System is taking more than 30% CPU - Page 2

olgun52 · #16 January 10th, 2016, 01:27 PM

How is the PC running now.?
Please post a fresh FRST Logs for my check. (Frst.txt and Additional.txt)

danasegarane · #17 January 14th, 2016, 06:42 AM

PC Looks Good Now.

Frst.txt

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:31-12-2015
Ran by Dan (administrator) on DESKTOP-M3F0DT2 (14-01-2016 11:09:46)
Running from C:\Users\Dan\Desktop
Loaded Profiles: Dan (Available Profiles: Dan)
Platform: Windows 10 Pro (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Webroot) C:\Program Files\Webroot\WRSA.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Károly Pados) C:\Program Files (x86)\TinyWall\TinyWall.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\Pres entationFontCache.exe
() C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Webroot) C:\Program Files\Webroot\WRSA.exe
(Károly Pados) C:\Program Files (x86)\TinyWall\TinyWall.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\redirector.exe
(Microsoft Corporation) C:\Windows\System32\wuapihost.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wek yb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wek yb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wek yb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Don HO don.h@free.fr) E:\CBAKUP\npp.6.6.8.bin\notepad++.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\mspaint.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [TinyWall Controller] => C:\Program Files (x86)\TinyWall\TinyWall.exe [653560 2015-01-07] (Károly Pados)
HKLM-x32\...\Run: [BCSSync] => H:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [WRSVC] => C:\Program Files\Webroot\WRSA.exe [840768 2015-12-31] (Webroot)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596528 2015-11-09] (Oracle Corporation)
HKLM-x32\...\Run: [FolderTransfer] => C:\Program Files (x86)\FolderTransfer\FolderTransfer.exe h
HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [518456 2015-09-13] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [Redirector] => C:\Program Files (x86)\Citrix\ICA Client\redirector.exe [231736 2015-09-13] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [vmware-tray.exe] => C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe [104128 2015-11-25] (VMware, Inc.)
HKLM\...\Policies\Explorer: [NoViewOnDrive] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKLM\...\Policies\Explorer: [NoViewContextMenu] 0
HKLM\...\Policies\Explorer: [NoShellSearchButton] 0
HKLM\...\Policies\Explorer: [NoFind] 0
HKLM\...\Policies\Explorer: [NoFile] 0
HKLM\...\Policies\Explorer: [HideClock] 0
HKLM\...\Policies\Explorer: [NoTrayContextMenu] 0
HKLM\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKLM\...\Policies\Explorer: [NoSetFolders] 0
HKLM\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKLM\...\Policies\Explorer: [NoSetTaskbar] 0
HKLM\...\Policies\Explorer: [NoDeletePrinter] 0
HKLM\...\Policies\Explorer: [NoDFSTab] 0
HKLM\...\Policies\Explorer: [NoChangeStartMenu] 0
HKLM\...\Policies\Explorer: [NoLogoff] 0
HKLM\...\Policies\Explorer: [NoWindowsUpdate] 0
HKLM\...\Policies\Explorer: [NoEncryptOnMove] 0
HKLM\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKLM\...\Policies\Explorer: [NoResolveSearch] 0
HKLM\...\Policies\Explorer: [NoSaveSettings] 0
HKLM\...\Policies\Explorer: [NoHardwareTab] 0
HKLM\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKLM\...\Policies\Explorer: [NoDesktop] 0
HKU\S-1-5-19\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-19\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-19\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-19\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-20\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-20\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-20\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-20\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-21-3970575942-993616519-1242115057-1001\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7935904 2015-12-09] (SUPERAntiSpyware)
HKU\S-1-5-21-3970575942-993616519-1242115057-1001\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-21-3970575942-993616519-1242115057-1001\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-21-3970575942-993616519-1242115057-1001\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-21-3970575942-993616519-1242115057-1001\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-21-3970575942-993616519-1242115057-1001\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-21-3970575942-993616519-1242115057-1001\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-21-3970575942-993616519-1242115057-1001\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-21-3970575942-993616519-1242115057-1001\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-21-3970575942-993616519-1242115057-1001\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-21-3970575942-993616519-1242115057-1001\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-21-3970575942-993616519-1242115057-1001\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-21-3970575942-993616519-1242115057-1001\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-21-3970575942-993616519-1242115057-1001\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-21-3970575942-993616519-1242115057-1001\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-21-3970575942-993616519-1242115057-1001\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-21-3970575942-993616519-1242115057-1001\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-21-3970575942-993616519-1242115057-1001\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-21-3970575942-993616519-1242115057-1001\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-21-3970575942-993616519-1242115057-1001\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-21-3970575942-993616519-1242115057-1001\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-21-3970575942-993616519-1242115057-1001\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-21-3970575942-993616519-1242115057-1001\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-21-3970575942-993616519-1242115057-1001\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-21-3970575942-993616519-1242115057-1001\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-21-3970575942-993616519-1242115057-1001\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-21-3970575942-993616519-1242115057-1001\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-21-3970575942-993616519-1242115057-1001\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-21-3970575942-993616519-1242115057-1001\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-21-3970575942-993616519-1242115057-1001\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-18\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-18\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-18\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-18\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoStartMenuSubFolders] 0
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{3179ae60-da64-47e9-bfcb-5246491b9c2d}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
SearchScopes: HKU\S-1-5-21-3970575942-993616519-1242115057-1001 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Webroot Filtering Extension -> {C9C42510-9B41-42c1-9DCD-7282A2D07C61} -> C:\Program Files\Webroot\WRData\PKG\Vistax64\wrflt.dll [2015-12-31] (Webroot)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> H:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\ssv.dll [2015-11-28] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> H:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Webroot Filtering Extension -> {C9C42510-9B41-42c1-9DCD-7282A2D07C61} -> C:\Program Files\Webroot\WRData\PKG\Vistax86\wrflt.dll [2015-12-31] (Webroot)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\jp2ssv.dll [2015-11-28] (Oracle Corporation)
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-09-13] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-09-13] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-09-13] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-09-13] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-09-13] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-09-13] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-09-13] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-09-13] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-09-13] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-09-13] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-09-13] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-09-13] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-09-13] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-09-13] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-09-13] (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-09-13] (Citrix Systems, Inc.)

danasegarane · #18 January 14th, 2016, 06:43 AM

FireFox:
========
FF ProfilePath: C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profi les\ou9yr0xe.default
FF NewTab: about:newtab
FF Homepage: about:home
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDet ect64.dll [No File]
FF Plugin-x32: @Citrix.com/npican -> C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll [2015-09-13] (Citrix Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1. dll [2015-11-28] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2015-11-28] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> H:\Program Files (x86)\Microsoft Office\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> H:\Program Files (x86)\Microsoft Office\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-05] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-05] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2012-03-17] (VideoLAN)
FF Extension: User Agent Switcher - C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profi les\ou9yr0xe.default\extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}.xpi [2015-11-12]
FF Extension: Save Images - C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profi les\ou9yr0xe.default\extensions\LDSI_plashcor@gmai l.com.xpi [2015-11-22]
FF Extension: ScrapBook - C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profi les\ou9yr0xe.default\extensions\{53A03D43-5363-4669-8190-99061B2DEBA5}.xpi [2015-12-04]
FF Extension: WOT - C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profi les\ou9yr0xe.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2015-12-09]
FF Extension: Save Image in Folder - C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profi les\ou9yr0xe.default\extensions\{5e594888-3e8e-47da-b2c6-b0b545112f84}.xpi [2015-12-17]
FF Extension: FlashGot - C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profi les\ou9yr0xe.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi [2015-12-31]
FF Extension: DownThemAll! - C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profi les\ou9yr0xe.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2016-01-01]
FF Extension: LastPass - C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profi les\ou9yr0xe.default\extensions\support@lastpass.c om [2016-01-07]
FF Extension: No Name - C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profi les\ou9yr0xe.default\Extensions\firebug@software.j oehewitt.com.xpi [2015-12-19] [not signed]
FF Extension: Adblock Plus - C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profi les\ou9yr0xe.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-12-17]
FF HKLM\...\Firefox\Extensions: [webrootsecure@webroot.com] - C:\ProgramData\WRData\PKG\FIREFOX\WebrootSecure_So cketServer => not found
FF HKLM-x32\...\Firefox\Extensions: [webrootsecure@webroot.com] - C:\ProgramData\WRData\PKG\FIREFOX\WebrootSecure_So cketServer => not found

