 sec
    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Enabled
    PUM: Enabled
    Processes: 0
    (No malicious items detected)
    Modules: 0
    (No malicious items detected)
    Registry Keys: 0
    (No malicious items detected)
    Registry Values: 0
    (No malicious items detected)
    Registry Data: 0
    (No malicious items detected)
    Folders: 0
    (No malicious items detected)
    Files: 0
    (No malicious items detected)
    Physical Sectors: 0
    (No malicious items detected)

    (end)
     
    ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
     
     
    # AdwCleaner v4.208 - Logfile created 18/07/2015 at 15:32:39
    # Updated 09/07/2015 by Xplode
    # Database : 2015-07-15.1 [Server]
    # Operating system : Windows 7 Home Premium Service Pack 1 (x64)
    # Username : Dan - DAN-PC
    # Running from : C:\Users\Dan\Desktop\adwcleaner_4.208.exe
    # Option : Cleaning
    ***** [ Services ] *****
    [#] Service Deleted : mcaudrv_simple
    [#] Service Deleted : ManyCam
    ***** [ Files / Folders ] *****
    Folder Deleted : C:\ProgramData\{dd14653d-9322-5ba1-dd14-4653d93294f6}
    File Deleted : C:\windows\System32\drivers\mcaudrv_x64.sys
    File Deleted : C:\windows\System32\drivers\mcvidrv.sys
    ***** [ Scheduled tasks ] *****

    ***** [ Shortcuts ] *****

    ***** [ Registry ] *****

    ***** [ Web browsers ] *****
    -\\ Internet Explorer v11.0.9600.17909

    -\\ Mozilla Firefox v38.0.5 (x86 en-US)

    -\\ Google Chrome v43.0.2357.124
    [C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
    [C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
    -\\ Opera v30.0.1835.88

    *************************
    AdwCleaner[R0].txt - [2557 bytes] - [22/06/2015 15:14:35]
    AdwCleaner[R1].txt - [1465 bytes] - [18/07/2015 15:28:31]
    AdwCleaner[S0].txt - [2578 bytes] - [22/06/2015 15:16:39]
    AdwCleaner[S1].txt - [1412 bytes] - [18/07/2015 15:32:39]
    ########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1471  bytes] ##########

    -------------------------------------------------------------------------------------------------------------------------------------------------------------------
     
     
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Malwarebytes
    Version: 7.3.3 (07.06.2015:2)
    OS: Windows 7 Home Premium x64
    Ran by Dan on Sat 07/18/2015 at 16:19:23.76
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     

    ~~~ Services
     
    ~~~ Tasks
     
    ~~~ Registry Values
     
    ~~~ Registry Keys
     
    ~~~ Files
     
    ~~~ Folders
    Successfully deleted: [Folder] C:\Users\Dan\appdata\local\crashrpt
     
    ~~~ Chrome

    [C:\Users\Dan\appdata\local\Google\Chrome\User Data\Default\Preferences] - default search provider reset
    [C:\Users\Dan\appdata\local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:
    [C:\Users\Dan\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset
    [C:\Users\Dan\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
    []
     
     
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Sat 07/18/2015 at 16:26:17.04
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     
     
    • 0
  7. ProblemsRBad added a topic in Virus, Spyware and Malware Removal   

    [RESOLVED] My Win 7 laptop having issues
    Hello Broni, my laptop has been acting funny not sure why. Please help, here is FRST logs:
     
    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:13-07-2015
    Ran by Dan (administrator) on DAN-PC on 17-07-2015 14:57:12
    Running from C:\Users\Dan\Desktop
    Loaded Profiles: Dan (Available Profiles: Dan & DefaultAppPool)
    Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
    Internet Explorer Version 11 (Default browser: FF)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
    ==================== Processes (Whitelisted) =================
    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    (tzuk) C:\Program Files\Sandboxie\SbieSvc.exe
    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (Camshare Inc.) C:\Program Files (x86)\Camfrog\Camfrog Video Chat\update\cf_update_service.exe
    (Foxit Software Inc.) C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
    (Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe
    (Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe
    (Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe
    (DEVGURU Co., LTD.) C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe
    (TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    (Google Inc.) C:\Program Files (x86)\Google\Google Sitemap Generator\SitemapService.exe
    (Microsoft Corporation) C:\Windows\System32\alg.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    (Siber Systems) C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
    (Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe
    (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    (Logitech Inc.) C:\Program Files (x86)\Logitech\Video\LogiTray.exe
    (Logitech Inc.) C:\Program Files (x86)\Logitech\Video\FxSvr2.exe
    (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

    ==================== Registry (Whitelisted) ==================
    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
    HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8312352 2009-11-02] (Realtek Semiconductor)
    HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\windows\system32\NvCpl.dll,NvStartup
    HKLM-x32\...\Run: [PSUAMain] => C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe [40184 2015-02-26] (Panda Security, S.L.)
    HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe [2618680 2015-04-08] (Malwarebytes Corporation)
    HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-04-30] (Oracle Corporation)
    HKLM-x32\...\Run: [LogitechVideoRepair] => C:\Program Files (x86)\Logitech\Video\ISStart.exe [458752 2005-06-08] (Logitech Inc.)
    HKLM-x32\...\Run: [LogitechVideoTray] => C:\Program Files (x86)\Logitech\Video\LogiTray.exe [217088 2005-06-08] (Logitech Inc.)
    HKLM\...\Winlogon: [Userinit] C:\windows\SysWOW64\userinit.exe,
    HKU\S-1-5-21-3476291681-2796092440-1313146854-1000\...\Run: [RoboForm] => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [110160 2015-04-09] (Siber Systems)
    HKU\S-1-5-21-3476291681-2796092440-1313146854-1000\...\Run: [LogitechSoftwareUpdate] => C:\Program Files (x86)\Logitech\Video\ManifestEngine.exe [196608 2005-06-08] (Logitech Inc.)
    HKU\S-1-5-21-3476291681-2796092440-1313146854-1000\...\Run: [Google Update] => C:\Users\Dan\AppData\Local\Google\Update\GoogleUpdate.exe [107848 2015-05-14] (Google Inc.)
    ShellIconOverlayIdentifiers: [SmartFTP Drop] -> {EA5A76F7-8138-4B53-B0F5-ADCC730CAFBD} => C:\Program Files\SmartFTP Client\ShellTools.dll [2014-11-20] (SmartSoft Ltd.)
    GroupPolicyScripts-x32: Group Policy detected <======= ATTENTION
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
    ==================== Internet (Whitelisted) ====================
    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
    HKU\S-1-5-21-3476291681-2796092440-1313146854-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    SearchScopes: HKLM -> {88B1022D-34D8-49BE-8A5B-535422D035A1} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA
    SearchScopes: HKLM-x32 -> {B1D1EC45-E08F-4184-8807-C75BE7B98131} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-3476291681-2796092440-1313146854-1000 -> {1B67FD76-466C-4AB1-96F2-EDEEACB2E436} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA
    BHO: iMacros Browser Helper Object -> {34D5A80A-992D-4F07-9509-66E9E133BAAF} -> C:\Program Files\Ipswitch\iMacros\iMacrosBHO.dll [2015-03-26] ()
    BHO: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2015-04-09] (Siber Systems Inc.)
    BHO-x32: iMacros Browser Helper Object -> {34D5A80A-992D-4F07-9509-66E9E133BAAF} -> C:\Program Files (x86)\Ipswitch\iMacros\iMacrosBHO.dll [2015-03-26] ()
    BHO-x32: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll [2015-04-09] (Siber Systems Inc.)
    BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-05-24] (Oracle Corporation)
    BHO-x32: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22] (Microsoft Corporation)
    BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-05-24] (Oracle Corporation)
    Toolbar: HKLM - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2015-04-09] (Siber Systems Inc.)
    Toolbar: HKLM-x32 - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll [2015-04-09] (Siber Systems Inc.)
    Toolbar: HKU\S-1-5-21-3476291681-2796092440-1313146854-1000 -> &RoboForm Toolbar - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2015-04-09] (Siber Systems Inc.)
    Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)
    Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)
    Hosts: Hosts file not detected in the default directory
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
    Tcpip\..\Interfaces\{E9A8016C-DB52-4631-8397-50AFC0C28F43}: [DhcpNameServer] 192.168.1.1
    Tcpip\..\Interfaces\{ED3FCD13-558F-4CF5-B88E-39B9B954072B}: [DhcpNameServer] 10.3.0.1
    Tcpip\..\Interfaces\{F4FE6A86-0552-4606-866B-4D5D78C5FEE8}: [DhcpNameServer] 192.168.1.1
    FireFox:
    ========
    FF ProfilePath: C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\bj93ez97.default-1427226481790
    FF Homepage: google.com
    FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_18_0_0_194.dll [2015-06-28] ()
    FF Plugin: @microsoft.com/GENUINE -> disabled No File
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_194.dll [2015-06-28] ()
    FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] ()
    FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
    FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
    FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
    FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
    FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-05-24] (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-05-24] (Oracle Corporation)
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2009-07-10] (Microsoft Corporation)
    FF Plugin-x32: @siber.com/RoboForm -> C:\Program Files (x86)\Siber Systems\AI RoboForm\chrome\plugin\np-rf-plugin.dll [2015-04-09] (Siber Systems Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
    FF Plugin-x32: @videolan.org/vlc,version=2.2.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-02-27] (VideoLAN)
    FF Plugin HKU\S-1-5-21-3476291681-2796092440-1313146854-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\Dan\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
    FF Plugin HKU\S-1-5-21-3476291681-2796092440-1313146854-1000: @talk.google.com/O1DPlugin -> C:\Users\Dan\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-04-17] (Google)
    FF Plugin HKU\S-1-5-21-3476291681-2796092440-1313146854-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Dan\AppData\Local\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-17] (Google Inc.)
    FF Plugin HKU\S-1-5-21-3476291681-2796092440-1313146854-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Dan\AppData\Local\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-17] (Google Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Users\Dan\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
    FF Plugin ProgramFiles/Appdata: C:\Users\Dan\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-04-17] (Google)
    FF Extension: iMacros for Firefox - C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\bj93ez97.default-1427226481790\Extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670} [2015-05-29]
    FF HKLM-x32\...\Firefox\Extensions: [fiddlerhook@fiddler2.com] - C:\Program Files (x86)\Fiddler2\FiddlerHook
    FF Extension: FiddlerHook - C:\Program Files (x86)\Fiddler2\FiddlerHook [2015-04-06]
    FF HKLM-x32\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox
    FF Extension: RoboForm Toolbar for Firefox - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox [2015-04-09]
    FF HKU\S-1-5-21-3476291681-2796092440-1313146854-1000\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox
    Chrome:
    =======
    CHR dev: Chrome dev build detected! <======= ATTENTION
    CHR Profile: C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Google Slides) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-06-04]
    CHR Extension: (Google Docs) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-06-04]
    CHR Extension: (Google Drive) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-06-04]
    CHR Extension: (YouTube) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-06-04]
    CHR Extension: (Google Search) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-06-04]
    CHR Extension: (Google Sheets) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-06-04]
    CHR Extension: (Chrome Remote Desktop) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2015-06-04]
    CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-06-04]
    CHR Extension: (Chrome RDP for Google Cloud Platform) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpbbnannobiobpnfblimoapbephgifkm [2015-06-04]
    CHR Extension: (Google Wallet) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-06-04]
    CHR Extension: (Gmail) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-06-04]
    Opera:
    =======
    OPR Extension: (2048 AI - bitcoin) - C:\Users\Dan\AppData\Roaming\Opera Software\Opera Stable\Extensions\chfnopmklmpinabemlmldefhbhgkglmc [2015-04-04]
    OPR Extension: (RoboForm) - C:\Program Files (x86)\Siber Systems\AI RoboForm\Opera [2015-04-09]
    ==================== Services (Whitelisted) =================
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
    R2 camfrog_update_service; C:\Program Files (x86)\Camfrog\Camfrog Video Chat\update\cf_update_service.exe [1032680 2014-10-03] (Camshare Inc.)
    S4 fbdpinger; c:\Program Files (x86)\TOSHIBA\ToshibaFB\fdbpinger.exe [322416 2009-09-15] (Toshiba America Information Systems)
    R2 FoxitCloudUpdateService; C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [244392 2015-04-10] (Foxit Software Inc.)
    R2 GoogleSitemapGenerator; C:\Program Files (x86)\Google\Google Sitemap Generator\SitemapService.exe [704512 2009-12-31] (Google Inc.) [File not signed]
    S4 iRacingService; C:\Program Files (x86)\iRacing\iRacingService.exe [804640 2015-03-13] (iRacing.com Motorsport Simulations, LLC
    Bedford, MA 01730)
    R2 LMS; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [262144 2009-09-30] (Intel Corporation) [File not signed]
    R2 MbaeSvc; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [656184 2015-04-08] (Malwarebytes Corporation)
    R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation)
    R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
    R2 NanoServiceMain; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe [142584 2015-02-26] (Panda Security, S.L.)
    S3 OpenVPNService; C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe [33080 2014-12-01] (The OpenVPN Project)
    R2 PandaAgent; C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe [66808 2014-10-09] (Panda Security, S.L.)
    R2 PSUAService; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe [38136 2015-02-26] (Panda Security, S.L.)
    R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [99048 2010-07-04] (tzuk)
    R2 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2014-10-13] (DEVGURU Co., LTD.)
    S4 taisregispinger; C:\Program Files (x86)\TOSHIBA\ToshibaRegistration\TaisRegistPinger.exe [297344 2009-08-13] ()
    S4 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5448464 2015-03-30] (TeamViewer GmbH)
    R2 UNS; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2314240 2009-09-30] (Intel Corporation) [File not signed]
    R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [453120 2010-11-20] (Microsoft Corporation)
    R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
    S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
    S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
    ==================== Drivers (Whitelisted) ====================
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
    U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
    R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-11-15] (Disc Soft Ltd)
    R1 ESProtectionDriver; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [63064 2015-04-08] ()
    R3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv.sys [49304 2014-12-15] (Visicom Media Inc.)
    R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
    R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [113880 2015-07-17] (Malwarebytes Corporation)
    S3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation)
    R3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv_x64.sys [35992 2014-12-15] (Visicom Media Inc.)
    R1 NNSALPC; C:\Windows\System32\DRIVERS\NNSAlpc.sys [93968 2015-02-09] (Panda Security, S.L.)
    R1 NNSHTTP; C:\Windows\System32\DRIVERS\NNSHttp.sys [202000 2015-02-09] (Panda Security, S.L.)
    R1 NNSHTTPS; C:\Windows\System32\DRIVERS\NNSHttps.sys [110864 2015-02-09] (Panda Security, S.L.)
    R1 NNSIDS; C:\Windows\System32\DRIVERS\NNSIds.sys [116496 2015-02-09] (Panda Security, S.L.)
    R1 NNSNAHSL; C:\Windows\System32\DRIVERS\NNSNAHSL.sys [48400 2014-12-31] (Panda Security, S.L.)
    R1 NNSPICC; C:\Windows\System32\DRIVERS\NNSPicc.sys [99600 2015-02-09] (Panda Security, S.L.)
    R1 NNSPIHSW; C:\Windows\System32\DRIVERS\NNSPihsw.sys [69904 2015-02-09] (Panda Security, S.L.)
    R1 NNSPOP3; C:\Windows\System32\DRIVERS\NNSPop3.sys [124176 2015-02-09] (Panda Security, S.L.)
    R1 NNSPROT; C:\Windows\System32\DRIVERS\NNSProt.sys [299792 2015-02-09] (Panda Security, S.L.)
    R1 NNSPRV; C:\Windows\System32\DRIVERS\NNSPrv.sys [166160 2015-02-09] (Panda Security, S.L.)
    R1 NNSSMTP; C:\Windows\System32\DRIVERS\NNSSmtp.sys [113424 2015-02-09] (Panda Security, S.L.)
    R1 NNSSTRM; C:\Windows\System32\DRIVERS\NNSStrm.sys [257296 2015-02-09] (Panda Security, S.L.)
    R1 NNSTLSC; C:\Windows\System32\DRIVERS\NNSTlsc.sys [106256 2015-02-09] (Panda Security, S.L.)
    S3 NWUSBModem; C:\Windows\System32\DRIVERS\nwusbmdm.sys [213376 2009-12-18] (Novatel Wireless Inc.)
    S3 NWUSBPort; C:\Windows\System32\DRIVERS\nwusbser.sys [213376 2009-12-18] (Novatel Wireless Inc.)
    S3 NWUSBPort2; C:\Windows\System32\DRIVERS\nwusbser2.sys [213376 2009-12-18] (Novatel Wireless Inc.)
    R2 PSINAflt; C:\Windows\System32\DRIVERS\PSINAflt.sys [163088 2015-02-25] (Panda Security, S.L.)
    R2 PSINFile; C:\Windows\System32\DRIVERS\PSINFile.sys [121616 2015-02-25] (Panda Security, S.L.)
    R1 PSINKNC; C:\Windows\System32\DRIVERS\psinknc.sys [197392 2015-02-25] (Panda Security, S.L.)
    R2 PSINProc; C:\Windows\System32\DRIVERS\PSINProc.sys [124176 2015-02-25] (Panda Security, S.L.)
    R2 PSINProt; C:\Windows\System32\DRIVERS\PSINProt.sys [133904 2015-02-25] (Panda Security, S.L.)
    R2 PSINReg; C:\Windows\System32\DRIVERS\PSINReg.sys [107792 2015-02-25] (Panda Security, S.L.)
    R3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [61712 2015-01-29] (Panda Security, S.L.)
    R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [139880 2010-07-04] (tzuk)
    U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-06-20] ()
    ==================== NetSvcs (Whitelisted) ===================
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    ==================== One Month Created files and folders ========
    (If an entry is included in the fixlist, the file/folder will be moved.)
    2015-07-17 14:57 - 2015-07-17 14:58 - 00022707 _____ C:\Users\Dan\Desktop\FRST.txt
    2015-07-17 14:55 - 2015-07-17 14:57 - 00000000 ____D C:\FRST
    2015-07-17 14:47 - 2015-07-17 14:47 - 02133504 _____ (Farbar) C:\Users\Dan\Desktop\FRST64.exe
    2015-07-17 13:37 - 2015-07-17 13:40 - 00000000 ____D C:\Users\Dan\AppData\Local\CyberGhost
    2015-07-17 13:36 - 2015-07-17 14:08 - 00000000 ____D C:\Program Files\CyberGhost 5
    2015-07-17 09:44 - 2015-07-17 09:44 - 00000000 ____D C:\Users\Dan\AppData\Local\CrashRpt
    2015-07-06 10:43 - 2015-07-06 06:35 - 02953457 _____ (Malwarebytes Corporation) C:\Users\Dan\Desktop\JRT.exe
    2015-07-06 08:25 - 2015-01-29 13:21 - 00061712 _____ (Panda Security, S.L.) C:\windows\system32\Drivers\PSKMAD.sys
    2015-07-02 11:06 - 2015-07-02 11:15 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\Dan\Downloads\mbam-setup-2.1.8.1057.exe
    2015-07-01 20:51 - 2015-07-01 20:51 - 00000000 ____D C:\Users\Dan\AppData\Roaming\Verizon Wireless
    2015-07-01 20:48 - 2015-07-01 20:48 - 00001271 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VZAccess Manager.lnk
    2015-07-01 20:48 - 2015-07-01 20:48 - 00001259 _____ C:\Users\Public\Desktop\VZAccess Manager.lnk
    2015-07-01 20:48 - 2015-07-01 20:48 - 00000000 ____D C:\ProgramData\WEngineLite
    2015-07-01 20:48 - 2015-07-01 20:48 - 00000000 ____D C:\ProgramData\Verizon Wireless
    2015-07-01 20:46 - 2015-07-01 20:48 - 00000000 ____D C:\Program Files (x86)\Verizon Wireless
    2015-07-01 20:46 - 2015-07-01 20:46 - 00002635 _____ C:\Users\Dan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Verizon Wireless MiFi-2200 Firmware Updates.lnk
    2015-07-01 20:29 - 2015-07-01 20:29 - 00000000 ____D C:\Program Files (x86)\Novatel Wireless
    2015-06-30 11:02 - 2015-06-30 11:02 - 00262144 _____ C:\windows\Minidump\063015-24694-01.dmp
    2015-06-29 08:22 - 2015-06-29 08:22 - 00697408 _____ C:\Users\Dan\Downloads\odysseusOTA-v1.0.1.zip
    2015-06-29 08:22 - 2015-06-29 08:22 - 00000000 ____D C:\Users\Dan\Downloads\odysseusOTA-v1.0.1
    2015-06-28 18:54 - 2015-06-28 18:54 - 00000000 ____D C:\Users\Dan\AppData\Local\iMobie_Inc
    2015-06-28 18:53 - 2015-06-28 18:53 - 00001185 _____ C:\Users\Public\Desktop\AnyTrans.lnk
    2015-06-28 18:52 - 2015-06-28 18:52 - 15016920 _____ (iMobie Inc. ) C:\Users\Dan\Downloads\anytrans-setup.exe
    2015-06-28 18:47 - 2015-06-28 18:54 - 00000000 ____D C:\Users\Dan\AppData\Roaming\iMobie
    2015-06-28 18:47 - 2015-06-28 18:47 - 00000000 ____D C:\Users\Dan\AppData\Local\iMobie_PhoneRescue
    2015-06-28 18:46 - 2015-06-28 18:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iMobie
    2015-06-28 18:46 - 2015-06-28 18:53 - 00000000 ____D C:\Program Files (x86)\iMobie
    2015-06-28 18:46 - 2015-06-28 18:46 - 00001227 _____ C:\Users\Public\Desktop\PhoneRescue.lnk
    2015-06-28 18:45 - 2015-06-28 18:45 - 04017112 _____ (iMobie Inc. ) C:\Users\Dan\Downloads\phonerescue-64-setup.exe
    2015-06-28 18:37 - 2015-06-28 18:38 - 00000000 ____D C:\Users\Dan\Downloads\R4z3r's Activator v1.0.1
    2015-06-28 18:36 - 2015-06-28 18:37 - 47022199 _____ C:\Users\Dan\Downloads\R4z3r's Activator v1.0.1.zip
    2015-06-28 16:11 - 2015-06-28 16:11 - 00001179 _____ C:\Users\Dan\Desktop\Tenorshare iPad Data Recovery.lnk
    2015-06-28 16:11 - 2015-06-28 16:11 - 00000000 ____D C:\Users\Dan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tenorshare iPad Data Recovery
    2015-06-28 16:11 - 2015-06-28 16:11 - 00000000 ____D C:\Program Files (x86)\Tenorshare iPad Data Recovery
    2015-06-28 16:09 - 2015-06-28 16:09 - 13805304 _____ C:\Users\Dan\Downloads\TenorshareiPadDataRecoverytrial147.exe
    2015-06-28 10:58 - 2015-06-28 21:20 - 00000000 ____D C:\Users\Dan\Desktop\new ibypass
    2015-06-28 10:38 - 2015-06-28 10:38 - 00604625 _____ C:\Users\Dan\Downloads\SurveyBypassTools.zip
    2015-06-28 10:38 - 2015-06-28 10:38 - 00000000 ____D C:\Users\Dan\Downloads\SurveyBypassTools
    2015-06-26 13:23 - 2015-06-26 13:23 - 00000000 ____D C:\Users\Dan\Downloads\iCL0udin_icloud_bypass_v1.0(2)
    2015-06-26 13:18 - 2015-06-26 13:19 - 00446555 _____ C:\Users\Dan\Downloads\iCL0udin_icloud_bypass_v1.0(2).zip
    2015-06-23 18:15 - 2015-06-23 18:15 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Dan\Downloads\mbam-setup-2.1.6.1022.exe
    2015-06-23 18:15 - 2015-06-23 18:15 - 03020968 _____ (Malwarebytes ) C:\Users\Dan\Downloads\mbae-setup-1.06.1.1019.exe
    2015-06-23 18:07 - 2015-06-23 18:07 - 00000151 _____ C:\Users\Dan\Desktop\malwarebytes keys.txt
    2015-06-23 03:23 - 2015-07-03 21:26 - 00001202 _____ C:\Users\Dan\Desktop\MultiTool V2.lnk
    2015-06-23 00:43 - 2015-07-17 11:54 - 00000000 ____D C:\Users\Dan\AppData\Local\ManyCam
    2015-06-23 00:39 - 2015-06-23 00:51 - 00000000 ____D C:\Program Files (x86)\ManyCam
    2015-06-23 00:39 - 2015-06-23 00:44 - 00000000 ____D C:\ProgramData\ManyCam
    2015-06-23 00:39 - 2015-06-23 00:39 - 00000992 _____ C:\Users\Public\Desktop\ManyCam.lnk
    2015-06-23 00:39 - 2015-06-23 00:39 - 00000000 ____D C:\Users\Dan\AppData\Roaming\ManyCam
    2015-06-23 00:39 - 2015-06-23 00:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ManyCam
    2015-06-22 22:28 - 2015-06-22 23:55 - 00000000 ____D C:\Program Files (x86)\MultiTool V2
    2015-06-22 22:27 - 2015-06-22 22:27 - 00280064 _____ C:\Users\Dan\Desktop\Updater.exe
    2015-06-22 21:57 - 2015-06-22 21:57 - 00000000 ____D C:\RegBackup
    2015-06-22 15:41 - 2015-06-21 19:39 - 02950454 _____ (Thisisu) C:\Users\Dan\Desktop\JRT_NEW.exe
    2015-06-22 15:14 - 2015-06-22 15:16 - 00000000 ____D C:\AdwCleaner
    2015-06-21 14:17 - 2015-06-21 14:17 - 00000000 ____D C:\Users\Dan\Downloads\MBAE Patch + RegKeys+ Setup
    2015-06-21 14:03 - 2015-06-21 14:03 - 01582824 _____ C:\Users\Dan\Desktop\PANDAAP15.exe
    2015-06-21 13:58 - 2015-06-21 13:58 - 00000000 ____D C:\Program Files (x86)\Search by Image by
    2015-06-21 13:56 - 2015-06-26 13:19 - 00000000 ____D C:\ProgramData\{dd14653d-9322-5ba1-dd14-4653d93294f6}
    2015-06-20 22:53 - 2015-06-20 22:53 - 00295960 _____ (Visicom Media inc.) C:\Users\Dan\Downloads\ManyCamWebInstaller(1).exe
    2015-06-20 22:42 - 2015-06-20 22:42 - 00002777 _____ C:\Users\Dan\Desktop\Sophos Virus Removal Tool.lnk
    2015-06-20 22:42 - 2015-06-20 22:42 - 00002759 _____ C:\Users\Public\Desktop\Sophos Virus Removal Tool.lnk
    2015-06-20 22:42 - 2015-06-20 22:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
    2015-06-20 22:42 - 2015-06-20 22:42 - 00000000 ____D C:\Program Files (x86)\Sophos
    2015-06-20 21:48 - 2015-06-20 21:48 - 124217352 _____ (Sophos Limited) C:\Users\Dan\Desktop\Sophos Virus Removal Tool.exe
    2015-06-20 11:39 - 2015-06-20 11:39 - 00000000 ____D C:\Users\Dan\Desktop\text docs
    2015-06-18 23:34 - 2015-06-18 23:43 - 87824756 _____ C:\Users\Dan\Downloads\packer_0.7.5_windows_amd64.zip
    2015-06-18 18:49 - 2015-06-18 18:49 - 00000069 _____ C:\Users\Dan\Desktop\52.25.60.178.rdp
    2015-06-18 18:29 - 2015-06-18 18:29 - 00000000 ____D C:\Users\Dan\Downloads\MultiTool V2.0.0.0
    2015-06-18 17:39 - 2015-06-18 17:39 - 00001696 _____ C:\Users\Dan\Downloads\CFVM.pem
    2015-06-18 17:28 - 2015-06-18 17:33 - 43584726 _____ C:\Users\Dan\Downloads\MultiTool V2.0.0.0.rar
    ==================== One Month Modified files and folders ========
    (If an entry is included in the fixlist, the file/folder will be moved.)
    2015-07-17 14:52 - 2014-10-10 20:57 - 01875704 _____ C:\windows\WindowsUpdate.log
    2015-07-17 14:48 - 2015-04-04 10:51 - 00000000 ____D C:\Program Files (x86)\Opera
    2015-07-17 14:43 - 2015-05-14 23:22 - 00000900 _____ C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3476291681-2796092440-1313146854-1000UA.job
    2015-07-17 14:43 - 2015-05-14 23:22 - 00000848 _____ C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3476291681-2796092440-1313146854-1000Core.job
    2015-07-17 14:38 - 2015-05-14 23:22 - 00003870 _____ C:\windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3476291681-2796092440-1313146854-1000UA
    2015-07-17 14:38 - 2015-05-14 23:22 - 00003474 _____ C:\windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3476291681-2796092440-1313146854-1000Core
    2015-07-17 14:36 - 2014-10-25 23:35 - 00000000 ____D C:\Users\Dan\AppData\Roaming\DAoC Portal
    2015-07-17 14:34 - 2015-02-28 14:32 - 00000000 ____D C:\Program Files (x86)\betternet
    2015-07-17 14:33 - 2015-03-30 20:51 - 00000830 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
    2015-07-17 14:33 - 2014-11-13 12:14 - 00000000 ____D C:\Users\Dan\AppData\Local\CrashDumps
    2015-07-17 14:27 - 2014-12-01 09:09 - 00113880 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
    2015-07-17 14:27 - 2014-10-10 17:53 - 00000000 ____D C:\Users\Dan
    2015-07-17 14:22 - 2009-07-14 01:13 - 00824886 _____ C:\windows\system32\PerfStringBackup.INI
    2015-07-17 14:21 - 2009-07-14 00:45 - 00015792 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2015-07-17 14:21 - 2009-07-14 00:45 - 00015792 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2015-07-17 14:18 - 2014-12-02 01:21 - 00066479 _____ C:\windows\setupact.log
    2015-07-17 14:14 - 2009-07-13 23:20 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
    2015-07-17 14:12 - 2015-05-30 17:24 - 00000433 _____ C:\windows\system32\Drivers\etc\hosts.ics
    2015-07-17 14:10 - 2009-07-14 01:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
    2015-07-17 14:09 - 2015-02-24 21:13 - 00000000 ____D C:\Users\DefaultAppPool
    2015-07-17 14:09 - 2014-10-10 22:01 - 00000000 ____D C:\windows\system32\Macromed
    2015-07-17 14:09 - 2009-07-13 23:20 - 00000000 ____D C:\windows\rescache
    2015-07-17 14:09 - 2009-07-13 23:20 - 00000000 ____D C:\windows\PolicyDefinitions
    2015-07-17 14:08 - 2014-10-25 23:35 - 00000000 ____D C:\Program Files (x86)\DAoC Portal
    2015-07-17 14:08 - 2014-10-12 19:43 - 00000000 ____D C:\Users\Dan\AppData\Roaming\Azureus
    2015-07-17 14:08 - 2009-07-13 23:20 - 00000000 ____D C:\windows\AppCompat
    2015-07-17 14:08 - 2009-07-13 23:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
    2015-07-17 14:07 - 2009-07-13 23:20 - 00000000 ____D C:\windows\registration
    2015-07-17 14:05 - 2014-11-05 01:37 - 00000000 ____D C:\Users\Dan\AppData\Roaming\Skype
    2015-07-17 14:04 - 2014-10-12 19:33 - 00000000 ____D C:\Users\Dan\AppData\Roaming\Bitcoin
    2015-07-17 11:32 - 2015-04-22 07:08 - 00000000 ____D C:\ProgramData\Malwarebytes Anti-Exploit
    2015-07-17 09:46 - 2014-10-14 23:11 - 00000000 ____D C:\Users\Dan\AppData\Roaming\Camfrog
    2015-07-17 09:44 - 2014-10-14 23:11 - 00000000 ____D C:\ProgramData\Camfrog Update
    2015-07-06 15:05 - 2014-11-28 08:42 - 00001038 _____ C:\ProgramData\Microsoft\Windows\Start Menu\LINE.lnk
    2015-07-06 15:05 - 2014-11-28 08:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LINE
    2015-07-05 23:00 - 2014-12-03 11:25 - 00000000 ___RD C:\Program Files (x86)\Skype
    2015-07-05 22:59 - 2014-11-05 01:36 - 00000000 ____D C:\ProgramData\Skype
    2015-07-03 21:39 - 2009-12-12 02:43 - 00288882 _____ C:\windows\PFRO.log
    2015-07-01 20:28 - 2015-05-15 14:33 - 00000000 ____D C:\Users\Dan\AppData\Local\Downloaded Installations
    2015-06-30 11:02 - 2014-12-03 15:54 - 463113392 _____ C:\windows\MEMORY.DMP
    2015-06-30 11:02 - 2014-10-18 01:52 - 00000000 ____D C:\windows\Minidump
    2015-06-28 22:11 - 2015-03-30 20:51 - 00778416 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
    2015-06-28 22:11 - 2015-03-30 20:51 - 00142512 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
    2015-06-28 22:11 - 2015-03-30 20:51 - 00003768 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
    2015-06-28 22:11 - 2014-10-10 22:00 - 00000000 ____D C:\Users\Dan\AppData\Local\Adobe
    2015-06-28 21:30 - 2015-02-11 01:31 - 00000000 ____D C:\Users\Dan\AppData\Local\pangu
    2015-06-28 18:08 - 2009-07-13 22:34 - 00000088 _____ C:\windows\system32\Drivers\etc\hosts.bkup
    2015-06-28 08:29 - 2014-11-04 15:24 - 00003490 _____ C:\windows\Sandboxie.ini
    2015-06-27 20:00 - 2014-11-22 10:42 - 00000000 ____D C:\Users\Dan\AppData\Roaming\Dogecoin
    2015-06-25 14:48 - 2015-04-04 10:51 - 00003826 _____ C:\windows\System32\Tasks\Opera scheduled Autoupdate 1428159094
    2015-06-24 14:45 - 2014-12-01 09:09 - 00001077 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2015-06-24 14:45 - 2014-12-01 09:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    2015-06-24 14:45 - 2014-12-01 09:09 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
    2015-06-23 18:03 - 2009-07-13 23:20 - 00000000 __RHD C:\Users\Public\Libraries
    2015-06-23 13:30 - 2014-10-10 18:55 - 00300704 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe
    2015-06-22 21:53 - 2014-10-10 18:28 - 00000000 ____D C:\Program Installers
    2015-06-21 22:20 - 2015-02-04 22:30 - 00001890 _____ C:\DelFix.txt
    2015-06-21 11:12 - 2014-10-10 23:41 - 00000000 ____D C:\Users\Dan\Documents\Electronic Arts
    2015-06-21 11:10 - 2009-07-14 01:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
    2015-06-21 10:32 - 2014-10-10 17:55 - 00000000 ____D C:\Users\Dan\AppData\Local\VirtualStore
    2015-06-20 23:04 - 2015-03-10 00:40 - 00000000 ____D C:\Users\Dan\Downloads\DoulCi activator
    2015-06-20 22:47 - 2015-02-04 21:16 - 00000000 ____D C:\ProgramData\Sophos
    2015-06-20 14:29 - 2009-07-13 22:34 - 00000215 _____ C:\windows\system.ini
    2015-06-20 12:34 - 2015-02-03 01:40 - 00000000 ____D C:\ProgramData\RogueKiller
    2015-06-20 12:25 - 2015-02-03 01:40 - 00035064 _____ C:\windows\system32\Drivers\TrueSight.sys
    2015-06-20 12:01 - 2009-07-13 23:20 - 00000000 ____D C:\windows\L2Schemas
    2015-06-20 11:21 - 2009-07-14 01:09 - 00000000 ____D C:\windows\System32\Tasks\WPD
    2015-06-20 09:48 - 2009-07-14 00:57 - 00001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
    2015-06-19 10:49 - 2009-07-14 01:08 - 00032630 _____ C:\windows\Tasks\SCHEDLGU.TXT
    2015-06-18 08:41 - 2014-12-01 09:09 - 00109272 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
    2015-06-18 08:41 - 2014-12-01 09:09 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
    2015-06-18 08:41 - 2014-12-01 09:09 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
    2015-06-17 20:26 - 2014-11-23 16:03 - 00000000 ____D C:\Users\Dan\AppData\Roaming\Primecoin
    2015-06-17 20:25 - 2014-11-23 16:01 - 00000000 ____D C:\Users\Dan\AppData\Roaming\Litecoin
    2015-06-17 20:09 - 2014-11-23 16:04 - 00000000 ____D C:\Users\Dan\AppData\Roaming\Quarkcoin
    2015-06-17 19:49 - 2015-02-09 15:24 - 00000000 ____D C:\Users\Dan\AppData\Roaming\Paycoin
    2015-06-17 18:27 - 2014-11-23 16:08 - 00000000 ____D C:\Users\Dan\AppData\Roaming\PPCoin
    ==================== Bamital & volsnap Check =================
    (There is no automatic fix for files that do not pass verification.)
    C:\Windows\System32\winlogon.exe => File is digitally signed
    C:\Windows\System32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\System32\services.exe => File is digitally signed
    C:\Windows\System32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\System32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed
    C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

