Can't get rid of Trojan Poweliks.Gen.2

Collapse
X
Collapse
 
  • Page of 2
  • Time
  • Show
Clear All
new posts
Previous 1 2 template Next
  • clarkgriswold
    PCHF Member
    • Feb 2017
    • 39
    #1

    Can't get rid of Trojan Poweliks.Gen.2

    I can’t get rid of this nasty bugger. Picked up by Bitdefender, often says deleted, cleaned but it always comes back.

    Any help would be huge-thanks!


    Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 19-02-2017
    [/quote]
    Ran by Glen (administrator) on DESKTOP (20-02-2017 00:18:34)
    Running from C:\Users\Glen\Desktop
    Loaded Profiles: Glen (Available Profiles: Glen & UpdatusUser & Administrator)
    Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) Language: English (United States)
    Internet Explorer Version 9 (Default browser: FF)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\vsserv.exe
    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    (Microsoft Corporation) C:\Windows\System32\SLsvc.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    (Wondershare) C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
    (Andrea Electronics Corporation) C:\Windows\System32\AERTSrv.exe
    (Seiko Epson Corporation) C:\Windows\System32\escsvc.exe
    (Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    (Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\updatesrv.exe
    (Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
    (Macrovision Corporation) C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    () C:\Program Files\Web Assistant\ExtensionUpdaterService.exe
    (Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    (Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
    (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
    (SEIKO EPSON CORPORATION) C:\Program Files\EPSON Software\FAX Utility\FUFAXSTM.exe
    (SEIKO EPSON CORPORATION) C:\Program Files\EPSON Software\FAX Utility\FUFAXRCV.exe
    (SEIKO EPSON CORPORATION) C:\Program Files\EPSON Software\Event Manager\EEventManager.exe
    (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
    (WIBU-SYSTEMS AG) C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe
    (Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\bdagent.exe
    (Microsoft Corporation) C:\Windows\ehome\ehtray.exe
    (Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
    (Akamai Technologies, Inc.) C:\Users\Glen\AppData\Local\Akamai\netsession_win. exe
    (Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\bdwtxag.exe
    () C:\Program Files\USB Sharing\usbshare.exe
    (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
    (Akamai Technologies, Inc.) C:\Users\Glen\AppData\Local\Akamai\netsession_win. exe
    (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
    (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe

    ==================== Registry (Whitelisted) ====================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM...\Run: [Wondershare Helper Compact.exe] => C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [1980416 2013-12-18] (Wondershare)
    HKLM...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [4907008 2008-01-17] (Realtek Semiconductor)
    HKLM...\Run: [ISUSScheduler] => C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [81920 2006-10-03] (Macrovision Corporation)
    HKLM...\Run: [ISUSPM Startup] => C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [221184 2006-10-03] (Macrovision Corporation)
    HKLM...\Run: [IAAnotif] => C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [174872 2007-03-21] (Intel Corporation)
    HKLM...\Run: [HP Software Update] => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)
    HKLM...\Run: [FUFAXSTM] => C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe [863848 2014-05-26] (SEIKO EPSON CORPORATION)
    HKLM...\Run: [FUFAXRCV] => C:\Program Files\Epson Software\FAX Utility\FUFAXRCV.exe [642664 2014-05-26] (SEIKO EPSON CORPORATION)
    HKLM...\Run: [EEventManager] => C:\Program Files\Epson Software\Event Manager\EEventManager.exe [1065024 2014-06-10] (SEIKO EPSON CORPORATION)
    HKLM...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1045720 2015-09-14] (Adobe Systems Incorporated)
    HKLM...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle Corporation)
    HKLM...\Run: [Bdagent] => C:\Program Files\Bitdefender\Bitdefender 2015\bdagent.exe [1865664 2015-06-12] (Bitdefender)
    HKLM...\Policies\Explorer: [NoCDBurning] 0
    HKU\S-1-5-21-3490785829-169181324-3712256341-1000...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-19] (Microsoft Corporation)
    HKU\S-1-5-21-3490785829-169181324-3712256341-1000...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-19] (Microsoft Corporation)
    HKU\S-1-5-21-3490785829-169181324-3712256341-1000...\Run: [Akamai NetSession Interface] => C:\Users\Glen\AppData\Local\Akamai\netsession_win. exe [4490200 2017-01-03] (Akamai Technologies, Inc.) <===== ATTENTION
    HKU\S-1-5-21-3490785829-169181324-3712256341-1000...\Run: [Bitdefender Wallet Agent] => C:\Program Files\Bitdefender\Bitdefender 2015\bdwtxag.exe [687864 2017-01-31] (Bitdefender)
    HKU\S-1-5-21-3490785829-169181324-3712256341-1000...\Run: [sneu<>] => “C:\Users\Glen\AppData\Local\1e17e\9fab6.cc1c98” <===== ATTENTION (Value Name with invalid characters)
    HKU\S-1-5-21-3490785829-169181324-3712256341-1000...\MountPoints2: F - F:\AutoRun\AutoRun.exe
    HKU\S-1-5-21-3490785829-169181324-3712256341-1000...\MountPoints2: {60deb600-6e3c-11e3-913b-001aa08d1be6} - O:\InnoTabSetup.exe
    HKU\S-1-5-21-3490785829-169181324-3712256341-1000...\MountPoints2: {ddc90d2f-8f2b-11de-9f2c-001aa08d1be6} - L:\ImageViewer4.exe -COPYFILE
    HKU\S-1-5-21-3490785829-169181324-3712256341-1000\Control Panel\Desktop\SCRNSAVE.EXE → C:\Windows\system32\Aurora.scr [1370624 2008-01-19] (Microsoft Corporation)
    ShellIconOverlayIdentifiers: [__SafeBox1] → {152C96EB-288E-4EDC-B7C6-D21F8250ADF3} => → No File
    ShellIconOverlayIdentifiers: [__SafeBox2] → {342DAA0B-D796-460D-8566-901E08A1CCAD} => → No File
    ShellIconOverlayIdentifiers: [__SafeBox3] → {57595DAE-1AE1-4D97-A49E-67CBB53B52DF} => → No File
    ShellIconOverlayIdentifiers: [__SafeBox4] → {33816773-98AE-4723-ADE0-EBE54C8B5A67} => → No File
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\APC UPS Status.lnk [2008-09-04]
    ShortcutTarget: APC UPS Status.lnk → C:\Program Files\APC\APC PowerChute Personal Edition\Display.exe (No File)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\DataViz Inc Messenger.lnk [2008-07-18]
    ShortcutTarget: DataViz Inc Messenger.lnk → C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe (No File)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HotSync Manager.lnk [2008-07-18]
    ShortcutTarget: HotSync Manager.lnk → C:\Program Files\palmOne\Hotsync.exe (No File)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ImageMixer 3 SE Camera Monitor Ver.3.lnk [2011-05-29]
    ShortcutTarget: ImageMixer 3 SE Camera Monitor Ver.3.lnk → C:\Program Files\PIXELA\ImageMixer 3 SE Ver.3\CameraMonitor.exe (PIXELA CORPORATION)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\USB Sharing.lnk [2008-09-05]
    ShortcutTarget: USB Sharing.lnk → C:\Program Files\USB Sharing\usbshare.exe ()
    BootExecute:

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc.)
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
    Tcpip..\Interfaces{98C63B37-7ECC-43D4-AA4D-322215D7E7A2}: [DhcpNameServer] 192.168.1.1
    [HEADING=1]Internet Explorer:[/HEADING]
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
    HKU\S-1-5-21-3490785829-169181324-3712256341-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    URLSearchHook: HKU\S-1-5-21-3490785829-169181324-3712256341-1000 - (No Name) - {a94e8dc9-07aa-45a7-8af2-a0375473a5cd} - No File
    URLSearchHook: HKU\S-1-5-21-3490785829-169181324-3712256341-1000 - (No Name) - {91da5e8a-3318-4f8c-b67e-5964de3ab546} - No File
    URLSearchHook: HKU\S-1-5-21-3490785829-169181324-3712256341-1000 - (No Name) - {f897eb0e-a3a4-46c3-80eb-2729699d8892} - No File
    URLSearchHook: HKU\S-1-5-21-3490785829-169181324-3712256341-1000 - (No Name) - {f4c28532-b9d0-4950-a2df-e83f9929242b} - C:\Program Files\MyFunCards_5m\bar\1.bin\5mSrcAs.dll No File
    SearchScopes: HKLM → DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://search.yahoo.com/yhs/search?type=756&hspart=avast&hsimp=yhs-corp&p={searchTerms}
    SearchScopes: HKLM → {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://search.yahoo.com/yhs/search?type=756&hspart=avast&hsimp=yhs-corp&p={searchTerms}
    SearchScopes: HKLM → {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&cti d=CT2925418
    SearchScopes: HKU.DEFAULT → {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
    SearchScopes: HKU\S-1-5-21-3490785829-169181324-3712256341-1000 → DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://search.yahoo.com/yhs/search?type=756&hspart=avast&hsimp=yhs-corp&p={searchTerms}
    SearchScopes: HKU\S-1-5-21-3490785829-169181324-3712256341-1000 → {4DFE95E1-324C-4BF8-BDE1-266927F9598A} URL = hxxps://search.yahoo.com/search?p={searchTerms}&intl=us&fr=yset_ie_syc_orac le&type=orcl_default&partnerexternal-oracle=external-oracle
    SearchScopes: HKU\S-1-5-21-3490785829-169181324-3712256341-1000 → {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://search.yahoo.com/yhs/search?type=756&hspart=avast&hsimp=yhs-corp&p={searchTerms}
    SearchScopes: HKU\S-1-5-21-3490785829-169181324-3712256341-1000 → {CFF4DB9B-135F-47c0-9269-B4C6572FD61A} URL = hxxp://mystart.smilebox.com/?search={searchTerms}&loc=SB_IE_DS&a=6R8FRqYkDD
    BHO: Bitdefender Wallet → {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} → C:\Program Files\Bitdefender\Bitdefender 2015\pmbxie.dll [2015-04-03] (Bitdefender)
    BHO: Java™ Plug-In SSV Helper → {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} → C:\Program Files\Java\jre1.8.0_121\bin\ssv.dll [2017-01-21] (Oracle Corporation)
    BHO: Windows Live ID Sign-in Helper → {9030D464-4C02-4ABF-8ECC-5164760863C6} → C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
    BHO: Java™ Plug-In 2 SSV Helper → {DBC80044-A445-435b-BC74-9C25C1C588A9} → C:\Program Files\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-01-21] (Oracle Corporation)
    Toolbar: HKLM - Bitdefender Wallet - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2015\pmbxie.dll [2015-04-03] (Bitdefender)
    Toolbar: HKU\S-1-5-21-3490785829-169181324-3712256341-1000 → No Name - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No File
    Toolbar: HKU\S-1-5-21-3490785829-169181324-3712256341-1000 → No Name - {F897EB0E-A3A4-46C3-80EB-2729699D8892} - No File
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
    DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100
    Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2006-06-05] (Microsoft Corporation)
    [HEADING=1]FireFox:[/HEADING]
    FF DefaultProfile: pooixovy.default-1413691062373
    FF ProfilePath: C:\Users\Glen\AppData\Roaming\Mozilla\Firefox\Prof iles\pooixovy.default-1413691062373 [2017-02-20]
    FF NewTab: Mozilla\Firefox\Profiles\pooixovy.default-1413691062373 → about:newtab
    FF DefaultSearchEngine: Mozilla\Firefox\Profiles\pooixovy.default-1413691062373 → Yahoo! (Avast)
    FF DefaultSearchEngine.US: Mozilla\Firefox\Profiles\pooixovy.default-1413691062373 → DuckDuckGo
    FF DefaultSearchUrl: Mozilla\Firefox\Profiles\pooixovy.default-1413691062373 → hxxps://search.yahoo.com/yhs/search
    FF SearchEngineOrder.1: Mozilla\Firefox\Profiles\pooixovy.default-1413691062373 → Yahoo! (Avast)
    FF SelectedSearchEngine: Mozilla\Firefox\Profiles\pooixovy.default-1413691062373 → Yahoo! (Avast)
    FF Homepage: Mozilla\Firefox\Profiles\pooixovy.default-1413691062373 → hxxps://duckduckgo.com/
    FF SearchPlugin: C:\Users\Glen\AppData\Roaming\Mozilla\Firefox\Prof iles\pooixovy.default-1413691062373\searchplugins\duckduckgo.xml [2014-10-18]
    FF SearchPlugin: C:\Users\Glen\AppData\Roaming\Mozilla\Firefox\Prof iles\pooixovy.default-1413691062373\searchplugins\yahoo-avast.xml [2017-01-22]
    FF HKLM...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    FF Extension: (Microsoft .NET Framework Assistant) - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-09-02] [not signed]
    FF HKLM...\Firefox\Extensions: [bdwteffv19@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2015\bdwteff
    FF Extension: (Bitdefender Wallet) - C:\Program Files\Bitdefender\Bitdefender 2015\bdwteff [2017-01-31]
    FF HKLM...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2015\bdtbext
    FF Extension: (Bitdefender Antispam Toolbar) - C:\Program Files\Bitdefender\Bitdefender 2015\bdtbext [2015-06-22] [not signed]
    FF Plugin: @adobe.com/FlashPlayer → C:\Windows\system32\Macromed\Flash\NPSWF32_24_0_0_ 221.dll [2017-02-14] ()
    FF Plugin: @Apple.com/iTunes,version=1.0 → C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2015-09-04] ()
    FF Plugin: @checkpoint.com/FFApi → C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npF FApi.dll [No File]
    FF Plugin: @java.com/DTPlugin,version=11.121.2 → C:\Program Files\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1 .dll [2017-01-21] (Oracle Corporation)
    FF Plugin: @java.com/JavaPlugin,version=11.121.2 → C:\Program Files\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-01-21] (Oracle Corporation)
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 → C:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
    FF Plugin: @microsoft.com/WPF,version=3.5 → C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
    FF Plugin: @nvidia.com/3DVision → C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll [2013-01-18] (NVIDIA Corporation)
    FF Plugin: @nvidia.com/3DVisionStreaming → C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2013-01-18] (NVIDIA Corporation)
    FF Plugin: Adobe Reader → C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-09-24] (Adobe Systems Inc.)
    FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\itms.js [2015-09-09]
    [HEADING=1]Chrome:[/HEADING]
    CHR HKLM...\Chrome\Extension: [fabcmochhfpldjekobfaaggijgohadih] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM...\Chrome\Extension: [phfmiknmhngmmlcppkpmbnopohlnfpbh] - C:\Users\Glen\AppData\Local\CRE\phfmiknmhngmmlcppk pmbnopohlnfpbh.crx [2012-09-09]
    CHR HKU\S-1-5-21-3490785829-169181324-3712256341-1000\SOFTWARE\Google\Chrome\Extensions...\Chrome\E xtension: [phfmiknmhngmmlcppkpmbnopohlnfpbh] - C:\Users\Glen\AppData\Local\CRE\phfmiknmhngmmlcppk pmbnopohlnfpbh.crx [2012-09-09]

    ==================== Services (Whitelisted) ====================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 AERTFilters; C:\Windows\system32\AERTSrv.exe [77824 2007-12-05] (Andrea Electronics Corporation)
    S4 Automatic LiveUpdate Scheduler; C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [194240 2006-12-03] (Symantec Corporation)
    S3 BdDesktopParental; C:\Program Files\Bitdefender\Bitdefender 2015\bdparentalservice.exe [69880 2014-12-09] (Bitdefender)
    R2 CodeMeter.exe; C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe [3105144 2013-11-27] (WIBU-SYSTEMS AG)
    R2 EpsonScanSvc; C:\Windows\system32\EscSvc.exe [126128 2012-05-17] (Seiko Epson Corporation)
    S3 getPlusHelper; C:\Program Files\NOS\bin\getPlus_Helper.dll [68000 2010-03-22] (NOS Microsystems Ltd.)
    S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]
    S4 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [73728 2011-03-04] (Hewlett-Packard Company) [File not signed]
    S4 LiveUpdate; C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE [2541248 2006-12-03] (Symantec Corporation)
    S4 LiveUpdate Notice Service; C:\Program Files\Common Files\Symantec Shared\PIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe [517768 2007-03-12] (Symantec Corporation)
    R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44032 2010-08-06] (Hewlett-Packard) [File not signed]
    R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2010-08-06] (Hewlett-Packard) [File not signed]
    S4 SafeBox; C:\Program Files\Bitdefender\Bitdefender SafeBox\safeboxservice.exe [81704 2013-07-08] (Bitdefender)
    R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender 2015\updatesrv.exe [54424 2014-10-27] (Bitdefender)
    R2 VSSERV; C:\Program Files\Bitdefender\Bitdefender 2015\vsserv.exe [1335176 2017-01-31] (Bitdefender)
    R2 Web Assistant Updater; C:\Program Files\Web Assistant\ExtensionUpdaterService.exe [185856 2012-07-12] () [File not signed]
    S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-19] (Microsoft Corporation)
    S2 CLTNetCnService; “C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe” /h ccCommon
    S2 LiveUpdate Notice Ex; “C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe” /h ccCommon
    S4 stllssvr; “C:\Program Files\Common Files\SureThing Shared\stllssvr.exe”
    S2 ZAPrivacyService; “C:\Program Files\CheckPoint\ZoneAlarm\ZAPrivacyService.exe”

    ===================== Drivers (Whitelisted) ======================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [1258376 2017-01-26] (BitDefender)
    R3 avchv; C:\Windows\System32\DRIVERS\avchv.sys [252184 2015-05-29] (BitDefender)
    R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [696632 2017-01-26] (BitDefender)
    R1 BdfNdisf; c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys [77632 2014-12-15] (BitDefender LLC)
    R1 bdftdif; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdftdif.sys [131432 2012-02-07] (BitDefender LLC)
    S3 BDSandBox; C:\Windows\system32\drivers\bdsandbox.sys [66832 2015-01-09] (BitDefender SRL)
    R1 bdselfpr; C:\Program Files\Bitdefender\Bitdefender 2015\bdselfpr.sys [135600 2013-07-26] (BitDefender LLC)
    R1 BDVEDISK; C:\Windows\System32\DRIVERS\bdvedisk.sys [72704 2012-04-17] (BitDefender)
    R1 CLBStor; C:\Windows\system32\Drivers\CLBStor.sys [16048 2007-06-04] (Cyberlink Co.,Ltd.)
    R2 CLBUDF; C:\Windows\system32\Drivers\CLBUDF.sys [162096 2007-06-04] (CyberLink Corporation.)
    S3 Dot4Scan; C:\Windows\System32\DRIVERS\Dot4Scan.sys [10752 2008-01-19] (Microsoft Corporation)
    R1 ElRawDisk; C:\Windows\system32\drivers\elrawdsk.sys [12800 2007-09-20] (EldoS Corporation) [File not signed]
    S3 FlyUsb; C:\Windows\System32\DRIVERS\FlyUsb.sys [19456 2008-04-01] (LeapFrog) [File not signed]
    S3 grmnusb; C:\Windows\System32\drivers\grmnusb.sys [9344 2009-04-17] (GARMIN Corp.) [File not signed]
    R0 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [173832 2015-04-29] (BitDefender LLC)
    S3 PalmUSBD; C:\Windows\System32\drivers\PalmUSBD.sys [16640 2007-12-04] (PalmSource, Inc.)
    S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys
    S3 IpInIp; system32\DRIVERS\ipinip.sys
    U5 klflt; C:\Windows\System32\Drivers\klflt.sys [74848 2013-10-08] (Kaspersky Lab ZAO)
    S0 Lbd; system32\DRIVERS\Lbd.sys
    S3 MBAMSwissArmy; ??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
    S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys
    S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys
    S3 vsdatant7; System32\drivers\vsdatant.win7.sys
    S3 XE102Mp5; System32\Drivers\XE102Mp5.sys
    S3 XE102Sp5; System32\Drivers\XE102Sp5.sys