Chrome:
=======
CHR Profile: C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhon fmgoek [2016-01-09]
CHR Extension: (Google Docs) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfi lokake [2016-01-09]
CHR Extension: (Google Drive) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigk jlhalf [2016-01-09]
CHR Extension: (YouTube) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldk acnbeo [2016-01-09]
CHR Extension: (Google Search) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljnie djpjpf [2016-01-09]
CHR Extension: (Google Sheets) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpeb giejap [2016-01-09]
CHR Extension: (Google Docs Offline) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdl olhkhi [2016-01-09]
CHR Extension: (Webroot Filtering Extension) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjeghcllfecehndceplomkocgf bklffd [2016-01-09]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccm gmieda [2016-01-09]
CHR Extension: (Gmail) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoe jaedia [2016-01-09]
CHR HKLM-x32\...\Chrome\Extension: [kjeghcllfecehndceplomkocgfbklffd] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-23] (SUPERAntiSpyware.com)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [330136 2015-10-17] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
S3 Microsoft SharePoint Workspace Audit Service; H:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [30814400 2013-12-19] (Microsoft Corporation)
S2 MSSQL$SQLEXPRESS; C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [40999448 2008-08-11] (Microsoft Corporation)
S2 MSSQL$SQLEXPRESS_1; C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS_1\MSSQL\Binn\sqlservr.ex e [40999448 2008-08-11] (Microsoft Corporation)
S3 MSSQLFDLauncher$SQLEXPRESS_1; C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS_1\MSSQL\Binn\fdlauncher. exe [31256 2008-07-10] (Microsoft Corporation)
S2 SQLAgent$SQLEXPRESS; C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [369688 2008-08-11] (Microsoft Corporation)
S2 SQLAgent$SQLEXPRESS_1; C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS_1\MSSQL\Binn\SQLAGENT.EX E [369688 2008-08-11] (Microsoft Corporation)
R2 TinyWall; C:\Program Files (x86)\TinyWall\TinyWall.exe [653560 2015-01-07] (Károly Pados)
R2 VMwareHostd; C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe [12462784 2015-11-25] ()
S3 VSStandardCollectorService140; C:\Program Files (x86)\Microsoft Visual Studio 14.0\Team Tools\DiagnosticsHub\Collector\StandardCollector.S ervice.exe [56040 2015-11-19] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-10] (Microsoft Corporation)
R2 WRSVC; C:\Program Files\Webroot\WRSA.exe [840768 2015-12-31] (Webroot)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 Ctxusbr; C:\Windows\System32\drivers\ctxusbr.sys [79192 2015-07-01] (Citrix Systems, Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-01-14] (Malwarebytes)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\System32\drivers\TeeDriverW8x64.sys [193336 2015-10-17] (Intel Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-13] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 SensorsSimulatorDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [214016 2015-07-10] (Microsoft Corporation)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [30848 2016-01-09] ()
S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-10] ()
R2 VMparport; C:\Windows\system32\drivers\VMparport.sys [31936 2015-11-25] (VMware, Inc.)
R0 vsock; C:\Windows\System32\drivers\vsock.sys [75512 2015-11-05] (VMware, Inc.)
R2 vstor2-mntapi20-shared; C:\Windows\SysWow64\drivers\vstor2-mntapi20-shared.sys [34520 2015-07-09] (VMware, Inc.)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation)
R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation)
R0 WRkrn; C:\Windows\System32\drivers\WRkrn.sys [117728 2015-10-25] (Webroot)
S3 wrUrlFlt; C:\Windows\system32\DRIVERS\wrUrlFlt.sys [45104 2015-12-19] (Webroot)
U0 SR; no ImagePath
U2 srservice; no ImagePath
S3 taphss6; \SystemRoot\System32\drivers\taphss6.sys [X]
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-01-14 11:02 - 2016-01-14 11:02 - 00016148 _____ C:\Windows\system32\DESKTOP-M3F0DT2_Dan_HistoryPrediction.bin
2016-01-14 08:34 - 2016-01-14 08:34 - 00016958 _____ C:\Users\Dan\Downloads\launch (7).ica
2016-01-10 08:09 - 2016-01-10 08:09 - 00000000 ____D C:\Users\Dan\.vs
2016-01-09 16:55 - 2016-01-09 16:55 - 00301607 _____ C:\Users\Dan\Downloads\540f8834fd6cab7cd31d60673d8 9fbb5.ico.zip
2016-01-09 10:36 - 2016-01-09 10:38 - 00018058 _____ C:\Users\Dan\Desktop\scan_160109-083522.txt
2016-01-09 10:34 - 2016-01-09 11:49 - 00000000 ____D C:\ProgramData\Package Cache
2016-01-09 10:31 - 2016-01-09 10:31 - 00000000 ____D C:\Users\Dan\AppData\Local\PeerDistRepub
2016-01-09 08:32 - 2016-01-09 08:32 - 00000755 _____ C:\Users\Dan\Desktop\Start Emsisoft Emergency Kit.lnk
2016-01-09 08:31 - 2016-01-09 08:32 - 00000000 ____D C:\EEK
2016-01-09 08:10 - 2016-01-09 08:10 - 00008291 _____ C:\Users\Dan\Desktop\zoek-results.txt
2016-01-09 07:56 - 2016-01-09 06:39 - 173451024 _____ C:\Users\Dan\Downloads\EmsisoftEmergencyKit.exe
2016-01-09 07:47 - 2016-01-09 08:01 - 00000000 ____D C:\zoek_backup
2016-01-09 07:45 - 2016-01-09 07:45 - 00000188 _____ C:\Users\Dan\Downloads\Fixlist(1).txt
2016-01-09 07:44 - 2016-01-09 07:47 - 01309184 _____ C:\Users\Dan\Downloads\zoek.exe
2016-01-09 07:33 - 2016-01-09 07:40 - 00007268 _____ C:\Users\Dan\Desktop\Fixlog.txt
2016-01-09 07:28 - 2016-01-09 07:28 - 00003123 _____ C:\Users\Dan\Downloads\Fixlist.txt
2016-01-09 07:28 - 2015-12-01 12:31 - 02115936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2016-01-09 07:28 - 2015-12-01 11:21 - 07523840 _____ (Microsoft Corporation) C:\Windows\system32\Chakra.dll
2016-01-09 07:28 - 2015-12-01 10:29 - 05455360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Chakra.dll
2016-01-09 07:28 - 2015-11-25 11:12 - 04532304 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2016-01-09 07:28 - 2015-11-25 11:12 - 00168288 _____ (Microsoft Corporation) C:\Windows\system32\NetworkUXBroker.exe
2016-01-09 07:28 - 2015-11-25 11:11 - 01822280 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-01-09 07:28 - 2015-11-25 11:03 - 03622272 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-01-09 07:28 - 2015-11-25 10:57 - 01366680 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2016-01-09 07:28 - 2015-11-25 10:42 - 04047288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
2016-01-09 07:28 - 2015-11-25 10:41 - 01532984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-01-09 07:28 - 2015-11-25 10:39 - 01310880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2016-01-09 07:28 - 2015-11-25 10:31 - 02879024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-01-09 07:28 - 2015-11-25 10:19 - 01569280 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Globalization.dll
2016-01-09 07:28 - 2015-11-25 10:19 - 00498688 _____ (Microsoft Corporation) C:\Windows\system32\WlanMediaManager.dll
2016-01-09 07:28 - 2015-11-25 10:19 - 00467456 _____ (Microsoft Corporation) C:\Windows\system32\MBMediaManager.dll
2016-01-09 07:28 - 2015-11-25 10:19 - 00270336 _____ (Microsoft Corporation) C:\Windows\system32\RasMediaManager.dll
2016-01-09 07:28 - 2015-11-25 10:18 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\EthernetMediaManager.dll
2016-01-09 07:28 - 2015-11-25 10:18 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\DAMediaManager.dll
2016-01-09 07:28 - 2015-11-25 10:14 - 21872640 _____ (Microsoft Corporation) C:\Windows\system32\edgehtml.dll
2016-01-09 07:28 - 2015-11-25 10:12 - 24592384 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-01-09 07:28 - 2015-11-25 10:07 - 02350592 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2016-01-09 07:28 - 2015-11-25 10:06 - 01710592 _____ (Microsoft Corporation) C:\Windows\system32\SRHInproc.dll
2016-01-09 07:28 - 2015-11-25 10:05 - 00929792 _____ (Microsoft Corporation) C:\Windows\system32\SRH.dll
2016-01-09 07:28 - 2015-11-25 10:05 - 00845824 _____ (Microsoft Corporation) C:\Windows\system32\Magnify.exe
2016-01-09 07:28 - 2015-11-25 10:04 - 12504576 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-01-09 07:28 - 2015-11-25 10:01 - 00121344 _____ (Microsoft Corporation) C:\Windows\system32\DAMM.dll
2016-01-09 07:28 - 2015-11-25 10:00 - 00171008 _____ (Microsoft Corporation) C:\Windows\system32\dot3mm.dll
2016-01-09 07:28 - 2015-11-25 10:00 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rmcast.sys
2016-01-09 07:28 - 2015-11-25 10:00 - 00080896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hdaudbus.sys
2016-01-09 07:28 - 2015-11-25 09:59 - 01649152 _____ (Microsoft Corporation) C:\Windows\system32\comsvcs.dll
2016-01-09 07:28 - 2015-11-25 09:59 - 00355328 _____ (Microsoft Corporation) C:\Windows\system32\ninput.dll
2016-01-09 07:28 - 2015-11-25 09:58 - 00572928 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-01-09 07:28 - 2015-11-25 09:58 - 00523776 _____ (Microsoft Corporation) C:\Windows\system32\catsrvut.dll
2016-01-09 07:28 - 2015-11-25 09:57 - 02180608 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentServer.dll
2016-01-09 07:28 - 2015-11-25 09:56 - 00849408 _____ (Microsoft Corporation) C:\Windows\system32\comdlg32.dll
2016-01-09 07:28 - 2015-11-25 09:55 - 00324096 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2016-01-09 07:28 - 2015-11-25 09:53 - 19323392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-01-09 07:28 - 2015-11-25 09:53 - 03588096 _____ (Microsoft Corporation) C:\Windows\system32\win32kfull.sys
2016-01-09 07:28 - 2015-11-25 09:53 - 00587776 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-01-09 07:28 - 2015-11-25 09:52 - 01717248 _____ (Microsoft Corporation) C:\Windows\system32\GdiPlus.dll
2016-01-09 07:28 - 2015-11-25 09:52 - 01383424 _____ (Microsoft Corporation) C:\Windows\system32\win32kbase.sys
2016-01-09 07:28 - 2015-11-25 09:52 - 00603648 _____ (Microsoft Corporation) C:\Windows\system32\duser.dll
2016-01-09 07:28 - 2015-11-25 09:49 - 01795584 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentExtensions.dll
2016-01-09 07:28 - 2015-11-25 09:48 - 01233920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Globalization.dll
2016-01-09 07:28 - 2015-11-25 09:47 - 00774656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SRH.dll
2016-01-09 07:28 - 2015-11-25 09:46 - 01442816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SRHInproc.dll
2016-01-09 07:28 - 2015-11-25 09:46 - 00786432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Magnify.exe
2016-01-09 07:28 - 2015-11-25 09:43 - 02153984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2016-01-09 07:28 - 2015-11-25 09:41 - 00296960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ninput.dll
2016-01-09 07:28 - 2015-11-25 09:40 - 18801664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\edgehtml.dll
2016-01-09 07:28 - 2015-11-25 09:40 - 01328128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comsvcs.dll
2016-01-09 07:28 - 2015-11-25 09:40 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-01-09 07:28 - 2015-11-25 09:40 - 00415744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\catsrvut.dll
2016-01-09 07:28 - 2015-11-25 09:38 - 00749568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comdlg32.dll
2016-01-09 07:28 - 2015-11-25 09:35 - 11263488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-01-09 07:28 - 2015-11-25 09:34 - 01467392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GdiPlus.dll
2016-01-09 07:28 - 2015-11-25 09:34 - 00480768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\duser.dll
2016-01-09 07:28 - 2015-11-25 09:34 - 00474624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-01-09 07:28 - 2015-11-25 08:22 - 00775312 _____ C:\Windows\SysWOW64\locale.nls
2016-01-09 07:28 - 2015-11-25 08:22 - 00775312 _____ C:\Windows\system32\locale.nls
2016-01-09 07:27 - 2015-12-01 11:33 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\gpuenergydrv.sys
2016-01-09 07:27 - 2015-12-01 11:24 - 00771072 _____ (Microsoft Corporation) C:\Windows\system32\Chakradiag.dll
2016-01-09 07:27 - 2015-12-01 11:19 - 04792320 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-01-09 07:27 - 2015-12-01 10:32 - 03580416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-01-09 07:27 - 2015-11-25 11:10 - 00516448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBHUB3.SYS
2016-01-09 07:27 - 2015-11-25 11:02 - 00113184 _____ (Microsoft Corporation) C:\Windows\system32\userenv.dll
2016-01-09 07:27 - 2015-11-25 10:29 - 00092992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\userenv.dll
2016-01-09 07:27 - 2015-11-25 10:06 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usb8023.sys
2016-01-09 07:27 - 2015-11-25 09:56 - 00181760 _____ (Microsoft Corporation) C:\Windows\system32\shutdownux.dll
2016-01-09 07:27 - 2015-11-25 09:55 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\profext.dll
2016-01-09 07:27 - 2015-11-25 09:52 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\kbdgeoqw.dll
2016-01-09 07:27 - 2015-11-25 09:52 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDAZST.DLL
2016-01-09 07:27 - 2015-11-25 09:52 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDAZEL.DLL
2016-01-09 07:27 - 2015-11-25 09:52 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDAZE.DLL
2016-01-09 07:27 - 2015-11-25 09:49 - 00185344 _____ (Microsoft Corporation) C:\Windows\system32\psmsrv.dll
2016-01-09 07:27 - 2015-11-25 09:37 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\profext.dll
2016-01-09 07:27 - 2015-11-25 09:34 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kbdgeoqw.dll
2016-01-09 07:27 - 2015-11-25 09:34 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDAZST.DLL
2016-01-09 07:27 - 2015-11-25 09:34 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDAZEL.DLL
2016-01-09 07:27 - 2015-11-25 09:34 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDAZE.DLL
2016-01-09 00:21 - 2016-01-09 00:21 - 00000000 ____D C:\Program Files (x86)\ShellDir
2016-01-09 00:19 - 2016-01-09 00:19 - 00000000 ____D C:\Program Files\Microsoft DNX
2016-01-09 00:14 - 2016-01-09 00:14 - 00000000 ____D C:\Program Files\IIS Express
2016-01-09 00:14 - 2016-01-09 00:14 - 00000000 ____D C:\Program Files (x86)\IIS Express
2016-01-09 00:14 - 2016-01-09 00:14 - 00000000 ____D C:\Program Files (x86)\AppInsights
2016-01-09 00:13 - 2016-01-09 00:13 - 00000000 ____D C:\Program Files (x86)\Microsoft Office365 Tools
2016-01-09 00:12 - 2016-01-09 00:12 - 00000000 ____D C:\ProgramData\NuGet
2016-01-09 00:12 - 2016-01-09 00:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Expression
2016-01-09 00:12 - 2016-01-09 00:12 - 00000000 ____D C:\Program Files\IIS
2016-01-09 00:12 - 2016-01-09 00:12 - 00000000 ____D C:\Program Files (x86)\IIS
2016-01-09 00:11 - 2016-01-09 00:11 - 00001498 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Blend for Visual Studio 2015.lnk
2016-01-09 00:11 - 2016-01-09 00:11 - 00000000 ____D C:\Program Files\Microsoft Visual Studio 12.0
2016-01-09 00:11 - 2016-01-09 00:11 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 12.0
2016-01-09 00:09 - 2016-01-09 00:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio 2015
2016-01-09 00:07 - 2016-01-09 00:07 - 00001507 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio 2015.lnk
2016-01-09 00:04 - 2016-01-09 00:04 - 00030400 _____ (Microsoft Corporation) C:\Windows\system32\aspnet_counters.dll
2016-01-09 00:04 - 2016-01-09 00:04 - 00028352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aspnet_counters.dll
2016-01-08 22:51 - 2016-01-08 22:51 - 00001046 _____ C:\Users\Dan\Desktop\MBM.txt
2016-01-08 22:38 - 2016-01-09 07:38 - 00030848 _____ C:\Windows\system32\Drivers\TrueSight.sys
2016-01-08 22:38 - 2016-01-08 22:54 - 00000000 ____D C:\ProgramData\RogueKiller
2016-01-08 22:35 - 2016-01-04 14:27 - 20835400 _____ C:\Users\Dan\Downloads\RogueKiller.exe
2016-01-08 22:34 - 2015-10-09 04:08 - 22908888 _____ (Malwarebytes ) C:\Users\Dan\Downloads\mbam-setup-2.2.0.1024.exe
2016-01-07 08:57 - 2016-01-07 08:57 - 00002159 _____ C:\Users\Public\Desktop\SDFormatter.lnk
2016-01-07 08:57 - 2016-01-07 08:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SDFormatter
2016-01-07 08:57 - 2016-01-07 08:57 - 00000000 ____D C:\Program Files (x86)\SDA
2016-01-07 08:56 - 2016-01-07 08:56 - 06286748 _____ C:\Users\Dan\Downloads\SDFormatterv4.zip
2016-01-07 08:56 - 2016-01-07 08:56 - 00000000 ____D C:\Users\Dan\Downloads\SDFormatterv4
2016-01-07 08:02 - 2016-01-07 08:02 - 00002884 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2016-01-07 08:02 - 2016-01-07 08:02 - 00000863 _____ C:\Users\Public\Desktop\CCleaner.lnk
2016-01-07 08:02 - 2016-01-07 08:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2016-01-06 22:42 - 2016-01-06 22:52 - 00034171 _____ C:\Users\Dan\Desktop\Addition.txt
2016-01-06 22:41 - 2016-01-14 11:09 - 00028711 _____ C:\Users\Dan\Desktop\FRST.txt
2016-01-06 22:40 - 2016-01-14 11:09 - 00000000 ____D C:\FRST
2016-01-06 22:39 - 2016-01-07 08:00 - 00000000 ____D C:\Users\Dan\Desktop\Ccleaner Professional v5.12.5431 FINAL + Serials [TechTools.net]
2016-01-06 22:39 - 2015-12-29 22:44 - 22474820 ____N C:\Users\Dan\Desktop\Revo Uninstaller Pro 3.1.4.rar
2016-01-06 22:38 - 2016-01-04 21:07 - 02370560 ____N (Farbar) C:\Users\Dan\Desktop\FRST64.exe
2016-01-06 22:38 - 2016-01-01 21:28 - 46525608 ____N (Safer-Networking Ltd. ) C:\Users\Dan\Desktop\spybot-2.4.exe
2016-01-01 10:39 - 2016-01-01 10:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 5 SDK
2016-01-01 10:38 - 2016-01-01 10:38 - 00000000 ____D C:\ProgramData\PreEmptive Solutions
2016-01-01 10:37 - 2016-01-09 00:19 - 00000000 ____D C:\Program Files (x86)\Microsoft Web Tools
2016-01-01 10:36 - 2016-01-09 11:41 - 00000000 ____D C:\Program Files (x86)\Microsoft WCF Data Services
2016-01-01 10:36 - 2016-01-09 11:40 - 00000000 ____D C:\Program Files (x86)\NuGet
2016-01-01 10:28 - 2016-01-01 10:28 - 00000000 ____D C:\Windows\symbols
2016-01-01 10:23 - 2016-01-01 10:23 - 00388608 _____ (Trend Micro Inc.) C:\Users\Dan\Downloads\HijackThis.exe
2016-01-01 08:55 - 2016-01-01 08:55 - 00000000 ____D C:\Users\Dan\AppData\Local\VSIXInstaller
2016-01-01 07:40 - 2016-01-08 22:26 - 00004280 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2016-01-01 07:39 - 2016-01-08 22:29 - 00000000 ____D C:\ProgramData\AVAST Software
2016-01-01 07:25 - 2015-12-01 20:13 - 161199376 _____ (AVAST Software) C:\Users\Dan\Downloads\avast_free_antivirus_setup. exe
2015-12-31 21:52 - 2015-12-31 21:52 - 00000000 ____D C:\ProgramData\VsTelemetry
2015-12-31 16:57 - 2015-12-31 16:57 - 00000000 ____D C:\Users\Dan\Downloads\DataTables-1.10.10
2015-12-31 16:56 - 2015-12-31 16:56 - 02032600 _____ C:\Users\Dan\Downloads\DataTables-1.10.10.zip
2015-12-31 15:06 - 2015-12-31 15:16 - 00000218 _____ C:\Users\Dan\Documents\36236.txt
2015-12-31 13:03 - 2015-12-31 13:03 - 00017032 _____ C:\Users\Dan\Downloads\launch (6).ica
2015-12-31 12:01 - 2015-12-31 12:01 - 00017032 _____ C:\Users\Dan\Downloads\launch (5).ica
2015-12-31 11:26 - 2015-12-31 11:26 - 00017032 _____ C:\Users\Dan\Downloads\launch (4).ica
2015-12-28 22:07 - 2015-11-23 22:49 - 20372802 _____ C:\Users\Dan\Desktop\w.apk
2015-12-25 19:43 - 2016-01-09 07:11 - 00000000 ____D C:\Users\Dan\Documents\Visual Studio 2015
2015-12-25 19:11 - 2015-12-25 19:11 - 00000000 ____D C:\ProgramData\Microsoft DNX
2015-12-25 18:47 - 2016-01-09 00:21 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 14.0
2015-12-25 07:44 - 2015-12-25 18:27 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-12-19 13:55 - 2015-12-19 13:55 - 00550794 _____ C:\Users\Dan\Downloads\font-awesome-4.5.0.zip
2015-12-19 13:55 - 2015-12-19 13:55 - 00000000 ____D C:\Users\Dan\Downloads\font-awesome-4.5.0
2015-12-19 13:49 - 2015-12-19 13:49 - 00559127 _____ C:\Users\Dan\Downloads\font-awesome_4.4.0_fonts_fontawesome-webfont.svg v=4.4.0#fontawesomeregular.svg
2015-12-19 13:49 - 2015-12-19 13:49 - 00000000 ____D C:\Users\Dan\Downloads\font-awesome_4.4.0_fonts_fontawesome-webfont.svg v=4.4.0#fontawesomeregular_files
2015-12-19 13:47 - 2015-12-19 13:47 - 00138204 _____ C:\Users\Dan\Downloads\fontawesome-webfont.ttf
2015-12-19 13:47 - 2015-12-19 13:47 - 00081284 _____ C:\Users\Dan\Downloads\fontawesome-webfont.woff
2015-12-19 13:47 - 2015-12-19 13:47 - 00064464 _____ C:\Users\Dan\Downloads\fontawesome-webfont.woff2
2015-12-19 13:46 - 2015-12-19 13:46 - 00068875 _____ C:\Users\Dan\Downloads\fontawesome-webfont(1).eot
2015-12-19 13:45 - 2015-12-19 13:45 - 00068875 _____ C:\Users\Dan\Downloads\fontawesome-webfont.eot
2015-12-19 10:35 - 2015-12-19 10:35 - 00001593 _____ C:\Users\Dan\Desktop\dsfdsfd.txt
2015-12-18 22:38 - 2015-12-18 22:38 - 00007290 _____ C:\Users\Dan\Desktop\sdfdsfsdfsd.txt