    LastRegBack: 2015-07-15 22:16
    ==================== End of log ============================
     
    -------------------------------------------------------------------------------------------------------------------------------------------------------------
     
    Additional scan result of Farbar Recovery Scan Tool (x64) Version:13-07-2015
    Ran by Dan at 2015-07-17 14:58:45
    Running from C:\Users\Dan\Desktop
    Boot Mode: Normal
    ==========================================================

    ==================== Accounts: =============================
    Administrator (S-1-5-21-3476291681-2796092440-1313146854-500 - Administrator - Disabled)
    Dan (S-1-5-21-3476291681-2796092440-1313146854-1000 - Administrator - Enabled) => C:\Users\Dan
    Guest (S-1-5-21-3476291681-2796092440-1313146854-501 - Limited - Disabled)
    HomeGroupUser$ (S-1-5-21-3476291681-2796092440-1313146854-1004 - Limited - Enabled)
    ==================== Security Center ========================
    (If an entry is included in the fixlist, it will be removed.)
    AV: Panda Antivirus Pro 2015 (Enabled - Up to date) {3456760B-FDAA-FFFD-06C2-7BB528D2066C}
    AS: Panda Antivirus Pro 2015 (Enabled - Up to date) {8F3797EF-DB90-F073-3C72-40C753554CD1}
    AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    FW: Panda Firewall (Enabled) {0C6DF72E-B7C5-FEA5-2D9D-D280D6014117}
    ==================== Installed Programs ======================
    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
    4K Video Downloader 3.5 (HKLM-x32\...\4K Video Downloader_is1) (Version: 3.5.6.1730 - Open Media LLC)
    Active@ KillDisk 9.1 (HKLM\...\{81B939C1-0219-42B6-A352-D5E43F2BDFAE}_is1) (Version: 9.1 - LSoft Technologies Inc)
    Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.194 - Adobe Systems Incorporated)
    AnalogX Proxy (HKLM-x32\...\AnalogX Proxy_is1) (Version: 4.15 - AnalogX, LLC)
    AnyTrans 4.5.0 (HKLM-x32\...\{E580ED1F-AAF8-4F7E-B174-54BFA2B94E0B}}_is1) (Version: 4.5.0 - iMobie Inc.)
    Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
    Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 5.2 - Atheros)
    Betternet (HKLM-x32\...\Betternet) (Version:  - )
    Bitcoin Core (64-bit) (HKU\S-1-5-21-3476291681-2796092440-1313146854-1000\...\Bitcoin Core (64-bit)) (Version: 0.10.2 - Bitcoin Core project)
    Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
    Camfrog Video Chat 6.11 (HKLM-x32\...\Camfrog) (Version: 6.11.480 - Camshare, Inc.)
    Coinbot (HKLM-x32\...\Coinbot_is1) (Version:  - )
    Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
    DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
    DAoC Portal (HKLM-x32\...\{EC9359B3-2548-4DB1-B322-6D71A17501F9}) (Version: 2.8.2 - Dawn of Light)
    Direct DiscRecorder (x32 Version: 1.00.0000 - Corel Corporation) Hidden
    Dogecoin Core (32-bit) (HKU\S-1-5-21-3476291681-2796092440-1313146854-1000\...\Dogecoin Core (32-bit)) (Version: 1.8.0 - Dogecoin project)
    Dolby Control Center (HKLM\...\{20387B45-18A4-4D48-ABD9-A23D2CBE42B3}) (Version: 2.2.1 - Dolby)
    Dragon's Tale (HKLM-x32\...\Dragon's Tale) (Version: 1.00 - eGenesis)
    DVD MovieFactory for TOSHIBA (HKLM-x32\...\InstallShield_{50F68032-B5B7-4513-9116-C978DBD8F27A}) (Version: 7.0.0 - Corel Corporation)
    DVD MovieFactory for TOSHIBA (x32 Version: 7.0.0 - Corel Corporation) Hidden
    EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
    Eyeball Chat (HKLM-x32\...\{FDE9FAF8-E1EA-4EBC-A10C-A730F45C7258}) (Version: 58.26.1 - Eyeball Networks)
    Fiddler (HKLM-x32\...\Fiddler2) (Version: 4.5.0.0 - Telerik)
    Fiddler Syntax-Highlighting Addons (HKLM-x32\...\FiddlerSyntaxAddons) (Version:  - )
    Foundstone Hash Calculator (Fiddler Extension) (HKLM-x32\...\{D206D869-2C99-4E36-8B87-7BDEC994999D}) (Version: 1.0.0 - Foundstone Inc., A Division Of McAfee)
    Foxit Cloud (HKLM-x32\...\{41914D8B-9D6E-4764-A1F9-BC43FB6782C1}_is1) (Version: 3.3.76.410 - Foxit Software Inc.)
    Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 7.1.5.425 - Foxit Software Inc.)
    Free FLV to MP4 Converter version 1.0 (HKLM-x32\...\{74054B18-A989-49D4-A34A-5DC405F99983}_is1) (Version: 1.0 - )
    GadgetWide Cloud Control Service (HKLM-x32\...\{6147344A-2A3D-4CE0-9F09-E99CE1C45573}) (Version: 1.2.0.6 - GadgetWide)
    Genesis version Genesis Launcher 1.009 (HKLM-x32\...\{975e7799-c584-47f0-9c12-c1551f3e95f2}_is1) (Version: Genesis Launcher 1.009 - Pawel D. alias Laplume for Genesis.)
    Genesis version Patch (HKLM-x32\...\{9db86e9a-0b05-4202-a76c-5a795f698408}_is1) (Version: Patch - Pawel D. alias Laplume for Genesis.)
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.124 - Google Inc.)
    Google Sitemap Generator (Beta) (HKLM-x32\...\{D2B963D9-9957-452C-BEB3-DA0FD7F9DA16}) (Version: 1.0.0 - Google)
    Google Talk Plugin (HKLM-x32\...\{CA3DD97D-1FD7-37A7-BD5C-FC4430C8B8E6}) (Version: 5.41.2.0 - Google)
    Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
    Grand Theft Auto V v.1.0.333.1 (HKLM-x32\...\Grand Theft Auto V_is1) (Version:  - )
    HunterCoin (HKLM-x32\...\{9845CAD9-BF76-4F22-A437-FF33990B0CCB}) (Version: 1.2.0.0 - HunterCoin)
    iMacros Version 10.4.28.1074 (x64) (HKLM\...\{9C5118F7-E26D-4fc0-B7F4-4A067A0808FA}_is1) (Version: 10.4.28.1074 - Ipswitch, Inc)
    ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
    Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.0.1006 - Intel Corporation)
    Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
    Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.5.0.1037 - Intel Corporation)
    Intel(R) Turbo Boost Technology Driver (HKLM-x32\...\{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}) (Version: 01.00.01.1002 - Intel Corporation)
    iRacing.com Race Simulation (HKLM-x32\...\{CBBB3C80-76F5-42B5-92A6-C4BF84796DCB}) (Version: 1.01.0528 - iRacing.com Motorsport Simulations)
    iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
    Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
    Junk Mail filter update (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden
    LINE (HKLM-x32\...\LINE) (Version: 4.0.3.369 - LINE Corporation)
    Logitech Gaming Software 5.04 (HKLM\...\{8753DF4D-64B0-474E-9A97-0AB5585D9A53}) (Version: 5.04.110 - Logitech)
    Logitech QuickCam Software (HKLM-x32\...\{C43048A9-742C-4DAD-90D2-E3B53C9DB825}) (Version: 8.47.0000 - Logitech, Inc.)
    Malwarebytes Anti-Exploit version 1.06.1.1019 (HKLM\...\Malwarebytes Anti-Exploit_is1) (Version: 1.06.1.1019 - Malwarebytes)
    Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
    ManyCam 4.1.0 (HKLM-x32\...\ManyCam) (Version: 4.1.0 - Visicom Media Inc.)
    Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
    Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
    Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
    Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
    Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
    Microsoft Office Suite Activation Assistant (HKLM-x32\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
    Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
    Mobile Broadband Generic Drivers (HKLM-x32\...\Mobile Broadband Generic Drivers) (Version: 2.03.09.005.14 - Novatel Wireless)
    Mobile Broadband Generic Drivers (x32 Version: 2.03.09.005.14 - Novatel Wireless) Hidden
    Mozilla Firefox 38.0.5 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 38.0.5 (x86 en-US)) (Version: 38.0.5 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 32.0.3 - Mozilla)
    MPC-HC 1.7.7 (HKLM-x32\...\{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1) (Version: 1.7.7 - MPC-HC Team)
    MultiBit 0.5.18 (HKLM-x32\...\MultiBit 0.5.18) (Version: 0.5.18 - )
    MultiTool V2 (HKLM-x32\...\MultiTool V2) (Version: 2.0.0.6 - )
    NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.56.34 - NVIDIA Corporation)
    NVIDIA PhysX System Software 9.13.0725 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0725 - NVIDIA Corporation)
    OE Classic 2.1 (HKLM-x32\...\OEClassic) (Version: 2.1 - OE Classic)
    ooVoo (HKLM-x32\...\{FAA7F8FF-3C05-4A61-8F14-D8A6E9ED6623}) (Version: 3.6.5001 - ooVoo LLC.)
    OpenVPN 2.3.6-I001  (HKLM-x32\...\OpenVPN) (Version: 2.3.6-I001 - )
    Opera Stable 30.0.1835.88 (HKLM-x32\...\Opera 30.0.1835.88) (Version: 30.0.1835.88 - Opera Software)
    Paltalk Messenger  11.6 (HKLM-x32\...\Paltalk Messenger) (Version: 11.6.607.17218 - AVM Software Inc.)
    Panda Antivirus Pro 2015 (HKLM-x32\...\Panda Universal Agent Endpoint) (Version: 15.1.0 - Panda Security)
    Panda Antivirus Pro 2015 (Version: 7.82.00.0000 - Panda Security) Hidden
    Panda Devices Agent (HKLM-x32\...\Panda Devices Agent) (Version: 1.03.04 - Panda Security)
    Panda Devices Agent (x32 Version: 1.05.00 - Panda Security) Hidden
    Paycoin (HKU\S-1-5-21-3476291681-2796092440-1313146854-1000\...\Paycoin) (Version: 0.1.2.26 - Paycoin project)
    PdaNet+ for Android 4.15 (HKLM-x32\...\PdaNet_is1) (Version:  - June Fabrics Technology Inc)
    Peerunity (HKU\S-1-5-21-3476291681-2796092440-1313146854-1000\...\Peerunity) (Version: 0.1.1.0 - Peerunity project)
    PhoneRescue 1.9.0 (HKLM-x32\...\{2FAFFE02-4D6B-4C0A-906B-1B33DAF0DD14}}_is1) (Version: 1.9.0 - iMobie Inc.)
    PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
    ProfitCoin 1.1 (HKLM-x32\...\ProfitCoin 1.1) (Version: 1.1 - Hashprofit)
    Python 2.7.6 (64-bit) (HKLM\...\{C3CC4DF5-39A5-4027-B136-2B3E1F5AB6E3}) (Version: 2.7.6150 - Python Software Foundation)
    Quark wallet (HKLM-x32\...\Quark wallet) (Version:  - )
    Quickbooks Financial Center (HKLM-x32\...\{3B843B38-04B1-4CE6-8888-586273E0F289}) (Version: 2.02 - TOSHIBA Corporation)
    Realtek Ethernet Controller  Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0008 - Realtek)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5972 - Realtek Semiconductor Corp.)
    Realtek WLAN Driver (HKLM-x32\...\{0FB630AB-7BD8-40AE-B223-60397D57C3C9}) (Version: 2.00.0006 - Realtek)
    RICOH R5U230 Media Driver ver.2.06.03.02 (HKLM-x32\...\{022CBB38-CEF0-42BA-906A-A49BEFAE0BEE}) (Version: 2.06.03.02 - RICOH)
    RoboForm 7-9-11-1 (All Users) (HKLM-x32\...\AI RoboForm) (Version: 7-9-11-1 - Siber Systems)
    Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.5.6 - Rockstar Games)
    RuneScape Launcher 1.2.3 (HKLM-x32\...\{FAE99C85-0732-4C58-9C6B-10B5B12FA2E9}) (Version: 1.2.3 - Jagex Ltd)
    Samsung Kies3 (HKLM-x32\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.15041.2 - Samsung Electronics Co., Ltd.)
    Samsung Kies3 (x32 Version: 3.2.15041.2 - Samsung Electronics Co., Ltd.) Hidden
    SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.49.0 - SAMSUNG Electronics Co., Ltd.)
    Sandboxie 3.46 (64-bit) (HKLM\...\Sandboxie) (Version:  - )
    Skype Launcher (HKLM-x32\...\{DA84ECBF-4B79-47F2-B34C-95C38484C058}) (Version: 2.01 - TOSHIBA Corporation)
    Skype™ 7.6 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.6.105 - Skype Technologies S.A.)
    SmartFTP Client (HKLM\...\{155F9DF4-7F8D-4B49-9B18-D9C882D0E847}) (Version: 6.0.2096.0 - SmartSoft Ltd.)
    Snagit 12 (HKLM-x32\...\{979028FC-2DBF-4BB4-A9EC-4627A9D63D50}) (Version: 12.2.2 - TechSmith Corporation)
    Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.5.4 - Sophos Limited)
    Speccy (HKLM\...\Speccy) (Version: 1.28 - Piriform)
    Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 14.0.11.0 - Synaptics Incorporated)
    TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - )
    TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.40798 - TeamViewer)
    Tenorshare iPad Data Recovery  (HKLM-x32\...\Tenorshare iPad Data Recovery) (Version:  - Tenorshare, Inc.)
    Time Stopper (HKLM-x32\...\Time Stopper4.0) (Version: 4.0 - DilSoft)
    Toshiba Application Installer (HKLM-x32\...\{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}) (Version: 9.0.0.9 - Toshiba)
    TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.2 for x64 - TOSHIBA Corporation)
    TOSHIBA DVD PLAYER (HKLM-x32\...\{6C5F3BDC-0A1B-4436-A696-5939629D5C31}) (Version: 3.01.1.07-A - TOSHIBA Corporation)
    TOSHIBA eco Utility (HKLM-x32\...\InstallShield_{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}) (Version: 1.1.12.64 - TOSHIBA Corporation)
    TOSHIBA Extended Tiles for Windows Mobility Center (HKLM-x32\...\InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}) (Version:  - )
    TOSHIBA Face Recognition (HKLM-x32\...\InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}) (Version: 3.1.3.64 - TOSHIBA Corporation)
    TOSHIBA Hardware Setup (HKLM-x32\...\{D0387727-C89D-4774-B643-B9333EAA09DE}) (Version: 2.00.15 - TOSHIBA Corporation)
    TOSHIBA HDD Protection (HKLM\...\{94A90C69-71C1-470A-88F5-AA47ECC96B40}) (Version: 2.2.0.3 - TOSHIBA Corporation)
    TOSHIBA Media Controller (HKLM-x32\...\{983CD6FE-8320-4B80-A8F6-0D0366E0AA22}) (Version: 1.0.65 - TOSHIBA CORPORATION)
    Toshiba Online Backup (HKLM-x32\...\{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}) (Version: 1.2.0.38 - Toshiba)
    TOSHIBA Quality Application (HKLM-x32\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.0.1 - TOSHIBA)
    TOSHIBA Recovery Media Creator (HKLM\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.0.4 for x64 - TOSHIBA Corporation)
    TOSHIBA ReelTime (HKLM-x32\...\InstallShield_{5BCC94A1-DEF1-4AB4-8046-BC13048E929A}) (Version: 1.5.07.64 - TOSHIBA Corporation)
    TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.1.40 - TOSHIBA)
    TOSHIBA Speech System Applications (HKLM-x32\...\{EE033C1F-443E-41EC-A0E2-559B539A4E4D}) (Version: 1.00.2518 - )
    TOSHIBA Speech System SR Engine(U.S.) Version1.0 (HKLM-x32\...\{008D69EB-70FF-46AB-9C75-924620DF191A}) (Version:  - )
    TOSHIBA Speech System TTS Engine(U.S.) Version1.0 (HKLM-x32\...\{3FBF6F99-8EC6-41B4-8527-0A32241B5496}) (Version:  - )
    TOSHIBA Supervisor Password (HKLM-x32\...\{A208044D-A88B-4ACF-AE95-E4F213E6EDC0}) (Version: 2.00.11 - TOSHIBA Corporation)
    TOSHIBA USB Sleep and Charge Utility (HKLM-x32\...\{E487EE7D-EAAA-4E2A-9116-E3B477D8A74F}) (Version: 1.3.2.0 - TOSHIBA Corporation)
    TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.2.32.64 - TOSHIBA Corporation)
    TOSHIBA Web Camera Application (HKLM-x32\...\{5E6F6CF3-BACC-4144-868C-E14622C658F3}) (Version: 1.1.1.7 - TOSHIBA Corporation)
    ToshibaRegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.0.3 - Toshiba)
    Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
    USB Scale PC Program Version 1.10 (HKLM-x32\...\USB Scale PC Program_is1) (Version: 1.1.0 - Xiamen Elane Electronics Company Ltd.)
    Verizon Wireless MiFi-2200 Firmware Updates (HKLM-x32\...\{0E433CFD-B6FF-4D4E-A081-BB1A680D19A1}) (Version: 1.0.3 - Smith Micro Software, Inc.)
    VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.0 - VideoLAN)
    Vuze (HKLM-x32\...\8461-7759-5462-8226) (Version: 5.6.0.0 - Azureus Software, Inc.)
    VZAccess Manager (HKLM-x32\...\{3A8FE746-19BA-4168-8D01-D45897C7310E}) (Version: 7.3.5.1 - Smith Micro Software Inc.)
    Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
    Windows Live Sign-in Assistant (HKLM-x32\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)
    Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
    Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
    WinRAR 5.20 beta 1 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.20.1 - win.rar GmbH)
    WinSCP 5.7.3 (HKLM-x32\...\winscp3_is1) (Version: 5.7.3 - Martin Prikryl)
    XAMPP (HKLM-x32\...\xampp) (Version: 5.5.19-0 - Bitnami)
    ==================== Custom CLSID (Whitelisted): ==========================
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
    CustomCLSID: HKU\S-1-5-21-3476291681-2796092440-1313146854-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Dan\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll No File
    CustomCLSID: HKU\S-1-5-21-3476291681-2796092440-1313146854-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Dan\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-3476291681-2796092440-1313146854-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Dan\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll (Google Inc.)
    ==================== Restore Points =========================
    07-07-2015 08:48:01 Windows Update
    13-07-2015 09:35:22 Windows Update
    15-07-2015 22:47:13 Windows Update
    16-07-2015 18:49:38 Removed DAoC Portal
    16-07-2015 19:15:03 Installed DAoC Portal
    17-07-2015 13:58:13 Restore Operation
    17-07-2015 14:50:01 Windows Update
    ==================== Scheduled Tasks (Whitelisted) =============
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
    Task: {188BE237-3573-48D5-8C72-0A5151642C19} - System32\Tasks\TechSmith Updater => C:\Program Files (x86)\Common Files\TechSmith Shared\Updater\TSCUpdClt.exe [2014-07-31] (TechSmith Corporation)
    Task: {7AAADE0B-7962-401A-93FD-DB9AF9C56C92} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-06-28] (Adobe Systems Incorporated)
    Task: {85711BC5-1A78-435B-9364-C04A4C8DB0D6} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3476291681-2796092440-1313146854-1000UA => C:\Users\Dan\AppData\Local\Google\Update\GoogleUpdate.exe [2015-05-14] (Google Inc.)
    Task: {98780D36-4994-4C36-B09E-8907A85C92AB} - System32\Tasks\Opera scheduled Autoupdate 1428159094 => C:\Program Files (x86)\Opera\launcher.exe [2015-06-19] (Opera Software)
    Task: {AD873B5F-6952-49C5-9316-B54E138B3731} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3476291681-2796092440-1313146854-1000Core => C:\Users\Dan\AppData\Local\Google\Update\GoogleUpdate.exe [2015-05-14] (Google Inc.)
    Task: {CFA8336C-029A-48A3-B1E6-2538EB941CE8} - System32\Tasks\{58C9B70C-2DDF-44F7-99E2-7129893F5876} => pcalua.exe -a "C:\Users\Dan\Desktop\IPAD unlock\doulCi™ iCloud Activator V2\DoulCi™ Activator Official For Windows  v2.0.14\iCloud Bypass Doulci Activator Setup.exe" -d "C:\Users\Dan\Desktop\IPAD unlock\doulCi™ iCloud Activator V2\DoulCi™ Activator Official For Windows  v2.0.14"
    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
    Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3476291681-2796092440-1313146854-1000Core.job => C:\Users\Dan\AppData\Local\Google\Update\GoogleUpdate.exe
    Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3476291681-2796092440-1313146854-1000UA.job => C:\Users\Dan\AppData\Local\Google\Update\GoogleUpdate.exe
    ==================== Loaded Modules (Whitelisted) ==============
    2014-10-11 14:06 - 2014-10-11 14:06 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
    2014-10-11 14:05 - 2014-10-11 14:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
    2013-04-12 13:23 - 2013-04-12 13:23 - 00612664 _____ () C:\Program Files (x86)\Panda Security\Panda Security Protection\SQLite3.dll
    2014-10-10 21:16 - 2009-10-02 16:18 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
    ==================== Alternate Data Streams (Whitelisted) =========
    (If an entry is included in the fixlist, only the ADS will be removed.)