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2017-02-20 00:18 - 2017-02-20 00:20 - 00021763 _____ C:\Users\Glen\Desktop\FRST.txt
    2017-02-20 00:16 - 2017-02-20 00:18 - 00000000 ____D C:\FRST
    2017-02-20 00:15 - 2017-02-20 00:15 - 01764864 _____ (Farbar) C:\Users\Glen\Desktop\FRST.exe
    2017-02-20 00:01 - 2017-02-20 00:01 - 00000000 ____H C:\ProgramData\cm-lock
    2017-02-19 23:54 - 2017-02-19 23:57 - 00002178 _____ C:\Users\Glen\Desktop\Rkill.txt
    2017-02-19 21:44 - 2017-02-19 21:44 - 00001994 _____ C:\Users\Glen\AppData\Roaming\Microsoft\Windows\St art Menu\Programs\Windows Vista Upgrade Advisor.lnk
    2017-02-19 11:54 - 2017-02-19 14:13 - 00000000 ____D C:\Users\Glen\Desktop\Old Files
    2017-02-18 21:20 - 2017-02-18 21:20 - 00422664 _____ (BitDefender S.R.L.) C:\Windows\system32\Drivers\trufos.sys
    2017-02-03 00:19 - 2017-02-03 00:19 - 00000000 ____D C:\239deb8e4b0bd0ad0d434b4b
    2017-02-03 00:17 - 2017-02-03 00:17 - 00000000 ____D C:\975cafc51b3f32eaa4bd77e09f6d1040
    2017-02-02 15:51 - 2017-02-02 15:53 - 00000000 ____D C:\Users\Glen\AppData\Local\Roblox
    2017-02-01 17:18 - 2017-02-01 17:18 - 00000000 ____D C:\ProgramData\Roblox
    2017-02-01 17:17 - 2017-02-02 16:00 - 00000163 _____ C:\Users\Glen\AppData\LocalLow\rbxcsettings.rbx
    2017-02-01 17:17 - 2017-02-01 17:17 - 00000000 ____D C:\Program Files\Roblox
    2017-01-27 10:20 - 2017-01-27 10:21 - 00000000 ____D C:\Users\Glen\AppData\Local\AvgSetupLog
    2017-01-26 11:30 - 2017-01-26 11:30 - 00000385 _____ C:\Windows\system32\user_gensett.xml
    2017-01-26 09:22 - 2017-01-26 09:22 - 00935286 _____ C:\ProgramData\1485439235.bdinstall.bin
    2017-01-26 09:19 - 2017-01-26 09:19 - 00000308 ____H C:\bdr-cf01
    2017-01-26 09:18 - 2017-01-26 09:18 - 00001959 _____ C:\Users\Public\Desktop\Bitdefender Total Security 2015.lnk
    2017-01-26 09:18 - 2017-01-26 09:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bitdefender 2015
    2017-01-26 09:17 - 2015-01-09 11:58 - 00066832 _____ (BitDefender SRL) C:\Windows\system32\Drivers\bdsandbox.sys
    2017-01-26 09:17 - 2015-01-09 11:44 - 00074000 _____ (BitDefender SRL) C:\Windows\system32\bdsandboxuiskin.dll
    2017-01-26 09:17 - 2015-01-09 11:44 - 00026624 _____ (BitDefender SRL) C:\Windows\system32\bdsandboxuh.dll
    2017-01-26 09:17 - 2014-12-15 17:56 - 00077632 _____ (BitDefender LLC) C:\Windows\system32\Drivers\BdfNdisf6.sys
    2017-01-26 09:17 - 2012-04-17 14:40 - 00072704 _____ (BitDefender) C:\Windows\system32\Drivers\bdvedisk.sys
    2017-01-26 09:16 - 2017-01-26 09:47 - 01258376 _____ (BitDefender) C:\Windows\system32\Drivers\avc3.sys
    2017-01-26 09:16 - 2017-01-26 09:47 - 00696632 _____ (BitDefender) C:\Windows\system32\Drivers\avckf.sys
    2017-01-26 09:16 - 2015-05-29 09:50 - 00252184 _____ (BitDefender) C:\Windows\system32\Drivers\avchv.sys
    2017-01-26 09:06 - 2017-01-26 09:23 - 00000000 ____D C:\Users\Glen\AppData\Roaming\Bitdefender
    2017-01-26 09:06 - 2017-01-26 09:19 - 00253404 ____H C:\bdr-ld01
    2017-01-26 09:06 - 2017-01-26 09:19 - 00009216 ____H C:\bdr-ld01.mbr
    2017-01-26 09:06 - 2015-05-19 15:52 - 39533906 ____H C:\bdr-im01.gz
    2017-01-26 09:06 - 2012-08-15 15:28 - 02294848 ____H C:\bdr-bz01
    2017-01-26 09:00 - 2017-01-26 09:21 - 00000000 ____D C:\ProgramData\Bitdefender
    2017-01-26 09:00 - 2017-01-26 09:06 - 00000000 ____D C:\Program Files\Bitdefender
    2017-01-26 09:00 - 2017-01-26 09:00 - 00000000 ____D C:\Program Files\Common Files\Bitdefender
    2017-01-26 09:00 - 2015-04-29 13:31 - 00173832 _____ (BitDefender LLC) C:\Windows\system32\Drivers\gzflt.sys
    2017-01-26 08:56 - 2017-01-26 08:56 - 00000000 ____D C:\Users\Administrator\AppData\Local\CrashDumps
    2017-01-26 08:53 - 2017-01-26 08:53 - 00084944 _____ C:\Users\Administrator\AppData\Local\GDIPFONTCACHE V1.DAT
    2017-01-26 08:53 - 2017-01-26 08:53 - 00000000 ____D C:\Users\Administrator\AppData\Local\AvgSetupLog
    2017-01-26 08:52 - 2017-01-26 08:52 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Adobe
    2017-01-26 08:51 - 2017-01-26 08:51 - 00000951 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\W indows\Start Menu\Programs\Internet Explorer.lnk
    2017-01-26 08:51 - 2017-01-26 08:51 - 00000946 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\W indows\Start Menu\Programs\Windows Media Player.lnk
    2017-01-26 08:51 - 2017-01-26 08:51 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Epson
    2017-01-26 08:51 - 2017-01-26 08:51 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Apple Computer
    2017-01-26 08:51 - 2017-01-26 08:51 - 00000000 ____D C:\Users\Administrator\AppData\Local\Wondershare
    2017-01-26 08:51 - 2017-01-26 08:51 - 00000000 ____D C:\Users\Administrator\AppData\Local\Avg
    2017-01-26 08:51 - 2017-01-26 08:51 - 00000000 ____D C:\Users\Administrator\AppData\Local\Apple Computer
    2017-01-26 08:50 - 2017-01-26 08:51 - 00000000 ____D C:\Users\Administrator
    2017-01-26 08:50 - 2017-01-26 08:50 - 00000917 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\W indows\Start Menu\Programs\Windows Mail.lnk
    2017-01-26 08:50 - 2017-01-26 08:50 - 00000020 ___SH C:\Users\Administrator\ntuser.ini
    2017-01-26 08:50 - 2017-01-26 08:50 - 00000000 _SHDL C:\Users\Administrator\My Documents
    2017-01-26 08:50 - 2017-01-26 08:50 - 00000000 _SHDL C:\Users\Administrator\Documents\My Videos
    2017-01-26 08:50 - 2017-01-26 08:50 - 00000000 _SHDL C:\Users\Administrator\Documents\My Pictures
    2017-01-26 08:50 - 2017-01-26 08:50 - 00000000 _SHDL C:\Users\Administrator\Documents\My Music
    2017-01-26 08:50 - 2010-03-27 09:21 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Macromedia
    2017-01-26 08:50 - 2006-11-02 07:37 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Media Center Programs
    2017-01-25 23:16 - 2017-01-25 23:16 - 00000000 ____D C:\74b5dafec5ddf39806d5d11a11
    2017-01-25 23:03 - 2017-01-25 23:03 - 00000000 ____D C:\a51f592706bbcae6374e3a720ddf
    2017-01-25 22:35 - 2017-01-25 22:35 - 00000000 ____D C:\2e35ff875d9f9e874ec13ed34c92e8
    2017-01-21 23:53 - 2017-01-21 23:53 - 00000000 ____D C:\Users\Glen\AppData\Local\CEF
    2017-01-21 23:51 - 2017-01-27 10:39 - 00000000 ____D C:\ProgramData\Avg
    2017-01-21 23:51 - 2017-01-21 23:51 - 00000000 ____D C:\Users\Glen\AppData\Local\Avg
    2017-01-21 23:44 - 2017-01-21 23:44 - 00000000 ____D C:\Users\Glen\AppData\Roaming\Yahoo
    2017-01-21 23:44 - 2017-01-21 23:44 - 00000000 ____D C:\Users\Glen\AppData\Local\YSearchUtil
    2017-01-21 23:44 - 2017-01-21 23:44 - 00000000 ____D C:\Program Files\Yahoo!

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2017-02-20 00:19 - 2016-11-16 17:24 - 00000000 ____D C:\Users\Glen\AppData\LocalLow\Mozilla
    2017-02-20 00:07 - 2006-11-02 06:18 - 00000000 ____D C:\Windows\inf
    2017-02-20 00:07 - 2006-11-02 05:33 - 00763670 _____ C:\Windows\system32\PerfStringBackup.INI
    2017-02-20 00:02 - 2016-02-13 13:02 - 00000917 _____ C:\Windows\Tasks\EPSON WF-4630 Series Update {E3062EAB-2698-476F-8702-41D3C9FF90BE}.job
    2017-02-20 00:02 - 2016-02-13 13:02 - 00000731 _____ C:\Windows\Tasks\EPSON WF-4630 Series Invitation {E3062EAB-2698-476F-8702-41D3C9FF90BE}.job
    2017-02-20 00:01 - 2008-02-16 11:09 - 00000000 ____D C:\ProgramData\NVIDIA
    2017-02-20 00:01 - 2006-11-02 08:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
    2017-02-20 00:01 - 2006-11-02 07:47 - 00003568 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    2017-02-20 00:01 - 2006-11-02 07:47 - 00003568 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    2017-02-20 00:00 - 2015-03-28 14:50 - 00451022 _____ C:\bdlog.txt
    2017-02-20 00:00 - 2006-11-02 08:01 - 00032564 _____ C:\Windows\Tasks\SCHEDLGU.TXT
    2017-02-19 23:57 - 2012-04-08 01:46 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
    2017-02-19 22:28 - 2016-12-28 10:30 - 00000000 ____D C:\Users\Glen\AppData\Local\CrashDumps
    2017-02-19 12:44 - 2006-11-02 07:47 - 00337320 _____ C:\Windows\system32\FNTCACHE.DAT
    2017-02-19 12:41 - 2010-05-18 22:51 - 00001356 _____ C:\Users\Glen\AppData\Local\d3d9caps.dat
    2017-02-19 12:40 - 2007-08-13 19:41 - 00552296 _____ C:\Windows\ntbtlog.txt
    2017-02-18 20:31 - 2007-12-10 09:05 - 00000000 ____D C:\ProgramData\Lavasoft
    2017-02-14 20:57 - 2012-04-08 01:46 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
    2017-02-14 20:57 - 2011-05-19 02:27 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
    2017-02-14 20:57 - 2007-08-09 16:03 - 00000000 ____D C:\Windows\system32\Macromed
    2017-01-28 12:42 - 2016-11-16 10:10 - 00000000 ____D C:\Program Files\Mozilla Firefox
    2017-01-27 18:23 - 2014-06-28 10:20 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
    2017-01-26 09:19 - 2007-08-11 12:05 - 00000000 ____D C:\Users\Glen
    2017-01-26 08:58 - 2007-08-11 12:06 - 00000946 _____ C:\Users\Glen\AppData\Roaming\Microsoft\Windows\St art Menu\Programs\Windows Media Player.lnk
    2017-01-25 22:13 - 2007-10-09 20:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fellowes NEATO MediaFACE II
    2017-01-24 09:02 - 2011-11-03 21:24 - 00000000 ____D C:\Users\Glen\AppData\Local\Akamai
    2017-01-22 13:21 - 2014-06-28 10:20 - 00000836 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
    2017-01-22 12:09 - 2008-09-20 22:24 - 00000000 ____D C:\Program Files\lg_fwupdate
    2017-01-22 12:08 - 2008-09-20 22:25 - 00000289 _____ C:\Windows\lgfwup.ini
    2017-01-21 23:43 - 2015-03-28 15:41 - 00000000 ____D C:\ProgramData\Oracle
    2017-01-21 23:42 - 2015-03-28 15:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
    2017-01-21 23:42 - 2007-08-09 16:03 - 00000000 ____D C:\Program Files\Java
    2017-01-21 23:42 - 2007-08-09 16:03 - 00000000 ____D C:\Program Files\Common Files\Java
    2017-01-21 23:40 - 2015-03-28 15:42 - 00095808 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll

    ==================== Files in the root of some directories =======

    2015-07-16 09:17 - 2015-07-16 09:17 - 0001110 _____ () C:\Users\Glen\AppData\Roaming\ConvAPIPlugin.log
    2009-02-21 21:23 - 2010-02-07 23:23 - 0000164 _____ () C:\Users\Glen\AppData\Roaming\default.rss
    2010-10-03 00:30 - 2010-10-20 10:20 - 0087608 _____ () C:\Users\Glen\AppData\Roaming\inst.exe
    2010-10-03 00:30 - 2010-10-20 10:20 - 0007887 _____ () C:\Users\Glen\AppData\Roaming\pcouffin.cat
    2010-10-03 00:30 - 2010-10-20 10:20 - 0001144 _____ () C:\Users\Glen\AppData\Roaming\pcouffin.inf
    2010-10-03 00:32 - 2010-10-20 10:20 - 0000033 _____ () C:\Users\Glen\AppData\Roaming\pcouffin.log
    2010-10-03 00:30 - 2010-10-20 10:20 - 0047360 _____ (VSO Software) C:\Users\Glen\AppData\Roaming\pcouffin.sys
    2008-02-06 17:21 - 2016-12-18 22:49 - 0000278 _____ () C:\Users\Glen\AppData\Roaming\wklnhst.dat
    2013-12-26 10:06 - 2013-12-26 13:26 - 0000941 _____ () C:\Users\Glen\AppData\Local\cookies.ini
    2010-05-18 22:51 - 2017-02-19 12:41 - 0001356 _____ () C:\Users\Glen\AppData\Local\d3d9caps.dat
    2007-08-11 12:41 - 2014-08-12 12:40 - 0115200 _____ () C:\Users\Glen\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2009-07-15 17:18 - 2009-07-15 17:18 - 0004096 _____ () C:\Users\Glen\AppData\Local\keyfile3.drm
    2010-10-03 20:58 - 2010-10-03 21:18 - 0000040 ___SH () C:\ProgramData.zreglib
    2017-01-26 09:22 - 2017-01-26 09:22 - 0935286 _____ () C:\ProgramData\1485439235.bdinstall.bin
    2017-02-20 00:01 - 2017-02-20 00:01 - 0000000 ____H () C:\ProgramData\cm-lock
    2010-03-04 21:10 - 2016-02-12 18:31 - 0023445 _____ () C:\ProgramData\hpzinstall.log
    2007-08-12 19:52 - 2016-12-26 11:01 - 0009134 _____ () C:\ProgramData\LUUnInstall.LiveUpdate
    [HEADING=1]Files to move or delete:[/HEADING]
    C:\Users\Glen\AppData\Local\Akamai\netsession_win. exe
    [HEADING=1]Some files in TEMP:[/HEADING]
    2017-01-21 23:38 - 2017-01-21 23:38 - 0739904 _____ (Oracle Corporation) C:\Users\Glen\AppData\Local\Temp\jre-8u121-windows-au.exe
    2017-01-27 08:47 - 2017-01-27 08:47 - 0111936 _____ (Microsoft Corporation) C:\Users\Glen\AppData\Local\Temp\MsiZap.exe
    2017-01-02 10:58 - 2010-05-04 12:46 - 0353112 _____ (Microsoft Corporation) C:\Users\Glen\AppData\Local\Temp\MSNF42D.exe
    2016-12-26 19:56 - 2016-12-26 19:56 - 0075264 _____ () C:\Users\Glen\AppData\Local\Temp\upd.exE

    ==================== Bamital & volsnap ======================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\system32\winlogon.exe => File is digitally signed
    C:\Windows\system32\wininit.exe => File is digitally signed
    C:\Windows\system32\svchost.exe => File is digitally signed
    C:\Windows\system32\services.exe => File is digitally signed
    C:\Windows\system32\User32.dll => File is digitally signed
    C:\Windows\system32\userinit.exe => File is digitally signed
    C:\Windows\system32\rpcss.dll => File is digitally signed
    C:\Windows\system32\dnsapi.dll => File is digitally signed
    C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

    LastRegBack: 2017-02-20 00:10

    ==================== End of FRST.txt ============================


    Additional scan result of Farbar Recovery Scan Tool (x86) Version: 19-02-2017
    [HEADING=1]Ran by Glen (20-02-2017 00:20:55)
    Running from C:\Users\Glen\Desktop
    Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) (2007-08-09 20:55:55)
    Boot Mode: Normal[/HEADING]
    ==================== Accounts: =============================

    Administrator (S-1-5-21-3490785829-169181324-3712256341-500 - Administrator - Disabled) => C:\Users\Administrator
    Glen (S-1-5-21-3490785829-169181324-3712256341-1000 - Administrator - Enabled) => C:\Users\Glen
    Guest (S-1-5-21-3490785829-169181324-3712256341-501 - Limited - Disabled)
    UpdatusUser (S-1-5-21-3490785829-169181324-3712256341-1003 - Limited - Enabled) => C:\Users\UpdatusUser

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Bitdefender Antivirus (Enabled - Up to date) {3FB17364-4FCC-0FA7-6BBF-973897395371}
    AS: Bitdefender Antispyware (Enabled - Up to date) {84D09280-69F6-0029-510F-AC4AECBE19CC}
    AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    FW: Bitdefender Firewall (Enabled) {078AF241-05A3-0EFF-40E0-3E0D69EA140A}