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-01-14 11:08 - 2015-10-18 08:40 - 00000000 ____D C:\Users\Dan\AppData\LocalLow\LastPass
2016-01-14 11:05 - 2015-10-25 14:02 - 00000000 ____D C:\ProgramData\WRData
2016-01-14 11:03 - 2015-11-22 11:14 - 00000934 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-01-14 11:02 - 2015-11-01 09:19 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-01-14 11:02 - 2015-10-17 22:31 - 00000000 __SHD C:\Users\Dan\IntelGraphicsProfiles
2016-01-14 08:59 - 2015-11-22 11:14 - 00000938 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-01-14 08:51 - 2015-07-10 16:32 - 00000000 ____D C:\Windows\INF
2016-01-14 08:50 - 2015-12-13 08:54 - 00000000 ____D C:\ProgramData\VMware
2016-01-14 08:50 - 2015-07-10 17:51 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-01-14 08:49 - 2015-07-10 16:34 - 00000000 ___HD C:\Program Files\WindowsApps
2016-01-14 08:49 - 2015-07-10 14:35 - 00262144 ___SH C:\Windows\system32\config\BBI
2016-01-14 08:43 - 2015-07-10 16:34 - 00000000 ____D C:\Windows\AppReadiness
2016-01-14 08:28 - 2015-11-22 07:19 - 00004180 _____ C:\Windows\System32\Tasks\User_Feed_Synchronizatio n-{54FC93EC-6F00-4043-82BC-C9113A2F67CF}
2016-01-10 08:38 - 2015-12-02 13:42 - 00000000 ____D C:\Users\Dan\Desktop\Photos
2016-01-10 08:09 - 2015-10-18 03:39 - 00000000 ____D C:\Users\Dan
2016-01-09 18:06 - 2015-10-18 17:37 - 00000000 ____D C:\Users\Dan\AppData\Roaming\vlc
2016-01-09 15:45 - 2015-11-15 10:23 - 00000000 ____D C:\Users\Dan\AppData\LocalLow\Temp
2016-01-09 11:49 - 2015-10-18 18:34 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 11.0
2016-01-09 11:49 - 2015-07-10 16:34 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-01-09 11:45 - 2015-10-18 18:37 - 00000000 ____D C:\Windows\SysWOW64\1033
2016-01-09 11:45 - 2015-10-18 18:34 - 00000000 ____D C:\Program Files (x86)\MSBuild
2016-01-09 11:45 - 2015-10-18 18:34 - 00000000 ____D C:\Program Files (x86)\Microsoft SDKs
2016-01-09 11:39 - 2015-10-18 18:43 - 00000000 ____D C:\Program Files\MSBuild
2016-01-09 11:15 - 2015-07-10 16:25 - 00000000 ____D C:\Windows\CbsTemp
2016-01-09 11:12 - 2015-10-17 15:14 - 01158450 _____ C:\Windows\system32\PerfStringBackup.INI
2016-01-09 11:03 - 2015-07-10 17:50 - 00284632 _____ C:\Windows\system32\FNTCACHE.DAT
2016-01-09 11:01 - 2015-07-10 16:34 - 00000000 ____D C:\Windows\system32\oobe
2016-01-09 11:01 - 2015-07-10 14:35 - 00000000 ____D C:\Windows
2016-01-09 11:00 - 2015-10-24 08:47 - 00000000 ____D C:\ProgramData\Microsoft Help
2016-01-09 10:57 - 2015-10-17 20:05 - 00000000 ____D C:\Windows\system32\MRT
2016-01-09 10:51 - 2015-10-17 20:05 - 140158008 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-01-09 10:43 - 2015-10-18 04:33 - 00000000 ____D C:\Windows\Panther
2016-01-09 10:42 - 2015-07-10 16:34 - 00000167 _____ C:\Windows\win.ini
2016-01-09 10:39 - 2015-12-01 06:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Your Uninstaller! 7
2016-01-09 00:21 - 2015-10-18 18:42 - 00000000 ____D C:\Program Files (x86)\Microsoft ASP.NET
2016-01-09 00:09 - 2015-10-18 18:41 - 00000000 ____D C:\Program Files (x86)\Windows Kits
2016-01-09 00:08 - 2015-10-18 18:34 - 00000000 ____D C:\Windows\system32\1033
2016-01-08 22:28 - 2015-12-01 06:42 - 00000000 ____D C:\ProgramData\TEMP
2016-01-07 08:56 - 2015-11-13 22:47 - 00000000 ____D C:\Users\Dan\AppData\Local\Downloaded Installations
2016-01-07 08:03 - 2015-10-24 07:59 - 00000000 ____D C:\Program Files\CCleaner
2016-01-03 07:10 - 2015-07-10 16:36 - 00826872 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-01-03 07:10 - 2015-07-10 16:36 - 00176632 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-01-02 21:52 - 2015-10-18 18:47 - 00000000 ____D C:\Users\Dan\Documents\Visual Studio 2012
2016-01-01 10:31 - 2015-07-10 16:34 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2016-01-01 10:24 - 2015-10-18 03:40 - 00000000 ____D C:\Users\Dan\AppData\Local\VirtualStore
2016-01-01 09:22 - 2015-10-24 22:35 - 00000000 ____D C:\ProgramData\Nero
2016-01-01 09:14 - 2015-11-10 14:18 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 9.0
2015-12-31 12:04 - 2015-10-25 14:02 - 00170760 _____ (Webroot) C:\Windows\SysWOW64\WRusr.dll
2015-12-31 12:04 - 2015-10-25 14:02 - 00105888 _____ (Webroot) C:\Windows\system32\WRusr.dll
2015-12-25 19:17 - 2015-10-18 18:37 - 00000000 ____D C:\Program Files\Microsoft SQL Server
2015-12-25 18:58 - 2015-10-18 18:38 - 00000000 ____D C:\Program Files (x86)\Microsoft Help Viewer
2015-12-25 18:51 - 2015-10-18 18:37 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server
2015-12-25 18:27 - 2015-10-18 07:47 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-12-25 07:39 - 2015-07-10 16:34 - 00000000 __RHD C:\Users\Public\Libraries
2015-12-25 07:38 - 2015-10-22 09:30 - 00000000 ____D C:\ProgramData\BlueStacks
2015-12-19 21:04 - 2015-11-22 11:14 - 00002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-12-19 20:18 - 2015-10-25 14:03 - 00045104 ____T (Webroot) C:\Windows\system32\Drivers\wrUrlFlt.sys

==================== Files in the root of some directories =======

2015-09-09 01:32 - 2015-09-09 01:32 - 0010293 _____ () C:\ProgramData\regid.2009-06.com.flexerasoftware_C684BD0A-6B53-4E5E-844A-A537255932EE.swidtag

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-01-02 22:16

==================== End of FRST.txt ============================

danasegarane · #19 January 14th, 2016, 06:45 AM

Additions.txt

Additional scan result of Farbar Recovery Scan Tool (x64) Version:31-12-2015
Ran by Dan (2016-01-14 11:10:12)
Running from C:\Users\Dan\Desktop
Windows 10 Pro (X64) (2015-10-17 22:09:26)
Boot Mode: Normal
================================================== ========