    ==================== Safe Mode (Whitelisted) ===================
    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NanoServiceMain => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSUAService => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NanoServiceMain => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PSUAService => ""="Service"
    ==================== EXE Association (Whitelisted) ===============
    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)

    ==================== Internet Explorer trusted/restricted ===============
    (If an entry is included in the fixlist, it will be removed from the registry.)

    ==================== Other Areas ============================
    (Currently there is no automatic fix for this section.)
    HKU\S-1-5-21-3476291681-2796092440-1313146854-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Dan\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
    DNS Servers: 192.168.1.1
    ==================== MSCONFIG/TASK MANAGER disabled items ==
    (Currently there is no automatic fix for this section.)
    MSCONFIG\Services: camfrog_update_service => 2
    MSCONFIG\Services: cfWiMAXService => 2
    MSCONFIG\Services: ConfigFree Service => 2
    MSCONFIG\Services: fbdpinger => 2
    MSCONFIG\Services: iRacingService => 2
    MSCONFIG\Services: SkypeUpdate => 2
    MSCONFIG\Services: taisregispinger => 2
    MSCONFIG\Services: TeamViewer => 2
    MSCONFIG\Services: Thpsrv => 2
    MSCONFIG\Services: TMachInfo => 3
    MSCONFIG\Services: TODDSrv => 2
    MSCONFIG\Services: TOSHIBA eco Utility Service => 2
    MSCONFIG\Services: TOSHIBA HDD SSD Alert Service => 3
    MSCONFIG\startupfolder: C:^Users^Dan^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^PalTalk.lnk => C:\windows\pss\PalTalk.lnk.Startup
    MSCONFIG\startupfolder: C:^Users^Dan^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^PdaNet Desktop.lnk => C:\windows\pss\PdaNet Desktop.lnk.Startup
    MSCONFIG\startupreg: 00TCrdMain => %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
    MSCONFIG\startupreg: Application Experience => C:\Users\Dan\AppData\Roaming\Microsoft\AeLookupSvi.exe
    MSCONFIG\startupreg: HSON => %ProgramFiles%\TOSHIBA\TBS\HSON.exe
    MSCONFIG\startupreg: IAStorIcon => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    MSCONFIG\startupreg: MurGee.com Auto Clicker => C:\Users\Dan\AppData\Local\Auto Clicker\AutoClicker.exe :silent
    MSCONFIG\startupreg: NortonOnlineBackupReminder => "C:\Program Files (x86)\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe" UNATTENDED
    MSCONFIG\startupreg: SandboxieControl => "C:\Program Files\Sandboxie\SbieCtrl.exe"
    MSCONFIG\startupreg: SmartFaceVWatcher => %ProgramFiles%\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
    MSCONFIG\startupreg: SmoothView => %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
    MSCONFIG\startupreg: Start WingMan Profiler => C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui
    MSCONFIG\startupreg: SynTPEnh => %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
    MSCONFIG\startupreg: Teco => "%ProgramFiles%\TOSHIBA\TECO\Teco.exe" /r
    MSCONFIG\startupreg: ThpSrv => C:\windows\system32\thpsrv /logon
    MSCONFIG\startupreg: ToshibaServiceStation => "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
    MSCONFIG\startupreg: TosReelTimeMonitor => %ProgramFiles%\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
    MSCONFIG\startupreg: TPwrMain => %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
    MSCONFIG\startupreg: TUSBSleepChargeSrv => %ProgramFiles(x86)%\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe
    MSCONFIG\startupreg: TWebCamera => "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
    ==================== FirewallRules (Whitelisted) ===============
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
    FirewallRules: [TCP Query User{7E097C68-0FD9-4FC9-B2D5-E641DCDCE35C}C:\program files (x86)\camfrog\camfrog video chat\camfrog video chat.exe] => (Allow) C:\program files (x86)\camfrog\camfrog video chat\camfrog video chat.exe
    FirewallRules: [UDP Query User{0409F56D-68FE-42CB-91FD-82D11AE229DA}C:\program files (x86)\camfrog\camfrog video chat\camfrog video chat.exe] => (Allow) C:\program files (x86)\camfrog\camfrog video chat\camfrog video chat.exe
    FirewallRules: [TCP Query User{F4FF90B7-6A72-4127-9F4F-0CE161DDFD19}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
    FirewallRules: [UDP Query User{0D95B1A8-7002-42D9-83DA-1B6F6EB71430}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
    FirewallRules: [TCP Query User{4E932DD0-9FA0-48B2-A612-9092051DD111}C:\program files (x86)\dogecoin\dogecoin-qt.exe] => (Allow) C:\program files (x86)\dogecoin\dogecoin-qt.exe
    FirewallRules: [UDP Query User{8F4419C7-837D-4ABF-90FC-1B5D7868E1E3}C:\program files (x86)\dogecoin\dogecoin-qt.exe] => (Allow) C:\program files (x86)\dogecoin\dogecoin-qt.exe
    FirewallRules: [TCP Query User{0155E8D8-568B-4322-9241-4CA641320B31}C:\program files\bitcoin\bitcoin-qt.exe] => (Allow) C:\program files\bitcoin\bitcoin-qt.exe
    FirewallRules: [UDP Query User{8BBCE6E3-05EE-47A7-9A9B-1DEC058AA7D0}C:\program files\bitcoin\bitcoin-qt.exe] => (Allow) C:\program files\bitcoin\bitcoin-qt.exe
    FirewallRules: [TCP Query User{E23A0796-1231-4C28-A288-488866DBCBCE}F:\bitcoins\dogecoin\dogecoin-qt.exe] => (Allow) F:\bitcoins\dogecoin\dogecoin-qt.exe
    FirewallRules: [UDP Query User{3DBB2C7A-2ED0-4476-845E-5514523B50F2}F:\bitcoins\dogecoin\dogecoin-qt.exe] => (Allow) F:\bitcoins\dogecoin\dogecoin-qt.exe
    FirewallRules: [TCP Query User{B716E153-A905-4BEB-8777-B6C0E6D96401}F:\e-currencys\quarkcoin\quarkcoin-qt.exe] => (Allow) F:\e-currencys\quarkcoin\quarkcoin-qt.exe
    FirewallRules: [UDP Query User{6DCBDF40-F763-4364-ACEC-E0160D48CD35}F:\e-currencys\quarkcoin\quarkcoin-qt.exe] => (Allow) F:\e-currencys\quarkcoin\quarkcoin-qt.exe
    FirewallRules: [TCP Query User{ABE029C0-7BD3-425B-A886-7E8CBCD7B6E8}C:\program files (x86)\paycoin\paycoin.exe] => (Allow) C:\program files (x86)\paycoin\paycoin.exe
    FirewallRules: [UDP Query User{A1F832CD-6118-4F7B-8AC7-FCA1FF6A827E}C:\program files (x86)\paycoin\paycoin.exe] => (Allow) C:\program files (x86)\paycoin\paycoin.exe
    FirewallRules: [TCP Query User{6190AC66-CF36-4434-895E-FA80A4A1B5A1}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
    FirewallRules: [UDP Query User{E12CE1E4-6018-4D64-8551-2A38C7B71BA5}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
    FirewallRules: [TCP Query User{D67F8877-930A-49AA-8E96-0F5923F3565A}C:\program files (x86)\paycoin\paycoin.exe] => (Allow) C:\program files (x86)\paycoin\paycoin.exe
    FirewallRules: [UDP Query User{371F154F-D1CD-40A8-AE47-5D200F9B295E}C:\program files (x86)\paycoin\paycoin.exe] => (Allow) C:\program files (x86)\paycoin\paycoin.exe
    FirewallRules: [TCP Query User{B9139CB5-7D9B-4368-897C-266FA08CD8FB}C:\users\dan\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe] => (Block) C:\users\dan\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe
    FirewallRules: [UDP Query User{AC6162A9-F647-4250-8775-0C3E4C2AFCD6}C:\users\dan\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe] => (Block) C:\users\dan\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe
    FirewallRules: [TCP Query User{943405E3-0C3F-4EFE-860A-4FDCACD04AD9}C:\program files\bitcoin\bitcoin-qt.exe] => (Allow) C:\program files\bitcoin\bitcoin-qt.exe
    FirewallRules: [UDP Query User{7119C0A7-9483-434B-8F14-8F28FC0D39AC}C:\program files\bitcoin\bitcoin-qt.exe] => (Allow) C:\program files\bitcoin\bitcoin-qt.exe
    FirewallRules: [TCP Query User{A0B70BDB-77C0-4382-B4EA-9C96DBC3BE3E}C:\program files (x86)\camfrog\camfrog video chat\camfrog video chat.exe] => (Block) C:\program files (x86)\camfrog\camfrog video chat\camfrog video chat.exe
    FirewallRules: [UDP Query User{1C4365BE-3505-449D-9F7D-9EAFB4B20AE4}C:\program files (x86)\camfrog\camfrog video chat\camfrog video chat.exe] => (Block) C:\program files (x86)\camfrog\camfrog video chat\camfrog video chat.exe
    FirewallRules: [{7C1154A3-AA4A-4C90-AB3F-E3060D7DB9C5}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
    FirewallRules: [{E5ACC65C-B4CA-4FD8-8A90-62E93113658D}] => (Allow) C:\Program Files (x86)\DTLSoft\DriveTheLife\DriveTheLife.exe
    FirewallRules: [{E2622863-3207-4880-964D-7BD7D33F9FE5}] => (Allow) C:\Program Files (x86)\DTLSoft\DriveTheLife\DTLService.exe
    FirewallRules: [{4EB637AF-7AAD-4A1E-B0C5-73C2ABE7B4E6}] => (Allow) C:\Program Files (x86)\DTLSoft\DriveTheLife\download\MiniThunderPlatform.exe
    FirewallRules: [TCP Query User{4216ACCD-CBA0-4E17-9533-C2F0EFD04F7C}C:\program files (x86)\dogecoin\dogecoin-qt.exe] => (Allow) C:\program files (x86)\dogecoin\dogecoin-qt.exe
    FirewallRules: [UDP Query User{024AE92D-D783-4744-A956-3B228F4562C3}C:\program files (x86)\dogecoin\dogecoin-qt.exe] => (Allow) C:\program files (x86)\dogecoin\dogecoin-qt.exe
    FirewallRules: [{CFEA6052-80A5-42C1-859A-2D2B5BE3708E}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{0B8D8B44-BD54-4BCC-82C0-54409558B759}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{BE2CC715-F6E1-496A-903E-8C50EAECEA54}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{AB08FFC9-1DA7-4F94-AE32-C5CC76BDBD0A}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{FC1F660B-688D-4924-8566-BB2974A509AA}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{849B581F-4293-4BE1-B02B-1E9BF319955E}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{4285960A-CBE1-4DB3-9095-191E85F1F1AB}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{5069F59E-CB6F-43B8-93A0-F07702870259}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{CB68F697-494E-4251-8CEB-E36E7A05A6EB}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
    FirewallRules: [{8DB29B7B-BEBA-4E79-82D9-138EB1870934}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{2B0A9CD2-BBE3-43C4-BE2F-74EF522E90CD}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{6C330BB5-0C96-4FF5-951C-8CB6F3CDFDCE}] => (Allow) C:\Program Files (x86)\Naver\LINE\Line.exe
    FirewallRules: [{9C3DCE6D-90B4-49FF-BB29-96DDBB6642D7}] => (Allow) C:\Program Files (x86)\Naver\LINE\Line.exe
    FirewallRules: [{15D59E53-E5FA-4F04-9135-8837328F22DE}] => (Allow) C:\Program Files (x86)\Fiddler2\Fiddler.exe
    FirewallRules: [{4CD02CE6-0A50-4C38-9ACC-599887ED1E81}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
    FirewallRules: [{5F5B3C9F-5F51-4B57-9920-CF62F2FF0CEE}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
    FirewallRules: [{62AB357C-ACCC-463D-BF92-76AF4032D4DD}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
    FirewallRules: [{2E048F7B-BADC-401D-B42C-4EBCDCDC4F9B}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
    FirewallRules: [{9BBA9312-6158-48FE-BD0F-83621CFAF46A}] => (Allow) C:\Program Files (x86)\Vuze\Azureus.exe
    FirewallRules: [{4933C144-A0E9-400E-9525-0626BBE4E321}] => (Allow) C:\Program Files (x86)\Vuze\Azureus.exe
    FirewallRules: [TCP Query User{F2ADD05A-8589-4644-9AD1-4FA275E7411D}C:\xampp\apache\bin\httpd.exe] => (Allow) C:\xampp\apache\bin\httpd.exe
    FirewallRules: [UDP Query User{8BE6C761-757C-418E-A153-4BC1103CC44A}C:\xampp\apache\bin\httpd.exe] => (Allow) C:\xampp\apache\bin\httpd.exe
    FirewallRules: [TCP Query User{3227BCC3-4339-43C9-933F-021828564E6B}C:\program files (x86)\huntercoin\huntercoin-qt.exe] => (Allow) C:\program files (x86)\huntercoin\huntercoin-qt.exe
    FirewallRules: [UDP Query User{365FAF24-A8AC-4099-85F2-A337E8D975A0}C:\program files (x86)\huntercoin\huntercoin-qt.exe] => (Allow) C:\program files (x86)\huntercoin\huntercoin-qt.exe
    FirewallRules: [TCP Query User{8B5066A1-BC8E-442A-B40D-2EDBA50B1C44}C:\program files (x86)\paltalk messenger\paltalk.exe] => (Allow) C:\program files (x86)\paltalk messenger\paltalk.exe
    FirewallRules: [UDP Query User{39DE6EC8-05F8-4097-B06F-75750CE53C96}C:\program files (x86)\paltalk messenger\paltalk.exe] => (Allow) C:\program files (x86)\paltalk messenger\paltalk.exe
    FirewallRules: [TCP Query User{FC927C80-A0E0-4F1F-A65F-C5D31AD1E580}C:\program files (x86)\manycam\manycam.exe] => (Allow) C:\program files (x86)\manycam\manycam.exe
    FirewallRules: [UDP Query User{F7CCECFE-A733-4A0F-A5FF-31B086EAB3D0}C:\program files (x86)\manycam\manycam.exe] => (Allow) C:\program files (x86)\manycam\manycam.exe
    FirewallRules: [{13C703F7-2A8D-44AB-AF67-2828CC22A5F5}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    FirewallRules: [{61301D62-466C-462C-AD4C-65B61B8F3C1E}] => (Allow) %ProgramFiles% (x86)\MultiTool V2\MultiTool.exe
    FirewallRules: [{6EBA80BF-6D84-4B5C-AA1C-B431D3C0428B}] => (Allow) %ProgramFiles% (x86)\MultiTool V2\MultiTool.exe
    FirewallRules: [TCP Query User{423D0705-D32A-4308-9D26-01FE0E0FCB1A}C:\program files (x86)\litecoin\litecoin-qt.exe] => (Allow) C:\program files (x86)\litecoin\litecoin-qt.exe
    FirewallRules: [UDP Query User{1F21AF50-F4CF-4351-A343-A370F60E53E2}C:\program files (x86)\litecoin\litecoin-qt.exe] => (Allow) C:\program files (x86)\litecoin\litecoin-qt.exe
    FirewallRules: [TCP Query User{B9D7F293-EAED-4519-BBBA-F4C51A693983}C:\program files (x86)\primecoin\primecoin-qt.exe] => (Allow) C:\program files (x86)\primecoin\primecoin-qt.exe
    FirewallRules: [UDP Query User{A1E56447-F348-4D92-B67C-6C7A7029C787}C:\program files (x86)\primecoin\primecoin-qt.exe] => (Allow) C:\program files (x86)\primecoin\primecoin-qt.exe
    FirewallRules: [TCP Query User{4BD39E76-691E-464D-8F94-5394CED0138E}C:\users\dan\appdata\roaming\quarkcoin\quarkcoin-qt.exe] => (Allow) C:\users\dan\appdata\roaming\quarkcoin\quarkcoin-qt.exe
    FirewallRules: [UDP Query User{CC14FE42-BF9E-40E2-B84B-257AE8266B87}C:\users\dan\appdata\roaming\quarkcoin\quarkcoin-qt.exe] => (Allow) C:\users\dan\appdata\roaming\quarkcoin\quarkcoin-qt.exe
    FirewallRules: [TCP Query User{4A14BFF1-CB80-42BA-A0E6-33823C906F7F}C:\program files (x86)\peerunity\peerunity.exe] => (Allow) C:\program files (x86)\peerunity\peerunity.exe
    FirewallRules: [UDP Query User{E757250F-A42C-4677-BDAD-249C01D1A130}C:\program files (x86)\peerunity\peerunity.exe] => (Allow) C:\program files (x86)\peerunity\peerunity.exe
    FirewallRules: [{B1CE1354-FF59-4A46-AA7F-4F593535F352}] => (Allow) C:\Program Files (x86)\Naver\LINE\Line.exe
    FirewallRules: [{3603665B-8EAE-41CA-9938-D1614B6804FD}] => (Allow) C:\Program Files (x86)\Naver\LINE\Line.exe
    ==================== Faulty Device Manager Devices =============
    Name: Microsoft Virtual WiFi Miniport Adapter
    Description: Microsoft Virtual WiFi Miniport Adapter
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Microsoft
    Service: vwifimp
    Problem: : This device is disabled. (Code 22)
    Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

    ==================== Event log errors: =========================
    Application errors:
    ==================
    Error: (07/17/2015 02:33:11 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: betternet.exe, version: 0.0.0.0, time stamp: 0x01285dc0
    Faulting module name: Qt5Core.dll, version: 5.3.2.0, time stamp: 0x777a675f
    Exception code: 0xc0000005
    Fault offset: 0x0011ebe0
    Faulting process id: 0xde4
    Faulting application start time: 0xbetternet.exe0
    Faulting application path: betternet.exe1
    Faulting module path: betternet.exe2
    Report Id: betternet.exe3
    Error: (07/16/2015 07:16:52 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: c0xTral_v2.0_help.exe, version: 1.0.0.0, time stamp: 0x54e916c1
    Faulting module name: KERNELBASE.dll, version: 6.1.7601.18847, time stamp: 0x554d7bd0
    Exception code: 0xe0434352
    Fault offset: 0x0000c42d
    Faulting process id: 0x1190
    Faulting application start time: 0xc0xTral_v2.0_help.exe0
    Faulting application path: c0xTral_v2.0_help.exe1
    Faulting module path: c0xTral_v2.0_help.exe2
    Report Id: c0xTral_v2.0_help.exe3
    Error: (07/16/2015 07:16:47 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
    Description: Application: c0xTral_v2.0_help.exe
    Framework Version: v4.0.30319
    Description: The process was terminated due to an unhandled exception.
    Exception Info: System.Net.WebException
    Stack:
       at System.Windows.Forms.Control.MarshaledInvoke(System.Windows.Forms.Control, System.Delegate, System.Object[], Boolean)
       at System.Windows.Forms.Control.Invoke(System.Delegate, System.Object[])
       at System.Windows.Forms.Control.Invoke(System.Delegate)
       at c0xTral_v2_0_help.Form1.getInfo(System.Object, System.EventArgs)
       at MobileDevice.iPhone.OnConnect(MobileDevice.ConnectEventArgs)
       at MobileDevice.iPhone.NotifyCallback(MobileDevice.AMDeviceNotificationCallbackInfo ByRef)
    Error: (07/16/2015 05:36:28 PM) (Source: RasClient) (EventID: 20227) (User: )
    Description: CoId={C84675B1-42C6-4034-AD52-2C0470D4430B}: The user Dan-PC\Dan dialed a connection named PdaNet Modem which has failed. The error code returned on failure is 633.
    Error: (07/16/2015 03:41:16 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: betternet.exe, version: 0.0.0.0, time stamp: 0x01285dc0
    Faulting module name: Qt5Core.dll, version: 5.3.2.0, time stamp: 0x777a675f
    Exception code: 0xc0000005
    Fault offset: 0x00179a60
    Faulting process id: 0x1364
    Faulting application start time: 0xbetternet.exe0
    Faulting application path: betternet.exe1
    Faulting module path: betternet.exe2
    Report Id: betternet.exe3
    Error: (07/16/2015 01:25:08 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: Updater.exe, version: 1.0.0.0, time stamp: 0x557f7d83
    Faulting module name: KERNELBASE.dll, version: 6.1.7601.18847, time stamp: 0x554d7bd0
    Exception code: 0xe0434352
    Fault offset: 0x0000c42d
    Faulting process id: 0x22c4
    Faulting application start time: 0xUpdater.exe0
    Faulting application path: Updater.exe1
    Faulting module path: Updater.exe2
    Report Id: Updater.exe3
    Error: (07/16/2015 01:25:02 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
    Description: Application: Updater.exe
    Framework Version: v4.0.30319
    Description: The process was terminated due to an unhandled exception.
    Exception Info: System.OutOfMemoryException
    Stack:
       at System.Text.StringBuilder..ctor(System.String, Int32, Int32, Int32)
       at System.Diagnostics.StackTrace.ToString(TraceFormat)
       at System.Environment.GetStackTrace(System.Exception, Boolean)
       at System.Exception.GetStackTrace(Boolean)
       at System.Exception.ToString(Boolean, Boolean)
       at System.Exception.ToString()
       at ‏‎‌‌‪‫‎‪‎‍‫‬‫‬‭‎‮‮.‪‫‍‌‍‮‌‭‎‫‫‌‍‌‪‮()
       at System.Threading.ThreadHelper.ThreadStart_Context(System.Object)
       at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
       at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
       at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
       at System.Threading.ThreadHelper.ThreadStart()
    Error: (07/16/2015 06:07:36 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: PSANHost.exe, version: 4.0.0.784, time stamp: 0x54ef9e20
    Faulting module name: PSINEnAg.dll, version: 4.0.0.847, time stamp: 0x54efa3e2
    Exception code: 0xc0000005
    Fault offset: 0x0001740e
    Faulting process id: 0x8f4
    Faulting application start time: 0xPSANHost.exe0
    Faulting application path: PSANHost.exe1
    Faulting module path: PSANHost.exe2
    Report Id: PSANHost.exe3
    Error: (07/15/2015 09:39:29 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 15662
    Error: (07/15/2015 09:39:29 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 15662

    System errors:
    =============
    Error: (07/17/2015 02:40:53 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
    Description: There was an error while attempting to read the local hosts file.
    Error: (07/17/2015 02:36:33 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
    Description: There was an error while attempting to read the local hosts file.
    Error: (07/17/2015 02:36:30 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
    Description: There was an error while attempting to read the local hosts file.
    Error: (07/17/2015 02:36:27 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
    Description: There was an error while attempting to read the local hosts file.
    Error: (07/17/2015 02:36:27 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
    Description: There was an error while attempting to read the local hosts file.
    Error: (07/17/2015 02:34:07 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
    Description: There was an error while attempting to read the local hosts file.
    Error: (07/17/2015 02:34:04 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
    Description: There was an error while attempting to read the local hosts file.
    Error: (07/17/2015 02:34:02 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
    Description: There was an error while attempting to read the local hosts file.
    Error: (07/17/2015 02:18:51 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
    Description: There was an error while attempting to read the local hosts file.
    Error: (07/17/2015 02:14:43 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The Google Update Service (gupdate) service failed to start due to the following error:
    %%2

    Microsoft Office:
    =========================
    CodeIntegrity Errors:
    ===================================
      Date: 2015-03-30 14:23:09.899
      Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
      Date: 2015-03-30 14:23:09.852
      Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    ==================== Memory info ===========================
    Processor: Intel(R) Core(TM) i5 CPU M 430 @ 2.27GHz
    Percentage of memory in use: 64%
    Total physical RAM: 3958.84 MB
    Available physical RAM: 1396.41 MB
    Total Virtual: 7915.88 MB
    Available Virtual: 4383.14 MB
    ==================== Drives ================================
    Drive c: (TI105322W0F) (Fixed) (Total:453.89 GB) (Free:90.37 GB) NTFS ==>[system with boot components (obtained from reading drive)]
    Drive d: (Now.You.See.Me.2) (CDROM) (Total:0.68 GB) (Free:0 GB) CDFS
    Drive f: (PENDRIVE) (Fixed) (Total:596.17 GB) (Free:550.62 GB) NTFS
    ==================== MBR & Partition Table ==================
    ========================================================
    Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: B9FF68F3)
    Partition 1: (Active) - (Size=1.5 GB) - (Type=27)
    Partition 2: (Not Active) - (Size=453.9 GB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=10.4 GB) - (Type=17)
    ========================================================
    Disk: 1 (MBR Code: Windows XP) (Size: 596.2 GB) (Disk ID: 0002F694)
    Partition 1: (Not Active) - (Size=596.2 GB) - (Type=07 NTFS)
    ==================== End of log ============================
    • 13 replies
    • 137 views
  8. ProblemsRBad added a post in a topic [RESOLVED] My win7 laptop has malware (and removed) items   

    Thanks Broni! That worked! All seems good now with my machine. :)
    • 0
  9. ProblemsRBad added a post in a topic [RESOLVED] My win7 laptop has malware (and removed) items   

    I am unable to install Adobie Flasplayer. How do I change this?