    ==================== Installed Programs ======================

    (Only the adware programs with “Hidden” flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    32 Bit HP CIO Components Installer (Version: 7.1.8 - Hewlett-Packard) Hidden
    Acrobat.com (HKLM...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1 702B320485DF8CE.1) (Version: 2.0.0.0 - Adobe Systems Incorporated)
    Acrobat.com (Version: 2.0.0 - Adobe Systems Incorporated) Hidden
    Adobe AIR (HKLM...\Adobe AIR) (Version: 18.0.0.180 - Adobe Systems Incorporated)
    Adobe Download Manager (HKLM...{E2883E8F-472F-4fb0-9522-AC9BF37916A7}) (Version: 1.6.2.63 - NOS Microsystems Ltd.)
    Adobe Flash Player 24 ActiveX (HKLM...\Adobe Flash Player ActiveX) (Version: 24.0.0.221 - Adobe Systems Incorporated)
    Adobe Flash Player 24 NPAPI (HKLM...\Adobe Flash Player NPAPI) (Version: 24.0.0.221 - Adobe Systems Incorporated)
    Adobe Reader X (10.1.16) (HKLM...{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.16 - Adobe Systems Incorporated)
    Akamai NetSession Interface (HKU\S-1-5-21-3490785829-169181324-3712256341-1000...\Akamai) (Version: - Akamai Technologies, Inc)
    Apple Application Support (32-bit) (HKLM...{AFA1153A-F547-409B-B837-3A0D6C5A3FEC}) (Version: 3.1.3 - Apple Inc.)
    Apple Mobile Device Support (HKLM...{A75CA58D-DB9C-4D14-9428-E0C7B0F623DC}) (Version: 9.0.0.26 - Apple Inc.)
    Apple Software Update (HKLM...{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
    AviSynth 2.5 (HKLM...\AviSynth) (Version: - )
    BD/HD Advisor 1.0 (HKLM...{2D2D8FE2-605C-4D3C-B706-36E981E7EEF0}) (Version: - )
    Bitdefender Total Security 2015 (HKLM...\Bitdefender) (Version: 18.23.0.1604 - Bitdefender)
    Bonjour (HKLM...{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
    bpd_scan (Version: 3.00.0000 - Hewlett-Packard) Hidden
    Canon RAW Image Task for ZoomBrowser EX (HKLM...\RAW Image Task) (Version: 0.9.3.9 - Canon Inc.)
    Canon Utilities CameraWindow (HKLM...\CameraWindowLauncher) (Version: 7.1.0.2 - Canon Inc.)
    Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX (HKLM...\CameraWindowDVC6) (Version: 6.4.2.16 - Canon Inc.)
    Canon Utilities MyCamera (HKLM...\MyCamera) (Version: 6.4.0.5 - Canon Inc.)
    Canon Utilities RemoteCapture Task for ZoomBrowser EX (HKLM...\RemoteCaptureTask) (Version: 1.7.1.9 - Canon Inc.)
    Canon Utilities ZoomBrowser EX (HKLM...\ZoomBrowser EX) (Version: 6.1.1.21 - Canon Inc.)
    Canon ZoomBrowser EX Memory Card Utility (HKLM...\ZoomBrowser EX Memory Card Utility) (Version: 1.1.0.8 - Canon Inc.)
    Compatibility Pack for the 2007 Office system (HKLM...{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
    CyberLink InstantBurn (HKLM...{19C64880-BBCA-11D4-9EEE-0004ACDDDB3B}) (Version: - )
    Dell DataSafe (HKLM...{DF68383B-A940-4ABD-87FF-1D969F2B938B}) (Version: 2.00.0000 - Dell Inc.)
    Dell System Customization Wizard (HKLM...{13BA7B44-B712-4DEE-A7B8-1DD564F37AE5}) (Version: 1.00.0000 - Dell Inc.)
    Document Capture Pro (HKLM...{C75B4983-D3A7-4D0A-8B1A-7BC4F2044F37}) (Version: 1.06.0012 - Seiko Epson Corporation)
    Documents To Go Desktop for iOS (HKLM...\DTGDesktop) (Version: 5.0000.013 - DataViz, Inc.)
    DVD Shrink 3.2 (HKLM...\DVD Shrink_is1) (Version: - DVD Shrink)
    Epson Event Manager (HKLM...{E4631929-CBD3-49A1-9BB7-F36E701F7C34}) (Version: 3.10.0040 - Seiko Epson Corporation)
    Epson FAX Utility (HKLM...{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 1.51.00 - SEIKO EPSON CORPORATION)
    Epson PC-FAX Driver (HKLM...\EPSON PC-FAX Driver 2) (Version: - )
    EPSON Scan (HKLM...\EPSON Scanner) (Version: - Seiko Epson Corporation)
    EPSON Scan OCR Component (HKLM...{563B99D8-8895-4E3E-AE8D-15BE8C05F1C1}) (Version: 2.30.00 - SEIKO EPSON Corp.)
    EPSON Scan PDF Extensions (HKLM...{F9956472-6E16-4F83-BF9A-F887EF4A45B7}) (Version: 1.03.0001 - SEIKO EPSON Corp.)
    EPSON WF-4630 Series Printer Uninstall (HKLM...\EPSON WF-4630 Series) (Version: - SEIKO EPSON Corporation)
    Epson WF-4630 User’s Guide version 1.0 (HKLM...\UsersGuideEpson WF-4630 User’s Guide_is1) (Version: 1.0 - )
    EpsonNet Print (HKLM...{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.6.0 - SEIKO EPSON CORPORATION)
    Hi-Def Suite (HKLM...{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 5.0.1603 - CyberLink Corporation)
    HPDiagnosticAlert (Version: 1.00.0000 - Microsoft) Hidden
    ImageMixer 3 SE Ver.3 (HKLM...{3A95D49D-0076-4DB7-A91E-0E685DC6D6AD}) (Version: 3.01.020 - PIXELA)
    ImagXpress (Version: 7.0.74.0 - Nero AG) Hidden
    Intel(R) Matrix Storage Manager (HKLM...{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - )
    Intel(R) PRO Network Connections 12.1.11.0 (HKLM...\PROSetDX) (Version: - Intel)
    iTunes (HKLM...{868B9974-4F23-494D-B6BC-4FAB92B2755D}) (Version: 12.1.3.6 - Apple Inc.)
    Java 8 Update 121 (HKLM...{26A24AE4-039D-4CA4-87B4-2F32180121F0}) (Version: 8.0.1210.13 - Oracle Corporation)
    Java 8 Update 45 (HKLM...{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
    Java™ SE Runtime Environment 6 (HKLM...{3248F0A8-6813-11D6-A77B-00B0D0160000}) (Version: 1.6.0.0 - Sun Microsystems, Inc.)
    LG ODD Auto Firmware Update (HKLM...{6179550A-3E7C-499E-BCC9-9E8113E0A285}) (Version: 5.01.0226.01 - )
    LightScribe System Software (HKLM...{E0E55FC1-C53D-4F8D-B14B-B59C312747C8}) (Version: 1.18.22.2 - LightScribe)
    LiveUpdate 3.2 (Symantec Corporation) (HKLM...\LiveUpdate) (Version: 3.2.0.26 - Symantec Corporation)
    LiveUpdate Notice (Symantec Corporation) (HKLM...{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}) (Version: 1.2.0 - Symantec Corporation)
    MediaFACE II (HKLM...{DC1D7AD2-583A-4024-9041-387E8FFA5D8C}) (Version: - )
    Microsoft .NET Framework 4.5.2 (HKLM...{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
    Microsoft Office File Validation Add-In (HKLM...{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
    Microsoft Office Professional Edition 2003 (HKLM...{91E30409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
    Microsoft Silverlight (HKLM...{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM...{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM...{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM...{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM...{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM...{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM...{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM...{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM...{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Windows Vista Upgrade Advisor (HKLM...{E0EB8881-0CFE-4375-8782-8807D258CD7C}) (Version: 1.0.1 - Microsoft)
    Microsoft Works (HKLM...{6D52C408-B09A-4520-9B18-475B81D393F1}) (Version: 08.05.0818 - Microsoft Corporation)
    MobileMe Control Panel (HKLM...{779DECD7-E072-4B56-9B6B-BEB5973EEEB5}) (Version: 3.1.6.0 - Apple Inc.)
    Mozilla Firefox 50.1.0 (x86 en-US) (HKLM...\Mozilla Firefox 50.1.0 (x86 en-US)) (Version: 50.1.0 - Mozilla)
    Mozilla Maintenance Service (HKLM...\MozillaMaintenanceService) (Version: 50.1.0.6186 - Mozilla)
    MSVCSetup (Version: 1.00.0000 - HP) Hidden
    MSXML 4.0 SP2 (KB927978) (HKLM...{37477865-A3F1-4772-AD43-AAFC6BCFF99F}) (Version: 4.20.9841.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB936181) (HKLM...{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB941833) (HKLM...{C523D256-313D-4866-B36A-F3DE528246EF}) (Version: 4.20.9849.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB954430) (HKLM...{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB973688) (HKLM...{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
    NVIDIA 3D Vision Controller Driver 296.10 (HKLM...{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 296.10 - NVIDIA Corporation)
    NVIDIA 3D Vision Driver 311.06 (HKLM...{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 311.06 - NVIDIA Corporation)
    NVIDIA Display Control Panel (HKLM...\NVIDIA Display Control Panel) (Version: 6.14.11.9745 - NVIDIA Corporation)
    NVIDIA Graphics Driver 311.06 (HKLM...{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 311.06 - NVIDIA Corporation)
    NVIDIA PhysX System Software 9.12.0213 (HKLM...{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.0213 - NVIDIA Corporation)
    NVIDIA Update 1.11.3 (HKLM...{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.11.3 - NVIDIA Corporation)
    OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
    Product Documentation Launcher (HKLM...{89CEAE14-DD0F-448E-9554-15781EC9DB24}) (Version: 1.00.0000 - Dell Inc.)
    Realtek High Definition Audio Driver (HKLM...{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: - )
    Recover My Files (HKLM...\Recover My Files v5_is1) (Version: 5.2.1.1964 - GetData Pty Ltd)
    Software Updater (HKLM...{8DBC5A0A-31C4-46C7-B252-6B593EA11A87}) (Version: 4.3.7 - SEIKO EPSON CORPORATION)
    Sonic Activation Module (Version: 1.0 - Sonic Solutions) Hidden
    Spelling Dictionaries Support For Adobe Reader 8 (HKLM...{AC76BA86-7AD7-5464-3428-800000000003}) (Version: 8.0.0 - Adobe Systems)
    System Requirements Lab (HKLM...\SystemRequirementsLab) (Version: - )
    USB Sharing (HKLM...{25BDEE44-A62C-4DCE-9635-2D1646E2B663}) (Version: - )
    User’s Guides (HKLM...{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}) (Version: - )
    VC 9.0 Runtime (Version: 1.0.0 - Check Point Software Technologies Ltd) Hidden
    Visual C++ 2008 x86 Runtime - v9.0.30729.01 (HKLM...{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01) (Version: 9.0.30729.01 - Microsoft Corporation)
    Visual Studio 2012 x86 Redistributables (HKLM...{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
    VTech Download Agent Library (Version: 1.00.0000 - VTech) Hidden
    Windows Live ID Sign-in Assistant (HKLM...{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}) (Version: 6.500.3165.0 - Microsoft Corporation)
    WinRAR archiver (HKLM...\WinRAR archiver) (Version: - )
    Yahoo Search Set (HKLM...\Yahoo! SearchSet) (Version: - Yahoo Inc.)
    ZoneAlarm DataLock (Version: 10.1.065.000 - Check Point Software Technologies Ltd.) Hidden

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    CustomCLSID: HKU\S-1-5-21-3490785829-169181324-3712256341-1000_Classes\CLSID{188047CE-0F0A-11D7-8331-00C04FA03755}\localserver32 → C:\PROGRA~1\palmOne\QUICKI~1.EXE => No File
    CustomCLSID: HKU\S-1-5-21-3490785829-169181324-3712256341-1000_Classes\CLSID{209DAEB8-0F02-11D7-8331-00C04FA03755}\localserver32 → C:\PROGRA~1\palmOne\QUICKI~1.EXE => No File
    CustomCLSID: HKU\S-1-5-21-3490785829-169181324-3712256341-1000_Classes\CLSID{382C9F93-9BA4-4FC6-88DC-AD52F5812FF8}\localserver32 → “C:\Users\Glen\AppData\Roaming\Smilebox\OzDesktopI mporter.exe” => No File
    CustomCLSID: HKU\S-1-5-21-3490785829-169181324-3712256341-1000_Classes\CLSID{693566bc-21f8-401e-8d42-e2c5ce50dacc}\localserver32 → C:\Users\Glen\AppData\Local\Temp{d5641912-e47a-429c-879e-cfe13eac7a13}\IDriver.NonElevated.exe => N (the data entry has 6 more characters).
    CustomCLSID: HKU\S-1-5-21-3490785829-169181324-3712256341-1000_Classes\CLSID{763F9014-A89C-11D6-82E7-00C04FA03755}\localserver32 → C:\PROGRA~1\palmOne\QUICKI~1.EXE => No File
    CustomCLSID: HKU\S-1-5-21-3490785829-169181324-3712256341-1000_Classes\CLSID{BE1B5231-A3E2-11D6-82E3-00C04FA03755}\localserver32 → C:\PROGRA~1\palmOne\QUICKI~1.EXE => No File
    CustomCLSID: HKU\S-1-5-21-3490785829-169181324-3712256341-1000_Classes\CLSID{C42B23DF-334C-4AD0-9AB4-91FF53D04239}\localserver32 → “C:\Users\Glen\AppData\Roaming\Smilebox\OzDesktopI mporter.exe” => No File
    CustomCLSID: HKU\S-1-5-21-3490785829-169181324-3712256341-1000_Classes\CLSID{DFD4C164-AE18-11D6-82EC-00C04FA03755}\localserver32 → C:\PROGRA~1\palmOne\QUICKI~1.EXE => No File
    CustomCLSID: HKU\S-1-5-21-3490785829-169181324-3712256341-1000_Classes\CLSID{f4c28532-b9d0-4950-a2df-e83f9929242b}\InprocServer32 → C:\Program Files\MyFunCards_5m\bar\1.bin\5mSrcAs.dll => No File