==================== Accounts: =============================

Administrator (S-1-5-21-3970575942-993616519-1242115057-500 - Administrator - Disabled)
Dan (S-1-5-21-3970575942-993616519-1242115057-1001 - Administrator - Enabled) => C:\Users\Dan
DefaultAccount (S-1-5-21-3970575942-993616519-1242115057-503 - Limited - Disabled)
Guest (S-1-5-21-3970575942-993616519-1242115057-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Webroot SecureAnywhere (Enabled - Up to date) {66A6FE14-08CB-F415-3742-517201416109}
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Webroot SecureAnywhere (Enabled - Up to date) {DDC71FF0-2EF1-FB9B-0DF2-6A007AC62BB4}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Data Recovery Suite version 3.2.0 (HKLM-x32\...\{02386A56-080B-485c-941D-AF96B29140DD}_is1) (Version: 3.2.0 - SharpNight Co,Ltd)
Application Insights Tools for Visual Studio 2015 (x32 Version: 3.3 - Microsoft Corporation) Hidden
Azure AD Authentication Connected Service (x32 Version: 14.0.23107 - Microsoft Corporation) Hidden
AzureTools.Notifications (x32 Version: 2.7.30611.1601 - Microsoft Corporation) Hidden
Blend for Visual Studio SDK for .NET 4.5 (x32 Version: 3.0.40218.0 - Microsoft Corporation) Hidden
calibre (HKLM-x32\...\{3D05DB7D-42E5-4C28-9390-7C8547B6F1BB}) (Version: 2.37.1 - Kovid Goyal)
CCleaner (HKLM\...\CCleaner) (Version: 5.12 - Piriform)
Citrix Receiver (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 14.3.100.10 - Citrix Systems, Inc.)
Dotfuscator and Analytics Community Edition 5.19.0 (x32 Version: 5.19.0.2930 - PreEmptive Solutions) Hidden
Entity Framework 6.1.3 Tools for Visual Studio 2015 Update 1 (HKLM-x32\...\{2A56910C-69C8-495D-8ED8-9080F0A14E58}) (Version: 14.0.41103.0 - Microsoft Corporation)
Entity Framework Designer for Visual Studio 2012 - enu (HKLM-x32\...\{0A1A1D48-DB23-443A-BC7B-49255D138020}) (Version: 11.1.20702.00 - Microsoft Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 47.0.2526.106 - Google Inc.)
Google Update Helper (x32 Version: 1.3.29.1 - Google Inc.) Hidden
IIS 10.0 Express (HKLM\...\{7A28A2B0-458B-4A58-84AC-C90D2D4B79FB}) (Version: 10.0.1735 - Microsoft Corporation)
IIS Express Application Compatibility Database for x64 (HKLM\...\{08274920-8908-45c2-9258-8ad67ff77b09}.sdb) (Version: - )
IIS Express Application Compatibility Database for x86 (HKLM\...\{ad846bae-d44b-4722-abad-f7420e08bcd9}.sdb) (Version: - )
InstallShield 2015 Limited Edition (HKLM-x32\...\{DBCC6DE0-0CA8-44DE-826F-E44D3EE97E77}) (Version: 22.00.1 - Flexera Software)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.38 - Irfan Skiljan)
Java 8 Update 66 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218066F0}) (Version: 8.0.660.18 - Oracle Corporation)
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Metric Collection SDK 35 (x32 Version: 1.2.0010.00 - Lenovo Group Limited) Hidden
Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5 SDK (HKLM-x32\...\{1948E039-EC79-4591-951D-9867A8C14C90}) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU) (HKLM-x32\...\{D3517C62-68A5-37CF-92F7-93C029A89681}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM-x32\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 SDK (HKLM-x32\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (ENU) (HKLM-x32\...\{290FC320-2F5A-329E-8840-C4193BD7A9EE}) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (HKLM-x32\...\{19E8AE59-4D4A-3534-B567-6CC08FA4102E}) (Version: 4.5.51651 - Microsoft Corporation)
Microsoft .NET Framework 4.6 SDK (HKLM-x32\...\{B5915D37-0637-4A26-A3AA-C5DC9F856370}) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft .NET Framework 4.6 Targeting Pack (ENU) (HKLM-x32\...\{034547E9-D8FA-49E7-8B9C-4C9861FB9146}) (Version: 4.6.00127 - Microsoft Corporation)
Microsoft .NET Framework 4.6 Targeting Pack (HKLM-x32\...\{2CC6A4A7-AAC2-46C9-9DBB-3727B5954F65}) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 SDK (HKLM-x32\...\{2F0ECC80-B9E4-4485-8083-CD32F22ABD92}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 Targeting Pack (ENU) (HKLM-x32\...\{8EEB28EE-5141-411C-9CF0-9952264FE4AF}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 Targeting Pack (HKLM-x32\...\{8BC3EEC9-090F-4C53-A8DA-1BEC913040F9}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Version Manager (x64) 1.0.0-beta5 (HKLM\...\{c5a4aba3-1aba-3ef8-b2d5-c3fa37f59738}) (Version: 1.0.10609.0 - Microsoft Corporation)
Microsoft ASP.NET MVC 3 (HKLM-x32\...\{D32EF103-4016-4C15-BCB0-700C0A7A2309}) (Version: 3.0.50813.0 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft ASP.NET Web Pages (HKLM-x32\...\{631471BE-DEAB-454B-A9AC-CE3EB42C28B3}) (Version: 1.0.20105.0 - Microsoft Corporation)
Microsoft Help Viewer 2.0 (HKLM-x32\...\Microsoft Help Viewer 2.0) (Version: 2.0.50727 - Microsoft Corporation)
Microsoft Help Viewer 2.2 (HKLM-x32\...\Microsoft Help Viewer 2.2) (Version: 2.2.24720 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41105.0 - Microsoft Corporation)
Microsoft Silverlight 4 SDK (HKLM-x32\...\{189AEA94-DAFB-487A-8CEE-F9D3DDE0A748}) (Version: 4.0.60310.0 - Microsoft Corporation)
Microsoft Silverlight 5 SDK (HKLM-x32\...\{E1FBB3D4-ADB0-4949-B101-855DA061C735}) (Version: 5.0.61118.0 - Microsoft Corporation)
Microsoft SQL Server 2008 (HKLM-x32\...\Microsoft SQL Server 10 Release) (Version: - Microsoft Corporation)
Microsoft SQL Server 2008 Browser (HKLM-x32\...\{C688457E-03FD-4941-923B-A27F4D42A7DD}) (Version: 10.0.1600.22 - Microsoft Corporation)
Microsoft SQL Server 2008 Native Client (HKLM\...\{C79A7EAB-9D6F-4072-8A6D-F8F54957CD93}) (Version: 10.0.1600.22 - Microsoft Corporation)
Microsoft SQL Server 2008 Policies (HKLM-x32\...\{01C5A10F-AD9B-405B-853A-6659841A1242}) (Version: 10.0.1600.22 - Microsoft Corporation)
Microsoft SQL Server 2008 Setup Support Files (English) (HKLM-x32\...\{6F7F59D5-12F6-4571-9935-A2921AA17F78}) (Version: 10.0.1601.1 - Microsoft Corporation)
Microsoft SQL Server 2012 Command Line Utilities (HKLM\...\{9D573E71-1077-4C7E-B4DB-4E22A5D2B48B}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework (HKLM\...\{36E619BC-A234-4EC3-849B-779A7C865A45}) (Version: 11.0.2316.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework (HKLM-x32\...\{FBA6F90E-36EC-4FC9-9B25-3834E3BD46A8}) (Version: 11.0.2316.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Express LocalDB (HKLM\...\{13D558FE-A863-402C-B115-160007277033}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects (HKLM-x32\...\{DA1C1761-5F4F-4332-AB9D-29EDF3F8EA0A}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects (x64) (HKLM\...\{FA0A244E-F3C2-4589-B42A-3D522DE79A42}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client (HKLM\...\{49D665A2-4C2A-476E-9AB8-FCC425F526FC}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL Compiler Service (HKLM\...\{BEB0F91E-F2EA-48A1-B938-7857ABF2A93D}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL ScriptDom (HKLM\...\{0E8670B8-3965-4930-ADA6-570348B67153}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 T-SQL Language Service (HKLM-x32\...\{6D6D43E5-218C-4B05-92D3-2240810F4760}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects (HKLM-x32\...\{2774595F-BC2A-4B12-A25B-0C37A37049B0}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects (x64) (HKLM\...\{1F9EB3B6-AED7-4AA7-B8F1-8E314B74B2A5}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Transact-SQL ScriptDom (HKLM\...\{020CDFE0-C127-4047-B571-37C82396B662}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 T-SQL Language Service (HKLM-x32\...\{47D08E7A-92A1-489B-B0BF-415516497BCE}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP1 English (HKLM-x32\...\{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}) (Version: 3.5.5692.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP1 Query Tools English (HKLM-x32\...\{64CDE8F2-3791-46F5-BAD2-72FFF5252FAB}) (Version: 3.5.5692.0 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools - enu (11.1.20627.00) (HKLM-x32\...\{FA804794-2CCB-4301-954F-2C2894698876}) (Version: 11.1.20627.00 - Microsoft Corporation)
Microsoft SQL Server Data Tools - enu (14.0.50616.0) (HKLM-x32\...\{58246C80-3941-4B69-AE31-264644E2ADB8}) (Version: 14.0.50616.0 - Microsoft Corporation)
Microsoft SQL Server Data Tools Build Utilities - enu (11.1.20627.00) (HKLM-x32\...\{790E9425-8570-493F-9AE7-81AFC9E46930}) (Version: 11.1.20627.00 - Microsoft Corporation)
Microsoft SQL Server Native Client (HKLM\...\{751EE164-9F12-4E57-ADB0-02D8F34A10AD}) (Version: 9.00.1399.06 - Microsoft Corporation)
Microsoft SQL Server Setup Support Files (English) (HKLM-x32\...\{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}) (Version: 9.00.1399.06 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM-x32\...\{A47FD1BF-A815-4A76-BE65-53A15BD5D25D}) (Version: 10.50.1600.1 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (x64) (HKLM\...\{4701DEDE-1888-49E0-BAE5-857875924CA2}) (Version: 10.50.1600.1 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{0826F9E4-787E-481D-83E0-BC6A57B056D5}) (Version: 10.0.1600.22 - Microsoft Corporation)
Microsoft Sync Framework Runtime v1.0 (x86) (HKLM-x32\...\{A8BD5A60-E843-46DC-8271-ABF20756BE0F}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Services for ADO.NET v2.0 (x86) (HKLM-x32\...\{C89B00A2-B72A-4935-96FC-38796E9554EC}) (Version: 2.0.1215.0 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (HKLM-x32\...\{E2082604-4BA5-44BB-BBFB-AF0F3CB8C6AB}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (x64) (HKLM\...\{F1949145-EB64-4DE7-9D81-E6D27937146C}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM\...\{68BA34E8-9B9D-4A74-83F0-7D366B532D75}) (Version: 12.0.2402.11 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM\...\{FC3BB979-AA54-4B60-BBA3-2C4DA6E08D80}) (Version: 12.0.2402.29 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM-x32\...\{091CE6AA-2753-4F6E-AD1C-0E875744EB54}) (Version: 12.0.2402.29 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM-x32\...\{718FFB65-F6E4-4D62-861F-ED10ED32C936}) (Version: 12.0.2402.11 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23506 (HKLM-x32\...\{3ee5e5bb-b7cc-4556-8861-a00a82977d6c}) (Version: 14.0.23506.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23506 (HKLM-x32\...\{23daf363-3020-4059-b3ae-dc4ad39fed19}) (Version: 14.0.23506.0 - Microsoft Corporation)
Microsoft Visual Studio 2008 Shell (integrated mode) - ENU (HKLM-x32\...\{BA0C9AAF-1327-3F06-B49C-349B4BE8F740}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio Community 2015 with Update 1 (HKLM-x32\...\{5642384f-2a89-46d3-acd5-bfe8bf6e8b2f}) (Version: 14.0.24720.0 - Microsoft Corporation)
Microsoft Web Deploy 3.6 (HKLM\...\{ED4CC1E5-043E-4157-8452-B5E533FE2BA1}) (Version: 3.1238.1955 - Microsoft Corporation)
Microsoft Web Deploy dbSqlPackage Provider - enu (HKLM-x32\...\{E4C33F5B-1B2F-466E-957E-B274F08151A0}) (Version: 10.3.20225.0 - Microsoft Corporation)
Microsoft Web Platform Installer 5.0 (HKLM\...\{4D84C195-86F0-4B34-8FDE-4A17EB41306A}) (Version: 5.0.50430.0 - Microsoft Corporation)
Mozilla Firefox 43.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 43.0.2 (x86 en-US)) (Version: 43.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 43.0.2.5833 - Mozilla)
MSBuild/NuGet Integration 14.0 (x86) (x32 Version: 14.0.24720 - Microsoft Corporation) Hidden
Multi-Device Hybrid Apps using C# - Templates - ENU (x32 Version: 14.0.23107 - Microsoft Corporation) Hidden
Online Plug-in (x32 Version: 14.3.100.10 - Citrix Systems, Inc.) Hidden
Perfect Effects 8 (HKLM-x32\...\Perfect Effects 8 PE) (Version: 8.5.1 - onOne Software)
PreEmptive Analytics Visual Studio Components (x32 Version: 1.2.5134.1 - PreEmptive Solutions) Hidden
Prerequisites for SSDT (HKLM-x32\...\{21373064-AD95-48DB-A32E-0D9E08EF7355}) (Version: 12.0.2000.8 - Microsoft Corporation)
Prerequisites for SSDT (HKLM-x32\...\{9169C939-ED01-446A-BD0C-29873BAF4E48}) (Version: 11.0.2100.60 - Microsoft Corporation)
Roslyn Language Services - x86 (x32 Version: 14.0.23107 - Microsoft Corporation) Hidden
Roslyn Language Services - x86 (x32 Version: 14.0.24720 - Microsoft Corporation) Hidden
SDFormatter (HKLM-x32\...\{179324FF-7B16-4BA8-9836-055CAAEE4F08}) (Version: 4.0.0 - SD Association)
Self-service Plug-in (x32 Version: 4.3.100.10167 - Citrix Systems, Inc.) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Sql Server Customer Experience Improvement Program (x32 Version: 10.0.1600.22 - Microsoft Corporation) Hidden
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1164 - SUPERAntiSpyware.com)
Team Explorer for Microsoft Visual Studio 2015 (x32 Version: 14.0.24712 - Microsoft Corporation) Hidden
TeeweDesktop (HKLM-x32\...\{F06999B0-A6E6-48F6-8D1C-DE3D50262023}) (Version: 1.1.0.0 - Mango Man Consumer Electronics Pvt. Ltd.)
TeraCopy 2.3 (HKLM\...\TeraCopy_is1) (Version: - Code Sector)
Test Tools for Microsoft Visual Studio 2015 (x32 Version: 14.0.23107 - Microsoft Corporation) Hidden
TinyWall (HKLM-x32\...\{284938D1-2280-40F4-81AE-C4815BC09080}) (Version: 2.1.6.0 - Károly Pados)
Update for (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
Visual Studio 2015 Update 1 (KB3022398) (HKLM-x32\...\{fcaa9dba-9438-48b6-ad91-4e9b4cc7084a}) (Version: 14.0.24720 - Microsoft Corporation)
VLC media player 2.0.1 (HKLM-x32\...\VLC media player) (Version: 2.0.1 - VideoLAN)
VMware Workstation (HKLM\...\{0AD91785-F9BD-47FD-84F7-9E27B5A1853D}) (Version: 12.1.0 - VMware, Inc.)
VS Update core components (x32 Version: 14.0.24720 - Microsoft Corporation) Hidden
WCF Data Services 5.6.4 Runtime (x32 Version: 5.6.62175.4 - Microsoft Corporation) Hidden
WCF Data Services Tools for Microsoft Visual Studio 2015 (x32 Version: 5.6.62175.4 - Microsoft Corporation) Hidden
WCF RIA Services V1.0 SP2 (HKLM-x32\...\{3A523AF9-D32F-4C85-8388-0335731F3405}) (Version: 4.1.61829.0 - Microsoft Corporation)
Webroot SecureAnywhere (HKLM-x32\...\WRUNINST) (Version: 9.0.7.46 - Webroot)
WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3970575942-993616519-1242115057-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0B4A6EF5-C306-416E-9DC9-48787E02F9D7} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_ HB => C:\Windows\system32\MRT.exe [2016-01-09] (Microsoft Corporation)
Task: {0CBD8EF2-4CDE-46F7-973B-38538C91D8A1} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-11-22] (Google Inc.)
Task: {A20B2CAE-96B0-4388-B8C9-A8AC43E1FEAA} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConf ig => config upnphost start= auto
Task: {A355C3A8-66C8-4487-B219-0509717562BC} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 35 => C:\Program Files (x86)\Lenovo\Customer Feedback Program 35\Lenovo.TVT.CustomerFeedback.Agent35.exe
Task: {B64CFCC7-E072-407F-B6BA-74A105A51A8E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-11-22] (Google Inc.)
Task: {EA3EFC75-2D43-4679-BE6B-334D63B67B9B} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-11-16] (Piriform Ltd)
Task: {FB2BF3E5-F1E6-4A30-B76A-417C9C96738B} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2015-07-10 16:30 - 2015-07-10 16:30 - 00028160 _____ () C:\Windows\SYSTEM32\efsext.dll
2015-10-17 20:01 - 2015-07-15 07:34 - 00032768 _____ () C:\Windows\SYSTEM32\licensemanagerapi.dll
2015-10-17 20:02 - 2015-08-11 14:44 - 00404480 _____ () C:\Windows\System32\diagtrack_wininternal.dll
2015-11-25 18:09 - 2015-11-25 18:09 - 12462784 _____ () C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
2015-10-17 20:03 - 2015-09-17 12:18 - 02494712 _____ () C:\Windows\system32\CoreUIComponents.dll
2015-10-17 20:03 - 2015-09-17 12:18 - 02494712 _____ () C:\Windows\System32\CoreUIComponents.dll
2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:23 - 2010-10-20 15:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2015-10-17 20:02 - 2015-09-17 11:18 - 00429056 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2t xyewy\QuickActions.dll
2016-01-09 07:28 - 2015-11-25 09:50 - 06569472 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw 5n1h2txyewy\CortanaApi.dll
2016-01-09 07:28 - 2015-11-25 09:47 - 00471040 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw 5n1h2txyewy\Cortana.Core.dll
2016-01-09 07:28 - 2015-11-25 09:47 - 01808384 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw 5n1h2txyewy\Cortana.BackgroundTask.dll
2015-10-17 20:03 - 2015-09-17 11:13 - 02274816 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw 5n1h2txyewy\RemindersUI.dll
2015-11-25 18:09 - 2015-11-25 18:09 - 01301696 _____ () C:\Program Files (x86)\VMware\VMware Workstation\libxml2.dll
2015-11-25 18:09 - 2015-11-25 18:09 - 00165056 _____ () C:\Program Files (x86)\VMware\VMware Workstation\nfc-types.dll
2015-11-25 18:09 - 2015-11-25 18:09 - 00191680 _____ () C:\Program Files (x86)\VMware\VMware Workstation\LIBEXPAT.dll
2015-11-25 18:09 - 2015-11-25 18:09 - 00388800 _____ () C:\Program Files (x86)\VMware\VMware Workstation\ssoClient.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:45 - 2010-10-20 15:45 - 08801120 _____ () H:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2014-08-15 15:29 - 2014-08-15 15:29 - 00204800 _____ () E:\CBAKUP\npp.6.6.8.bin\plugins\ComparePlugin.dll
2014-08-02 23:04 - 2011-07-19 02:37 - 00014336 _____ () E:\CBAKUP\npp.6.6.8.bin\plugins\NppExport.dll
2014-08-02 23:04 - 2014-01-07 05:12 - 01611264 _____ () E:\CBAKUP\npp.6.6.8.bin\plugins\NppFTP.dll
2015-12-13 14:50 - 2015-12-13 14:50 - 01922560 _____ () E:\CBAKUP\npp.6.6.8.bin\plugins\XMLTools.dll
2015-12-13 14:50 - 2015-12-13 14:50 - 00103424 _____ () E:\CBAKUP\npp.6.6.8.bin\zlib1.dll
2015-12-13 14:50 - 2015-12-13 14:50 - 04535910 _____ () E:\CBAKUP\npp.6.6.8.bin\libxml2-2.dll
2015-12-13 14:50 - 2015-12-13 14:50 - 00941389 _____ () E:\CBAKUP\npp.6.6.8.bin\libxslt-1.dll
2016-01-06 22:57 - 2016-01-06 22:57 - 01114648 _____ () C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profi les\ou9yr0xe.default\extensions\support@lastpass.c om\platform\WINNT_x86-msvc\components\lpxpcom.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