    • 0
  10. ProblemsRBad added a post in a topic [RESOLVED] My win7 laptop has malware (and removed) items   

    Sophos finished scanning fully this time around and found nothing. I cant find any log for it or the other scans logs from Sophos.
    • 0
  11. ProblemsRBad added a post in a topic [RESOLVED] My win7 laptop has malware (and removed) items   

    Happy Fathers Day Broni!! Ok I have the last logs but sophos would keep finding 1 malware and failed to clean it and ask me to rerun sophos again, I did this 3 times is a row and still loops not cleaning the malware. I will give it one more go I will let you know what happens.

    Results of screen317's Security Check version 1.004
    Windows 7 Service Pack 1 x64 (UAC is disabled!)
    Internet Explorer 11
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Firewall Enabled!
    Windows Firewall Disabled!
    Panda Antivirus Pro 2015
    WMI entry may not exist for antivirus; attempting automatic update.
    `````````Anti-malware/Other Utilities Check:`````````
    Java 8 Update 45
    Adobe Flash Player 17.0.0.188 Flash Player out of Date!
    Mozilla Firefox (38.0.5)
    Google Chrome (43.0.2357.124)
    Google Chrome (43.0.2357.81)
    ````````Process Check: objlist.exe by Laurent````````
    Malwarebytes Anti-Malware mbamservice.exe
    Malwarebytes Anti-Malware mbam.exe
    Malwarebytes Anti-Exploit mbae-svc.exe
    Malwarebytes Anti-Malware mbamscheduler.exe
    Malwarebytes Anti-Exploit mbae64.exe
    Malwarebytes Anti-Exploit mbae.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C: 5%
    ````````````````````End of Log``````````````````````




    Farbar Service Scanner Version: 17-01-2015
    Ran by Dan (administrator) on 20-06-2015 at 22:23:17
    Running from "C:\Users\Dan\Desktop"
    Microsoft Windows 7 Home Premium Service Pack 1 (X64)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Google.com is accessible.
    Yahoo.com is accessible.


    Windows Firewall:
    =============

    Firewall Disabled Policy:
    ==================


    System Restore:
    ============

    System Restore Policy:
    ========================


    Action Center:
    ============


    Windows Update:
    ============

    Windows Autoupdate Disabled Policy:
    ============================


    Windows Defender:
    ==============

    Other Services:
    ==============


    File Check:
    ========
    C:\Windows\System32\nsisvc.dll => File is digitally signed
    C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
    C:\Windows\System32\dhcpcore.dll => File is digitally signed
    C:\Windows\System32\drivers\afd.sys => File is digitally signed
    C:\Windows\System32\drivers\tdx.sys => File is digitally signed
    C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
    C:\Windows\System32\dnsrslvr.dll => File is digitally signed
    C:\Windows\System32\mpssvc.dll => File is digitally signed
    C:\Windows\System32\bfe.dll => File is digitally signed
    C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
    C:\Windows\System32\SDRSVC.dll => File is digitally signed
    C:\Windows\System32\vssvc.exe => File is digitally signed
    C:\Windows\System32\wscsvc.dll => File is digitally signed
    C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
    C:\Windows\System32\wuaueng.dll => File is digitally signed
    C:\Windows\System32\qmgr.dll => File is digitally signed
    C:\Windows\System32\es.dll => File is digitally signed
    C:\Windows\System32\cryptsvc.dll => File is digitally signed
    C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
    C:\Windows\System32\ipnathlp.dll => File is digitally signed
    C:\Windows\System32\iphlpsvc.dll => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed


    **** End of log ****
    • 0
  12. ProblemsRBad added a post in a topic [RESOLVED] My win7 laptop has malware (and removed) items   

    Fix result of Farbar Recovery Scan Tool (x64) Version:13-06-2015
    Ran by Dan at 2015-06-20 18:27:51 Run:1
    Running from C:\Users\Dan\Desktop
    Loaded Profiles: Dan (Available Profiles: Dan & DefaultAppPool)
    Boot Mode: Normal
    ==============================================

    fixlist content:
    *****************
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKU\S-1-5-21-3476291681-2796092440-1313146854-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    2015-06-01 01:10 - 2015-06-02 18:58 - 0000600 _____ () C:\Users\Dan\AppData\Roaming\winscp.rnd
    2015-05-31 20:03 - 2015-06-02 21:22 - 0000600 _____ () C:\Users\Dan\AppData\Local\PUTTY.RND
    CustomCLSID: HKU\S-1-5-21-3476291681-2796092440-1313146854-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Dan\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll No File

    *****************

    "HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
    "HKU\S-1-5-21-3476291681-2796092440-1313146854-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
    C:\Users\Dan\AppData\Roaming\winscp.rnd => moved successfully.
    C:\Users\Dan\AppData\Local\PUTTY.RND => moved successfully.
    "HKU\S-1-5-21-3476291681-2796092440-1313146854-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}" => key removed successfully

    ==== End of Fixlog 18:27:51 ====
    • 0
  13. ProblemsRBad added a post in a topic [RESOLVED] My win7 laptop has malware (and removed) items   

    Ok, here you go:

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:13-06-2015
    Ran by Dan (administrator) on DAN-PC on 20-06-2015 15:45:20
    Running from C:\Users\Dan\Desktop
    Loaded Profiles: Dan (Available Profiles: Dan & DefaultAppPool)
    Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
    Internet Explorer Version 11 (Default browser: FF)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    (tzuk) C:\Program Files\Sandboxie\SbieSvc.exe
    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (Camshare Inc.) C:\Program Files (x86)\Camfrog\Camfrog Video Chat\update\cf_update_service.exe
    (Foxit Software Inc.) C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.exe
    (Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe
    (Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe
    (Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe
    (DEVGURU Co., LTD.) C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe
    (TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
    (Google Inc.) C:\Program Files (x86)\Google\Google Sitemap Generator\SitemapService.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    (Siber Systems) C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
    (Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe
    (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    (Logitech Inc.) C:\Program Files (x86)\Logitech\Video\LogiTray.exe
    (Logitech Inc.) C:\Program Files (x86)\Logitech\Video\FxSvr2.exe
    (Microsoft Corporation) C:\Windows\System32\alg.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe


    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8312352 2009-11-02] (Realtek Semiconductor)
    HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\windows\system32\NvCpl.dll,NvStartup
    HKLM-x32\...\Run: [PSUAMain] => C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe [40184 2015-02-26] (Panda Security, S.L.)
    HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe [2618680 2015-04-08] (Malwarebytes Corporation)
    HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-04-30] (Oracle Corporation)
    HKLM-x32\...\Run: [LogitechVideoRepair] => C:\Program Files (x86)\Logitech\Video\ISStart.exe [458752 2005-06-08] (Logitech Inc.)
    HKLM-x32\...\Run: [LogitechVideoTray] => C:\Program Files (x86)\Logitech\Video\LogiTray.exe [217088 2005-06-08] (Logitech Inc.)
    HKU\S-1-5-21-3476291681-2796092440-1313146854-1000\...\Run: [RoboForm] => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [110160 2015-04-09] (Siber Systems)
    HKU\S-1-5-21-3476291681-2796092440-1313146854-1000\...\Run: [sandboxieControl] => C:\Program Files\Sandboxie\SbieCtrl.exe [576232 2010-07-04] (tzuk)
    HKU\S-1-5-21-3476291681-2796092440-1313146854-1000\...\Run: [LogitechSoftwareUpdate] => C:\Program Files (x86)\Logitech\Video\ManifestEngine.exe [196608 2005-06-08] (Logitech Inc.)
    ShellIconOverlayIdentifiers: [smartFTP Drop] -> {EA5A76F7-8138-4B53-B0F5-ADCC730CAFBD} => C:\Program Files\SmartFTP Client\ShellTools.dll [2014-11-20] (SmartSoft Ltd.)

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKU\S-1-5-21-3476291681-2796092440-1313146854-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
    HKU\S-1-5-21-3476291681-2796092440-1313146854-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKU\S-1-5-21-3476291681-2796092440-1313146854-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.msn.com/?ocid=oa-skype
    SearchScopes: HKLM -> {88B1022D-34D8-49BE-8A5B-535422D035A1} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA
    SearchScopes: HKLM-x32 -> {B1D1EC45-E08F-4184-8807-C75BE7B98131} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-3476291681-2796092440-1313146854-1000 -> {1B67FD76-466C-4AB1-96F2-EDEEACB2E436} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA
    BHO: iMacros Browser Helper Object -> {34D5A80A-992D-4F07-9509-66E9E133BAAF} -> C:\Program Files\Ipswitch\iMacros\iMacrosBHO.dll [2015-03-26] ()
    BHO: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2015-04-09] (Siber Systems Inc.)
    BHO-x32: iMacros Browser Helper Object -> {34D5A80A-992D-4F07-9509-66E9E133BAAF} -> C:\Program Files (x86)\Ipswitch\iMacros\iMacrosBHO.dll [2015-03-26] ()
    BHO-x32: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll [2015-04-09] (Siber Systems Inc.)
    BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-05-24] (Oracle Corporation)
    BHO-x32: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22] (Microsoft Corporation)
    BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-05-24] (Oracle Corporation)
    Toolbar: HKLM - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2015-04-09] (Siber Systems Inc.)
    Toolbar: HKLM-x32 - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll [2015-04-09] (Siber Systems Inc.)
    Toolbar: HKU\S-1-5-21-3476291681-2796092440-1313146854-1000 -> &RoboForm Toolbar - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2015-04-09] (Siber Systems Inc.)
    Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)
    Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)
    Hosts: 127.0.0.1 albert.apple.com
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

    FireFox:
    ========
    FF ProfilePath: C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\bj93ez97.default-1427226481790
    FF Homepage: google.com
    FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_17_0_0_188.dll [2015-06-10] ()
    FF Plugin: @microsoft.com/GENUINE -> disabled No File
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_188.dll [2015-06-10] ()
    FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] ()
    FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
    FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
    FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
    FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
    FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-05-24] (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-05-24] (Oracle Corporation)
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2009-07-10] (Microsoft Corporation)
    FF Plugin-x32: @siber.com/RoboForm -> C:\Program Files (x86)\Siber Systems\AI RoboForm\chrome\plugin\np-rf-plugin.dll [2015-04-09] (Siber Systems Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
    FF Plugin-x32: @videolan.org/vlc,version=2.2.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-02-27] (VideoLAN)
    FF Plugin HKU\S-1-5-21-3476291681-2796092440-1313146854-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\Dan\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
    FF Plugin HKU\S-1-5-21-3476291681-2796092440-1313146854-1000: @talk.google.com/O1DPlugin -> C:\Users\Dan\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-04-17] (Google)
    FF Plugin HKU\S-1-5-21-3476291681-2796092440-1313146854-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Dan\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
    FF Plugin HKU\S-1-5-21-3476291681-2796092440-1313146854-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Dan\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Users\Dan\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
    FF Plugin ProgramFiles/Appdata: C:\Users\Dan\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-04-17] (Google)
    FF Extension: iMacros for Firefox - C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\bj93ez97.default-1427226481790\Extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670} [2015-05-29]
    FF HKLM-x32\...\Firefox\Extensions: [fiddlerhook@fiddler2.com] - C:\Program Files (x86)\Fiddler2\FiddlerHook
    FF Extension: FiddlerHook - C:\Program Files (x86)\Fiddler2\FiddlerHook [2015-04-06]
    FF HKLM-x32\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox
    FF Extension: RoboForm Toolbar for Firefox - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox [2015-04-09]
    FF HKU\S-1-5-21-3476291681-2796092440-1313146854-1000\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox

    Chrome:
    =======
    CHR Profile: C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Google Slides) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-06-04]
    CHR Extension: (Google Docs) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-06-04]
    CHR Extension: (Google Drive) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-06-04]
    CHR Extension: (YouTube) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-06-04]
    CHR Extension: (Google Search) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-06-04]
    CHR Extension: (Google Sheets) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-06-04]
    CHR Extension: (Chrome Remote Desktop) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2015-06-04]
    CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-06-04]
    CHR Extension: (Chrome RDP for Google Cloud Platform) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpbbnannobiobpnfblimoapbephgifkm [2015-06-04]
    CHR Extension: (Google Wallet) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-06-04]
    CHR Extension: (Gmail) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-06-04]

    Opera:
    =======
    OPR Extension: (2048 AI - bitcoin) - C:\Users\Dan\AppData\Roaming\Opera Software\Opera Stable\Extensions\chfnopmklmpinabemlmldefhbhgkglmc [2015-04-04]
    OPR Extension: (RoboForm) - C:\Program Files (x86)\Siber Systems\AI RoboForm\Opera [2015-04-09]

    ==================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    S3 AdobeFlashPlayerUpdateSvc; C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [268464 2015-06-10] (Adobe Systems Incorporated) [File not signed]
    R2 camfrog_update_service; C:\Program Files (x86)\Camfrog\Camfrog Video Chat\update\cf_update_service.exe [1032680 2014-10-03] (Camshare Inc.)
    S4 fbdpinger; c:\Program Files (x86)\TOSHIBA\ToshibaFB\fdbpinger.exe [322416 2009-09-15] (Toshiba America Information Systems)
    R2 FoxitCloudUpdateService; C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [244392 2015-04-10] (Foxit Software Inc.)
    R2 GoogleSitemapGenerator; C:\Program Files (x86)\Google\Google Sitemap Generator\SitemapService.exe [704512 2009-12-31] (Google Inc.) [File not signed]
    S4 iRacingService; C:\Program Files (x86)\iRacing\iRacingService.exe [804640 2015-03-13] (iRacing.com Motorsport Simulations, LLC
    Bedford, MA 01730)
    R2 LMS; C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe [262144 2009-09-30] (Intel Corporation) [File not signed]
    R2 MbaeSvc; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [656184 2015-04-08] (Malwarebytes Corporation)
    S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation)
    S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
    R2 NanoServiceMain; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe [142584 2015-02-26] (Panda Security, S.L.)
    S3 OpenVPNService; C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe [33080 2014-12-01] (The OpenVPN Project)
    R2 PandaAgent; C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe [66808 2014-10-09] (Panda Security, S.L.)
    R2 PSUAService; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe [38136 2015-02-26] (Panda Security, S.L.)
    R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [99048 2010-07-04] (tzuk)
    R2 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2014-10-13] (DEVGURU Co., LTD.)
    S4 taisregispinger; C:\Program Files (x86)\TOSHIBA\ToshibaRegistration\TaisRegistPinger.exe [297344 2009-08-13] ()
    S4 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5448464 2015-03-30] (TeamViewer GmbH)
    R2 UNS; C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2314240 2009-09-30] (Intel Corporation) [File not signed]
    R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [453120 2010-11-20] (Microsoft Corporation)
    R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
    R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-11-15] (Disc Soft Ltd)
    R1 ESProtectionDriver; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [63064 2015-04-08] ()
    S3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
    S3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)
    R1 NNSALPC; C:\Windows\System32\DRIVERS\NNSAlpc.sys [93968 2015-02-09] (Panda Security, S.L.)
    R1 NNSHTTP; C:\Windows\System32\DRIVERS\NNSHttp.sys [202000 2015-02-09] (Panda Security, S.L.)
    R1 NNSHTTPS; C:\Windows\System32\DRIVERS\NNSHttps.sys [110864 2015-02-09] (Panda Security, S.L.)
    R1 NNSIDS; C:\Windows\System32\DRIVERS\NNSIds.sys [116496 2015-02-09] (Panda Security, S.L.)
    R1 NNSNAHSL; C:\Windows\System32\DRIVERS\NNSNAHSL.sys [48400 2014-12-31] (Panda Security, S.L.)
    R1 NNSPICC; C:\Windows\System32\DRIVERS\NNSPicc.sys [99600 2015-02-09] (Panda Security, S.L.)
    R1 NNSPIHSW; C:\Windows\System32\DRIVERS\NNSPihsw.sys [69904 2015-02-09] (Panda Security, S.L.)
    R1 NNSPOP3; C:\Windows\System32\DRIVERS\NNSPop3.sys [124176 2015-02-09] (Panda Security, S.L.)
    R1 NNSPROT; C:\Windows\System32\DRIVERS\NNSProt.sys [299792 2015-02-09] (Panda Security, S.L.)
    R1 NNSPRV; C:\Windows\System32\DRIVERS\NNSPrv.sys [166160 2015-02-09] (Panda Security, S.L.)
    R1 NNSSMTP; C:\Windows\System32\DRIVERS\NNSSmtp.sys [113424 2015-02-09] (Panda Security, S.L.)
    R1 NNSSTRM; C:\Windows\System32\DRIVERS\NNSStrm.sys [257296 2015-02-09] (Panda Security, S.L.)
    R1 NNSTLSC; C:\Windows\System32\DRIVERS\NNSTlsc.sys [106256 2015-02-09] (Panda Security, S.L.)
    R2 PSINAflt; C:\Windows\System32\DRIVERS\PSINAflt.sys [163088 2015-02-25] (Panda Security, S.L.)
    R2 PSINFile; C:\Windows\System32\DRIVERS\PSINFile.sys [121616 2015-02-25] (Panda Security, S.L.)
    R1 PSINKNC; C:\Windows\System32\DRIVERS\psinknc.sys [197392 2015-02-25] (Panda Security, S.L.)
    R2 PSINProc; C:\Windows\System32\DRIVERS\PSINProc.sys [124176 2015-02-25] (Panda Security, S.L.)
    R2 PSINProt; C:\Windows\System32\DRIVERS\PSINProt.sys [133904 2015-02-25] (Panda Security, S.L.)
    R2 PSINReg; C:\Windows\System32\DRIVERS\PSINReg.sys [107792 2015-02-25] (Panda Security, S.L.)
    R3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [61712 2015-01-29] (Panda Security, S.L.)
    R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [139880 2010-07-04] (tzuk)
    U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-06-20] ()