    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {17C3711D-7E21-4D2A-8FD4-80ECB19BB36C} - System32\Tasks\Ad-Aware Update (Weekly) => C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
    Task: {1C2BFEBB-C9B8-40EF-BA7B-D5201E63806B} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2015-08-27] (Apple Inc.)
    Task: {220D309F-59EE-44D4-99C7-A4063687102B} - System32\Tasks{2028ABC9-32ED-4C06-91E9-053878041268} => pcalua.exe -a F:\SETUP.EXE -d F:\ -c /AUTORUN
    Task: {3EBAC6B0-0E01-48FE-B28F-5994609B6EA9} - System32\Tasks{D9AF9D65-BB9E-4F69-A722-44379F8B0934} => pcalua.exe -a “C:\Program Files\GetData\Recover My Files\RecoverMyFiles.exe” -d “C:\Program Files\GetData\Recover My Files”
    Task: {423C1562-2B26-44D9-9E6A-D02D256A28FF} - System32\Tasks{C1FCE3D9-EAB2-4CA3-AE11-663AAD4DFC16} => pcalua.exe -a F:\autorun.exe -d F:
    Task: {62F6A621-F6AE-464E-BE66-74793BFF7AAD} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpda teService.exe [2017-02-14] (Adobe Systems Incorporated)
    Task: {80603F12-8AF1-4B9A-982B-EBA598909069} - System32\Tasks\EPSON WF-4630 Series Invitation {E3062EAB-2698-476F-8702-41D3C9FF90BE} => C:\Windows\system32\spool\DRIVERS\W32X86\3\E_TTSKL E.EXE [2013-02-28] (SEIKO EPSON CORPORATION)
    Task: {A84A6B12-A206-4D22-9AD6-89B0AF492116} - System32\Tasks{82C6B9FC-0BA2-4CBF-9D00-3128DBE5866A} => pcalua.exe -a “C:\Users\Glen\AppData\Local\Microsoft\Windows\Tem porary Internet Files\Content.IE5\N137I7QO\USBDrivers_221[1].exe” -d C:\Users\Glen
    Task: {AF06B840-555F-46B4-93DC-5D1C64A78890} - System32\Tasks{8E1D13D6-A0B1-4413-ADE5-58072754FAAA} => pcalua.exe -a F:\setup.exe -d F:
    Task: {AFAE7C3D-6E97-4942-84D4-B3F4874AB1EB} - System32\Tasks\EPSON WF-4630 Series Update {E3062EAB-2698-476F-8702-41D3C9FF90BE} => C:\Windows\system32\spool\DRIVERS\W32X86\3\E_TTSKL E.EXE [2013-02-28] (SEIKO EPSON CORPORATION)
    Task: {B5BC98B8-08C6-42D2-A44C-2FB0A629D4BD} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-09-14] (Adobe Systems Incorporated)
    Task: {FED34180-25B7-4EAD-BB57-DC18F9037D18} - System32\Tasks{12BA5604-D8C7-4859-A9A9-72D73BACEE54} => pcalua.exe -a “C:\Program Files\palmOne\QuickInstall.exe” -d C:\Users\Glen\Desktop

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpda teService.exe
    Task: C:\Windows\Tasks\EPSON WF-4630 Series Invitation {E3062EAB-2698-476F-8702-41D3C9FF90BE}.job => C:\Windows\system32\spool\DRIVERS\W32X86\3\E_TTSKL E.EXE
    Task: C:\Windows\Tasks\EPSON WF-4630 Series Update {E3062EAB-2698-476F-8702-41D3C9FF90BE}.job => C:\Windows\system32\spool\DRIVERS\W32X86\3\E_TTSKL E.EXE :/EXE:{E3062EAB-2698-476F-8702-41D3C9FF90BE} /F:Update SYSTEM ĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi

    ==================== Shortcuts =============================

    (The entries could be listed to be restored or removed.)

    ==================== Loaded Modules (Whitelisted) ==============

    2017-01-26 09:17 - 2014-08-27 16:30 - 00204280 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\txmlutil.dll
    2017-01-26 09:16 - 2013-09-03 14:29 - 00095088 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\bdmetrics.dll
    2017-01-26 09:17 - 2015-06-22 16:22 - 00003072 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\UI\accessl.ui
    2017-01-26 09:17 - 2012-10-29 14:22 - 00130656 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\bdfwcore.dll
    2017-02-08 00:29 - 2017-02-08 00:29 - 00859344 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\otengines_02643_003\ashttpbr.mdl
    2017-02-08 00:29 - 2017-02-08 00:29 - 00466568 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\otengines_02643_003\ashttpdsp.mdl
    2017-02-08 00:29 - 2017-02-08 00:29 - 02660936 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\otengines_02643_003\ashttpph.mdl
    2017-02-08 00:29 - 2017-02-08 00:30 - 01303008 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\otengines_02643_003\ashttprbl.mdl
    2007-10-09 19:58 - 2007-09-20 17:34 - 00129024 _____ () C:\Program Files\WinRAR\rarext.dll
    2014-10-11 14:48 - 2013-07-24 08:24 - 00137728 _____ () C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\CBSCreateVC.dll
    2012-09-21 12:04 - 2012-07-12 10:48 - 00185856 _____ () C:\Program Files\Web Assistant\ExtensionUpdaterService.exe
    2009-09-17 09:55 - 2009-04-11 01:28 - 00368640 _____ () C:\Windows\system32\msjetoledb40.dll
    2008-09-05 18:48 - 2003-05-23 11:04 - 00139264 _____ () C:\Program Files\USB Sharing\usbshare.exe

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)

    AlternateDataStreams: C:\ProgramData\TEMP:0B4227B4 [268]
    AlternateDataStreams: C:\ProgramData\TEMP:0CE7F3C9 [312]
    AlternateDataStreams: C:\ProgramData\TEMP:A8ADE5D8 [232]
    AlternateDataStreams: C:\ProgramData\TEMPFC5A2B2 [244]
    AlternateDataStreams: C:\Users\Glen\Desktop\FRST.exe:BDU [0]

    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The “AlternateShell” value will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\KL1 => “”=“Service”
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\kl2 => “”=“Service”

    ==================== Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)

    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)

    ==================== Hosts content: ===============================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2006-11-02 05:23 - 2008-09-15 14:18 - 00001077 ____N C:\Windows\system32\Drivers\etc\hosts

    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-3490785829-169181324-3712256341-1000\Control Panel\Desktop\Wallpaper → C:\Users\Glen\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
    DNS Servers: 192.168.1.1
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Pol icies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 1) (EnableLUA: 0)
    Windows Firewall is enabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    MSCONFIG\Services: Apple Mobile Device => 2
    MSCONFIG\Services: Automatic LiveUpdate Scheduler => 2
    MSCONFIG\Services: Bonjour Service => 2
    MSCONFIG\Services: iPod Service => 3
    MSCONFIG\Services: Lavasoft Ad-Aware Service => 2
    MSCONFIG\Services: LightScribeService => 2
    MSCONFIG\Services: LiveUpdate => 3
    MSCONFIG\Services: LiveUpdate Notice Service => 2
    MSCONFIG\startupreg: Ad-Watch =>
    MSCONFIG\startupreg: Adobe Reader Speed Launcher =>
    MSCONFIG\startupreg: AppleSyncNotifier => C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
    MSCONFIG\startupreg: APSDaemon => “C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe”
    MSCONFIG\startupreg: Bdagent => “C:\Program Files\Bitdefender\Bitdefender 2015\bdagent.exe”
    MSCONFIG\startupreg: BDRegion =>
    MSCONFIG\startupreg: Bitdefender Wallet Agent => “C:\Program Files\Bitdefender\Bitdefender 2015\bdwtxag.exe”
    MSCONFIG\startupreg: Dell PC TuneUp Startup =>
    MSCONFIG\startupreg: EPLTarget =>
    MSCONFIG\startupreg: InstantBurn => C:\PROGRA~1\CYBERL~1\INSTAN~1\Win2K\IBurn.exe
    MSCONFIG\startupreg: iTunesHelper => “C:\Program Files\iTunes\iTunesHelper.exe”
    MSCONFIG\startupreg: LanguageShortcut =>
    MSCONFIG\startupreg: LGODDFU => “C:\Program Files\lg_fwupdate\fwupdate.exe” blrun
    MSCONFIG\startupreg: Monitor =>
    MSCONFIG\startupreg: QuickTime Task =>
    MSCONFIG\startupreg: RemoteControl =>
    MSCONFIG\startupreg: Symantec PIF AlertEng => “C:\Program Files\Common Files\Symantec Shared\PIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe” /a /m “C:\Program Files\Common Files\Symantec Shared\PIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll”
    MSCONFIG\startupreg: Windows Defender => %ProgramFiles%\Windows Defender\MSASCui.exe -hide