HKU\.DEFAULT\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION
HKU\.DEFAULT\Software\Classes\exefile: "%1" %* <===== ATTENTION
HKU\S-1-5-19\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION
HKU\S-1-5-19\Software\Classes\exefile: "%1" %* <===== ATTENTION
HKU\S-1-5-20\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION
HKU\S-1-5-20\Software\Classes\exefile: "%1" %* <===== ATTENTION
HKU\S-1-5-21-3970575942-993616519-1242115057-1001\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION
HKU\S-1-5-21-3970575942-993616519-1242115057-1001\Software\Classes\exefile: "%1" %* <===== ATTENTION

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-07-10 16:34 - 2015-07-10 16:32 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3970575942-993616519-1242115057-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Dan\AppData\Local\Packages\Microsoft.Wind ows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppBackg round\{71762a85-12ed-4427-b17a-528cc25fd081}.JPG
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Pol icies\System => (ConsentPromptBehaviorAdmin: ) (ConsentPromptBehaviorUser: ) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run32: => "BlueStacks Agent"
HKLM\...\StartupApproved\Run32: => "BCSSync"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "FolderTransfer"
HKLM\...\StartupApproved\Run32: => "ConnectionCenter"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [WMPNSS-Out-TCP] => (Allow) C:\Program Files\Windows Media Player\wmpnetwk.exe
FirewallRules: [WMPNSS-In-TCP] => (Allow) C:\Program Files\Windows Media Player\wmpnetwk.exe
FirewallRules: [WMPNSS-Out-UDP] => (Allow) C:\Program Files\Windows Media Player\wmpnetwk.exe
FirewallRules: [WMPNSS-In-UDP] => (Allow) C:\Program Files\Windows Media Player\wmpnetwk.exe
FirewallRules: [WMPNSS-WMP-Out-TCP] => (Allow) C:\Program Files\Windows Media Player\wmplayer.exe
FirewallRules: [WMPNSS-WMP-Out-UDP] => (Allow) C:\Program Files\Windows Media Player\wmplayer.exe
FirewallRules: [WMPNSS-WMP-In-UDP] => (Allow) C:\Program Files\Windows Media Player\wmplayer.exe
FirewallRules: [WMPNSS-Out-TCP-NoScope] => (Allow) C:\Program Files\Windows Media Player\wmpnetwk.exe
FirewallRules: [WMPNSS-In-TCP-NoScope] => (Allow) C:\Program Files\Windows Media Player\wmpnetwk.exe
FirewallRules: [WMPNSS-Out-UDP-NoScope] => (Allow) C:\Program Files\Windows Media Player\wmpnetwk.exe
FirewallRules: [WMPNSS-In-UDP-NoScope] => (Allow) C:\Program Files\Windows Media Player\wmpnetwk.exe
FirewallRules: [WMPNSS-WMP-Out-TCP-NoScope] => (Allow) C:\Program Files\Windows Media Player\wmplayer.exe
FirewallRules: [WMPNSS-WMP-Out-UDP-NoScope] => (Allow) C:\Program Files\Windows Media Player\wmplayer.exe
FirewallRules: [WMPNSS-WMP-In-UDP-NoScope] => (Allow) C:\Program Files\Windows Media Player\wmplayer.exe
FirewallRules: [WMP-Out-TCP] => (Allow) C:\Program Files\Windows Media Player\wmplayer.exe
FirewallRules: [WMP-Out-UDP] => (Allow) C:\Program Files\Windows Media Player\wmplayer.exe
FirewallRules: [WMP-In-UDP] => (Allow) C:\Program Files\Windows Media Player\wmplayer.exe
FirewallRules: [WMP-Out-TCP-x86] => (Allow) C:\Program Files (x86)\Windows Media Player\wmplayer.exe
FirewallRules: [WMP-Out-UDP-x86] => (Allow) C:\Program Files (x86)\Windows Media Player\wmplayer.exe
FirewallRules: [WMP-In-UDP-x86] => (Allow) C:\Program Files (x86)\Windows Media Player\wmplayer.exe

==================== Restore Points =========================

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (01/14/2016 08:51:15 AM) (Source: MSSQL$SQLEXPRESS_1) (EventID: 17207) (User: )
Description: FileMgr::StartLogFiles: Operating system error 2(The system cannot find the file specified.) occurred while creating or opening file 'e:\sql10_main_t\sql\mkmastr\databases\objfre\i386 \modellog.ldf'. Diagnose and correct the operating system error, and retry the operation.

Error: (01/14/2016 08:51:15 AM) (Source: MSSQL$SQLEXPRESS_1) (EventID: 17204) (User: )
Description: FCB::Open failed: Could not open file e:\sql10_main_t\sql\mkmastr\databases\objfre\i386\ model.mdf for file number 1. OS error: 3(The system cannot find the path specified.).

Error: (01/14/2016 08:51:11 AM) (Source: MSSQL$SQLEXPRESS) (EventID: 17207) (User: )
Description: FileMgr::StartLogFiles: Operating system error 2(The system cannot find the file specified.) occurred while creating or opening file 'e:\sql10_main_t\sql\mkmastr\databases\objfre\i386 \MSDBLog.ldf'. Diagnose and correct the operating system error, and retry the operation.

Error: (01/14/2016 08:51:11 AM) (Source: MSSQL$SQLEXPRESS) (EventID: 17204) (User: )
Description: FCB::Open failed: Could not open file e:\sql10_main_t\sql\mkmastr\databases\objfre\i386\ MSDBData.mdf for file number 1. OS error: 3(The system cannot find the path specified.).

Error: (01/14/2016 08:51:11 AM) (Source: MSSQL$SQLEXPRESS) (EventID: 17207) (User: )
Description: FileMgr::StartLogFiles: Operating system error 2(The system cannot find the file specified.) occurred while creating or opening file 'e:\sql10_main_t\sql\mkmastr\databases\objfre\i386 \modellog.ldf'. Diagnose and correct the operating system error, and retry the operation.

Error: (01/14/2016 08:51:11 AM) (Source: MSSQL$SQLEXPRESS) (EventID: 17204) (User: )
Description: FCB::Open failed: Could not open file e:\sql10_main_t\sql\mkmastr\databases\objfre\i386\ model.mdf for file number 1. OS error: 3(The system cannot find the path specified.).

Error: (01/14/2016 08:30:17 AM) (Source: Perflib) (EventID: 1023) (User: )
Description: SQLAgent$SQLEXPRESS_18

Error: (01/14/2016 08:30:17 AM) (Source: Perflib) (EventID: 1023) (User: )
Description: SQLAgent$SQLEXPRESS8

Error: (01/14/2016 08:30:17 AM) (Source: Perflib) (EventID: 1023) (User: )
Description: MSSQL$SQLEXPRESS_18

Error: (01/14/2016 08:30:17 AM) (Source: Perflib) (EventID: 1023) (User: )
Description: MSSQL$SQLEXPRESS8

System errors:
=============
Error: (01/14/2016 09:02:45 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sync Host_Session1 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (01/14/2016 08:51:15 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The SQL Server Agent (SQLEXPRESS_1) service depends on the SQL Server (SQLEXPRESS_1) service which failed to start because of the following error:
%%1066

Error: (01/14/2016 08:51:15 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The SQL Server (SQLEXPRESS_1) service terminated with the following service-specific error:
%%1814

Error: (01/14/2016 08:51:11 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The SQL Server Agent (SQLEXPRESS) service depends on the SQL Server (SQLEXPRESS) service which failed to start because of the following error:
%%1066

Error: (01/14/2016 08:51:11 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The SQL Server (SQLEXPRESS) service terminated with the following service-specific error:
%%1814

Error: (01/14/2016 08:49:17 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The VMware Workstation Server service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (01/14/2016 08:49:09 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-M3F0DT2)
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (01/14/2016 08:49:08 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sync Host_Session6 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (01/14/2016 08:39:05 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070497: Get Office.

Error: (01/10/2016 10:48:04 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sync Host_Session7 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

CodeIntegrity:
===================================
Date: 2016-01-14 08:57:40.122
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-01-14 08:57:40.109
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-01-14 08:57:39.902
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-01-14 08:57:39.766
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-01-14 08:40:45.231
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-01-14 08:40:45.209
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-01-14 08:40:44.748
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-01-14 08:40:44.734
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-01-14 08:40:44.695
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-01-14 08:40:41.099
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i3-3220 CPU @ 3.30GHz
Percentage of memory in use: 56%
Total physical RAM: 3932.35 MB
Available physical RAM: 1717.77 MB
Total Virtual: 13660.35 MB
Available Virtual: 11279.28 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:97.1 GB) (Free:29.32 GB) NTFS
Drive e: (New Volume) (Fixed) (Total:390.62 GB) (Free:1.61 GB) NTFS
Drive h: (New Volume) (Fixed) (Total:443.23 GB) (Free:147.38 GB) NTFS

==================== MBR & Partition Table ==================

================================================== ======
Disk: 0 (Size: 931.5 GB) (Disk ID: 62DA537D)

Partition: GPT.

==================== End of Addition.txt ============================

olgun52 · #20 January 14th, 2016, 11:31 PM

do you not want to remove the software Webroot SecureAnywhere ?

danasegarane · #21 January 15th, 2016, 02:58 AM

Quote:

Originally Posted by olgun52

do you not want to remove the software Webroot SecureAnywhere ?