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2015-06-20 14:45 - 2015-06-20 14:45 - 00024942 _____ C:\Users\Dan\Desktop\combo.txt
    2015-06-20 14:40 - 2015-06-20 14:40 - 00024942 _____ C:\ComboFix.txt
    2015-06-20 14:13 - 2015-06-20 14:41 - 00000000 ____D C:\Qoobox
    2015-06-20 14:13 - 2011-06-26 02:45 - 00256000 _____ C:\windows\PEV.exe
    2015-06-20 14:13 - 2010-11-07 13:20 - 00208896 _____ C:\windows\MBR.exe
    2015-06-20 14:13 - 2009-04-20 00:56 - 00060416 _____ (NirSoft) C:\windows\NIRCMD.exe
    2015-06-20 14:13 - 2000-08-30 20:00 - 00518144 _____ (SteelWerX) C:\windows\SWREG.exe
    2015-06-20 14:13 - 2000-08-30 20:00 - 00406528 _____ (SteelWerX) C:\windows\SWSC.exe
    2015-06-20 14:13 - 2000-08-30 20:00 - 00098816 _____ C:\windows\sed.exe
    2015-06-20 14:13 - 2000-08-30 20:00 - 00080412 _____ C:\windows\grep.exe
    2015-06-20 14:13 - 2000-08-30 20:00 - 00068096 _____ C:\windows\zip.exe
    2015-06-20 14:10 - 2015-06-20 14:10 - 05628633 ____R (Swearware) C:\Users\Dan\Desktop\ComboFix.exe
    2015-06-20 12:56 - 2015-06-20 12:56 - 00002047 _____ C:\Users\Dan\Desktop\AdwCleaner[s0].txt
    2015-06-20 12:47 - 2015-06-20 12:53 - 00000000 ____D C:\AdwCleaner
    2015-06-20 12:43 - 2015-06-20 12:43 - 00001139 _____ C:\Users\Dan\Desktop\JRT.txt
    2015-06-20 12:38 - 2015-06-20 12:38 - 00000000 ____D C:\RegBackup
    2015-06-20 12:37 - 2015-06-20 12:37 - 00001915 _____ C:\Users\Dan\Desktop\RKreport_SCN_06202015_123127.log
    2015-06-20 12:20 - 2015-06-20 12:20 - 02231296 _____ C:\Users\Dan\Desktop\adwcleaner_4.206.exe
    2015-06-20 12:19 - 2015-06-20 12:19 - 17659640 _____ C:\Users\Dan\Desktop\RogueKiller.exe
    2015-06-20 12:19 - 2015-06-20 12:19 - 02950750 _____ (Thisisu) C:\Users\Dan\Desktop\JRT.exe
    2015-06-20 11:45 - 2015-06-20 11:46 - 00050662 _____ C:\Users\Dan\Desktop\Addition.txt
    2015-06-20 11:43 - 2015-06-20 15:45 - 00021455 _____ C:\Users\Dan\Desktop\FRST.txt
    2015-06-20 11:43 - 2015-06-20 15:45 - 00000000 ____D C:\FRST
    2015-06-20 11:39 - 2015-06-20 11:39 - 00000000 ____D C:\Users\Dan\Desktop\text docs
    2015-06-20 11:38 - 2015-06-20 11:38 - 02109952 _____ (Farbar) C:\Users\Dan\Desktop\FRST64.exe
    2015-06-18 23:34 - 2015-06-18 23:43 - 87824756 _____ C:\Users\Dan\Downloads\packer_0.7.5_windows_amd64.zip
    2015-06-18 19:06 - 2015-06-18 19:06 - 00001043 _____ C:\Users\Dan\Desktop\MultiTool V2.lnk
    2015-06-18 18:49 - 2015-06-18 18:49 - 00000069 _____ C:\Users\Dan\Desktop\52.25.60.178.rdp
    2015-06-18 18:47 - 2015-06-18 19:06 - 00000000 ____D C:\Program Files (x86)\MultiTool V2
    2015-06-18 18:29 - 2015-06-18 18:29 - 00000000 ____D C:\Users\Dan\Downloads\MultiTool V2.0.0.0
    2015-06-18 17:39 - 2015-06-18 17:39 - 00001696 _____ C:\Users\Dan\Downloads\CFVM.pem
    2015-06-18 17:28 - 2015-06-18 17:33 - 43584726 _____ C:\Users\Dan\Downloads\MultiTool V2.0.0.0.rar
    2015-06-16 19:06 - 2015-06-16 19:06 - 00004233 _____ C:\Users\Dan\Downloads\sitemap.html
    2015-06-16 18:52 - 2015-06-16 18:52 - 00000053 _____ C:\Users\Dan\Downloads\googlec2e02c15b4ea250b.html
    2015-06-16 18:23 - 2015-06-16 18:24 - 00000000 ____D C:\Users\Dan\Documents\backupsite
    2015-06-16 18:21 - 2015-06-16 18:21 - 00187849 _____ C:\Users\Dan\Downloads\faucetinabox-r50.zip
    2015-06-16 18:21 - 2015-06-16 18:21 - 00000000 ____D C:\Users\Dan\Downloads\faucetinabox-r50
    2015-06-16 16:02 - 2015-06-16 16:02 - 00002158 _____ C:\Users\Dan\Desktop\Camfrog Video Chat.lnk
    2015-06-16 16:02 - 2015-06-16 16:02 - 00000000 ____D C:\Users\Dan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Camfrog Video Chat
    2015-06-16 16:01 - 2015-06-16 16:02 - 11489848 _____ (Camshare, Inc.) C:\Users\Dan\Downloads\camfrog(1).exe
    2015-06-14 19:34 - 2015-06-14 19:34 - 24951944 _____ (Open Media LLC ) C:\Users\Dan\Downloads\4kvideodownloader_3.5(1).exe
    2015-06-14 12:43 - 2015-06-14 12:43 - 00000000 ____D C:\Users\Dan\Desktop\c0xtral_v2.0c_help
    2015-06-14 12:42 - 2015-06-14 12:42 - 00017155 _____ C:\Users\Dan\Desktop\c0xtral_v2.0c_help.zip
    2015-06-12 08:02 - 2015-01-29 13:21 - 00061712 _____ (Panda Security, S.L.) C:\windows\system32\Drivers\PSKMAD.sys
    2015-06-11 16:26 - 2015-06-11 16:26 - 00000055 _____ C:\Users\Dan\Downloads\vmserver.rdp
    2015-06-11 16:25 - 2015-06-11 16:25 - 00000056 _____ C:\Users\Dan\Downloads\testbot.rdp
    2015-06-11 15:40 - 2015-06-11 15:47 - 00000000 ____D C:\69d56092833f256daafa
    2015-06-11 15:40 - 2015-06-11 15:40 - 00889416 _____ (Microsoft Corporation) C:\Users\Dan\Downloads\dotNetFx40_Full_setup.exe
    2015-06-11 15:25 - 2015-06-11 15:27 - 06552288 _____ (Microsoft Corporation) C:\Users\Dan\Downloads\vcredist_x86.exe
    2015-06-11 03:01 - 2015-06-11 03:01 - 00000000 ____D C:\Program Files (x86)\Microsoft CAPICOM 2.1.0.2
    2015-06-10 09:17 - 2015-06-10 09:17 - 00000000 ____D C:\Users\Dan\AppData\Local\Logitech-LS
    2015-06-10 09:13 - 2015-06-10 09:13 - 00001978 _____ C:\Users\Public\Desktop\Logitech QuickCam.lnk
    2015-06-10 09:13 - 2015-06-10 09:13 - 00001873 _____ C:\Users\Public\Desktop\My Logitech Pictures.lnk
    2015-06-10 09:13 - 2015-06-10 09:13 - 00000728 _____ C:\windows\SysWOW64\Installer.log
    2015-06-10 09:13 - 2003-05-02 14:14 - 00466944 _____ (Microsoft Corporation) C:\windows\SysWOW64\capicom.dll
    2015-06-10 09:12 - 2005-06-08 15:13 - 00282624 _____ (Logitech Inc.) C:\windows\SysWOW64\camcpl.cpl
    2015-06-10 09:12 - 2005-06-08 15:12 - 00462848 _____ (Logitech Inc.) C:\windows\SysWOW64\LCamCpl.dll
    2015-06-10 09:12 - 2005-06-08 14:45 - 00086016 _____ (Logitech Inc.) C:\windows\SysWOW64\vatee.ax
    2015-06-10 09:12 - 2005-06-08 14:41 - 00466944 _____ (Logitech Inc.) C:\windows\SysWOW64\QCUI2.dll
    2015-06-10 09:12 - 2005-06-08 14:38 - 00090112 _____ (Logitech Inc.) C:\windows\SysWOW64\LQCUI2.dll
    2015-06-10 09:12 - 2005-06-08 14:31 - 00856064 _____ (LEAD Technologies, Inc.) C:\windows\SysWOW64\Ltwvc12n.dll
    2015-06-10 09:12 - 2005-06-08 14:31 - 00628736 _____ (LEAD Technologies, Inc.) C:\windows\SysWOW64\ltocx12n.ocx
    2015-06-10 09:12 - 2005-06-08 14:31 - 00406016 _____ (LEAD Technologies, Inc.) C:\windows\SysWOW64\ltkrn12n.dll
    2015-06-10 09:12 - 2005-06-08 14:31 - 00328704 _____ (LEAD Technologies, Inc.) C:\windows\SysWOW64\LFCMP12n.DLL
    2015-06-10 09:12 - 2005-06-08 14:31 - 00259072 _____ (LEAD Technologies, Inc.) C:\windows\SysWOW64\LTDIS12n.dll
    2015-06-10 09:12 - 2005-06-08 14:31 - 00215552 _____ (LEAD Technologies, Inc.) C:\windows\SysWOW64\Lvkrn12n.dll
    2015-06-10 09:12 - 2005-06-08 14:31 - 00207872 _____ (LEAD Technologies, Inc.) C:\windows\SysWOW64\ltefx12n.dll
    2015-06-10 09:12 - 2005-06-08 14:31 - 00192512 _____ (LEAD Technologies, Inc.) C:\windows\SysWOW64\ltscr12n.ocx
    2015-06-10 09:12 - 2005-06-08 14:31 - 00164864 _____ (LEAD Technologies, Inc.) C:\windows\SysWOW64\ltimg12n.dll
    2015-06-10 09:12 - 2005-06-08 14:31 - 00141312 _____ (LEAD Technologies, Inc.) C:\windows\SysWOW64\lftif12n.dll
    2015-06-10 09:12 - 2005-06-08 14:31 - 00131072 _____ (LEAD Technologies, Inc.) C:\windows\SysWOW64\ltfil12n.DLL
    2015-06-10 09:12 - 2005-06-08 14:31 - 00078336 _____ (LEAD Technologies, Inc.) C:\windows\SysWOW64\lffax12n.dll
    2015-06-10 09:12 - 2005-06-08 14:31 - 00030720 _____ (LEAD Technologies, Inc.) C:\windows\SysWOW64\lfbmp12n.dll
    2015-06-10 09:12 - 2003-06-09 20:39 - 00029795 _____ (Ingenient Technologies, Inc.) C:\windows\SysWOW64\ITIG726.acm
    2015-06-10 09:12 - 2003-03-18 22:20 - 01060864 _____ (Microsoft Corporation) C:\windows\SysWOW64\MFC71.dll
    2015-06-10 09:12 - 2003-03-18 22:12 - 01047552 _____ (Microsoft Corporation) C:\windows\SysWOW64\MFC71u.dll
    2015-06-10 09:12 - 2003-03-18 21:44 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\MFC71DEU.DLL
    2015-06-10 09:12 - 2003-03-18 21:44 - 00061440 _____ (Microsoft Corporation) C:\windows\SysWOW64\MFC71ITA.DLL
    2015-06-10 09:12 - 2003-03-18 21:44 - 00061440 _____ (Microsoft Corporation) C:\windows\SysWOW64\MFC71ESP.DLL
    2015-06-10 09:12 - 2003-03-18 21:44 - 00057344 _____ (Microsoft Corporation) C:\windows\SysWOW64\MFC71ENU.DLL
    2015-06-10 09:12 - 2003-03-18 21:44 - 00049152 _____ (Microsoft Corporation) C:\windows\SysWOW64\MFC71KOR.DLL
    2015-06-10 09:12 - 2003-03-18 21:44 - 00049152 _____ (Microsoft Corporation) C:\windows\SysWOW64\MFC71JPN.DLL
    2015-06-10 09:12 - 2003-03-18 21:44 - 00045056 _____ (Microsoft Corporation) C:\windows\SysWOW64\MFC71CHT.DLL
    2015-06-10 09:12 - 2003-03-18 21:44 - 00040960 _____ (Microsoft Corporation) C:\windows\SysWOW64\MFC71CHS.DLL
    2015-06-10 09:12 - 2003-03-18 21:14 - 00499712 _____ (Microsoft Corporation) C:\windows\SysWOW64\msvcp71.dll
    2015-06-10 09:12 - 2003-03-18 20:05 - 00089088 _____ (Microsoft Corporation) C:\windows\SysWOW64\atl71.dll
    2015-06-10 09:12 - 2003-02-21 05:42 - 00348160 _____ (Microsoft Corporation) C:\windows\SysWOW64\msvcr71.dll
    2015-06-10 09:08 - 2015-06-10 09:12 - 00000000 ____D C:\Program Files (x86)\Logitech
    2015-06-10 09:08 - 2015-06-10 09:08 - 33823016 _____ (Logitech Inc. ) C:\Users\Dan\Downloads\qc848enu.exe
    2015-06-10 09:01 - 2015-06-10 09:03 - 00005540 _____ C:\windows\system32\lvcoinst.log
    2015-06-10 09:01 - 2015-06-10 09:01 - 00000000 ____D C:\Program Files\Common Files\logishrd
    2015-06-10 02:08 - 2015-06-01 15:16 - 00389840 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
    2015-06-10 02:08 - 2015-06-01 14:07 - 00342736 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
    2015-06-10 02:08 - 2015-05-27 10:35 - 24917504 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
    2015-06-10 02:08 - 2015-05-27 10:08 - 19607040 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
    2015-06-10 02:08 - 2015-05-25 13:08 - 03206144 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
    2015-06-10 02:08 - 2015-05-22 23:28 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
    2015-06-10 02:08 - 2015-05-22 23:15 - 00503808 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
    2015-06-10 02:08 - 2015-05-22 23:15 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
    2015-06-10 02:08 - 2015-05-22 23:15 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
    2015-06-10 02:08 - 2015-05-22 23:14 - 00341504 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec
    2015-06-10 02:08 - 2015-05-22 23:13 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
    2015-06-10 02:08 - 2015-05-22 23:10 - 02278912 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
    2015-06-10 02:08 - 2015-05-22 23:09 - 00047104 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
    2015-06-10 02:08 - 2015-05-22 23:08 - 00030720 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
    2015-06-10 02:08 - 2015-05-22 23:06 - 00478208 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
    2015-06-10 02:08 - 2015-05-22 23:05 - 00664064 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
    2015-06-10 02:08 - 2015-05-22 23:05 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
    2015-06-10 02:08 - 2015-05-22 23:04 - 00620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
    2015-06-10 02:08 - 2015-05-22 22:57 - 00418304 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
    2015-06-10 02:08 - 2015-05-22 22:52 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
    2015-06-10 02:08 - 2015-05-22 22:49 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
    2015-06-10 02:08 - 2015-05-22 22:48 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
    2015-06-10 02:08 - 2015-05-22 22:47 - 04305920 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
    2015-06-10 02:08 - 2015-05-22 22:47 - 00285696 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
    2015-06-10 02:08 - 2015-05-22 22:38 - 00689152 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
    2015-06-10 02:08 - 2015-05-22 22:37 - 02052608 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
    2015-06-10 02:08 - 2015-05-22 22:37 - 01155072 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
    2015-06-10 02:08 - 2015-05-22 22:28 - 12829696 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
    2015-06-10 02:08 - 2015-05-22 22:20 - 01950720 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
    2015-06-10 02:08 - 2015-05-22 22:16 - 01309696 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
    2015-06-10 02:08 - 2015-05-22 22:14 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
    2015-06-10 02:08 - 2015-05-22 15:16 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
    2015-06-10 02:08 - 2015-05-22 15:16 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
    2015-06-10 02:08 - 2015-05-22 15:01 - 00066560 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
    2015-06-10 02:08 - 2015-05-22 15:00 - 02885632 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
    2015-06-10 02:08 - 2015-05-22 15:00 - 00584192 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
    2015-06-10 02:08 - 2015-05-22 15:00 - 00417792 _____ (Microsoft Corporation) C:\windows\system32\html.iec
    2015-06-10 02:08 - 2015-05-22 15:00 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
    2015-06-10 02:08 - 2015-05-22 14:59 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
    2015-06-10 02:08 - 2015-05-22 14:53 - 00054784 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
    2015-06-10 02:08 - 2015-05-22 14:52 - 06026240 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
    2015-06-10 02:08 - 2015-05-22 14:52 - 00034304 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
    2015-06-10 02:08 - 2015-05-22 14:48 - 00633856 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
    2015-06-10 02:08 - 2015-05-22 14:47 - 00816640 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
    2015-06-10 02:08 - 2015-05-22 14:47 - 00814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
    2015-06-10 02:08 - 2015-05-22 14:47 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
    2015-06-10 02:08 - 2015-05-22 14:47 - 00114688 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
    2015-06-10 02:08 - 2015-05-22 14:40 - 00968704 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
    2015-06-10 02:08 - 2015-05-22 14:36 - 00490496 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
    2015-06-10 02:08 - 2015-05-22 14:29 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
    2015-06-10 02:08 - 2015-05-22 14:25 - 00199680 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
    2015-06-10 02:08 - 2015-05-22 14:24 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
    2015-06-10 02:08 - 2015-05-22 14:21 - 00316928 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
    2015-06-10 02:08 - 2015-05-22 14:07 - 00720384 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
    2015-06-10 02:08 - 2015-05-22 14:06 - 00801280 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
    2015-06-10 02:08 - 2015-05-22 14:05 - 02125824 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
    2015-06-10 02:08 - 2015-05-22 14:05 - 01359360 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
    2015-06-10 02:08 - 2015-05-22 13:57 - 14404096 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
    2015-06-10 02:08 - 2015-05-22 13:50 - 02426880 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
    2015-06-10 02:08 - 2015-05-22 13:38 - 01545728 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
    2015-06-10 02:08 - 2015-05-22 13:26 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
    2015-06-10 02:08 - 2015-05-08 23:27 - 00362496 _____ (Microsoft Corporation) C:\windows\system32\wow64win.dll
    2015-06-10 02:08 - 2015-05-08 23:27 - 00243712 _____ (Microsoft Corporation) C:\windows\system32\wow64.dll
    2015-06-10 02:08 - 2015-05-08 23:27 - 00215040 _____ (Microsoft Corporation) C:\windows\system32\winsrv.dll
    2015-06-10 02:08 - 2015-05-08 23:27 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\wow64cpu.dll
    2015-06-10 02:08 - 2015-05-08 23:26 - 01162752 _____ (Microsoft Corporation) C:\windows\system32\kernel32.dll
    2015-06-10 02:08 - 2015-05-08 23:26 - 00424960 _____ (Microsoft Corporation) C:\windows\system32\KernelBase.dll
    2015-06-10 02:08 - 2015-05-08 23:26 - 00016384 _____ (Microsoft Corporation) C:\windows\system32\ntvdm64.dll
    2015-06-10 02:08 - 2015-05-08 23:25 - 00338432 _____ (Microsoft Corporation) C:\windows\system32\conhost.exe
    2015-06-10 02:08 - 2015-05-08 23:20 - 00006144 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-security-base-l1-1-0.dll
    2015-06-10 02:08 - 2015-05-08 23:20 - 00005120 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-file-l1-1-0.dll
    2015-06-10 02:08 - 2015-05-08 23:20 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
    2015-06-10 02:08 - 2015-05-08 23:20 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
    2015-06-10 02:08 - 2015-05-08 23:20 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
    2015-06-10 02:08 - 2015-05-08 23:20 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
    2015-06-10 02:08 - 2015-05-08 23:20 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
    2015-06-10 02:08 - 2015-05-08 23:20 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
    2015-06-10 02:08 - 2015-05-08 23:20 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
    2015-06-10 02:08 - 2015-05-08 23:20 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
    2015-06-10 02:08 - 2015-05-08 23:20 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
    2015-06-10 02:08 - 2015-05-08 23:20 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
    2015-06-10 02:08 - 2015-05-08 23:20 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
    2015-06-10 02:08 - 2015-05-08 23:20 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
    2015-06-10 02:08 - 2015-05-08 23:20 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
    2015-06-10 02:08 - 2015-05-08 23:20 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
    2015-06-10 02:08 - 2015-05-08 23:20 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-util-l1-1-0.dll
    2015-06-10 02:08 - 2015-05-08 23:20 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-string-l1-1-0.dll
    2015-06-10 02:08 - 2015-05-08 23:20 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
    2015-06-10 02:08 - 2015-05-08 23:20 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-io-l1-1-0.dll
    2015-06-10 02:08 - 2015-05-08 23:20 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
    2015-06-10 02:08 - 2015-05-08 23:20 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
    2015-06-10 02:08 - 2015-05-08 23:20 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
    2015-06-10 02:08 - 2015-05-08 23:20 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
    2015-06-10 02:08 - 2015-05-08 23:20 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
    2015-06-10 02:08 - 2015-05-08 23:20 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
    2015-06-10 02:08 - 2015-05-08 23:20 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
    2015-06-10 02:08 - 2015-05-08 23:20 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-console-l1-1-0.dll
    2015-06-10 02:08 - 2015-05-08 23:13 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\setup16.exe
    2015-06-10 02:08 - 2015-05-08 23:13 - 00014336 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntvdm64.dll
    2015-06-10 02:08 - 2015-05-08 23:12 - 01114112 _____ (Microsoft Corporation) C:\windows\SysWOW64\kernel32.dll
    2015-06-10 02:08 - 2015-05-08 23:12 - 00274944 _____ (Microsoft Corporation) C:\windows\SysWOW64\KernelBase.dll
    2015-06-10 02:08 - 2015-05-08 23:12 - 00005120 _____ (Microsoft Corporation) C:\windows\SysWOW64\wow32.dll
    2015-06-10 02:08 - 2015-05-08 23:08 - 00005120 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
    2015-06-10 02:08 - 2015-05-08 23:08 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
    2015-06-10 02:08 - 2015-05-08 23:08 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
    2015-06-10 02:08 - 2015-05-08 23:08 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
    2015-06-10 02:08 - 2015-05-08 23:08 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
    2015-06-10 02:08 - 2015-05-08 23:08 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
    2015-06-10 02:08 - 2015-05-08 23:08 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
    2015-06-10 02:08 - 2015-05-08 23:08 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
    2015-06-10 02:08 - 2015-05-08 23:08 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
    2015-06-10 02:08 - 2015-05-08 23:08 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
    2015-06-10 02:08 - 2015-05-08 23:08 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
    2015-06-10 02:08 - 2015-05-08 23:08 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
    2015-06-10 02:08 - 2015-05-08 23:08 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
    2015-06-10 02:08 - 2015-05-08 23:08 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
    2015-06-10 02:08 - 2015-05-08 23:08 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
    2015-06-10 02:08 - 2015-05-08 23:08 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
    2015-06-10 02:08 - 2015-05-08 23:08 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
    2015-06-10 02:08 - 2015-05-08 23:08 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
    2015-06-10 02:08 - 2015-05-08 23:08 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
    2015-06-10 02:08 - 2015-05-08 23:08 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
    2015-06-10 02:08 - 2015-05-08 23:08 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
    2015-06-10 02:08 - 2015-05-08 23:08 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
    2015-06-10 02:08 - 2015-05-08 23:08 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
    2015-06-10 02:08 - 2015-05-08 23:08 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
    2015-06-10 02:08 - 2015-05-08 22:01 - 00007680 _____ (Microsoft Corporation) C:\windows\SysWOW64\instnm.exe
    2015-06-10 02:08 - 2015-05-08 22:01 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\user.exe
    2015-06-10 02:08 - 2015-05-08 21:59 - 00006144 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
    2015-06-10 02:08 - 2015-05-08 21:59 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
    2015-06-10 02:08 - 2015-05-08 21:59 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
    2015-06-10 02:08 - 2015-05-08 21:59 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
    2015-06-10 02:08 - 2015-04-29 14:22 - 14635008 _____ (Microsoft Corporation) C:\windows\system32\wmp.dll
    2015-06-10 02:08 - 2015-04-29 14:21 - 00009728 _____ (Microsoft Corporation) C:\windows\system32\spwmp.dll
    2015-06-10 02:08 - 2015-04-29 14:21 - 00005120 _____ (Microsoft Corporation) C:\windows\system32\msdxm.ocx
    2015-06-10 02:08 - 2015-04-29 14:21 - 00005120 _____ (Microsoft Corporation) C:\windows\system32\dxmasf.dll
    2015-06-10 02:08 - 2015-04-29 14:19 - 12625920 _____ (Microsoft Corporation) C:\windows\system32\wmploc.DLL
    2015-06-10 02:08 - 2015-04-29 14:07 - 11411456 _____ (Microsoft Corporation) C:\windows\SysWOW64\wmp.dll
    2015-06-10 02:08 - 2015-04-29 14:07 - 00008192 _____ (Microsoft Corporation) C:\windows\SysWOW64\spwmp.dll
    2015-06-10 02:08 - 2015-04-29 14:07 - 00004096 _____ (Microsoft Corporation) C:\windows\SysWOW64\msdxm.ocx
    2015-06-10 02:08 - 2015-04-29 14:07 - 00004096 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxmasf.dll
    2015-06-10 02:08 - 2015-04-29 14:05 - 12625408 _____ (Microsoft Corporation) C:\windows\SysWOW64\wmploc.DLL
    2015-06-10 02:08 - 2015-04-24 14:17 - 00633856 _____ (Microsoft Corporation) C:\windows\system32\comctl32.dll
    2015-06-10 02:08 - 2015-04-24 13:56 - 00530432 _____ (Microsoft Corporation) C:\windows\SysWOW64\comctl32.dll
    2015-06-08 15:46 - 2015-06-20 11:25 - 00000000 ____D C:\Users\Dan\AppData\Local\ManyCam
    2015-06-08 15:43 - 2015-06-08 15:43 - 00000992 _____ C:\Users\Public\Desktop\ManyCam.lnk
    2015-06-08 15:43 - 2015-06-08 15:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ManyCam
    2015-06-08 15:41 - 2015-06-08 16:11 - 00000000 ____D C:\Program Files (x86)\ManyCam
    2015-06-08 15:41 - 2015-06-08 15:46 - 00000000 ____D C:\ProgramData\ManyCam
    2015-06-08 14:58 - 2015-06-08 14:55 - 00000907 _____ C:\Users\Dan\Desktop\Sandboxed Web Browser.lnk
    2015-06-08 14:55 - 2015-06-08 14:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sandboxie
    2015-06-08 14:08 - 2015-06-08 14:55 - 00000000 ____D C:\Program Files\Sandboxie
    2015-06-07 14:50 - 2015-06-07 15:57 - 00000000 ____D C:\Users\Dan\Desktop\Thai iCloud Bypass 6-7-2015
    2015-06-06 08:04 - 2015-06-06 08:05 - 01124544 _____ (Adobe Systems Incorporated) C:\Users\Dan\Downloads\flashplayer17_ha_install.exe
    2015-06-05 00:03 - 2015-06-05 00:04 - 00000000 ____D C:\Users\Dan\Downloads\Program
    2015-06-05 00:03 - 2015-06-05 00:03 - 00585138 _____ C:\Users\Dan\Downloads\Program.zip
    2015-06-04 18:17 - 2015-06-04 18:17 - 00000055 _____ C:\Users\Dan\Downloads\server420 (1).rdp
    2015-06-04 18:11 - 2015-06-04 18:11 - 00002274 _____ C:\Users\Dan\Desktop\Chrome App Launcher.lnk
    2015-06-04 18:11 - 2015-06-04 18:11 - 00000000 ____D C:\Users\Dan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
    2015-06-04 18:10 - 2015-06-04 18:10 - 00000000 ____D C:\Users\Dan\AppData\Local\RealVNC
    2015-06-04 18:09 - 2015-06-04 18:09 - 02558272 _____ (RealVNC Ltd) C:\Users\Dan\Downloads\VNC-Viewer-5.2.3-Windows-32bit.exe
    2015-06-04 18:09 - 2015-06-04 18:09 - 00000055 _____ C:\Users\Dan\Downloads\server420.rdp
    2015-06-04 17:59 - 2015-06-10 00:05 - 00002154 _____ C:\Users\Public\Desktop\Google Chrome.lnk
    2015-06-04 17:59 - 2015-06-04 17:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
    2015-06-04 17:52 - 2015-06-20 14:57 - 00000892 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    2015-06-04 17:52 - 2015-06-20 12:54 - 00000888 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    2015-06-04 17:52 - 2015-06-04 17:52 - 00003888 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
    2015-06-04 17:52 - 2015-06-04 17:52 - 00003636 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
    2015-06-04 17:13 - 2015-06-04 17:13 - 00001367 _____ C:\Users\Dan\Desktop\Remote Desktop Connection.lnk
    2015-06-04 08:04 - 2015-06-04 08:05 - 12335280 _____ (Bitcoin Core project) C:\Users\Dan\Downloads\bitcoin-0.10.2-win64-setup.exe
    2015-06-03 17:41 - 2015-06-03 17:52 - 00000000 ____D C:\Users\Dan\Google
    2015-06-03 17:41 - 2015-06-03 17:41 - 00001914 _____ C:\Users\Dan\Desktop\Google App Engine Launcher.lnk
    2015-06-03 17:41 - 2015-06-03 17:41 - 00000000 ____D C:\Users\Dan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Cloud SDK
    2015-06-03 17:29 - 2015-06-03 17:48 - 00000000 ____D C:\Users\Dan\AppData\Roaming\gcloud
    2015-06-03 17:29 - 2015-06-03 17:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Python 2.7
    2015-06-03 17:28 - 2015-06-03 17:29 - 00000000 ____D C:\python27_x64
    2015-06-03 17:16 - 2015-06-03 17:16 - 00715064 _____ C:\Users\Dan\Downloads\GoogleCloudSDKInstaller.exe
    2015-06-03 15:54 - 2015-06-04 19:20 - 00002010 ____H C:\Users\Dan\Documents\Default.rdp
    2015-06-03 12:00 - 2015-06-03 12:00 - 00579032 _____ C:\windows\Minidump\060315-24928-01.dmp
    2015-06-02 10:07 - 2015-06-02 12:39 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
    2015-06-01 01:45 - 2015-06-01 04:07 - 00000000 ____D C:\Users\Dan\Downloads\room_name
    2015-06-01 01:44 - 2015-06-01 01:44 - 00000557 _____ C:\Users\Dan\Downloads\room_name.zip
    2015-06-01 01:10 - 2015-06-02 18:58 - 00000600 _____ C:\Users\Dan\AppData\Roaming\winscp.rnd
    2015-06-01 00:44 - 2015-06-01 00:44 - 00001016 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinSCP.lnk
    2015-06-01 00:44 - 2015-06-01 00:44 - 00000954 _____ C:\Users\Public\Desktop\WinSCP.lnk
    2015-06-01 00:44 - 2015-06-01 00:44 - 00000000 ____D C:\Program Files (x86)\WinSCP
    2015-06-01 00:42 - 2015-06-01 00:43 - 05731080 _____ (Martin Prikryl ) C:\Users\Dan\Downloads\winscp573setup.exe
    2015-05-31 20:03 - 2015-06-02 21:22 - 00000600 _____ C:\Users\Dan\AppData\Local\PUTTY.RND
    2015-05-31 19:59 - 2015-05-31 19:59 - 00524288 _____ (Simon Tatham) C:\Users\Dan\Desktop\putty.exe
    2015-05-30 17:49 - 2015-05-30 17:53 - 00001562 _____ C:\Users\Dan\Desktop\Start Hotspot.lnk
    2015-05-30 17:49 - 2015-05-30 17:53 - 00001356 _____ C:\Users\Dan\Desktop\Stop Hotspot.lnk
    2015-05-30 17:24 - 2015-06-20 12:56 - 00000433 _____ C:\windows\system32\Drivers\etc\hosts.ics
    2015-05-30 00:23 - 2015-05-30 00:23 - 00000186 _____ C:\Users\Dan\Downloads\GP-Password.txt
    2015-05-29 23:28 - 2015-05-30 00:46 - 00000088 _____ C:\Users\Dan\Documents\camfrog room server code..txt
    2015-05-29 23:17 - 2015-06-01 04:15 - 00000000 ____D C:\Users\Dan\AppData\Local\Camfrog Single Server
    2015-05-29 23:17 - 2015-05-29 23:17 - 00000000 ____D C:\ProgramData\Camfrog Server
    2015-05-29 23:16 - 2015-05-29 23:16 - 04230728 _____ (Camshare Inc.) C:\Users\Dan\Downloads\camfrog_server.exe
    2015-05-29 17:27 - 2015-01-25 15:37 - 00000333 _____ C:\Users\Dan\Downloads\config.php
    2015-05-29 17:24 - 2015-05-29 17:24 - 00000000 ____D C:\Users\Dan\Downloads\faucetinabox-r49
    2015-05-29 17:23 - 2015-05-29 17:23 - 00187415 _____ C:\Users\Dan\Downloads\faucetinabox-r49.zip
    2015-05-28 18:24 - 2015-05-28 18:24 - 00000000 ____D C:\Users\Dan\Downloads\botlane-1.0
    2015-05-28 17:22 - 2015-05-28 17:23 - 00039770 _____ C:\Users\Dan\Downloads\botlane-1.0.zip
    2015-05-26 23:56 - 2015-05-26 23:56 - 00001952 _____ C:\Users\Dan\Desktop\Paltalk Messenger.lnk
    2015-05-26 23:56 - 2015-05-26 23:56 - 00001222 _____ C:\Users\Dan\Desktop\Upgrade to Paltalk Extreme.lnk
    2015-05-26 23:56 - 2015-05-26 23:56 - 00000000 ____D C:\Users\Dan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Paltalk Messenger
    2015-05-25 18:34 - 2015-05-25 18:34 - 00378186 _____ C:\Keys_724238793581555464.plist
    2015-05-24 20:37 - 2015-05-24 20:36 - 00097888 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll
    2015-05-24 20:36 - 2015-05-24 20:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
    2015-05-24 20:36 - 2015-05-24 20:36 - 00000000 ____D C:\Program Files (x86)\Java
    2015-05-24 20:31 - 2015-05-24 20:31 - 00561248 _____ (Oracle Corporation) C:\Users\Dan\Downloads\jxpiinstall(1).exe
    2015-05-24 19:07 - 2015-05-24 20:41 - 00000000 ____D C:\c
    2015-05-24 18:46 - 2015-05-24 18:46 - 00002102 _____ C:\Users\Dan\Desktop\RADiMacros.lnk
    2015-05-24 18:14 - 2015-05-24 18:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iMacros
    2015-05-24 18:14 - 2015-05-24 18:14 - 00000000 ____D C:\Program Files\Ipswitch
    2015-05-24 18:14 - 2015-05-24 18:14 - 00000000 ____D C:\Program Files (x86)\Ipswitch
    2015-05-24 18:08 - 2015-05-24 18:09 - 28860048 _____ (Ipswitch, Inc ) C:\Users\Dan\Downloads\iMacrosSetup_10.4.28.1074_x64.exe
    2015-05-22 14:26 - 2015-05-22 16:11 - 00000000 ____D C:\Users\Dan\Downloads\Thai icloud bypass
    2015-05-22 10:34 - 2015-05-22 10:34 - 00262144 ____N C:\windows\Minidump\052215-29484-01.dmp