    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [WinCollab-DFSR-In-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
    FirewallRules: [WinCollab-DFSR-Out-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
    FirewallRules: [WinCollab-In-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
    FirewallRules: [WinCollab-Out-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
    FirewallRules: [WinCollab-In-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
    FirewallRules: [WinCollab-Out-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
    FirewallRules: [{52487D41-E3F1-4EF6-A850-AE75DAB5FD37}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    FirewallRules: [{5157DDDC-B9DF-4B1F-A40F-0E2A063AF17F}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
    FirewallRules: [{E8208C00-15E0-4EC7-93BA-4040582D8CC2}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe
    FirewallRules: [{8E3C4D3F-3943-474E-9E01-83C044E02880}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe
    FirewallRules: [{B4541D54-F33F-4FFE-A5B9-885FF16DAC9A}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hposid01.exe
    FirewallRules: [{15A7338F-F041-4FDD-9A18-5067200B1110}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe
    FirewallRules: [{1EDC6A38-B229-4A0A-9054-03C480D967F8}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe
    FirewallRules: [{9ECC0299-5E11-493E-BF26-614DF0711D39}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe
    FirewallRules: [{C82C6C4A-1284-4C7A-8519-C27E392B8617}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe
    FirewallRules: [{047EC2CA-1ED7-43C9-B362-40E7D87C7B1A}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpofxs08.exe
    FirewallRules: [{76D0149D-C3B7-476B-82FB-1EFDE857E498}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqfxt08.exe
    FirewallRules: [{B2BC89BE-BB3B-46C5-AE15-15B06724BC23}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe
    FirewallRules: [{A9626A92-2E46-42F5-9E4A-4516ACA719DD}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
    FirewallRules: [{A5CB1C6C-1749-4D1D-9D54-4247868E95F2}] => (Allow) LPort=80
    FirewallRules: [{8601B18A-1F64-4AC7-8656-43C941D30155}] => (Allow) LPort=80
    FirewallRules: [{81B2CB85-C95E-42F0-A772-E419995B3DCC}] => (Allow) LPort=80
    FirewallRules: [{02C5A18A-A5AE-4D22-9EDA-1447AF434C0F}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{5FE9330D-6243-4F11-AA9C-D14E8558EEB6}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [TCP Query User{EA2BB518-26DA-4B33-9F31-0FFFD4E756CF}C:\users\glen\appdata\local\akamai\ne tsession_win.exe] => (Block) C:\users\glen\appdata\local\akamai\netsession_win. exe
    FirewallRules: [UDP Query User{42758F7A-2433-4873-A96C-7FC15ED308C6}C:\users\glen\appdata\local\akamai\ne tsession_win.exe] => (Block) C:\users\glen\appdata\local\akamai\netsession_win. exe
    FirewallRules: [{3406EAF9-9BEA-4C12-A641-48D5D21ABC3F}] => (Allow) C:\Users\Glen\AppData\Roaming\Smilebox\sbtb_instal l.exe
    FirewallRules: [{47B94913-B1CF-4FCC-9513-C6ED761178F5}] => (Allow) C:\Users\Glen\AppData\Roaming\Smilebox\sbtb_instal l.exe
    FirewallRules: [{19A6674F-B218-4482-8DCA-B509C9554BEC}] => (Allow) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    FirewallRules: [{E8B702D1-8C8A-458F-B899-B496CD03149E}] => (Allow) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    FirewallRules: [{891E5A19-FDE6-42CA-BE6F-13C6663ACD95}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSv cHost.exe
    FirewallRules: [{97065B30-F847-48EF-9609-FBEAAB247650}] => (Allow) C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe
    FirewallRules: [{3EDA8036-BC40-4092-B930-71CEF04A2B98}] => (Allow) C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe
    FirewallRules: [{DE480A04-09F9-4760-A21E-A96725FF1BE7}] => (Allow) C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe
    FirewallRules: [{22AD5023-36BA-4FD8-B513-4A7B81A9862B}] => (Allow) C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe
    FirewallRules: [{7C831FD3-1C1A-48A2-8B78-7D39723F5029}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
    FirewallRules: [{47F533B1-C8F1-44E2-AA57-E3683421FF8E}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
    FirewallRules: [{F964E030-FC1A-4BCA-8745-BDE961C72FF4}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe
    FirewallRules: [{4EF6A342-B655-4C70-AD64-99D5AB9A62CB}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe
    FirewallRules: [{06BC1296-E664-429D-882F-780CECCEDF87}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe
    FirewallRules: [{B61F74FA-B878-4D94-9B09-FACA6097B014}] => (Allow) C:\Program Files\HP\hp software update\hpwucli.exe
    FirewallRules: [{E0020F70-AA63-4521-9FCE-8EE7AECC2427}] => (Allow) C:\Program Files\HP\digital imaging\smart web printing\smartwebprintexe.exe
    FirewallRules: [{51C9D544-C00A-40CA-99D1-01CD2D173363}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
    FirewallRules: [{BE8EE55C-5A1E-41C5-8B11-21268C2064E3}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
    FirewallRules: [{C78ED4D8-EC48-4290-9E36-2BBE618BE4E8}] => (Allow) C:\Program Files\iTunes\iTunes.exe
    FirewallRules: [{B20CD4FA-78C6-48B0-B8E5-6258D980E0BA}] => (Allow) C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe
    FirewallRules: [{2F4D69E1-0B2D-4746-8955-B15962A68A58}] => (Allow) C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe
    FirewallRules: [{52122FB5-B1DE-486B-A851-604E292C684A}] => (Allow) C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe
    FirewallRules: [{9F25BEBA-C0C3-4C7D-9CF5-EFDE1B2FDF53}] => (Allow) C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe
    FirewallRules: [TCP Query User{0D3CEA84-0F80-409B-B844-9FE66B9BC166}C:\users\glen\appdata\local\temp\rars fx0\x32\pcsftool.exe] => (Block) C:\users\glen\appdata\local\temp\rarsfx0\x32\pcsft ool.exe
    FirewallRules: [UDP Query User{E0B6F099-84EF-4D55-962B-246F8685949D}C:\users\glen\appdata\local\temp\rars fx0\x32\pcsftool.exe] => (Block) C:\users\glen\appdata\local\temp\rarsfx0\x32\pcsft ool.exe
    FirewallRules: [TCP Query User{94CECE24-A8DA-44CA-8F3F-913169E36D82}C:\program files\epson software\event manager\eeventmanager.exe] => (Block) C:\program files\epson software\event manager\eeventmanager.exe
    FirewallRules: [UDP Query User{DC703B94-A20B-4CE3-8105-091E7D343834}C:\program files\epson software\event manager\eeventmanager.exe] => (Block) C:\program files\epson software\event manager\eeventmanager.exe
    FirewallRules: [TCP Query User{1DAD6339-7599-49FD-841E-D3EEAC1260C0}C:\program files\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files\epson software\event manager\eeventmanager.exe
    FirewallRules: [UDP Query User{86601BFA-9F3E-45D3-8517-F3FEF7DFDFF1}C:\program files\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files\epson software\event manager\eeventmanager.exe
    FirewallRules: [TCP Query User{7B8523F7-3639-4A14-863D-7F1A572A877E}C:\users\glen\appdata\local\akamai\ne tsession_win.exe] => (Block) C:\users\glen\appdata\local\akamai\netsession_win. exe
    FirewallRules: [UDP Query User{53FFF5B3-493F-4563-8BA1-F9AC1CAB1FB2}C:\users\glen\appdata\local\akamai\ne tsession_win.exe] => (Block) C:\users\glen\appdata\local\akamai\netsession_win. exe
    FirewallRules: [{6EE273F5-714D-4C29-87F5-532F39349A13}] => (Allow) LPort=49357
    FirewallRules: [{84C79808-A714-40A1-A235-CC822DEBCB67}] => (Allow) LPort=5000

    ==================== Restore Points =========================

    ATTENTION: System Restore is disabled

    ==================== Faulty Device Manager Devices =============

    Name:
    Description:
    Class Guid:
    Manufacturer:
    Service:
    Problem: : The drivers for this device are not installed. (Code 28)
    Resolution: To install the drivers for this device, click “Update Driver”, which starts the Hardware Update wizard.

    Name: Microsoft WPD FileSystem Volume Driver
    Description: Microsoft WPD FileSystem Volume Driver
    Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a}
    Manufacturer: (WPD file system device)
    Service: WUDFRd
    Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
    Resolution: Update the driver

    Name: USB HS-CF Card
    Description: USB HS-CF Card
    Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a}
    Manufacturer: TEAC
    Service: WUDFRd
    Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
    Resolution: Update the driver

    Name: USB HS-MS Card
    Description: USB HS-MS Card
    Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a}
    Manufacturer: TEAC
    Service: WUDFRd
    Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
    Resolution: Update the driver

    Name: USB HS-SD Card
    Description: USB HS-SD Card
    Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a}
    Manufacturer: TEAC
    Service: WUDFRd
    Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
    Resolution: Update the driver

    Name: USB HS-xD/SM
    Description: USB HS-xD/SM
    Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a}
    Manufacturer: TEAC
    Service: WUDFRd
    Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
    Resolution: Update the driver

    ==================== Event log errors: =========================
    [HEADING=1]Application errors:[/HEADING]
    Error: (02/19/2017 10:28:40 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application nvtray.exe, version 7.17.13.1106, time stamp 0x50f950f4, faulting module nvtray.exe, version 7.17.13.1106, time stamp 0x50f950f4, exception code 0x40000015, fault offset 0x0010333f,
    process id 0x16fc, application start time 0x01d28b2953c65f79.

    Error: (02/19/2017 10:12:43 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application nvtray.exe, version 7.17.13.1106, time stamp 0x50f950f4, faulting module nvtray.exe, version 7.17.13.1106, time stamp 0x50f950f4, exception code 0x40000015, fault offset 0x0010333f,
    process id 0xba0, application start time 0x01d28b1647b852a9.

    Error: (02/19/2017 09:01:37 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application usbshare.exe, version 0.0.0.0, time stamp 0x3ecd9dd7, faulting module usbshare.exe, version 0.0.0.0, time stamp 0x3ecd9dd7, exception code 0xc0000005, fault offset 0x000039dd,
    process id 0xd54, application start time 0x01d28b164b695489.

    Error: (02/19/2017 06:18:51 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application mcupdate.EXE, version 6.0.6002.18005, time stamp 0x49e02324, faulting module KERNEL32.dll, version 6.0.6002.19623, time stamp 0x56ec36ff, exception code 0xe0434f4d, fault offset 0x0003fdb6,
    process id 0x1124, application start time 0x01d28b0679ab390d.

    Error: (02/19/2017 12:39:45 PM) (Source: EventSystem) (EventID: 4609) (User: )
    Description: The COM+ Event System detected a bad return code during its internal processing. HRESULT was 8007043c from line 45 of d:\longhorn\com\complus\src\events\tier1\eventsyst emobj.cpp. Please contact Microsoft Product Support Services to report this error.

    Error: (02/19/2017 12:38:18 PM) (Source: EventSystem) (EventID: 4609) (User: )
    Description: The COM+ Event System detected a bad return code during its internal processing. HRESULT was 8007043c from line 45 of d:\longhorn\com\complus\src\events\tier1\eventsyst emobj.cpp. Please contact Microsoft Product Support Services to report this error.

    Error: (02/18/2017 06:18:43 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application mcupdate.EXE, version 6.0.6002.18005, time stamp 0x49e02324, faulting module KERNEL32.dll, version 6.0.6002.19623, time stamp 0x56ec36ff, exception code 0xe0434f4d, fault offset 0x0003fdb6,
    process id 0x10d4, application start time 0x01d28a3d4e091195.

    Error: (02/18/2017 03:46:06 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application firefox.exe, version 51.0.1.6234, time stamp 0x5888f28c, faulting module mozglue.dll, version 51.0.1.6234, time stamp 0x5888f27e, exception code 0x80000003, fault offset 0x0000ec83,
    process id 0xdf4, application start time 0x01d28a087724e9d5.

    Error: (02/17/2017 06:22:19 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application mcupdate.EXE, version 6.0.6002.18005, time stamp 0x49e02324, faulting module KERNEL32.dll, version 6.0.6002.19623, time stamp 0x56ec36ff, exception code 0xe0434f4d, fault offset 0x0003fdb6,
    process id 0x1424, application start time 0x01d2897423ceaead.