1. I don't have any other Antivirus softwares installed. Can I removed it ?
2. How can I remove FolderTransfer.exe ?

olgun52 · #22 January 16th, 2016, 02:13 AM

Quote:

I don't have any other Antivirus softwares installed. Can I removed it ?

windows defender a antivirus for windows 10. So, you do not need another antivirus.

For Webroot SecureAnywhere uninstall;
1. Open your Start menu.
2. Click Programs or All Programs, then navigate to the Webroot SecureAnywhere folder.
3. Under Webroot SecureAnywhere, open the Tools folder, then click Uninstall Webroot.
4. Click Yes and follow any prompts that appear.

Or;
You can use the cleanup utility located here to remove any remnants.

================================================== =

Quote:

How can I remove FolderTransfer.exe

Please do the following;

1. After Folder Transfer Install, an "Uninstall Folder Transfer" option is available in Folder Transfer program in Windows' Start Menu.

2. Click "Uninstall Folder Transfer" to completely uninstall Folder Transfer.

3. Then your Folder Transfer software will be removed from your computer.

danasegarane · #23 January 20th, 2016, 04:29 AM

Quote:

Originally Posted by olgun52

windows defender a antivirus for windows 10. So, you do not need another antivirus.

For Webroot SecureAnywhere uninstall;
1. Open your Start menu.
2. Click Programs or All Programs, then navigate to the Webroot SecureAnywhere folder.
3. Under Webroot SecureAnywhere, open the Tools folder, then click Uninstall Webroot.
4. Click Yes and follow any prompts that appear.

Or;
You can use the cleanup utility located here to remove any remnants.

================================================== =
Please do the following;

1. After Folder Transfer Install, an "Uninstall Folder Transfer" option is available in Folder Transfer program in Windows' Start Menu.

2. Click "Uninstall Folder Transfer" to completely uninstall Folder Transfer.

3. Then your Folder Transfer software will be removed from your computer.

I uninstalled them. Thanks. Now I feels the system is doing good.

Can I install spybot.exe ?

olgun52 · #24 January 20th, 2016, 11:12 PM

Quote:

Originally Posted by danasegarane

I uninstalled them. Thanks. Now I feels the system is doing good.

Can I install spybot.exe ?

I would not recommend spybot ! The decision is yours.
================================================== =======

Step1:
FRST Script:
Please download this attached

Fixlist.txt (12.9 KB) and Save it to the Desktop, and name it: fixlist.txt

Start FRST with Administrator privileges.
Press the Fix button.
When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.
Please copy and paste its contents in your next reply.

NOT : It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.
and fixlist.txt are in the same location or the fix will not work.

Step2:
Please scan your machine with ESET OnlineScan

Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
Click the button.
For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
- Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer.
  Save it to your Desktop.
- Double click on the to download the ESET Smart Installer. icon on your Desktop.
Check "YES, I accept the Terms of Use."
Click the Start button.
Accept any security warnings from your browser.
Under Scan Settings, check "Scan Archives" and "Remove found threats"
Click Advanced settings and select the following:
- Scan potentially unwanted applications
- Scan for potentially unsafe applications
- Enable Anti-Stealth technology
ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
When the scan completes, click List Threats
Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
Click the Back button.
Click the Finish button.

danasegarane · #25 January 21st, 2016, 03:09 AM

Frst.log

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:31-12-2015
Ran by Dan (administrator) on DESKTOP-M3F0DT2 (21-01-2016 07:35:05)
Running from C:\Users\Dan\Desktop
Loaded Profiles: Dan (Available Profiles: Dan)
Platform: Windows 10 Pro (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(Károly Pados) C:\Program Files (x86)\TinyWall\TinyWall.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\Pres entationFontCache.exe
() C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Visual Studio 14.0\Team Tools\DiagnosticsHub\Collector\StandardCollector.S ervice.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Károly Pados) C:\Program Files (x86)\TinyWall\TinyWall.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\redirector.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.1208 .10480.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_2015.25.1 5.0_x64__8wekyb3d8bbwe\WinStore.Mobile.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.ex e
() C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1 601.6020.0_x64__8wekyb3d8bbwe\Calculator.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [TinyWall Controller] => C:\Program Files (x86)\TinyWall\TinyWall.exe [653560 2015-01-07] (Károly Pados)
HKLM-x32\...\Run: [BCSSync] => H:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596528 2015-11-09] (Oracle Corporation)
HKLM-x32\...\Run: [FolderTransfer] => C:\Program Files (x86)\FolderTransfer\FolderTransfer.exe h
HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [518456 2015-09-13] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [Redirector] => C:\Program Files (x86)\Citrix\ICA Client\redirector.exe [231736 2015-09-13] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [vmware-tray.exe] => C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe [104128 2015-11-25] (VMware, Inc.)
HKLM\...\Policies\Explorer: [NoViewOnDrive] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKLM\...\Policies\Explorer: [NoViewContextMenu] 0
HKLM\...\Policies\Explorer: [NoShellSearchButton] 0
HKLM\...\Policies\Explorer: [NoFind] 0
HKLM\...\Policies\Explorer: [NoFile] 0
HKLM\...\Policies\Explorer: [HideClock] 0
HKLM\...\Policies\Explorer: [NoTrayContextMenu] 0
HKLM\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKLM\...\Policies\Explorer: [NoSetFolders] 0
HKLM\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKLM\...\Policies\Explorer: [NoSetTaskbar] 0
HKLM\...\Policies\Explorer: [NoDeletePrinter] 0
HKLM\...\Policies\Explorer: [NoDFSTab] 0
HKLM\...\Policies\Explorer: [NoChangeStartMenu] 0
HKLM\...\Policies\Explorer: [NoLogoff] 0
HKLM\...\Policies\Explorer: [NoWindowsUpdate] 0
HKLM\...\Policies\Explorer: [NoEncryptOnMove] 0
HKLM\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKLM\...\Policies\Explorer: [NoResolveSearch] 0
HKLM\...\Policies\Explorer: [NoSaveSettings] 0
HKLM\...\Policies\Explorer: [NoHardwareTab] 0
HKLM\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKLM\...\Policies\Explorer: [NoDesktop] 0
HKU\S-1-5-19\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-19\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-19\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-19\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-20\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-20\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-20\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-20\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-21-3970575942-993616519-1242115057-1001\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7935904 2015-12-09] (SUPERAntiSpyware)
HKU\S-1-5-21-3970575942-993616519-1242115057-1001\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-21-3970575942-993616519-1242115057-1001\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-21-3970575942-993616519-1242115057-1001\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-21-3970575942-993616519-1242115057-1001\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-21-3970575942-993616519-1242115057-1001\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-21-3970575942-993616519-1242115057-1001\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-21-3970575942-993616519-1242115057-1001\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-21-3970575942-993616519-1242115057-1001\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-21-3970575942-993616519-1242115057-1001\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-21-3970575942-993616519-1242115057-1001\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-21-3970575942-993616519-1242115057-1001\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-21-3970575942-993616519-1242115057-1001\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-21-3970575942-993616519-1242115057-1001\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-21-3970575942-993616519-1242115057-1001\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-21-3970575942-993616519-1242115057-1001\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-21-3970575942-993616519-1242115057-1001\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-21-3970575942-993616519-1242115057-1001\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-21-3970575942-993616519-1242115057-1001\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-21-3970575942-993616519-1242115057-1001\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-21-3970575942-993616519-1242115057-1001\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-21-3970575942-993616519-1242115057-1001\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-21-3970575942-993616519-1242115057-1001\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-21-3970575942-993616519-1242115057-1001\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-21-3970575942-993616519-1242115057-1001\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-21-3970575942-993616519-1242115057-1001\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-21-3970575942-993616519-1242115057-1001\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-21-3970575942-993616519-1242115057-1001\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-21-3970575942-993616519-1242115057-1001\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-21-3970575942-993616519-1242115057-1001\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-18\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-18\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-18\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-18\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoStartMenuSubFolders] 0
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{3179ae60-da64-47e9-bfcb-5246491b9c2d}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
SearchScopes: HKU\S-1-5-21-3970575942-993616519-1242115057-1001 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> H:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\ssv.dll [2015-11-28] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> H:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\jp2ssv.dll [2015-11-28] (Oracle Corporation)
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-09-13] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-09-13] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-09-13] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-09-13] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-09-13] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-09-13] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-09-13] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-09-13] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-09-13] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-09-13] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-09-13] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-09-13] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-09-13] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-09-13] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-09-13] (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-09-13] (Citrix Systems, Inc.)

FireFox:
========
FF ProfilePath: C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profi les\ou9yr0xe.default
FF NewTab: about:newtab
FF Homepage: about:home
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDet ect64.dll [No File]
FF Plugin-x32: @Citrix.com/npican -> C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll [2015-09-13] (Citrix Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1. dll [2015-11-28] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2015-11-28] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> H:\Program Files (x86)\Microsoft Office\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> H:\Program Files (x86)\Microsoft Office\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-05] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-05] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2012-03-17] (VideoLAN)
FF Extension: User Agent Switcher - C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profi les\ou9yr0xe.default\extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}.xpi [2015-11-12]
FF Extension: Save Images - C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profi les\ou9yr0xe.default\extensions\LDSI_plashcor@gmai l.com.xpi [2015-11-22]
FF Extension: ScrapBook - C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profi les\ou9yr0xe.default\extensions\{53A03D43-5363-4669-8190-99061B2DEBA5}.xpi [2015-12-04]
FF Extension: WOT - C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profi les\ou9yr0xe.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2015-12-09]
FF Extension: Save Image in Folder - C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profi les\ou9yr0xe.default\extensions\{5e594888-3e8e-47da-b2c6-b0b545112f84}.xpi [2015-12-17]
FF Extension: FlashGot - C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profi les\ou9yr0xe.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi [2015-12-31]
FF Extension: DownThemAll! - C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profi les\ou9yr0xe.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2016-01-01]
FF Extension: LastPass - C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profi les\ou9yr0xe.default\extensions\support@lastpass.c om [2016-01-07]
FF Extension: No Name - C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profi les\ou9yr0xe.default\Extensions\firebug@software.j oehewitt.com.xpi [2015-12-19] [not signed]
FF Extension: Adblock Plus - C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profi les\ou9yr0xe.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-12-17]

Chrome:
=======
CHR Profile: C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhon fmgoek [2016-01-09]
CHR Extension: (Google Docs) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfi lokake [2016-01-09]
CHR Extension: (Google Drive) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigk jlhalf [2016-01-09]
CHR Extension: (YouTube) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldk acnbeo [2016-01-09]
CHR Extension: (Google Search) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljnie djpjpf [2016-01-09]
CHR Extension: (Google Sheets) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpeb giejap [2016-01-09]
CHR Extension: (Google Docs Offline) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdl olhkhi [2016-01-09]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccm gmieda [2016-01-09]
CHR Extension: (Gmail) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoe jaedia [2016-01-09]