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2015-06-20 15:35 - 2015-05-14 23:22 - 00000900 _____ C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3476291681-2796092440-1313146854-1000UA.job
    2015-06-20 15:33 - 2015-03-30 20:51 - 00000830 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
    2015-06-20 14:29 - 2009-07-13 22:34 - 00000215 _____ C:\windows\system.ini
    2015-06-20 13:22 - 2015-02-28 14:32 - 00000000 ____D C:\Program Files (x86)\betternet
    2015-06-20 13:04 - 2009-07-14 00:45 - 00015792 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2015-06-20 13:04 - 2009-07-14 00:45 - 00015792 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2015-06-20 12:59 - 2014-10-10 20:57 - 01802547 _____ C:\windows\WindowsUpdate.log
    2015-06-20 12:56 - 2014-12-01 09:09 - 00136408 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
    2015-06-20 12:54 - 2014-12-02 01:21 - 00062850 _____ C:\windows\setupact.log
    2015-06-20 12:54 - 2009-12-12 02:43 - 00285460 _____ C:\windows\PFRO.log
    2015-06-20 12:54 - 2009-07-14 01:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
    2015-06-20 12:34 - 2015-02-03 01:40 - 00000000 ____D C:\ProgramData\RogueKiller
    2015-06-20 12:25 - 2015-02-03 01:40 - 00035064 _____ C:\windows\system32\Drivers\TrueSight.sys
    2015-06-20 12:01 - 2009-07-13 23:20 - 00000000 ____D C:\windows\L2Schemas
    2015-06-20 11:21 - 2009-07-14 01:09 - 00000000 ____D C:\windows\System32\Tasks\WPD
    2015-06-20 11:18 - 2014-11-05 01:37 - 00000000 ____D C:\Users\Dan\AppData\Roaming\Skype
    2015-06-20 10:54 - 2014-11-13 12:14 - 00000000 ____D C:\Users\Dan\AppData\Local\CrashDumps
    2015-06-20 09:48 - 2009-07-14 00:57 - 00001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
    2015-06-19 23:25 - 2014-10-12 19:33 - 00000000 ____D C:\Users\Dan\AppData\Roaming\Bitcoin
    2015-06-19 23:24 - 2014-11-22 10:42 - 00000000 ____D C:\Users\Dan\AppData\Roaming\Dogecoin
    2015-06-19 22:37 - 2014-10-12 19:43 - 00000000 ____D C:\Users\Dan\AppData\Roaming\Azureus
    2015-06-19 18:44 - 2015-05-14 23:22 - 00000848 _____ C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3476291681-2796092440-1313146854-1000Core.job
    2015-06-19 18:27 - 2015-04-22 07:08 - 00000000 ____D C:\ProgramData\Malwarebytes Anti-Exploit
    2015-06-19 13:12 - 2014-10-14 23:11 - 00000000 ____D C:\Users\Dan\AppData\Roaming\Camfrog
    2015-06-19 10:49 - 2009-07-14 01:08 - 00032630 _____ C:\windows\Tasks\SCHEDLGU.TXT
    2015-06-19 00:59 - 2014-11-04 15:24 - 00003490 _____ C:\windows\Sandboxie.ini
    2015-06-17 20:26 - 2014-11-23 16:03 - 00000000 ____D C:\Users\Dan\AppData\Roaming\Primecoin
    2015-06-17 20:25 - 2014-11-23 16:01 - 00000000 ____D C:\Users\Dan\AppData\Roaming\Litecoin
    2015-06-17 20:09 - 2014-11-23 16:04 - 00000000 ____D C:\Users\Dan\AppData\Roaming\Quarkcoin
    2015-06-17 19:49 - 2015-02-09 15:24 - 00000000 ____D C:\Users\Dan\AppData\Roaming\Paycoin
    2015-06-17 18:27 - 2014-11-23 16:08 - 00000000 ____D C:\Users\Dan\AppData\Roaming\PPCoin
    2015-06-16 16:02 - 2014-10-14 23:11 - 00000000 ____D C:\Program Files (x86)\Camfrog
    2015-06-15 10:04 - 2014-11-12 15:59 - 00000000 __SHD C:\Users\Dan\AppData\Local\EmieBrowserModeList
    2015-06-15 10:04 - 2014-10-12 19:24 - 00000000 __SHD C:\Users\Dan\AppData\Local\EmieUserList
    2015-06-15 10:04 - 2014-10-12 19:24 - 00000000 __SHD C:\Users\Dan\AppData\Local\EmieSiteList
    2015-06-14 19:36 - 2015-05-09 18:20 - 00001235 _____ C:\Users\Dan\Desktop\4K Video Downloader.lnk
    2015-06-14 19:36 - 2015-05-09 18:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\4K Download
    2015-06-13 04:56 - 2015-02-24 21:13 - 00000000 ____D C:\Users\DefaultAppPool
    2015-06-12 08:16 - 2015-04-04 10:51 - 00000000 ____D C:\Program Files (x86)\Opera
    2015-06-11 15:39 - 2014-12-08 20:03 - 00000000 ____D C:\ProgramData\Package Cache
    2015-06-11 12:19 - 2015-05-02 10:10 - 00001373 _____ C:\Users\Dan\Desktop\MultiTool.lnk
    2015-06-10 13:52 - 2015-04-04 10:51 - 00003826 _____ C:\windows\System32\Tasks\Opera scheduled Autoupdate 1428159094
    2015-06-10 09:23 - 2009-07-14 01:13 - 00824886 _____ C:\windows\system32\PerfStringBackup.INI
    2015-06-10 09:13 - 2015-04-05 20:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
    2015-06-10 09:12 - 2009-12-12 02:22 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
    2015-06-10 04:22 - 2009-07-13 23:20 - 00000000 ____D C:\windows\rescache
    2015-06-10 03:29 - 2009-07-14 00:45 - 00407720 _____ C:\windows\system32\FNTCACHE.DAT
    2015-06-10 03:27 - 2009-07-13 23:20 - 00000000 ____D C:\windows\PolicyDefinitions
    2015-06-10 03:10 - 2014-10-10 21:01 - 00000000 ____D C:\ProgramData\Microsoft Help
    2015-06-10 03:09 - 2014-10-10 19:48 - 00000000 ____D C:\windows\system32\MRT
    2015-06-10 03:01 - 2014-10-10 19:48 - 140135120 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
    2015-06-10 01:34 - 2015-03-30 20:51 - 00003768 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
    2015-06-10 01:33 - 2015-03-30 20:51 - 00778416 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
    2015-06-10 01:33 - 2015-03-30 20:51 - 00142512 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
    2015-06-04 17:59 - 2015-02-24 21:13 - 00000000 ____D C:\Program Files (x86)\Google
    2015-06-04 17:59 - 2014-10-10 18:02 - 00000000 ____D C:\Users\Dan\AppData\Local\Google
    2015-06-04 17:56 - 2014-11-05 01:36 - 00000000 ____D C:\ProgramData\Skype
    2015-06-03 17:41 - 2014-10-10 17:53 - 00000000 ____D C:\Users\Dan
    2015-06-03 17:25 - 2009-12-12 02:27 - 00000000 ____D C:\Program Files\Google
    2015-06-03 12:00 - 2014-10-18 01:52 - 00000000 ____D C:\windows\Minidump
    2015-06-03 11:59 - 2014-12-03 15:54 - 412607953 _____ C:\windows\MEMORY.DMP
    2015-06-03 11:59 - 2014-10-10 19:11 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
    2015-05-29 05:46 - 2009-07-13 23:20 - 00000000 ____D C:\windows\Resources
    2015-05-27 21:58 - 2015-05-18 17:56 - 00009546 _____ C:\Users\Dan\Downloads\index.php
    2015-05-26 23:57 - 2014-10-19 21:46 - 00000000 ____D C:\Users\Dan\AppData\Roaming\Paltalk
    2015-05-26 23:56 - 2014-10-19 21:46 - 00000000 ____D C:\Program Files (x86)\Paltalk Messenger
    2015-05-24 20:37 - 2014-10-23 22:19 - 00000000 ____D C:\ProgramData\Oracle
    2015-05-24 18:42 - 2015-03-12 11:59 - 00000000 ____D C:\Users\Dan\Documents\iMacros
    2015-05-22 13:46 - 2014-10-14 23:11 - 00000000 ____D C:\ProgramData\Camfrog Update

    ==================== Files in the root of some directories =======

    2015-06-01 01:10 - 2015-06-02 18:58 - 0000600 _____ () C:\Users\Dan\AppData\Roaming\winscp.rnd
    2015-05-31 20:03 - 2015-06-02 21:22 - 0000600 _____ () C:\Users\Dan\AppData\Local\PUTTY.RND

    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\System32\winlogon.exe => File is digitally signed
    C:\Windows\System32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\System32\services.exe => File is digitally signed
    C:\Windows\System32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\System32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed
    C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2015-06-13 01:54

    ==================== End of log ============================

    ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------


    Additional scan result of Farbar Recovery Scan Tool (x64) Version:13-06-2015
    Ran by Dan at 2015-06-20 15:46:11
    Running from C:\Users\Dan\Desktop
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-3476291681-2796092440-1313146854-500 - Administrator - Disabled)
    Dan (S-1-5-21-3476291681-2796092440-1313146854-1000 - Administrator - Enabled) => C:\Users\Dan
    Guest (S-1-5-21-3476291681-2796092440-1313146854-501 - Limited - Disabled)
    HomeGroupUser$ (S-1-5-21-3476291681-2796092440-1313146854-1002 - Limited - Enabled)

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Panda Antivirus Pro 2015 (Disabled - Up to date) {3456760B-FDAA-FFFD-06C2-7BB528D2066C}
    AS: Panda Antivirus Pro 2015 (Disabled - Up to date) {8F3797EF-DB90-F073-3C72-40C753554CD1}
    AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    FW: Panda Firewall (Enabled) {0C6DF72E-B7C5-FEA5-2D9D-D280D6014117}

    ==================== Installed Programs ======================

    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    4K Video Downloader 3.5 (HKLM-x32\...\4K Video Downloader_is1) (Version: 3.5.6.1730 - Open Media LLC)
    Active@ KillDisk 9.1 (HKLM\...\{81B939C1-0219-42B6-A352-D5E43F2BDFAE}_is1) (Version: 9.1 - LSoft Technologies Inc)
    Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.188 - Adobe Systems Incorporated)
    AnalogX Proxy (HKLM-x32\...\AnalogX Proxy_is1) (Version: 4.15 - AnalogX, LLC)
    Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
    Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 5.2 - Atheros)
    Betternet (HKLM-x32\...\Betternet) (Version: - )
    Bitcoin Core (64-bit) (HKU\S-1-5-21-3476291681-2796092440-1313146854-1000\...\Bitcoin Core (64-bit)) (Version: 0.10.2 - Bitcoin Core project)
    Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
    Camfrog Video Chat 6.11 (HKLM-x32\...\Camfrog) (Version: 6.11.480 - Camshare, Inc.)
    Coinbot (HKLM-x32\...\Coinbot_is1) (Version: - )
    Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
    DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
    DAoC Portal (HKLM-x32\...\{EC9359B3-2548-4DB1-B322-6D71A17501F9}) (Version: 2.8.2 - Dawn of Light)
    Direct DiscRecorder (x32 Version: 1.00.0000 - Corel Corporation) Hidden
    Dogecoin Core (32-bit) (HKU\S-1-5-21-3476291681-2796092440-1313146854-1000\...\Dogecoin Core (32-bit)) (Version: 1.8.0 - Dogecoin project)
    Dolby Control Center (HKLM\...\{20387B45-18A4-4D48-ABD9-A23D2CBE42B3}) (Version: 2.2.1 - Dolby)
    Dragon's Tale (HKLM-x32\...\Dragon's Tale) (Version: 1.00 - eGenesis)
    DVD MovieFactory for TOSHIBA (HKLM-x32\...\InstallShield_{50F68032-B5B7-4513-9116-C978DBD8F27A}) (Version: 7.0.0 - Corel Corporation)
    DVD MovieFactory for TOSHIBA (x32 Version: 7.0.0 - Corel Corporation) Hidden
    EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation)
    Eyeball Chat (HKLM-x32\...\{FDE9FAF8-E1EA-4EBC-A10C-A730F45C7258}) (Version: 58.26.1 - Eyeball Networks)
    Fiddler (HKLM-x32\...\Fiddler2) (Version: 4.5.0.0 - Telerik)
    Fiddler Syntax-Highlighting Addons (HKLM-x32\...\FiddlerSyntaxAddons) (Version: - )
    Foundstone Hash Calculator (Fiddler Extension) (HKLM-x32\...\{D206D869-2C99-4E36-8B87-7BDEC994999D}) (Version: 1.0.0 - Foundstone Inc., A Division Of McAfee)
    Foxit Cloud (HKLM-x32\...\{41914D8B-9D6E-4764-A1F9-BC43FB6782C1}_is1) (Version: 3.3.76.410 - Foxit Software Inc.)
    Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 7.1.5.425 - Foxit Software Inc.)
    Free FLV to MP4 Converter version 1.0 (HKLM-x32\...\{74054B18-A989-49D4-A34A-5DC405F99983}_is1) (Version: 1.0 - )
    GadgetWide Cloud Control Service (HKLM-x32\...\{6147344A-2A3D-4CE0-9F09-E99CE1C45573}) (Version: 1.2.0.6 - GadgetWide)
    Genesis version Genesis Launcher 1.009 (HKLM-x32\...\{975e7799-c584-47f0-9c12-c1551f3e95f2}_is1) (Version: Genesis Launcher 1.009 - Pawel D. alias Laplume for Genesis.)
    Genesis version Patch (HKLM-x32\...\{9db86e9a-0b05-4202-a76c-5a795f698408}_is1) (Version: Patch - Pawel D. alias Laplume for Genesis.)
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.124 - Google Inc.)
    Google Sitemap Generator (Beta) (HKLM-x32\...\{D2B963D9-9957-452C-BEB3-DA0FD7F9DA16}) (Version: 1.0.0 - Google)
    Google Talk Plugin (HKLM-x32\...\{CA3DD97D-1FD7-37A7-BD5C-FC4430C8B8E6}) (Version: 5.41.2.0 - Google)
    Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
    Grand Theft Auto V v.1.0.333.1 (HKLM-x32\...\Grand Theft Auto V_is1) (Version: - )
    HunterCoin (HKLM-x32\...\{9845CAD9-BF76-4F22-A437-FF33990B0CCB}) (Version: 1.2.0.0 - HunterCoin)
    iMacros Version 10.4.28.1074 (x64) (HKLM\...\{9C5118F7-E26D-4fc0-B7F4-4A067A0808FA}_is1) (Version: 10.4.28.1074 - Ipswitch, Inc)
    ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
    Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.0.1006 - Intel Corporation)
    Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
    Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.5.0.1037 - Intel Corporation)
    Intel® Turbo Boost Technology Driver (HKLM-x32\...\{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}) (Version: 01.00.01.1002 - Intel Corporation)
    iRacing.com Race Simulation (HKLM-x32\...\{CBBB3C80-76F5-42B5-92A6-C4BF84796DCB}) (Version: 1.01.0528 - iRacing.com Motorsport Simulations)
    iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
    Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
    Junk Mail filter update (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden
    LINE (HKLM-x32\...\LINE) (Version: 4.0.0.278 - LINE Corporation)
    Logitech Gaming Software 5.04 (HKLM\...\{8753DF4D-64B0-474E-9A97-0AB5585D9A53}) (Version: 5.04.110 - Logitech)
    Logitech QuickCam Software (HKLM-x32\...\{C43048A9-742C-4DAD-90D2-E3B53C9DB825}) (Version: 8.47.0000 - Logitech, Inc.)
    Malwarebytes Anti-Exploit version 1.06.1.1019 (HKLM\...\Malwarebytes Anti-Exploit_is1) (Version: 1.06.1.1019 - Malwarebytes)
    Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
    ManyCam 4.1.0 (HKLM-x32\...\ManyCam) (Version: 4.1.0 - Visicom Media Inc.)
    Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
    Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
    Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
    Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
    Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
    Microsoft Office Suite Activation Assistant (HKLM-x32\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
    Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
    Mozilla Firefox 38.0.5 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 38.0.5 (x86 en-US)) (Version: 38.0.5 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 32.0.3 - Mozilla)
    MPC-HC 1.7.7 (HKLM-x32\...\{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1) (Version: 1.7.7 - MPC-HC Team)
    MultiBit 0.5.18 (HKLM-x32\...\MultiBit 0.5.18) (Version: 0.5.18 - )
    MultiTool V2 (HKLM-x32\...\MultiTool V2) (Version: 2.0.0.3 - )
    NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.56.34 - NVIDIA Corporation)
    NVIDIA PhysX System Software 9.13.0725 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0725 - NVIDIA Corporation)
    OE Classic 2.1 (HKLM-x32\...\OEClassic) (Version: 2.1 - OE Classic)
    ooVoo (HKLM-x32\...\{FAA7F8FF-3C05-4A61-8F14-D8A6E9ED6623}) (Version: 3.6.5001 - ooVoo LLC.)
    OpenVPN 2.3.6-I001 (HKLM-x32\...\OpenVPN) (Version: 2.3.6-I001 - )
    Opera Stable 30.0.1835.59 (HKLM-x32\...\Opera 30.0.1835.59) (Version: 30.0.1835.59 - Opera Software)
    Paltalk Messenger 11.6 (HKLM-x32\...\Paltalk Messenger) (Version: 11.6.607.17218 - AVM Software Inc.)
    Panda Antivirus Pro 2015 (HKLM-x32\...\Panda Universal Agent Endpoint) (Version: 15.1.0 - Panda Security)
    Panda Antivirus Pro 2015 (Version: 7.82.00.0000 - Panda Security) Hidden
    Panda Devices Agent (HKLM-x32\...\Panda Devices Agent) (Version: 1.03.04 - Panda Security)
    Panda Devices Agent (x32 Version: 1.05.00 - Panda Security) Hidden
    Paycoin (HKU\S-1-5-21-3476291681-2796092440-1313146854-1000\...\Paycoin) (Version: 0.1.2.26 - Paycoin project)
    PdaNet+ for Android 4.15 (HKLM-x32\...\PdaNet_is1) (Version: - June Fabrics Technology Inc)
    Peerunity (HKU\S-1-5-21-3476291681-2796092440-1313146854-1000\...\Peerunity) (Version: 0.1.1.0 - Peerunity project)
    PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
    ProfitCoin 1.1 (HKLM-x32\...\ProfitCoin 1.1) (Version: 1.1 - Hashprofit)
    Python 2.7.6 (64-bit) (HKLM\...\{C3CC4DF5-39A5-4027-B136-2B3E1F5AB6E3}) (Version: 2.7.6150 - Python Software Foundation)
    Quark wallet (HKLM-x32\...\Quark wallet) (Version: - )
    Quickbooks Financial Center (HKLM-x32\...\{3B843B38-04B1-4CE6-8888-586273E0F289}) (Version: 2.02 - TOSHIBA Corporation)
    Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0008 - Realtek)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5972 - Realtek Semiconductor Corp.)
    Realtek WLAN Driver (HKLM-x32\...\{0FB630AB-7BD8-40AE-B223-60397D57C3C9}) (Version: 2.00.0006 - Realtek)
    RICOH R5U230 Media Driver ver.2.06.03.02 (HKLM-x32\...\{022CBB38-CEF0-42BA-906A-A49BEFAE0BEE}) (Version: 2.06.03.02 - RICOH)
    RoboForm 7-9-11-1 (All Users) (HKLM-x32\...\AI RoboForm) (Version: 7-9-11-1 - Siber Systems)
    Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.5.6 - Rockstar Games)
    RuneScape Launcher 1.2.3 (HKLM-x32\...\{FAE99C85-0732-4C58-9C6B-10B5B12FA2E9}) (Version: 1.2.3 - Jagex Ltd)
    Samsung Kies3 (HKLM-x32\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.15041.2 - Samsung Electronics Co., Ltd.)
    Samsung Kies3 (x32 Version: 3.2.15041.2 - Samsung Electronics Co., Ltd.) Hidden
    SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.49.0 - SAMSUNG Electronics Co., Ltd.)
    Sandboxie 3.46 (64-bit) (HKLM\...\Sandboxie) (Version: - )
    SimCity 4 Deluxe (HKLM-x32\...\{A7A34FC9-DF24-4A36-00AD-D4EFE94CC116}) (Version: - )
    Skype Launcher (HKLM-x32\...\{DA84ECBF-4B79-47F2-B34C-95C38484C058}) (Version: 2.01 - TOSHIBA Corporation)
    Skype™ 7.5 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.5.102 - Skype Technologies S.A.)
    SmartFTP Client (HKLM\...\{155F9DF4-7F8D-4B49-9B18-D9C882D0E847}) (Version: 6.0.2096.0 - SmartSoft Ltd.)
    Snagit 12 (HKLM-x32\...\{979028FC-2DBF-4BB4-A9EC-4627A9D63D50}) (Version: 12.2.2 - TechSmith Corporation)
    Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.5.4 - Sophos Limited)
    Speccy (HKLM\...\Speccy) (Version: 1.28 - Piriform)
    Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 14.0.11.0 - Synaptics Incorporated)
    TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - )
    TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.40798 - TeamViewer)
    The Sims 4 (HKLM-x32\...\VGhlU2ltczQ=_is1) (Version: 1 - )
    The Sims™ 4 (HKLM-x32\...\{48EBEBBF-B9F8-4520-A3CF-89A730721917}) (Version: 1.0.732.20 - Electronic Arts Inc.)
    Time Stopper (HKLM-x32\...\Time Stopper4.0) (Version: 4.0 - DilSoft)
    Toshiba Application Installer (HKLM-x32\...\{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}) (Version: 9.0.0.9 - Toshiba)
    TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.2 for x64 - TOSHIBA Corporation)
    TOSHIBA DVD PLAYER (HKLM-x32\...\{6C5F3BDC-0A1B-4436-A696-5939629D5C31}) (Version: 3.01.1.07-A - TOSHIBA Corporation)
    TOSHIBA eco Utility (HKLM-x32\...\InstallShield_{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}) (Version: 1.1.12.64 - TOSHIBA Corporation)
    TOSHIBA Extended Tiles for Windows Mobility Center (HKLM-x32\...\InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}) (Version: - )
    TOSHIBA Face Recognition (HKLM-x32\...\InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}) (Version: 3.1.3.64 - TOSHIBA Corporation)
    TOSHIBA Hardware Setup (HKLM-x32\...\{D0387727-C89D-4774-B643-B9333EAA09DE}) (Version: 2.00.15 - TOSHIBA Corporation)
    TOSHIBA HDD Protection (HKLM\...\{94A90C69-71C1-470A-88F5-AA47ECC96B40}) (Version: 2.2.0.3 - TOSHIBA Corporation)
    TOSHIBA Media Controller (HKLM-x32\...\{983CD6FE-8320-4B80-A8F6-0D0366E0AA22}) (Version: 1.0.65 - TOSHIBA CORPORATION)
    Toshiba Online Backup (HKLM-x32\...\{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}) (Version: 1.2.0.38 - Toshiba)
    TOSHIBA Quality Application (HKLM-x32\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.0.1 - TOSHIBA)
    TOSHIBA Recovery Media Creator (HKLM\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.0.4 for x64 - TOSHIBA Corporation)
    TOSHIBA ReelTime (HKLM-x32\...\InstallShield_{5BCC94A1-DEF1-4AB4-8046-BC13048E929A}) (Version: 1.5.07.64 - TOSHIBA Corporation)
    TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.1.40 - TOSHIBA)
    TOSHIBA Speech System Applications (HKLM-x32\...\{EE033C1F-443E-41EC-A0E2-559B539A4E4D}) (Version: 1.00.2518 - )
    TOSHIBA Speech System SR Engine(U.S.) Version1.0 (HKLM-x32\...\{008D69EB-70FF-46AB-9C75-924620DF191A}) (Version: - )
    TOSHIBA Speech System TTS Engine(U.S.) Version1.0 (HKLM-x32\...\{3FBF6F99-8EC6-41B4-8527-0A32241B5496}) (Version: - )
    TOSHIBA Supervisor Password (HKLM-x32\...\{A208044D-A88B-4ACF-AE95-E4F213E6EDC0}) (Version: 2.00.11 - TOSHIBA Corporation)
    TOSHIBA USB Sleep and Charge Utility (HKLM-x32\...\{E487EE7D-EAAA-4E2A-9116-E3B477D8A74F}) (Version: 1.3.2.0 - TOSHIBA Corporation)
    TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.2.32.64 - TOSHIBA Corporation)
    TOSHIBA Web Camera Application (HKLM-x32\...\{5E6F6CF3-BACC-4144-868C-E14622C658F3}) (Version: 1.1.1.7 - TOSHIBA Corporation)
    ToshibaRegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.0.3 - Toshiba)
    Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
    USB Scale PC Program Version 1.10 (HKLM-x32\...\USB Scale PC Program_is1) (Version: 1.1.0 - Xiamen Elane Electronics Company Ltd.)
    VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.0 - VideoLAN)
    Vuze (HKLM-x32\...\8461-7759-5462-8226) (Version: 5.6.0.0 - Azureus Software, Inc.)
    Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
    Windows Live Sign-in Assistant (HKLM-x32\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)
    Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
    Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
    WinRAR 5.20 beta 1 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.20.1 - win.rar GmbH)
    WinSCP 5.7.3 (HKLM-x32\...\winscp3_is1) (Version: 5.7.3 - Martin Prikryl)
    XAMPP (HKLM-x32\...\xampp) (Version: 5.5.19-0 - Bitnami)

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    CustomCLSID: HKU\S-1-5-21-3476291681-2796092440-1313146854-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Dan\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-3476291681-2796092440-1313146854-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Dan\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll No File
    CustomCLSID: HKU\S-1-5-21-3476291681-2796092440-1313146854-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Dan\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll (Google Inc.)

    ==================== Restore Points =========================

    11-06-2015 15:38:40 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610
    16-06-2015 03:45:58 Windows Update
    19-06-2015 10:18:31 Windows Update

    ==================== Hosts content: ===============================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2009-07-13 22:34 - 2015-05-02 11:11 - 00000028 ____A C:\windows\system32\Drivers\etc\hosts
    127.0.0.1 albert.apple.com

    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {188BE237-3573-48D5-8C72-0A5151642C19} - System32\Tasks\TechSmith Updater => C:\Program Files (x86)\Common Files\TechSmith Shared\Updater\TSCUpdClt.exe [2014-07-31] (TechSmith Corporation)
    Task: {4C7B1180-9420-4B84-AC0C-300D8D448E16} - System32\Tasks\Microsoft\Windows\Windows Activation Technologies\ValidationTask => C:\Windows\system32\Wat\WatAdminSvc.exe [2014-10-12] (Microsoft Corporation)
    Task: {7AAADE0B-7962-401A-93FD-DB9AF9C56C92} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-06-10] (Adobe Systems Incorporated)
    Task: {85711BC5-1A78-435B-9364-C04A4C8DB0D6} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3476291681-2796092440-1313146854-1000UA => C:\Users\Dan\AppData\Local\Google\Update\GoogleUpdate.exe [2015-05-14] (Google Inc.)
    Task: {987580A1-478C-4E9F-B6BD-1EEFE9753B43} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-05-17] (Google Inc.)
    Task: {AD873B5F-6952-49C5-9316-B54E138B3731} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3476291681-2796092440-1313146854-1000Core => C:\Users\Dan\AppData\Local\Google\Update\GoogleUpdate.exe [2015-05-14] (Google Inc.)
    Task: {BBADAAD6-7C8D-4E47-A394-5DE73419725B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-05-17] (Google Inc.)
    Task: {CFA8336C-029A-48A3-B1E6-2538EB941CE8} - System32\Tasks\{58C9B70C-2DDF-44F7-99E2-7129893F5876} => pcalua.exe -a "C:\Users\Dan\Desktop\IPAD unlock\doulCi™ iCloud Activator V2\DoulCi™ Activator Official For Windows v2.0.14\iCloud Bypass Doulci Activator Setup.exe" -d "C:\Users\Dan\Desktop\IPAD unlock\doulCi™ iCloud Activator V2\DoulCi™ Activator Official For Windows v2.0.14"
    Task: {E2A4EC6D-A4C4-4760-8EB4-18416A6B0417} - System32\Tasks\Opera scheduled Autoupdate 1428159094 => C:\Program Files (x86)\Opera\launcher.exe [2015-06-10] (Opera Software)
    Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3476291681-2796092440-1313146854-1000Core.job => C:\Users\Dan\AppData\Local\Google\Update\GoogleUpdate.exe
    Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3476291681-2796092440-1313146854-1000UA.job => C:\Users\Dan\AppData\Local\Google\Update\GoogleUpdate.exe

    ==================== Loaded Modules (Whitelisted) ==============

    2014-10-11 14:06 - 2014-10-11 14:06 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
    2014-10-11 14:05 - 2014-10-11 14:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
    2013-04-12 13:23 - 2013-04-12 13:23 - 00612664 _____ () C:\Program Files (x86)\Panda Security\Panda Security Protection\SQLite3.dll
    2014-10-10 21:16 - 2009-10-02 16:18 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)


    ==================== Safe Mode (Whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NanoServiceMain => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSUAService => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NanoServiceMain => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PSUAService => ""="Service"

    ==================== EXE Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)


    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-3476291681-2796092440-1313146854-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Dan\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
    DNS Servers: 192.168.1.1

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (Currently there is no automatic fix for this section.)

    MSCONFIG\Services: camfrog_update_service => 2
    MSCONFIG\Services: cfWiMAXService => 2
    MSCONFIG\Services: ConfigFree Service => 2
    MSCONFIG\Services: fbdpinger => 2
    MSCONFIG\Services: iRacingService => 2
    MSCONFIG\Services: SkypeUpdate => 2
    MSCONFIG\Services: taisregispinger => 2
    MSCONFIG\Services: TeamViewer => 2
    MSCONFIG\Services: Thpsrv => 2
    MSCONFIG\Services: TMachInfo => 3
    MSCONFIG\Services: TODDSrv => 2
    MSCONFIG\Services: TOSHIBA eco Utility Service => 2
    MSCONFIG\Services: TOSHIBA HDD SSD Alert Service => 3
    MSCONFIG\startupfolder: C:^Users^Dan^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^PalTalk.lnk => C:\windows\pss\PalTalk.lnk.Startup
    MSCONFIG\startupfolder: C:^Users^Dan^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^PdaNet Desktop.lnk => C:\windows\pss\PdaNet Desktop.lnk.Startup
    MSCONFIG\startupreg: 00TCrdMain => %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
    MSCONFIG\startupreg: Application Experience => C:\Users\Dan\AppData\Roaming\Microsoft\AeLookupSvi.exe
    MSCONFIG\startupreg: HSON => %ProgramFiles%\TOSHIBA\TBS\HSON.exe
    MSCONFIG\startupreg: IAStorIcon => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
    MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    MSCONFIG\startupreg: MurGee.com Auto Clicker => C:\Users\Dan\AppData\Local\Auto Clicker\AutoClicker.exe :silent
    MSCONFIG\startupreg: NortonOnlineBackupReminder => "C:\Program Files (x86)\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe" UNATTENDED
    MSCONFIG\startupreg: SandboxieControl => "C:\Program Files\Sandboxie\SbieCtrl.exe"
    MSCONFIG\startupreg: SmartFaceVWatcher => %ProgramFiles%\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
    MSCONFIG\startupreg: SmoothView => %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
    MSCONFIG\startupreg: Start WingMan Profiler => C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui
    MSCONFIG\startupreg: SynTPEnh => %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
    MSCONFIG\startupreg: Teco => "%ProgramFiles%\TOSHIBA\TECO\Teco.exe" /r
    MSCONFIG\startupreg: ThpSrv => C:\windows\system32\thpsrv /logon
    MSCONFIG\startupreg: ToshibaServiceStation => "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
    MSCONFIG\startupreg: TosReelTimeMonitor => %ProgramFiles%\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
    MSCONFIG\startupreg: TPwrMain => %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
    MSCONFIG\startupreg: TUSBSleepChargeSrv => %ProgramFiles(x86)%\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe
    MSCONFIG\startupreg: TWebCamera => "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun

    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [TCP Query User{7E097C68-0FD9-4FC9-B2D5-E641DCDCE35C}C:\program files (x86)\camfrog\camfrog video chat\camfrog video chat.exe] => (Allow) C:\program files (x86)\camfrog\camfrog video chat\camfrog video chat.exe
    FirewallRules: [uDP Query User{0409F56D-68FE-42CB-91FD-82D11AE229DA}C:\program files (x86)\camfrog\camfrog video chat\camfrog video chat.exe] => (Allow) C:\program files (x86)\camfrog\camfrog video chat\camfrog video chat.exe
    FirewallRules: [TCP Query User{F4FF90B7-6A72-4127-9F4F-0CE161DDFD19}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
    FirewallRules: [uDP Query User{0D95B1A8-7002-42D9-83DA-1B6F6EB71430}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
    FirewallRules: [TCP Query User{4E932DD0-9FA0-48B2-A612-9092051DD111}C:\program files (x86)\dogecoin\dogecoin-qt.exe] => (Allow) C:\program files (x86)\dogecoin\dogecoin-qt.exe
    FirewallRules: [uDP Query User{8F4419C7-837D-4ABF-90FC-1B5D7868E1E3}C:\program files (x86)\dogecoin\dogecoin-qt.exe] => (Allow) C:\program files (x86)\dogecoin\dogecoin-qt.exe
    FirewallRules: [TCP Query User{0155E8D8-568B-4322-9241-4CA641320B31}C:\program files\bitcoin\bitcoin-qt.exe] => (Allow) C:\program files\bitcoin\bitcoin-qt.exe
    FirewallRules: [uDP Query User{8BBCE6E3-05EE-47A7-9A9B-1DEC058AA7D0}C:\program files\bitcoin\bitcoin-qt.exe] => (Allow) C:\program files\bitcoin\bitcoin-qt.exe
    FirewallRules: [TCP Query User{E23A0796-1231-4C28-A288-488866DBCBCE}F:\bitcoins\dogecoin\dogecoin-qt.exe] => (Allow) F:\bitcoins\dogecoin\dogecoin-qt.exe
    FirewallRules: [uDP Query User{3DBB2C7A-2ED0-4476-845E-5514523B50F2}F:\bitcoins\dogecoin\dogecoin-qt.exe] => (Allow) F:\bitcoins\dogecoin\dogecoin-qt.exe
    FirewallRules: [TCP Query User{B716E153-A905-4BEB-8777-B6C0E6D96401}F:\e-currencys\quarkcoin\quarkcoin-qt.exe] => (Allow) F:\e-currencys\quarkcoin\quarkcoin-qt.exe
    FirewallRules: [uDP Query User{6DCBDF40-F763-4364-ACEC-E0160D48CD35}F:\e-currencys\quarkcoin\quarkcoin-qt.exe] => (Allow) F:\e-currencys\quarkcoin\quarkcoin-qt.exe
    FirewallRules: [TCP Query User{ABE029C0-7BD3-425B-A886-7E8CBCD7B6E8}C:\program files (x86)\paycoin\paycoin.exe] => (Allow) C:\program files (x86)\paycoin\paycoin.exe
    FirewallRules: [uDP Query User{A1F832CD-6118-4F7B-8AC7-FCA1FF6A827E}C:\program files (x86)\paycoin\paycoin.exe] => (Allow) C:\program files (x86)\paycoin\paycoin.exe
    FirewallRules: [TCP Query User{6190AC66-CF36-4434-895E-FA80A4A1B5A1}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
    FirewallRules: [uDP Query User{E12CE1E4-6018-4D64-8551-2A38C7B71BA5}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
    FirewallRules: [TCP Query User{D67F8877-930A-49AA-8E96-0F5923F3565A}C:\program files (x86)\paycoin\paycoin.exe] => (Allow) C:\program files (x86)\paycoin\paycoin.exe
    FirewallRules: [uDP Query User{371F154F-D1CD-40A8-AE47-5D200F9B295E}C:\program files (x86)\paycoin\paycoin.exe] => (Allow) C:\program files (x86)\paycoin\paycoin.exe
    FirewallRules: [TCP Query User{B9139CB5-7D9B-4368-897C-266FA08CD8FB}C:\users\dan\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe] => (Block) C:\users\dan\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe
    FirewallRules: [uDP Query User{AC6162A9-F647-4250-8775-0C3E4C2AFCD6}C:\users\dan\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe] => (Block) C:\users\dan\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe
    FirewallRules: [TCP Query User{943405E3-0C3F-4EFE-860A-4FDCACD04AD9}C:\program files\bitcoin\bitcoin-qt.exe] => (Allow) C:\program files\bitcoin\bitcoin-qt.exe
    FirewallRules: [uDP Query User{7119C0A7-9483-434B-8F14-8F28FC0D39AC}C:\program files\bitcoin\bitcoin-qt.exe] => (Allow) C:\program files\bitcoin\bitcoin-qt.exe
    FirewallRules: [TCP Query User{A0B70BDB-77C0-4382-B4EA-9C96DBC3BE3E}C:\program files (x86)\camfrog\camfrog video chat\camfrog video chat.exe] => (Block) C:\program files (x86)\camfrog\camfrog video chat\camfrog video chat.exe
    FirewallRules: [uDP Query User{1C4365BE-3505-449D-9F7D-9EAFB4B20AE4}C:\program files (x86)\camfrog\camfrog video chat\camfrog video chat.exe] => (Block) C:\program files (x86)\camfrog\camfrog video chat\camfrog video chat.exe
    FirewallRules: [{7C1154A3-AA4A-4C90-AB3F-E3060D7DB9C5}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
    FirewallRules: [{E5ACC65C-B4CA-4FD8-8A90-62E93113658D}] => (Allow) C:\Program Files (x86)\DTLSoft\DriveTheLife\DriveTheLife.exe
    FirewallRules: [{E2622863-3207-4880-964D-7BD7D33F9FE5}] => (Allow) C:\Program Files (x86)\DTLSoft\DriveTheLife\DTLService.exe
    FirewallRules: [{4EB637AF-7AAD-4A1E-B0C5-73C2ABE7B4E6}] => (Allow) C:\Program Files (x86)\DTLSoft\DriveTheLife\download\MiniThunderPlatform.exe
    FirewallRules: [TCP Query User{4216ACCD-CBA0-4E17-9533-C2F0EFD04F7C}C:\program files (x86)\dogecoin\dogecoin-qt.exe] => (Allow) C:\program files (x86)\dogecoin\dogecoin-qt.exe
    FirewallRules: [uDP Query User{024AE92D-D783-4744-A956-3B228F4562C3}C:\program files (x86)\dogecoin\dogecoin-qt.exe] => (Allow) C:\program files (x86)\dogecoin\dogecoin-qt.exe
    FirewallRules: [{CFEA6052-80A5-42C1-859A-2D2B5BE3708E}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{0B8D8B44-BD54-4BCC-82C0-54409558B759}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{BE2CC715-F6E1-496A-903E-8C50EAECEA54}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{AB08FFC9-1DA7-4F94-AE32-C5CC76BDBD0A}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{FC1F660B-688D-4924-8566-BB2974A509AA}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{849B581F-4293-4BE1-B02B-1E9BF319955E}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{4285960A-CBE1-4DB3-9095-191E85F1F1AB}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{5069F59E-CB6F-43B8-93A0-F07702870259}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{CB68F697-494E-4251-8CEB-E36E7A05A6EB}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
    FirewallRules: [{8DB29B7B-BEBA-4E79-82D9-138EB1870934}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{2B0A9CD2-BBE3-43C4-BE2F-74EF522E90CD}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{6C330BB5-0C96-4FF5-951C-8CB6F3CDFDCE}] => (Allow) C:\Program Files (x86)\Naver\LINE\Line.exe
    FirewallRules: [{9C3DCE6D-90B4-49FF-BB29-96DDBB6642D7}] => (Allow) C:\Program Files (x86)\Naver\LINE\Line.exe
    FirewallRules: [{15D59E53-E5FA-4F04-9135-8837328F22DE}] => (Allow) C:\Program Files (x86)\Fiddler2\Fiddler.exe
    FirewallRules: [{4CD02CE6-0A50-4C38-9ACC-599887ED1E81}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
    FirewallRules: [{5F5B3C9F-5F51-4B57-9920-CF62F2FF0CEE}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
    FirewallRules: [{62AB357C-ACCC-463D-BF92-76AF4032D4DD}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
    FirewallRules: [{2E048F7B-BADC-401D-B42C-4EBCDCDC4F9B}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
    FirewallRules: [{9BBA9312-6158-48FE-BD0F-83621CFAF46A}] => (Allow) C:\Program Files (x86)\Vuze\Azureus.exe
    FirewallRules: [{4933C144-A0E9-400E-9525-0626BBE4E321}] => (Allow) C:\Program Files (x86)\Vuze\Azureus.exe
    FirewallRules: [TCP Query User{F2ADD05A-8589-4644-9AD1-4FA275E7411D}C:\xampp\apache\bin\httpd.exe] => (Allow) C:\xampp\apache\bin\httpd.exe
    FirewallRules: [uDP Query User{8BE6C761-757C-418E-A153-4BC1103CC44A}C:\xampp\apache\bin\httpd.exe] => (Allow) C:\xampp\apache\bin\httpd.exe
    FirewallRules: [TCP Query User{3227BCC3-4339-43C9-933F-021828564E6B}C:\program files (x86)\huntercoin\huntercoin-qt.exe] => (Allow) C:\program files (x86)\huntercoin\huntercoin-qt.exe
    FirewallRules: [uDP Query User{365FAF24-A8AC-4099-85F2-A337E8D975A0}C:\program files (x86)\huntercoin\huntercoin-qt.exe] => (Allow) C:\program files (x86)\huntercoin\huntercoin-qt.exe
    FirewallRules: [TCP Query User{8B5066A1-BC8E-442A-B40D-2EDBA50B1C44}C:\program files (x86)\paltalk messenger\paltalk.exe] => (Allow) C:\program files (x86)\paltalk messenger\paltalk.exe
    FirewallRules: [uDP Query User{39DE6EC8-05F8-4097-B06F-75750CE53C96}C:\program files (x86)\paltalk messenger\paltalk.exe] => (Allow) C:\program files (x86)\paltalk messenger\paltalk.exe
    FirewallRules: [TCP Query User{FC927C80-A0E0-4F1F-A65F-C5D31AD1E580}C:\program files (x86)\manycam\manycam.exe] => (Allow) C:\program files (x86)\manycam\manycam.exe
    FirewallRules: [uDP Query User{F7CCECFE-A733-4A0F-A5FF-31B086EAB3D0}C:\program files (x86)\manycam\manycam.exe] => (Allow) C:\program files (x86)\manycam\manycam.exe
    FirewallRules: [{13C703F7-2A8D-44AB-AF67-2828CC22A5F5}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    FirewallRules: [{61301D62-466C-462C-AD4C-65B61B8F3C1E}] => (Allow) %ProgramFiles% (x86)\MultiTool V2\MultiTool.exe
    FirewallRules: [{6EBA80BF-6D84-4B5C-AA1C-B431D3C0428B}] => (Allow) %ProgramFiles% (x86)\MultiTool V2\MultiTool.exe
    FirewallRules: [TCP Query User{423D0705-D32A-4308-9D26-01FE0E0FCB1A}C:\program files (x86)\litecoin\litecoin-qt.exe] => (Allow) C:\program files (x86)\litecoin\litecoin-qt.exe
    FirewallRules: [uDP Query User{1F21AF50-F4CF-4351-A343-A370F60E53E2}C:\program files (x86)\litecoin\litecoin-qt.exe] => (Allow) C:\program files (x86)\litecoin\litecoin-qt.exe
    FirewallRules: [TCP Query User{B9D7F293-EAED-4519-BBBA-F4C51A693983}C:\program files (x86)\primecoin\primecoin-qt.exe] => (Allow) C:\program files (x86)\primecoin\primecoin-qt.exe
    FirewallRules: [uDP Query User{A1E56447-F348-4D92-B67C-6C7A7029C787}C:\program files (x86)\primecoin\primecoin-qt.exe] => (Allow) C:\program files (x86)\primecoin\primecoin-qt.exe
    FirewallRules: [TCP Query User{4BD39E76-691E-464D-8F94-5394CED0138E}C:\users\dan\appdata\roaming\quarkcoin\quarkcoin-qt.exe] => (Allow) C:\users\dan\appdata\roaming\quarkcoin\quarkcoin-qt.exe
    FirewallRules: [uDP Query User{CC14FE42-BF9E-40E2-B84B-257AE8266B87}C:\users\dan\appdata\roaming\quarkcoin\quarkcoin-qt.exe] => (Allow) C:\users\dan\appdata\roaming\quarkcoin\quarkcoin-qt.exe
    FirewallRules: [TCP Query User{4A14BFF1-CB80-42BA-A0E6-33823C906F7F}C:\program files (x86)\peerunity\peerunity.exe] => (Allow) C:\program files (x86)\peerunity\peerunity.exe
    FirewallRules: [uDP Query User{E757250F-A42C-4677-BDAD-249C01D1A130}C:\program files (x86)\peerunity\peerunity.exe] => (Allow) C:\program files (x86)\peerunity\peerunity.exe

    ==================== Faulty Device Manager Devices =============

    Name: ManyCam Virtual Webcam
    Description: ManyCam Virtual Webcam
    Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
    Manufacturer: Visicom Media Inc.
    Service: ManyCam
    Problem: : A driver (service) for this device has been disabled. An alternate driver may be providing this functionality (Code 32)
    Resolution: The start type for this driver is set to disabled in the registry.
    Uninstall the driver from Device Manager, and then scan for new hardware to install the driver again. If this does not work, you might have to change the device start type parameter in the registry.

    Name: Microsoft Virtual WiFi Miniport Adapter
    Description: Microsoft Virtual WiFi Miniport Adapter
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Microsoft
    Service: vwifimp
    Problem: : This device is disabled. (Code 22)
    Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

    Name: ManyCam Virtual Microphone
    Description: ManyCam Virtual Microphone
    Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
    Manufacturer: Visicom Media Inc.
    Service: mcaudrv_simple
    Problem: : A driver (service) for this device has been disabled. An alternate driver may be providing this functionality (Code 32)
    Resolution: The start type for this driver is set to disabled in the registry.
    Uninstall the driver from Device Manager, and then scan for new hardware to install the driver again. If this does not work, you might have to change the device start type parameter in the registry.


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (06/20/2015 10:21:09 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: c0xTral_v2.0c_help.exe, version: 1.0.0.0, time stamp: 0x556dfddc
    Faulting module name: KERNELBASE.dll, version: 6.1.7601.18847, time stamp: 0x554d7bd0
    Exception code: 0xe0434352
    Fault offset: 0x0000c42d
    Faulting process id: 0x1af8
    Faulting application start time: 0xc0xTral_v2.0c_help.exe0
    Faulting application path: c0xTral_v2.0c_help.exe1
    Faulting module path: c0xTral_v2.0c_help.exe2
    Report Id: c0xTral_v2.0c_help.exe3

    Error: (06/20/2015 10:21:02 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
    Description: Application: c0xTral_v2.0c_help.exe
    Framework Version: v4.0.30319
    Description: The process was terminated due to an unhandled exception.
    Exception Info: System.Net.Sockets.SocketException
    Stack:
    at System.Windows.Forms.Control.MarshaledInvoke(System.Windows.Forms.Control, System.Delegate, System.Object[], Boolean)
    at System.Windows.Forms.Control.Invoke(System.Delegate, System.Object[])
    at c0xTral_v2._0c_help.Form1.getInfo(System.Object, System.EventArgs)
    at MobileDevice.iPhone.OnConnect(MobileDevice.ConnectEventArgs)
    at MobileDevice.iPhone.NotifyCallback(MobileDevice.AMDeviceNotificationCallbackInfo ByRef)

    Error: (06/19/2015 01:41:48 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: wmprph.exe, version: 12.0.7600.16385, time stamp: 0x4a5bd018
    Faulting module name: ntdll.dll, version: 6.1.7601.18798, time stamp: 0x5507b864
    Exception code: 0xc0000005
    Fault offset: 0x000000000004ad94
    Faulting process id: 0x740
    Faulting application start time: 0xwmprph.exe0
    Faulting application path: wmprph.exe1
    Faulting module path: wmprph.exe2
    Report Id: wmprph.exe3

    Error: (06/19/2015 00:15:53 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: betternet.exe, version: 0.0.0.0, time stamp: 0x01285dc0
    Faulting module name: Qt5Core.dll, version: 5.3.2.0, time stamp: 0x777a675f
    Exception code: 0xc0000005
    Fault offset: 0x00179a60
    Faulting process id: 0x1570
    Faulting application start time: 0xbetternet.exe0
    Faulting application path: betternet.exe1
    Faulting module path: betternet.exe2
    Report Id: betternet.exe3

    Error: (06/19/2015 00:14:00 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: betternet.exe, version: 0.0.0.0, time stamp: 0x01285dc0
    Faulting module name: betternet.exe, version: 0.0.0.0, time stamp: 0x01285dc0
    Exception code: 0xc0000005
    Fault offset: 0x00002da0
    Faulting process id: 0x1afc
    Faulting application start time: 0xbetternet.exe0
    Faulting application path: betternet.exe1
    Faulting module path: betternet.exe2
    Report Id: betternet.exe3

    Error: (06/19/2015 00:13:53 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: betternet.exe, version: 0.0.0.0, time stamp: 0x01285dc0
    Faulting module name: Qt5Core.dll, version: 5.3.2.0, time stamp: 0x777a675f
    Exception code: 0xc0000005
    Fault offset: 0x00179a60
    Faulting process id: 0x16a8
    Faulting application start time: 0xbetternet.exe0
    Faulting application path: betternet.exe1
    Faulting module path: betternet.exe2
    Report Id: betternet.exe3

    Error: (06/19/2015 10:10:57 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: wmprph.exe, version: 12.0.7600.16385, time stamp: 0x4a5bd018
    Faulting module name: ntdll.dll, version: 6.1.7601.18798, time stamp: 0x5507b864
    Exception code: 0xc0000005
    Fault offset: 0x000000000004ad94
    Faulting process id: 0x1bc8
    Faulting application start time: 0xwmprph.exe0
    Faulting application path: wmprph.exe1
    Faulting module path: wmprph.exe2
    Report Id: wmprph.exe3

    Error: (06/19/2015 03:09:39 AM) (Source: Wininit) (EventID: 1015) (User: )
    Description: A critical system process, C:\windows\system32\lsm.exe, failed with status code 1. The machine must now be restarted.

    Error: (06/18/2015 06:45:20 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: MultiTool.exe, version: 2.0.0.0, time stamp: 0x556a2f43
    Faulting module name: KERNELBASE.dll, version: 6.1.7601.18847, time stamp: 0x554d7bd0
    Exception code: 0xe0434352
    Fault offset: 0x0000c42d
    Faulting process id: 0x2c1c
    Faulting application start time: 0xMultiTool.exe0
    Faulting application path: MultiTool.exe1
    Faulting module path: MultiTool.exe2
    Report Id: MultiTool.exe3

    Error: (06/18/2015 06:45:09 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
    Description: Application: MultiTool.exe
    Framework Version: v4.0.30319
    Description: The process was terminated due to an unhandled exception.
    Exception Info: System.IO.FileLoadException
    Stack:
    at ‍‌‮‬​‮‌‎‎‪‎‪‮‫‬‍‮​‮..ctor()
    at ‭‌‫‍‏​‎‍‍​‮‏‎‪‏‮‏‬‬‎‍‬‪​‎‮..ctor()
    at ‎‫‬‌‪‍‪‍‏‭‍‏‪‏‬​‭‏‭‮‏‫‮.‏​‍‌‎‪‮‭‮‫​‭‬​‭‭‍‫​‬‮‮‮‮()


    System errors:
    =============
    Error: (06/20/2015 02:28:52 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
    Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

    Error: (06/20/2015 02:21:57 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
    Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

    Error: (06/20/2015 01:22:28 PM) (Source: ipnathlp) (EventID: 31004) (User: )
    Description: 0

    Error: (06/20/2015 00:56:06 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
    Description: The ScRegSetValueExW call failed for FailureActions with the following error:
    %%5

    Error: (06/20/2015 00:53:43 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The Panda Devices Agent service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.

    Error: (06/20/2015 00:53:43 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The Print Spooler service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

    Error: (06/20/2015 00:53:43 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The Apple Mobile Device service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

    Error: (06/20/2015 00:53:43 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

    Error: (06/20/2015 00:53:43 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The Application Layer Gateway Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

    Error: (06/20/2015 00:53:43 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.


    Microsoft Office:
    =========================

    CodeIntegrity Errors:
    ===================================
    Date: 2015-03-30 14:23:09.899
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2015-03-30 14:23:09.852
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


    ==================== Memory info ===========================

    Processor: Intel® Core i5 CPU M 430 @ 2.27GHz
    Percentage of memory in use: 37%
    Total physical RAM: 3958.84 MB
    Available physical RAM: 2490.01 MB
    Total Pagefile: 7915.88 MB
    Available Pagefile: 6234.91 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.85 MB

    ==================== Drives ================================

    Drive c: (TI105322W0F) (Fixed) (Total:453.89 GB) (Free:76.92 GB) NTFS ==>[system with boot components (obtained from reading drive)]
    Drive d: (Now.You.See.Me.2) (CDROM) (Total:0.68 GB) (Free:0 GB) CDFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: B9FF68F3)
    Partition 1: (Active) - (Size=1.5 GB) - (Type=27)
    Partition 2: (Not Active) - (Size=453.9 GB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=10.4 GB) - (Type=17)

    ==================== End of log ============================
    • 0
  14. ProblemsRBad added a post in a topic [RESOLVED] My win7 laptop has malware (and removed) items   

    Ok, finished I did not need Rkill. Here is combofix log:

    ComboFix 15-06-18.01 - Dan 20.06.2015 14:15:54.1.4 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3959.2772 [GMT -4:00]
    Running from: c:\users\Dan\Desktop\ComboFix.exe
    AV: Panda Antivirus Pro 2015 *Disabled/Updated* {3456760B-FDAA-FFFD-06C2-7BB528D2066C}
    FW: Panda Firewall *Enabled* {0C6DF72E-B7C5-FEA5-2D9D-D280D6014117}
    SP: Panda Antivirus Pro 2015 *Disabled/Updated* {8F3797EF-DB90-F073-3C72-40C753554CD1}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((( Files Created from 2015-05-20 to 2015-06-20 )))))))))))))))))))))))))))))))
    .
    .
    2015-06-20 18:28 . 2015-06-20 18:28 -------- d-----w- c:\users\Public\AppData\Local\temp
    2015-06-20 18:28 . 2015-06-20 18:28 -------- d-----w- c:\users\DefaultAppPool\AppData\Local\temp
    2015-06-20 18:28 . 2015-06-20 18:28 -------- d-----w- c:\users\Default\AppData\Local\temp
    2015-06-20 16:47 . 2015-06-20 16:53 -------- d-----w- C:\AdwCleaner
    2015-06-20 16:38 . 2015-06-20 16:38 -------- d-----w- C:\RegBackup
    2015-06-20 15:43 . 2015-06-20 15:45 -------- d-----w- C:\FRST
    2015-06-19 14:20 . 2015-05-03 03:16 12214312 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D0378C76-974F-4CA9-A5EB-116A4C51FCFA}\mpengine.dll
    2015-06-18 22:47 . 2015-06-18 23:06 -------- d-----w- c:\program files (x86)\MultiTool V2
    2015-06-12 12:02 . 2015-01-29 17:21 61712 ----a-w- c:\windows\system32\drivers\PSKMAD.sys
    2015-06-11 19:40 . 2015-06-11 19:47 -------- d-----w- C:\69d56092833f256daafa
    2015-06-11 07:01 . 2015-06-11 07:01 -------- d-----w- c:\program files (x86)\Microsoft CAPICOM 2.1.0.2
    2015-06-10 13:17 . 2015-06-10 13:17 -------- d-----w- c:\users\Dan\AppData\Local\Logitech-LS
    2015-06-10 13:01 . 2015-06-10 13:01 -------- d-----w- c:\program files\Common Files\logishrd
    2015-06-08 19:46 . 2015-06-20 15:25 -------- d-----w- c:\users\Dan\AppData\Local\ManyCam
    2015-06-08 19:41 . 2015-06-08 19:46 -------- d-----w- c:\programdata\ManyCam
    2015-06-08 19:41 . 2015-06-08 20:11 -------- d-----w- c:\program files (x86)\ManyCam
    2015-06-08 18:08 . 2015-06-08 18:55 -------- d-----w- c:\program files\Sandboxie
    2015-06-04 22:10 . 2015-06-04 22:10 -------- d-----w- c:\users\Dan\AppData\Local\RealVNC
    2015-06-03 21:41 . 2015-06-03 21:52 -------- d-----w- c:\users\Dan\Google
    2015-06-03 21:29 . 2015-06-03 21:48 -------- d-----w- c:\users\Dan\AppData\Roaming\gcloud
    2015-06-03 21:28 . 2015-06-03 21:29 -------- d-----w- C:\python27_x64
    2015-06-01 04:44 . 2015-06-01 04:44 -------- d-----w- c:\program files (x86)\WinSCP
    2015-05-30 03:17 . 2015-06-01 08:15 -------- d-----w- c:\users\Dan\AppData\Local\Camfrog Single Server
    2015-05-30 03:17 . 2015-05-30 03:17 -------- d-----w- c:\programdata\Camfrog Server
    2015-05-25 00:37 . 2015-05-25 00:37 -------- d-----w- c:\program files (x86)\Common Files\Java
    2015-05-25 00:37 . 2015-05-25 00:36 97888 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
    2015-05-25 00:36 . 2015-05-25 00:36 -------- d-----w- c:\program files (x86)\Java
    2015-05-24 23:07 . 2015-05-25 00:41 -------- d-----w- C:\c
    2015-05-24 22:14 . 2015-05-24 22:14 -------- d-----w- c:\program files (x86)\Ipswitch
    2015-05-24 22:14 . 2015-05-24 22:14 -------- d-----w- c:\program files\Ipswitch
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2015-06-20 16:56 . 2014-12-01 13:09 136408 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
    2015-06-20 16:25 . 2015-02-03 05:40 35064 ----a-w- c:\windows\system32\drivers\TrueSight.sys
    2015-06-10 07:01 . 2014-10-10 23:48 140135120 ----a-w- c:\windows\system32\MRT.exe
    2015-06-10 05:33 . 2015-03-31 00:51 778416 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2015-06-10 05:33 . 2015-03-31 00:51 142512 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2015-05-09 03:13 . 2015-06-10 06:08 44032 ----a-w- c:\windows\apppatch\acwow64.dll
    2015-05-05 01:29 . 2015-05-13 04:04 342016 ----a-w- c:\windows\system32\schannel.dll
    2015-05-05 01:12 . 2015-05-13 04:04 248832 ----a-w- c:\windows\SysWow64\schannel.dll
    2015-05-04 00:38 . 2015-05-04 00:38 137421 ----a-w- c:\windows\Dragon's Tale Uninstaller.exe
    2015-05-03 21:34 . 2015-05-03 21:34 6334478 ----a-r- c:\users\Dan\AppData\Roaming\Microsoft\Installer\{9845CAD9-BF76-4F22-A437-FF33990B0CCB}\HunterCoinD.exe
    2015-05-03 21:34 . 2015-05-03 21:34 10374656 ----a-r- c:\users\Dan\AppData\Roaming\Microsoft\Installer\{9845CAD9-BF76-4F22-A437-FF33990B0CCB}\HunterCoinQTD.exe
    2015-05-03 21:34 . 2015-05-03 21:34 10374656 ----a-r- c:\users\Dan\AppData\Roaming\Microsoft\Installer\{9845CAD9-BF76-4F22-A437-FF33990B0CCB}\HunterCoinQT.exe
    2015-05-01 13:17 . 2015-05-13 05:29 124112 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
    2015-05-01 13:16 . 2015-05-13 05:29 102608 ----a-w- c:\windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
    2015-04-20 03:17 . 2015-05-13 04:04 1647104 ----a-w- c:\windows\system32\DWrite.dll
    2015-04-20 03:17 . 2015-05-13 04:04 1179136 ----a-w- c:\windows\system32\FntCache.dll
    2015-04-20 02:56 . 2015-05-13 04:03 1250816 ----a-w- c:\windows\SysWow64\DWrite.dll
    2015-04-18 03:10 . 2015-05-13 04:04 460800 ----a-w- c:\windows\system32\certcli.dll
    2015-04-18 02:56 . 2015-05-13 04:04 342016 ----a-w- c:\windows\SysWow64\certcli.dll
    2015-04-14 13:37 . 2014-12-01 13:09 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
    2015-04-14 13:37 . 2014-12-01 13:09 107736 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
    2015-04-14 13:37 . 2014-12-01 13:09 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
    2015-04-13 03:28 . 2015-05-13 04:04 328704 ----a-w- c:\windows\system32\services.exe
    2015-04-08 03:29 . 2015-05-13 04:03 275456 ----a-w- c:\windows\system32\InkEd.dll
    2015-04-08 03:29 . 2015-05-13 04:03 24576 ----a-w- c:\windows\system32\jnwmon.dll
    2015-04-08 03:14 . 2015-05-13 04:03 216064 ----a-w- c:\windows\SysWow64\InkEd.dll
    2015-04-04 03:29 . 2015-05-13 04:04 95680 ----a-w- c:\windows\system32\drivers\ksecdd.sys
    2015-04-04 03:29 . 2015-05-13 04:04 155576 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
    2015-04-04 03:22 . 2015-05-13 04:04 210944 ----a-w- c:\windows\system32\wdigest.dll
    2015-04-04 03:22 . 2015-05-13 04:04 86528 ----a-w- c:\windows\system32\TSpkg.dll
    2015-04-04 03:22 . 2015-05-13 04:04 29184 ----a-w- c:\windows\system32\sspisrv.dll
    2015-04-04 03:22 . 2015-05-13 04:04 136192 ----a-w- c:\windows\system32\sspicli.dll
    2015-04-04 03:22 . 2015-05-13 04:04 28160 ----a-w- c:\windows\system32\secur32.dll
    2015-04-04 03:22 . 2015-05-13 04:04 314880 ----a-w- c:\windows\system32\msv1_0.dll
    2015-04-04 03:22 . 2015-05-13 04:04 309760 ----a-w- c:\windows\system32\ncrypt.dll
    2015-04-04 03:22 . 2015-05-13 04:04 728064 ----a-w- c:\windows\system32\kerberos.dll
    2015-04-04 03:22 . 2015-05-13 04:04 1461760 ----a-w- c:\windows\system32\lsasrv.dll
    2015-04-04 03:22 . 2015-05-13 04:04 22016 ----a-w- c:\windows\system32\credssp.dll
    2015-04-04 03:20 . 2015-05-13 04:04 31232 ----a-w- c:\windows\system32\lsass.exe
    2015-04-04 03:20 . 2015-05-13 04:04 64000 ----a-w- c:\windows\system32\auditpol.exe
    2015-04-04 03:17 . 2015-05-13 04:04 60416 ----a-w- c:\windows\system32\msobjs.dll
    2015-04-04 03:17 . 2015-05-13 04:04 146432 ----a-w- c:\windows\system32\msaudite.dll
    2015-04-04 03:15 . 2015-05-13 04:04 686080 ----a-w- c:\windows\system32\adtschema.dll
    2015-04-04 03:05 . 2015-05-13 04:04 172032 ----a-w- c:\windows\SysWow64\wdigest.dll
    2015-04-04 03:05 . 2015-05-13 04:04 65536 ----a-w- c:\windows\SysWow64\TSpkg.dll
    2015-04-04 03:05 . 2015-05-13 04:04 22016 ----a-w- c:\windows\SysWow64\secur32.dll
    2015-04-04 03:05 . 2015-05-13 04:04 221184 ----a-w- c:\windows\SysWow64\ncrypt.dll
    2015-04-04 03:05 . 2015-05-13 04:04 259584 ----a-w- c:\windows\SysWow64\msv1_0.dll
    2015-04-04 03:05 . 2015-05-13 04:04 550912 ----a-w- c:\windows\SysWow64\kerberos.dll
    2015-04-04 03:05 . 2015-05-13 04:04 17408 ----a-w- c:\windows\SysWow64\credssp.dll
    2015-04-04 03:04 . 2015-05-13 04:04 50176 ----a-w- c:\windows\SysWow64\auditpol.exe
    2015-04-04 03:04 . 2015-05-13 04:04 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
    2015-04-04 03:01 . 2015-05-13 04:04 60416 ----a-w- c:\windows\SysWow64\msobjs.dll
    2015-04-04 03:01 . 2015-05-13 04:04 146432 ----a-w- c:\windows\SysWow64\msaudite.dll
    2015-04-04 02:59 . 2015-05-13 04:04 686080 ----a-w- c:\windows\SysWow64\adtschema.dll
    2015-03-25 03:24 . 2015-04-15 14:12 98304 ----a-w- c:\windows\system32\wudriver.dll
    2015-03-25 03:24 . 2015-04-15 14:12 37376 ----a-w- c:\windows\system32\wups2.dll
    2015-03-25 03:24 . 2015-04-15 14:12 35328 ----a-w- c:\windows\system32\wups.dll
    2015-03-25 03:24 . 2015-04-15 14:12 3298816 ----a-w- c:\windows\system32\wucltux.dll
    2015-03-25 03:24 . 2015-04-15 14:12 2553856 ----a-w- c:\windows\system32\wuaueng.dll
    2015-03-25 03:24 . 2015-04-15 14:12 191488 ----a-w- c:\windows\system32\wuwebv.dll
    2015-03-25 03:24 . 2015-04-15 14:12 696320 ----a-w- c:\windows\system32\wuapi.dll
    2015-03-25 03:24 . 2015-04-15 14:12 60416 ----a-w- c:\windows\system32\WinSetupUI.dll
    2015-03-25 03:23 . 2015-04-15 14:12 12288 ----a-w- c:\windows\system32\wu.upgrade.ps.dll
    2015-03-25 03:23 . 2015-04-15 14:12 36864 ----a-w- c:\windows\system32\wuapp.exe
    2015-03-25 03:23 . 2015-04-15 14:12 135168 ----a-w- c:\windows\system32\wuauclt.exe
    2015-03-25 03:00 . 2015-04-15 14:12 92672 ----a-w- c:\windows\SysWow64\wudriver.dll
    2015-03-25 03:00 . 2015-04-15 14:12 566784 ----a-w- c:\windows\SysWow64\wuapi.dll
    2015-03-25 03:00 . 2015-04-15 14:12 29696 ----a-w- c:\windows\SysWow64\wups.dll
    2015-03-25 03:00 . 2015-04-15 14:12 173056 ----a-w- c:\windows\SysWow64\wuwebv.dll
    2015-03-25 03:00 . 2015-04-15 14:12 33792 ----a-w- c:\windows\SysWow64\wuapp.exe
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RoboForm"="c:\program files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2015-04-09 110160]
    "SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2010-07-04 576232]
    "LogitechSoftwareUpdate"="c:\program files (x86)\Logitech\Video\ManifestEngine.exe" [2005-06-08 196608]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "PSUAMain"="c:\program files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe" [2015-02-26 40184]
    "Malwarebytes Anti-Exploit"="c:\program files (x86)\Malwarebytes Anti-Exploit\mbae.exe" [2015-04-08 2618680]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2015-04-30 334896]
    "LogitechVideoRepair"="c:\program files (x86)\Logitech\Video\ISStart.exe" [2005-06-08 458752]
    "LogitechVideoTray"="c:\program files (x86)\Logitech\Video\LogiTray.exe" [2005-06-08 217088]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    "MaxGPOScriptWait"= 600 (0x258)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
    "LoadAppInit_DLLs"=1 (0x1)
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NanoServiceMain]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSUAService]
    @="Service"
    .
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
    R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]
    R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
    R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
    R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
    R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
    R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
    R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]
    R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]
    R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x]
    R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
    R4 fbdpinger;fbdpinger;c:\program files (x86)\TOSHIBA\ToshibaFB\fdbpinger.exe;c:\program files (x86)\TOSHIBA\ToshibaFB\fdbpinger.exe [x]
    R4 iRacingService;iRacing helper service;c:\program files (x86)\iRacing\iRacingService.exe;c:\program files (x86)\iRacing\iRacingService.exe [x]
    R4 taisregispinger;taisregispinger;c:\program files (x86)\TOSHIBA\ToshibaRegistration\TaisRegistPinger.exe;c:\program files (x86)\TOSHIBA\ToshibaRegistration\TaisRegistPinger.exe [x]
    R4 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [x]
    R4 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe;c:\program files\TOSHIBA\TECO\TecoService.exe [x]
    S0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\DRIVERS\thpdrv.sys;c:\windows\SYSNATIVE\DRIVERS\thpdrv.sys [x]
    S0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\DRIVERS\Thpevm.SYS;c:\windows\SYSNATIVE\DRIVERS\Thpevm.SYS [x]
    S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys;c:\windows\SYSNATIVE\DRIVERS\tos_sps64.sys [x]
    S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
    S1 ESProtectionDriver;Malwarebytes Anti-Exploit;c:\program files (x86)\Malwarebytes Anti-Exploit\mbae64.sys;c:\program files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [x]
    S1 NNSALPC;NNSALPC;c:\windows\system32\DRIVERS\NNSAlpc.sys;c:\windows\SYSNATIVE\DRIVERS\NNSAlpc.sys [x]
    S1 NNSHTTP;NNSHTTP;c:\windows\system32\DRIVERS\NNSHttp.sys;c:\windows\SYSNATIVE\DRIVERS\NNSHttp.sys [x]
    S1 NNSHTTPS;NNSHTTPS;c:\windows\system32\DRIVERS\NNSHttps.sys;c:\windows\SYSNATIVE\DRIVERS\NNSHttps.sys [x]
    S1 NNSIDS;NNSIDS;c:\windows\system32\DRIVERS\NNSIds.sys;c:\windows\SYSNATIVE\DRIVERS\NNSIds.sys [x]
    S1 NNSNAHSL;Network Activity Hook Server LightWeight Filter Driver;c:\windows\system32\DRIVERS\NNSNAHSL.sys;c:\windows\SYSNATIVE\DRIVERS\NNSNAHSL.sys [x]
    S1 NNSPICC;NNSPICC;c:\windows\system32\DRIVERS\NNSPicc.sys;c:\windows\SYSNATIVE\DRIVERS\NNSPicc.sys [x]
    S1 NNSPIHSW;NNSPIHSW;c:\windows\system32\DRIVERS\NNSPihsw.sys;c:\windows\SYSNATIVE\DRIVERS\NNSPihsw.sys [x]
    S1 NNSPOP3;NNSPOP3;c:\windows\system32\DRIVERS\NNSPop3.sys;c:\windows\SYSNATIVE\DRIVERS\NNSPop3.sys [x]
    S1 NNSPROT;NNSPROT;c:\windows\system32\DRIVERS\NNSProt.sys;c:\windows\SYSNATIVE\DRIVERS\NNSProt.sys [x]
    S1 NNSPRV;NNSPRV;c:\windows\system32\DRIVERS\NNSPrv.sys;c:\windows\SYSNATIVE\DRIVERS\NNSPrv.sys [x]
    S1 NNSSMTP;NNSSMTP;c:\windows\system32\DRIVERS\NNSSmtp.sys;c:\windows\SYSNATIVE\DRIVERS\NNSSmtp.sys [x]
    S1 NNSSTRM;NNSSTRM;c:\windows\system32\DRIVERS\NNSStrm.sys;c:\windows\SYSNATIVE\DRIVERS\NNSStrm.sys [x]
    S1 NNSTLSC;NNSTLSC;c:\windows\system32\DRIVERS\NNSTlsc.sys;c:\windows\SYSNATIVE\DRIVERS\NNSTlsc.sys [x]
    S1 PSINKNC;PSINKNC;c:\windows\system32\DRIVERS\psinknc.sys;c:\windows\SYSNATIVE\DRIVERS\psinknc.sys [x]
    S2 camfrog_update_service;Camfrog Update Service;c:\program files (x86)\Camfrog\Camfrog Video Chat\update\cf_update_service.exe;c:\program files (x86)\Camfrog\Camfrog Video Chat\update\cf_update_service.exe [x]
    S2 FoxitCloudUpdateService;Foxit Cloud Safe Update Service;c:\program files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe;c:\program files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [x]
    S2 GoogleSitemapGenerator;Google Sitemap Generator;c:\program files (x86)\Google\Google Sitemap Generator\SitemapService.exe;c:\program files (x86)\Google\Google Sitemap Generator\SitemapService.exe [x]
    S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
    S2 MbaeSvc;Malwarebytes Anti-Exploit Service;c:\program files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe;c:\program files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [x]
    S2 NanoServiceMain;Panda Protection Service;c:\program files (x86)\Panda Security\Panda Security Protection\PSANHost.exe;c:\program files (x86)\Panda Security\Panda Security Protection\PSANHost.exe [x]
    S2 PandaAgent;Panda Devices Agent;c:\program files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe;c:\program files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe [x]
    S2 PSINAflt;PSINAflt;c:\windows\system32\DRIVERS\PSINAflt.sys;c:\windows\SYSNATIVE\DRIVERS\PSINAflt.sys [x]
    S2 PSINFile;PSINFile;c:\windows\system32\DRIVERS\PSINFile.sys;c:\windows\SYSNATIVE\DRIVERS\PSINFile.sys [x]
    S2 PSINProc;PSINProc;c:\windows\system32\DRIVERS\PSINProc.sys;c:\windows\SYSNATIVE\DRIVERS\PSINProc.sys [x]
    S2 PSINProt;PSINProt;c:\windows\system32\DRIVERS\PSINProt.sys;c:\windows\SYSNATIVE\DRIVERS\PSINProt.sys [x]
    S2 PSINReg;PSINReg;c:\windows\system32\DRIVERS\PSINReg.sys;c:\windows\SYSNATIVE\DRIVERS\PSINReg.sys [x]
    S2 PSUAService;Panda Product Service;c:\program files (x86)\Panda Security\Panda Security Protection\PSUAService.exe;c:\program files (x86)\Panda Security\Panda Security Protection\PSUAService.exe [x]
    S2 rimspci;rimspci;c:\windows\system32\DRIVERS\rimspe64.sys;c:\windows\SYSNATIVE\DRIVERS\rimspe64.sys [x]
    S2 risdpcie;risdpcie;c:\windows\system32\DRIVERS\risdpe64.sys;c:\windows\SYSNATIVE\DRIVERS\risdpe64.sys [x]
    S2 rixdpcie;rixdpcie;c:\windows\system32\DRIVERS\rixdpe64.sys;c:\windows\SYSNATIVE\DRIVERS\rixdpe64.sys [x]
    S2 ss_conn_service;SAMSUNG Mobile Connectivity Service;c:\program files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe;c:\program files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe [x]
    S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
    S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys;c:\windows\SYSNATIVE\DRIVERS\FwLnk.sys [x]
    S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
    S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]
    S3 LVUSBS64;Logitech USB Monitor Filter;c:\windows\system32\drivers\LVUSBS64.sys;c:\windows\SYSNATIVE\drivers\LVUSBS64.sys [x]
    S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys;c:\windows\SYSNATIVE\DRIVERS\pgeffect.sys [x]
    S3 pneteth;PdaNet Broadband;c:\windows\system32\DRIVERS\pneteth.sys;c:\windows\SYSNATIVE\DRIVERS\pneteth.sys [x]
    S3 pnetmdm;PdaNet Modem;c:\windows\system32\DRIVERS\pnetmdm64.sys;c:\windows\SYSNATIVE\DRIVERS\pnetmdm64.sys [x]
    S3 PSKMAD;PSKMAD;c:\windows\system32\DRIVERS\PSKMAD.sys;c:\windows\SYSNATIVE\DRIVERS\PSKMAD.sys [x]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
    S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys;c:\windows\SYSNATIVE\DRIVERS\rtl8192se.sys [x]
    S3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
    .
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
    iissvcs REG_MULTI_SZ w3svc was
    apphost REG_MULTI_SZ apphostsvc
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
    2015-06-10 04:02 986440 ----a-w- c:\program files (x86)\Google\Chrome\Application\43.0.2357.124\Installer\chrmstp.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2015-06-20 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-03-31 05:34]
    .
    2015-06-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-06-04 22:29]
    .
    2015-06-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-06-04 22:29]
    .
    2015-06-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3476291681-2796092440-1313146854-1000Core.job
    - c:\users\Dan\AppData\Local\Google\Update\GoogleUpdate.exe [2015-05-15 03:22]
    .
    2015-06-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3476291681-2796092440-1313146854-1000UA.job
    - c:\users\Dan\AppData\Local\Google\Update\GoogleUpdate.exe [2015-05-15 03:22]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-11-03 8312352]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-01-18 16414824]
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    mStart Page = www.google.com
    mLocal Page = c:\windows\SysWOW64\blank.htm
    IE: Customize Menu - file://C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComCustomizeIEMenu.html
    IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office12\EXCEL.EXE/3000
    IE: Fill Forms - file://C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComFillForms.html
    IE: Save Forms - file://C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComSavePass.html
    IE: Show RoboForm Toolbar - file://C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComShowToolbar.html
    TCP: DhcpNameServer = 192.168.1.1
    FF - ProfilePath - c:\users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\bj93ez97.default-1427226481790\
    FF - prefs.js: browser.startup.homepage - google.com
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-Locked - (no file)
    AddRemove-MultiBit 0.5.18 - c:\program files (x86)\Java\jre1.8.0_25\bin\javaw.exe
    AddRemove-ProfitCoin 1.1 - f:\e-currencys\Profitcoin\ProfitCoin\Uninstall.exe
    AddRemove-{1B9604EE-B104-45C8-8551-5F63BA631E23} - c:\programdata\{FA77A43D-F6ED-4924-87B5-517C061388C6}\WeatherBugSetup.exe
    AddRemove-Litecoin - f:\e-currencys\Litecoin\uninstall.exe
    AddRemove-Primecoin - f:\e-currencys\Primecoin\uninstall.exe
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2015-06-20 14:40:45
    ComboFix-quarantined-files.txt 2015-06-20 18:40
    .
    Pre-Run: 82 736 046 080 bytes free
    Post-Run: 82 492 243 968 bytes free
    .
    - - End Of File - - 6D60A04F7AA5F36399BFE7D74ABF38E0

    • 0
  15. ProblemsRBad added a post in a topic [RESOLVED] My win7 laptop has malware (and removed) items   

    Ok heres logs thanks a lot Broni:

    RogueKiller V10.8.4.0 [Jun 15 2015] by Adlice Software
    mail : http://www.adlice.com/contact/
    Feedback : http://forum.adlice.com
    Website : http://www.adlice.com/softwares/roguekiller/
    Blog : http://www.adlice.com

    Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User : Dan [Administrator]
    Started from : C:\Users\Dan\Desktop\RogueKiller.exe
    Mode : Scan -- Date : 06/20/2015 12:31:27

    ¤¤¤ Processes : 0 ¤¤¤

    ¤¤¤ Registry : 2 ¤¤¤
    [PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> Found
    [PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> Found

    ¤¤¤ Tasks : 0 ¤¤¤

    ¤¤¤ Files : 0 ¤¤¤

    ¤¤¤ Hosts File : 1 ¤¤¤
    [C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 albert.apple.com

    ¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤

    ¤¤¤ Web browsers : 0 ¤¤¤

    ¤¤¤ MBR Check : ¤¤¤
    +++++ PhysicalDrive0: Hitachi HTS545050B9A300 +++++
    --- User ---
    [MBR] 5907ba1df80cd8c9d3e7aebeb8273567
    [bSP] 33e8435467f816891a07df950e551886 : HP|VT.Unknown MBR Code
    Partition table:
    0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 MB
    1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 3074048 | Size: 464784 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
    2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 954951680 | Size: 10655 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
    User = LL1 ... OK
    User = LL2 ... OK


    ============================================
    RKreport_SCN_02032015_004334.log - RKreport_DEL_02032015_004426.log - RKreport_SCN_03302015_130516.log - RKreport_DEL_03302015_130547.log
    RKreport_SCN_05102015_154717.log - RKreport_DEL_05102015_154731.log

    --------------------------------------------------------------------------------------------------------------------------------------------------------------------

    Malwarebytes Anti-Malware
    www.malwarebytes.org

    Scan Date: 20.06.2015
    Scan Time: 11:25:28
    Logfile: mbamlog.txt
    Administrator: Yes

    Version: 2.01.6.1022
    Malware Database: v2015.06.20.02
    Rootkit Database: v2015.06.15.01
    License: Premium
    Malware Protection: Enabled
    Malicious Website Protection: Enabled
    Self-protection: Disabled

    OS: Windows 7 Service Pack 1
    CPU: x64
    File System: NTFS
    User: Dan

    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 431252
    Time Elapsed: 33 min, 17 sec

    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Enabled
    PUM: Enabled

    Processes: 0
    (No malicious items detected)

    Modules: 0
    (No malicious items detected)

    Registry Keys: 0
    (No malicious items detected)

    Registry Values: 0
    (No malicious items detected)

    Registry Data: 0
    (No malicious items detected)

    Folders: 2
    PUP.Optional.MusixLib.A, C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\bj93ez97.default-1427226481790\jetpack\jid1-lPOiBAxFFMUSIX@jetpack, Quarantined, [ec065864dbaffe38ce8051a3847ff907],
    PUP.Optional.MusixLib.A, C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\bj93ez97.default-1427226481790\jetpack\jid1-lPOiBAxFFMUSIX@jetpack\simple-storage, Quarantined, [ec065864dbaffe38ce8051a3847ff907],

    Files: 3
    PUP.Optional.PerformerSoft.A, C:\Users\Dan\Downloads\setup.exe, Quarantined, [5e941d9ff793a98de39e0580c73f4ab6],
    PUP.Optional.MusixLib.A, C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\bj93ez97.default-1427226481790\extensions\jid1-lPOiBAxFFMUSIX@jetpack.xpi, Quarantined, [2bc7b90394f6063061fb7c183fc6aa56],
    PUP.Optional.MusixLib.A, C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\bj93ez97.default-1427226481790\jetpack\jid1-lPOiBAxFFMUSIX@jetpack\simple-storage\store.json, Quarantined, [ec065864dbaffe38ce8051a3847ff907],

    Physical Sectors: 0
    (No malicious items detected)


    (end)

    --------------------------------------------------------------------------------------------------------------------------------------------------------------------

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 7.0.3 (06.19.2015:1)
    OS: Windows 7 Home Premium x64
    Ran by Dan on 20.06.2015 at 12:38:03,54
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    ~~~ Services



    ~~~ Tasks



    ~~~ Registry Values



    ~~~ Registry Keys



    ~~~ Files



    ~~~ Folders

    Successfully deleted: [Folder] C:\Users\Dan\appdata\local\crashrpt



    ~~~ FireFox




    ~~~ Chrome


    [C:\Users\Dan\appdata\local\Google\Chrome\User Data\Default\Preferences] - default search provider reset

    [C:\Users\Dan\appdata\local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:

    [C:\Users\Dan\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset

    [C:\Users\Dan\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
    []





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on 20.06.2015 at 12:43:15,31
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


    --------------------------------------------------------------------------------------------------------------------------------------------------------------------

    # AdwCleaner v4.206 - Logfile created 20/06/2015 at 12:53:43
    # Updated 01/06/2015 by Xplode
    # Database : 2015-06-17.1 [server]
    # Operating system : Windows 7 Home Premium Service Pack 1 (x64)
    # Username : Dan - DAN-PC
    # Running from : C:\Users\Dan\Desktop\adwcleaner_4.206.exe
    # Option : Cleaning

    ***** [ Services ] *****

    [#] Service Deleted : mcaudrv_simple
    [#] Service Deleted : ManyCam

    ***** [ Files / Folders ] *****

    File Deleted : C:\windows\System32\drivers\mcaudrv_x64.sys
    File Deleted : C:\windows\System32\drivers\mcvidrv.sys

    ***** [ Scheduled tasks ] *****


    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****

    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}

    ***** [ Web browsers ] *****

    -\\ Internet Explorer v11.0.9600.17840


    -\\ Mozilla Firefox v38.0.5 (x86 en-US)


    -\\ Google Chrome v43.0.2357.124

    [C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
    [C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [search Provider] : hxxp://www.ask.com/web?q={searchTerms}

    -\\ Opera v30.0.1835.59


    *************************

    AdwCleaner[R0].txt - [1947 bytes] - [20/06/2015 12:47:19]
    AdwCleaner[s0].txt - [1900 bytes] - [20/06/2015 12:53:43]

    ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [1959 bytes] ##########

    • 0