danasegarane · #26 January 21st, 2016, 03:10 AM

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-23] (SUPERAntiSpyware.com)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [330136 2015-10-17] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
S3 Microsoft SharePoint Workspace Audit Service; H:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [30814400 2013-12-19] (Microsoft Corporation)
S2 MSSQL$SQLEXPRESS; C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [40999448 2008-08-11] (Microsoft Corporation)
S2 MSSQL$SQLEXPRESS_1; C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS_1\MSSQL\Binn\sqlservr.ex e [40999448 2008-08-11] (Microsoft Corporation)
S3 MSSQLFDLauncher$SQLEXPRESS_1; C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS_1\MSSQL\Binn\fdlauncher. exe [31256 2008-07-10] (Microsoft Corporation)
S2 SQLAgent$SQLEXPRESS; C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [369688 2008-08-11] (Microsoft Corporation)
S2 SQLAgent$SQLEXPRESS_1; C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS_1\MSSQL\Binn\SQLAGENT.EX E [369688 2008-08-11] (Microsoft Corporation)
R2 TinyWall; C:\Program Files (x86)\TinyWall\TinyWall.exe [653560 2015-01-07] (Károly Pados)
R2 VMwareHostd; C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe [12462784 2015-11-25] ()
R3 VSStandardCollectorService140; C:\Program Files (x86)\Microsoft Visual Studio 14.0\Team Tools\DiagnosticsHub\Collector\StandardCollector.S ervice.exe [56040 2015-11-19] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-10] (Microsoft Corporation)
S2 WRSVC; "C:\Program Files\Webroot\WRSA.exe" -service [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 Ctxusbr; C:\Windows\System32\drivers\ctxusbr.sys [79192 2015-07-01] (Citrix Systems, Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-01-21] (Malwarebytes)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\System32\drivers\TeeDriverW8x64.sys [193336 2015-10-17] (Intel Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-13] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 SensorsSimulatorDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [214016 2015-07-10] (Microsoft Corporation)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [30848 2016-01-09] ()
S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-10] ()
R2 VMparport; C:\Windows\system32\drivers\VMparport.sys [31936 2015-11-25] (VMware, Inc.)
R0 vsock; C:\Windows\System32\drivers\vsock.sys [75512 2015-11-05] (VMware, Inc.)
R2 vstor2-mntapi20-shared; C:\Windows\SysWow64\drivers\vstor2-mntapi20-shared.sys [34520 2015-07-09] (VMware, Inc.)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation)
R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation)
R0 WRkrn; C:\Windows\System32\drivers\WRkrn.sys [117728 2016-01-17] (Webroot)
U0 SR; no ImagePath
U2 srservice; no ImagePath
S3 taphss6; \SystemRoot\System32\drivers\taphss6.sys [X]
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-01-21 07:32 - 2016-01-21 07:32 - 00013243 _____ C:\Users\Dan\Desktop\fixlist.txt
2016-01-21 07:30 - 2016-01-21 07:30 - 00016148 _____ C:\Windows\system32\DESKTOP-M3F0DT2_Dan_HistoryPrediction.bin
2016-01-20 17:36 - 2016-01-20 17:38 - 00017032 _____ C:\Users\Dan\Downloads\launch (13).ica
2016-01-20 17:31 - 2016-01-20 17:33 - 00017032 _____ C:\Users\Dan\Downloads\launch (12).ica
2016-01-20 08:15 - 2016-01-20 08:15 - 00017032 _____ C:\Users\Dan\Downloads\launch (11).ica
2016-01-20 08:09 - 2016-01-20 08:09 - 00017032 _____ C:\Users\Dan\Downloads\launch (10).ica
2016-01-20 08:03 - 2016-01-20 08:03 - 00017032 _____ C:\Users\Dan\Downloads\launch (9).ica
2016-01-17 21:44 - 2016-01-17 21:44 - 00117728 _____ (Webroot) C:\Windows\system32\Drivers\WRkrn.sys
2016-01-16 22:30 - 2016-01-16 22:30 - 00000000 ____D C:\Users\Dan\Desktop\kolam
2016-01-16 11:42 - 2016-01-16 11:42 - 00008952 _____ C:\Users\Dan\Downloads\WorkOrdersReport (1).xlsx
2016-01-16 08:04 - 2016-01-16 08:04 - 00008951 _____ C:\Users\Dan\Downloads\WorkOrdersReport.xlsx
2016-01-15 09:34 - 2016-01-15 09:34 - 00044130 _____ C:\Users\Dan\Downloads\danasekara_1452830687622.pd f
2016-01-15 07:56 - 2016-01-15 07:56 - 00157695 _____ C:\Users\Dan\Downloads\pace-1.0.2.zip
2016-01-15 07:56 - 2016-01-15 07:56 - 00000000 ____D C:\Users\Dan\Downloads\pace-1.0.2
2016-01-14 22:57 - 2016-01-20 20:50 - 00000000 ____D C:\Users\Dan\AppData\Local\CrashDumps
2016-01-14 22:47 - 2016-01-14 22:47 - 00008220 _____ C:\Users\Dan\Downloads\EmployeeReport.xlsx
2016-01-14 17:58 - 2016-01-14 17:58 - 00554455 _____ C:\Users\Dan\Downloads\NPS-Branch-List.pdf
2016-01-14 12:09 - 2016-01-14 12:09 - 00016959 _____ C:\Users\Dan\Downloads\launch (8).ica
2016-01-14 11:24 - 2016-01-16 15:45 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-01-14 08:34 - 2016-01-14 08:34 - 00016958 _____ C:\Users\Dan\Downloads\launch (7).ica
2016-01-10 08:09 - 2016-01-10 08:09 - 00000000 ____D C:\Users\Dan\.vs
2016-01-09 16:55 - 2016-01-09 16:55 - 00301607 _____ C:\Users\Dan\Downloads\540f8834fd6cab7cd31d60673d8 9fbb5.ico.zip
2016-01-09 10:36 - 2016-01-09 10:38 - 00018058 _____ C:\Users\Dan\Desktop\scan_160109-083522.txt
2016-01-09 10:34 - 2016-01-09 11:49 - 00000000 ____D C:\ProgramData\Package Cache
2016-01-09 10:31 - 2016-01-09 10:31 - 00000000 ____D C:\Users\Dan\AppData\Local\PeerDistRepub
2016-01-09 08:32 - 2016-01-09 08:32 - 00000755 _____ C:\Users\Dan\Desktop\Start Emsisoft Emergency Kit.lnk
2016-01-09 08:31 - 2016-01-09 08:32 - 00000000 ____D C:\EEK
2016-01-09 08:10 - 2016-01-09 08:10 - 00008291 _____ C:\Users\Dan\Desktop\zoek-results.txt
2016-01-09 07:56 - 2016-01-09 06:39 - 173451024 _____ C:\Users\Dan\Downloads\EmsisoftEmergencyKit.exe
2016-01-09 07:47 - 2016-01-09 08:01 - 00000000 ____D C:\zoek_backup
2016-01-09 07:45 - 2016-01-09 07:45 - 00000188 _____ C:\Users\Dan\Downloads\Fixlist(1).txt
2016-01-09 07:44 - 2016-01-09 07:47 - 01309184 _____ C:\Users\Dan\Downloads\zoek.exe
2016-01-09 07:33 - 2016-01-09 07:40 - 00007268 _____ C:\Users\Dan\Desktop\Fixlog.txt
2016-01-09 07:28 - 2016-01-09 07:28 - 00003123 _____ C:\Users\Dan\Downloads\Fixlist.txt
2016-01-09 07:28 - 2015-12-01 12:31 - 02115936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2016-01-09 07:28 - 2015-12-01 11:21 - 07523840 _____ (Microsoft Corporation) C:\Windows\system32\Chakra.dll
2016-01-09 07:28 - 2015-12-01 10:29 - 05455360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Chakra.dll
2016-01-09 07:28 - 2015-11-25 11:12 - 04532304 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2016-01-09 07:28 - 2015-11-25 11:12 - 00168288 _____ (Microsoft Corporation) C:\Windows\system32\NetworkUXBroker.exe
2016-01-09 07:28 - 2015-11-25 11:11 - 01822280 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-01-09 07:28 - 2015-11-25 11:03 - 03622272 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-01-09 07:28 - 2015-11-25 10:57 - 01366680 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2016-01-09 07:28 - 2015-11-25 10:42 - 04047288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
2016-01-09 07:28 - 2015-11-25 10:41 - 01532984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-01-09 07:28 - 2015-11-25 10:39 - 01310880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2016-01-09 07:28 - 2015-11-25 10:31 - 02879024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-01-09 07:28 - 2015-11-25 10:19 - 01569280 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Globalization.dll
2016-01-09 07:28 - 2015-11-25 10:19 - 00498688 _____ (Microsoft Corporation) C:\Windows\system32\WlanMediaManager.dll
2016-01-09 07:28 - 2015-11-25 10:19 - 00467456 _____ (Microsoft Corporation) C:\Windows\system32\MBMediaManager.dll
2016-01-09 07:28 - 2015-11-25 10:19 - 00270336 _____ (Microsoft Corporation) C:\Windows\system32\RasMediaManager.dll
2016-01-09 07:28 - 2015-11-25 10:18 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\EthernetMediaManager.dll
2016-01-09 07:28 - 2015-11-25 10:18 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\DAMediaManager.dll
2016-01-09 07:28 - 2015-11-25 10:14 - 21872640 _____ (Microsoft Corporation) C:\Windows\system32\edgehtml.dll
2016-01-09 07:28 - 2015-11-25 10:12 - 24592384 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-01-09 07:28 - 2015-11-25 10:07 - 02350592 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2016-01-09 07:28 - 2015-11-25 10:06 - 01710592 _____ (Microsoft Corporation) C:\Windows\system32\SRHInproc.dll
2016-01-09 07:28 - 2015-11-25 10:05 - 00929792 _____ (Microsoft Corporation) C:\Windows\system32\SRH.dll
2016-01-09 07:28 - 2015-11-25 10:05 - 00845824 _____ (Microsoft Corporation) C:\Windows\system32\Magnify.exe
2016-01-09 07:28 - 2015-11-25 10:04 - 12504576 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-01-09 07:28 - 2015-11-25 10:01 - 00121344 _____ (Microsoft Corporation) C:\Windows\system32\DAMM.dll
2016-01-09 07:28 - 2015-11-25 10:00 - 00171008 _____ (Microsoft Corporation) C:\Windows\system32\dot3mm.dll
2016-01-09 07:28 - 2015-11-25 10:00 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rmcast.sys
2016-01-09 07:28 - 2015-11-25 10:00 - 00080896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hdaudbus.sys
2016-01-09 07:28 - 2015-11-25 09:59 - 01649152 _____ (Microsoft Corporation) C:\Windows\system32\comsvcs.dll
2016-01-09 07:28 - 2015-11-25 09:59 - 00355328 _____ (Microsoft Corporation) C:\Windows\system32\ninput.dll
2016-01-09 07:28 - 2015-11-25 09:58 - 00572928 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-01-09 07:28 - 2015-11-25 09:58 - 00523776 _____ (Microsoft Corporation) C:\Windows\system32\catsrvut.dll
2016-01-09 07:28 - 2015-11-25 09:57 - 02180608 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentServer.dll
2016-01-09 07:28 - 2015-11-25 09:56 - 00849408 _____ (Microsoft Corporation) C:\Windows\system32\comdlg32.dll
2016-01-09 07:28 - 2015-11-25 09:55 - 00324096 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2016-01-09 07:28 - 2015-11-25 09:53 - 19323392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-01-09 07:28 - 2015-11-25 09:53 - 03588096 _____ (Microsoft Corporation) C:\Windows\system32\win32kfull.sys
2016-01-09 07:28 - 2015-11-25 09:53 - 00587776 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-01-09 07:28 - 2015-11-25 09:52 - 01717248 _____ (Microsoft Corporation) C:\Windows\system32\GdiPlus.dll
2016-01-09 07:28 - 2015-11-25 09:52 - 01383424 _____ (Microsoft Corporation) C:\Windows\system32\win32kbase.sys
2016-01-09 07:28 - 2015-11-25 09:52 - 00603648 _____ (Microsoft Corporation) C:\Windows\system32\duser.dll
2016-01-09 07:28 - 2015-11-25 09:49 - 01795584 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentExtensions.dll
2016-01-09 07:28 - 2015-11-25 09:48 - 01233920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Globalization.dll
2016-01-09 07:28 - 2015-11-25 09:47 - 00774656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SRH.dll
2016-01-09 07:28 - 2015-11-25 09:46 - 01442816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SRHInproc.dll
2016-01-09 07:28 - 2015-11-25 09:46 - 00786432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Magnify.exe
2016-01-09 07:28 - 2015-11-25 09:43 - 02153984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2016-01-09 07:28 - 2015-11-25 09:41 - 00296960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ninput.dll
2016-01-09 07:28 - 2015-11-25 09:40 - 18801664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\edgehtml.dll
2016-01-09 07:28 - 2015-11-25 09:40 - 01328128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comsvcs.dll
2016-01-09 07:28 - 2015-11-25 09:40 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-01-09 07:28 - 2015-11-25 09:40 - 00415744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\catsrvut.dll
2016-01-09 07:28 - 2015-11-25 09:38 - 00749568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comdlg32.dll
2016-01-09 07:28 - 2015-11-25 09:35 - 11263488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-01-09 07:28 - 2015-11-25 09:34 - 01467392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GdiPlus.dll
2016-01-09 07:28 - 2015-11-25 09:34 - 00480768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\duser.dll
2016-01-09 07:28 - 2015-11-25 09:34 - 00474624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-01-09 07:28 - 2015-11-25 08:22 - 00775312 _____ C:\Windows\SysWOW64\locale.nls
2016-01-09 07:28 - 2015-11-25 08:22 - 00775312 _____ C:\Windows\system32\locale.nls
2016-01-09 07:27 - 2015-12-01 11:33 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\gpuenergydrv.sys
2016-01-09 07:27 - 2015-12-01 11:24 - 00771072 _____ (Microsoft Corporation) C:\Windows\system32\Chakradiag.dll
2016-01-09 07:27 - 2015-12-01 11:19 - 04792320 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-01-09 07:27 - 2015-12-01 10:32 - 03580416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-01-09 07:27 - 2015-11-25 11:10 - 00516448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBHUB3.SYS
2016-01-09 07:27 - 2015-11-25 11:02 - 00113184 _____ (Microsoft Corporation) C:\Windows\system32\userenv.dll
2016-01-09 07:27 - 2015-11-25 10:29 - 00092992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\userenv.dll
2016-01-09 07:27 - 2015-11-25 10:06 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usb8023.sys
2016-01-09 07:27 - 2015-11-25 09:56 - 00181760 _____ (Microsoft Corporation) C:\Windows\system32\shutdownux.dll
2016-01-09 07:27 - 2015-11-25 09:55 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\profext.dll
2016-01-09 07:27 - 2015-11-25 09:52 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\kbdgeoqw.dll
2016-01-09 07:27 - 2015-11-25 09:52 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDAZST.DLL
2016-01-09 07:27 - 2015-11-25 09:52 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDAZEL.DLL
2016-01-09 07:27 - 2015-11-25 09:52 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDAZE.DLL
2016-01-09 07:27 - 2015-11-25 09:49 - 00185344 _____ (Microsoft Corporation) C:\Windows\system32\psmsrv.dll
2016-01-09 07:27 - 2015-11-25 09:37 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\profext.dll
2016-01-09 07:27 - 2015-11-25 09:34 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kbdgeoqw.dll
2016-01-09 07:27 - 2015-11-25 09:34 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDAZST.DLL
2016-01-09 07:27 - 2015-11-25 09:34 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDAZEL.DLL
2016-01-09 07:27 - 2015-11-25 09:34 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDAZE.DLL
2016-01-09 00:21 - 2016-01-09 00:21 - 00000000 ____D C:\Program Files (x86)\ShellDir
2016-01-09 00:19 - 2016-01-09 00:19 - 00000000 ____D C:\Program Files\Microsoft DNX
2016-01-09 00:14 - 2016-01-09 00:14 - 00000000 ____D C:\Program Files\IIS Express
2016-01-09 00:14 - 2016-01-09 00:14 - 00000000 ____D C:\Program Files (x86)\IIS Express
2016-01-09 00:14 - 2016-01-09 00:14 - 00000000 ____D C:\Program Files (x86)\AppInsights
2016-01-09 00:13 - 2016-01-09 00:13 - 00000000 ____D C:\Program Files (x86)\Microsoft Office365 Tools
2016-01-09 00:12 - 2016-01-09 00:12 - 00000000 ____D C:\ProgramData\NuGet
2016-01-09 00:12 - 2016-01-09 00:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Expression
2016-01-09 00:12 - 2016-01-09 00:12 - 00000000 ____D C:\Program Files\IIS
2016-01-09 00:12 - 2016-01-09 00:12 - 00000000 ____D C:\Program Files (x86)\IIS
2016-01-09 00:11 - 2016-01-09 00:11 - 00001498 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Blend for Visual Studio 2015.lnk
2016-01-09 00:11 - 2016-01-09 00:11 - 00000000 ____D C:\Program Files\Microsoft Visual Studio 12.0
2016-01-09 00:11 - 2016-01-09 00:11 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 12.0
2016-01-09 00:09 - 2016-01-09 00:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio 2015
2016-01-09 00:07 - 2016-01-09 00:07 - 00001507 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio 2015.lnk
2016-01-09 00:04 - 2016-01-09 00:04 - 00030400 _____ (Microsoft Corporation) C:\Windows\system32\aspnet_counters.dll
2016-01-09 00:04 - 2016-01-09 00:04 - 00028352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aspnet_counters.dll
2016-01-08 22:51 - 2016-01-08 22:51 - 00001046 _____ C:\Users\Dan\Desktop\MBM.txt
2016-01-08 22:38 - 2016-01-09 07:38 - 00030848 _____ C:\Windows\system32\Drivers\TrueSight.sys
2016-01-08 22:38 - 2016-01-08 22:54 - 00000000 ____D C:\ProgramData\RogueKiller
2016-01-08 22:35 - 2016-01-04 14:27 - 20835400 _____ C:\Users\Dan\Downloads\RogueKiller.exe
2016-01-08 22:34 - 2015-10-09 04:08 - 22908888 _____ (Malwarebytes ) C:\Users\Dan\Downloads\mbam-setup-2.2.0.1024.exe
2016-01-07 08:57 - 2016-01-07 08:57 - 00002159 _____ C:\Users\Public\Desktop\SDFormatter.lnk
2016-01-07 08:57 - 2016-01-07 08:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SDFormatter
2016-01-07 08:57 - 2016-01-07 08:57 - 00000000 ____D C:\Program Files (x86)\SDA
2016-01-07 08:56 - 2016-01-07 08:56 - 06286748 _____ C:\Users\Dan\Downloads\SDFormatterv4.zip
2016-01-07 08:56 - 2016-01-07 08:56 - 00000000 ____D C:\Users\Dan\Downloads\SDFormatterv4
2016-01-07 08:02 - 2016-01-07 08:02 - 00002884 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2016-01-07 08:02 - 2016-01-07 08:02 - 00000863 _____ C:\Users\Public\Desktop\CCleaner.lnk
2016-01-07 08:02 - 2016-01-07 08:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2016-01-06 22:42 - 2016-01-14 11:10 - 00038372 _____ C:\Users\Dan\Desktop\Addition.txt
2016-01-06 22:41 - 2016-01-21 07:35 - 00027618 _____ C:\Users\Dan\Desktop\FRST.txt
2016-01-06 22:40 - 2016-01-21 07:35 - 00000000 ____D C:\FRST
2016-01-06 22:39 - 2016-01-07 08:00 - 00000000 ____D C:\Users\Dan\Desktop\Ccleaner Professional v5.12.5431 FINAL + Serials [TechTools.net]
2016-01-06 22:39 - 2015-12-29 22:44 - 22474820 ____N C:\Users\Dan\Desktop\Revo Uninstaller Pro 3.1.4.rar
2016-01-06 22:38 - 2016-01-04 21:07 - 02370560 ____N (Farbar) C:\Users\Dan\Desktop\FRST64.exe
2016-01-06 22:38 - 2016-01-01 21:28 - 46525608 ____N (Safer-Networking Ltd. ) C:\Users\Dan\Desktop\spybot-2.4.exe
2016-01-01 10:39 - 2016-01-01 10:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 5 SDK
2016-01-01 10:38 - 2016-01-01 10:38 - 00000000 ____D C:\ProgramData\PreEmptive Solutions
2016-01-01 10:37 - 2016-01-09 00:19 - 00000000 ____D C:\Program Files (x86)\Microsoft Web Tools
2016-01-01 10:36 - 2016-01-09 11:41 - 00000000 ____D C:\Program Files (x86)\Microsoft WCF Data Services
2016-01-01 10:36 - 2016-01-09 11:40 - 00000000 ____D C:\Program Files (x86)\NuGet
2016-01-01 10:28 - 2016-01-01 10:28 - 00000000 ____D C:\Windows\symbols
2016-01-01 10:23 - 2016-01-01 10:23 - 00388608 _____ (Trend Micro Inc.) C:\Users\Dan\Downloads\HijackThis.exe
2016-01-01 08:55 - 2016-01-01 08:55 - 00000000 ____D C:\Users\Dan\AppData\Local\VSIXInstaller
2016-01-01 07:40 - 2016-01-08 22:26 - 00004280 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2016-01-01 07:39 - 2016-01-08 22:29 - 00000000 ____D C:\ProgramData\AVAST Software
2016-01-01 07:25 - 2015-12-01 20:13 - 161199376 _____ (AVAST Software) C:\Users\Dan\Downloads\avast_free_antivirus_setup. exe
2015-12-31 21:52 - 2015-12-31 21:52 - 00000000 ____D C:\ProgramData\VsTelemetry
2015-12-31 16:57 - 2015-12-31 16:57 - 00000000 ____D C:\Users\Dan\Downloads\DataTables-1.10.10
2015-12-31 16:56 - 2015-12-31 16:56 - 02032600 _____ C:\Users\Dan\Downloads\DataTables-1.10.10.zip
2015-12-31 15:06 - 2015-12-31 15:16 - 00000218 _____ C:\Users\Dan\Documents\36236.txt
2015-12-31 13:03 - 2015-12-31 13:03 - 00017032 _____ C:\Users\Dan\Downloads\launch (6).ica
2015-12-31 12:01 - 2015-12-31 12:01 - 00017032 _____ C:\Users\Dan\Downloads\launch (5).ica
2015-12-31 11:26 - 2015-12-31 11:26 - 00017032 _____ C:\Users\Dan\Downloads\launch (4).ica
2015-12-28 22:07 - 2015-11-23 22:49 - 20372802 _____ C:\Users\Dan\Desktop\w.apk
2015-12-25 19:43 - 2016-01-17 21:54 - 00000000 ____D C:\Users\Dan\Documents\Visual Studio 2015
2015-12-25 19:11 - 2015-12-25 19:11 - 00000000 ____D C:\ProgramData\Microsoft DNX
2015-12-25 18:47 - 2016-01-09 00:21 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 14.0

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-01-21 07:30 - 2015-10-18 08:40 - 00000000 ____D C:\Users\Dan\AppData\LocalLow\LastPass
2016-01-21 07:24 - 2015-07-10 16:34 - 00000000 ___HD C:\Program Files\WindowsApps
2016-01-21 07:23 - 2015-07-10 16:34 - 00000000 ____D C:\Windows\AppReadiness
2016-01-21 07:21 - 2015-11-22 11:14 - 00000934 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-01-21 07:20 - 2015-11-01 09:19 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-01-21 07:20 - 2015-10-17 22:31 - 00000000 __SHD C:\Users\Dan\IntelGraphicsProfiles
2016-01-20 21:00 - 2015-11-22 11:14 - 00000938 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-01-20 20:50 - 2015-07-10 16:32 - 00000000 ____D C:\Windows\INF
2016-01-20 20:50 - 2015-07-10 14:35 - 00000000 ____D C:\Windows
2016-01-20 18:21 - 2015-10-18 17:37 - 00000000 ____D C:\Users\Dan\AppData\Roaming\vlc
2016-01-20 14:15 - 2015-11-22 07:19 - 00004180 _____ C:\Windows\System32\Tasks\User_Feed_Synchronizatio n-{54FC93EC-6F00-4043-82BC-C9113A2F67CF}
2016-01-17 22:16 - 2015-10-17 15:14 - 01158450 _____ C:\Windows\system32\PerfStringBackup.INI
2016-01-16 22:46 - 2015-12-02 13:42 - 00000000 ____D C:\Users\Dan\Desktop\Photos
2016-01-16 15:45 - 2015-12-13 08:54 - 00000000 ____D C:\ProgramData\VMware
2016-01-16 15:45 - 2015-10-18 07:47 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-01-16 15:45 - 2015-07-10 17:51 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-01-16 07:41 - 2015-07-10 16:25 - 00000000 ____D C:\Windows\CbsTemp
2016-01-15 21:04 - 2015-11-22 11:14 - 00002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-01-15 16:32 - 2015-10-25 14:14 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2016-01-15 13:55 - 2015-07-10 16:34 - 00000000 ____D C:\Windows\rescache
2016-01-14 08:49 - 2015-07-10 14:35 - 00262144 ___SH C:\Windows\system32\config\BBI
2016-01-10 08:09 - 2015-10-18 03:39 - 00000000 ____D C:\Users\Dan
2016-01-09 15:45 - 2015-11-15 10:23 - 00000000 ____D C:\Users\Dan\AppData\LocalLow\Temp
2016-01-09 11:49 - 2015-10-18 18:34 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 11.0
2016-01-09 11:49 - 2015-07-10 16:34 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-01-09 11:45 - 2015-10-18 18:37 - 00000000 ____D C:\Windows\SysWOW64\1033
2016-01-09 11:45 - 2015-10-18 18:34 - 00000000 ____D C:\Program Files (x86)\MSBuild
2016-01-09 11:45 - 2015-10-18 18:34 - 00000000 ____D C:\Program Files (x86)\Microsoft SDKs
2016-01-09 11:39 - 2015-10-18 18:43 - 00000000 ____D C:\Program Files\MSBuild
2016-01-09 11:03 - 2015-07-10 17:50 - 00284632 _____ C:\Windows\system32\FNTCACHE.DAT
2016-01-09 11:01 - 2015-07-10 16:34 - 00000000 ____D C:\Windows\system32\oobe
2016-01-09 11:00 - 2015-10-24 08:47 - 00000000 ____D C:\ProgramData\Microsoft Help
2016-01-09 10:57 - 2015-10-17 20:05 - 00000000 ____D C:\Windows\system32\MRT
2016-01-09 10:51 - 2015-10-17 20:05 - 140158008 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-01-09 10:43 - 2015-10-18 04:33 - 00000000 ____D C:\Windows\Panther
2016-01-09 10:42 - 2015-07-10 16:34 - 00000167 _____ C:\Windows\win.ini
2016-01-09 10:39 - 2015-12-01 06:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Your Uninstaller! 7
2016-01-09 00:21 - 2015-10-18 18:42 - 00000000 ____D C:\Program Files (x86)\Microsoft ASP.NET
2016-01-09 00:09 - 2015-10-18 18:41 - 00000000 ____D C:\Program Files (x86)\Windows Kits
2016-01-09 00:08 - 2015-10-18 18:34 - 00000000 ____D C:\Windows\system32\1033
2016-01-08 22:28 - 2015-12-01 06:42 - 00000000 ____D C:\ProgramData\TEMP
2016-01-07 08:56 - 2015-11-13 22:47 - 00000000 ____D C:\Users\Dan\AppData\Local\Downloaded Installations
2016-01-07 08:03 - 2015-10-24 07:59 - 00000000 ____D C:\Program Files\CCleaner
2016-01-03 07:10 - 2015-07-10 16:36 - 00826872 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-01-03 07:10 - 2015-07-10 16:36 - 00176632 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-01-02 21:52 - 2015-10-18 18:47 - 00000000 ____D C:\Users\Dan\Documents\Visual Studio 2012
2016-01-01 10:31 - 2015-07-10 16:34 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2016-01-01 10:24 - 2015-10-18 03:40 - 00000000 ____D C:\Users\Dan\AppData\Local\VirtualStore
2016-01-01 09:22 - 2015-10-24 22:35 - 00000000 ____D C:\ProgramData\Nero
2016-01-01 09:14 - 2015-11-10 14:18 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 9.0
2015-12-25 19:17 - 2015-10-18 18:37 - 00000000 ____D C:\Program Files\Microsoft SQL Server
2015-12-25 18:58 - 2015-10-18 18:38 - 00000000 ____D C:\Program Files (x86)\Microsoft Help Viewer
2015-12-25 18:51 - 2015-10-18 18:37 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server
2015-12-25 07:39 - 2015-07-10 16:34 - 00000000 __RHD C:\Users\Public\Libraries
2015-12-25 07:38 - 2015-10-22 09:30 - 00000000 ____D C:\ProgramData\BlueStacks

==================== Files in the root of some directories =======

2015-09-09 01:32 - 2015-09-09 01:32 - 0010293 _____ () C:\ProgramData\regid.2009-06.com.flexerasoftware_C684BD0A-6B53-4E5E-844A-A537255932EE.swidtag

Some files in TEMP:
====================
C:\Users\Dan\AppData\Local\Temp\fwfo.dll
C:\Users\Dan\AppData\Local\Temp\WRFirewallInstall. dll

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-01-14 12:18

==================== End of FRST.txt ============================

olgun52 · #27 January 21st, 2016, 06:43 PM

This is a normal scan report. Please read the manual well. Is there a point where you not understand?

Similar Topics
Topic	Topic Starter	Forum	Replies	Last Post
system image taking too long	Bram	Windows 10	2	August 25th, 2016 06:39 PM
need help with taking off a recovery system and get the normal system back on.	davie08	Windows XP	2	September 1st, 2008 01:30 AM
MSN virus +system idle process taking up CPU	boozybooms	Malware Removal	5	March 4th, 2008 04:55 AM
Help!! Syware is taking over my system!!	bmxer8118	Malware Removal	23	July 27th, 2005 09:46 AM
Pop ups are taking over my system!!!!	bfla	Malware Removal	1	June 15th, 2004 07:13 PM