    Error: (02/16/2017 06:18:46 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application mcupdate.EXE, version 6.0.6002.18005, time stamp 0x49e02324, faulting module KERNEL32.dll, version 6.0.6002.19623, time stamp 0x56ec36ff, exception code 0xe0434f4d, fault offset 0x0003fdb6,
    process id 0x12a4, application start time 0x01d288aaf9817f1c.
    [HEADING=1]System errors:[/HEADING]
    Error: (02/20/2017 12:04:02 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The NVIDIA Update Service Daemon service failed to start due to the following error:
    The service did not start due to a logon failure.

    Error: (02/20/2017 12:04:02 AM) (Source: Service Control Manager) (EventID: 7038) (User: )
    Description: The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error:
    Logon failure: the specified account password has expired.

    To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

    Error: (02/20/2017 12:02:42 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
    Description: The following boot-start or system-start driver(s) failed to load:
    Lbd

    Error: (02/20/2017 12:02:42 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The ZoneAlarm Privacy Service service failed to start due to the following error:
    The system cannot find the path specified.

    Error: (02/20/2017 12:02:42 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
    Description: The Diagnostic Policy Service service terminated with the following error:
    Access is denied.

    Error: (02/19/2017 11:59:18 PM) (Source: DCOM) (EventID: 10010) (User: )
    Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.

    Error: (02/19/2017 10:51:29 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The NVIDIA Update Service Daemon service failed to start due to the following error:
    The service did not start due to a logon failure.

    Error: (02/19/2017 10:51:29 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
    Description: The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error:
    Logon failure: the specified account password has expired.

    To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

    Error: (02/19/2017 10:49:26 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
    Description: The following boot-start or system-start driver(s) failed to load:
    Lbd

    Error: (02/19/2017 10:49:19 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The ZoneAlarm Privacy Service service failed to start due to the following error:
    The system cannot find the path specified.
    [HEADING=1]CodeIntegrity:[/HEADING]
    Date: 2017-02-20 00:20:15.353
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\k lflt.sys because the set of per-page image hashes could not be found on the system.

    Date: 2017-02-20 00:20:14.901
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\k lflt.sys because the set of per-page image hashes could not be found on the system.

    Date: 2017-02-20 00:20:14.464
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\k lflt.sys because the set of per-page image hashes could not be found on the system.

    Date: 2017-02-20 00:20:14.011
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\k lflt.sys because the set of per-page image hashes could not be found on the system.

    Date: 2016-03-09 23:24:01.537
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\k lflt.sys because the set of per-page image hashes could not be found on the system.

    Date: 2016-03-09 23:24:01.150
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\k lflt.sys because the set of per-page image hashes could not be found on the system.

    Date: 2016-03-09 23:24:00.733
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\k lflt.sys because the set of per-page image hashes could not be found on the system.

    Date: 2016-03-09 23:24:00.315
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\k lflt.sys because the set of per-page image hashes could not be found on the system.

    Date: 2015-11-19 08:06:47.598
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\k lflt.sys because the set of per-page image hashes could not be found on the system.

    Date: 2015-11-19 08:06:47.175
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\k lflt.sys because the set of per-page image hashes could not be found on the system.

    ==================== Memory info ===========================

    Processor: Intel(R) Core™2 Duo CPU E6550 @ 2.33GHz
    Percentage of memory in use: 65%
    Total physical RAM: 3325.45 MB
    Available physical RAM: 1146.65 MB
    Total Virtual: 6869.7 MB
    Available Virtual: 4763.19 MB

    ==================== Drives ================================

    Drive c: (OS) (Fixed) (Total:167.25 GB) (Free:9.87 GB) NTFS ==>[drive with boot components (obtained from BCD)]
    Drive d: (DELL BACKUP) (Fixed) (Total:55.52 GB) (Free:28.52 GB) NTFS
    Drive e: (RECOVERY) (Fixed) (Total:10 GB) (Free:6.14 GB) NTFS

    ==================== MBR & Partition Table ==================

    ================================================== ======
    Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 232.8 GB) (Disk ID: 48000000)
    Partition 1: (Not Active) - (Size=55 MB) - (Type=DE)
    Partition 2: (Not Active) - (Size=10 GB) - (Type=07 NTFS)
    Partition 3: (Active) - (Size=167.3 GB) - (Type=07 NTFS)
    Partition 4: (Not Active) - (Size=55.5 GB) - (Type=OF Extended)

    ==================== End of Addition.txt ============================
    Tags: None
    • Malnutrition
      PCHF Moderator
      • Jul 2016
      • 7041
      #2
      Remove the programs below with Geek Uninstaller, if something will not remove then use Force Mode.

      Java 8 Update 45 (HKLM...{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
      LightScribe System Software (HKLM...{E0E55FC1-C53D-4F8D-B14B-B59C312747C8}) (Version: 1.18.22.2 - LightScribe)
      LiveUpdate 3.2 (Symantec Corporation) (HKLM...\LiveUpdate) (Version: 3.2.0.26 - Symantec Corporation)
      LiveUpdate Notice (Symantec Corporation) (HKLM...{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}) (Version: 1.2.0 - Symantec Corporation)
      Mozilla Maintenance Service (HKLM...\MozillaMaintenanceService) (Version: 50.1.0.6186 - Mozilla)
      Yahoo Search Set (HKLM...\Yahoo! SearchSet) (Version: - Yahoo Inc.)

      Zemana Scan.

      Please download Zemana AntiMalware and save it to your Desktop.
      [ul]
      [li]Install the program and once the installation is complete it will start automatically.[/li][li]Click the Cog/Sproket Wheel, https://pchelpforum.net/attachments/...3-19-png.1462/ at the top right of Zemana[/li][li]Select Advanced - I have read the warning and wish to proceed.[/li][li]Place a tick next to Detect Suspicious (Root CA) Certificates.[/li][li]Then click the house icon in Zemana.[/li][li]Then, press Scan to begin.[/li][li]After the short scan is finished, if threats are detected press Next to remove them.[/li][/ul]
      Note: If restart is required to finish the cleaning process, you should click Reboot. If reboot isn’t required, please restart your computer manually.
      [ul]
      [li]Open Zemana AntiMalware again.[/li][li]Click on http://i63.tinypic.com/4zu6vb.jpg icon and double click the latest report.[/li][li]Now click File > Save As and choose your Desktop before pressing Save.[/li][li]The only left thing is to Copy Paste saved report in your next message.[/li][/ul]
      [ul]
      [li]This will open a logfile, post that in your next reply[/li][/ul]
      FRST Fix.

      Download attached fixlist.txt file and save it to the Desktop. NOTE. It’s important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work. NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system Run FRST/FRST64 and press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run. When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

        Comment

        • clarkgriswold
          PCHF Member
          • Feb 2017
          • 39
          #3
          Hopefully, I followed the process accurately…


          Fix result of Farbar Recovery Scan Tool (x86) Version: 19-02-2017
          [/quote]
          Ran by Glen (22-02-2017 19:37:51) Run:1
          Running from C:\Users\Glen\Desktop
          Loaded Profiles: Glen (Available Profiles: Glen & UpdatusUser & Administrator)
          Boot Mode: Normal

          ==============================================

          fixlist content:

          start
          emptytemp:
          CloseProcesses:
          CreateRestorePoint:
          HKLM...\Run: [Wondershare Helper Compact.exe] => C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [1980416 2013-12-18] (Wondershare)
          HKLM...\Run: [HP Software Update] => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)
          HKLM...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle Corporation)
          HKLM...\Policies\Explorer: [NoCDBurning] 0
          HKU\S-1-5-21-3490785829-169181324-3712256341-1000...\Run: [Akamai NetSession Interface] => C:\Users\Glen\AppData\Local\Akamai\netsession_win. exe [4490200 2017-01-03] (Akamai Technologies, Inc.) <===== ATTENTION
          HKU\S-1-5-21-3490785829-169181324-3712256341-1000...\Run: [sneu<>] => “C:\Users\Glen\AppData\Local\1e17e\9fab6.cc1c98” <===== ATTENTION (Value Name with invalid characters)
          HKU\S-1-5-21-3490785829-169181324-3712256341-1000...\MountPoints2: F - F:\AutoRun\AutoRun.exe
          HKU\S-1-5-21-3490785829-169181324-3712256341-1000...\MountPoints2: {60deb600-6e3c-11e3-913b-001aa08d1be6} - O:\InnoTabSetup.exe
          HKU\S-1-5-21-3490785829-169181324-3712256341-1000...\MountPoints2: {ddc90d2f-8f2b-11de-9f2c-001aa08d1be6} - L:\ImageViewer4.exe -COPYFILE
          C:\Users\Glen\AppData\Local\1e17e\9fab6.cc1c98
          C:\Users\Glen\AppData\Local\1e17e
          ShellIconOverlayIdentifiers: [__SafeBox1] → {152C96EB-288E-4EDC-B7C6-D21F8250ADF3} => → No File
          ShellIconOverlayIdentifiers: [__SafeBox2] → {342DAA0B-D796-460D-8566-901E08A1CCAD} => → No File
          ShellIconOverlayIdentifiers: [__SafeBox3] → {57595DAE-1AE1-4D97-A49E-67CBB53B52DF} => → No File
          ShellIconOverlayIdentifiers: [__SafeBox4] → {33816773-98AE-4723-ADE0-EBE54C8B5A67} => → No File
          ShortcutTarget: APC UPS Status.lnk → C:\Program Files\APC\APC PowerChute Personal Edition\Display.exe (No File)
          ShortcutTarget: DataViz Inc Messenger.lnk → C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe (No File)
          ShortcutTarget: HotSync Manager.lnk → C:\Program Files\palmOne\Hotsync.exe (No File)
          Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
          Tcpip..\Interfaces{98C63B37-7ECC-43D4-AA4D-322215D7E7A2}: [DhcpNameServer] 192.168.1.1
          HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
          HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
          HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
          HKU\S-1-5-21-3490785829-169181324-3712256341-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
          URLSearchHook: HKU\S-1-5-21-3490785829-169181324-3712256341-1000 - (No Name) - {a94e8dc9-07aa-45a7-8af2-a0375473a5cd} - No File
          URLSearchHook: HKU\S-1-5-21-3490785829-169181324-3712256341-1000 - (No Name) - {91da5e8a-3318-4f8c-b67e-5964de3ab546} - No File
          URLSearchHook: HKU\S-1-5-21-3490785829-169181324-3712256341-1000 - (No Name) - {f897eb0e-a3a4-46c3-80eb-2729699d8892} - No File
          URLSearchHook: HKU\S-1-5-21-3490785829-169181324-3712256341-1000 - (No Name) - {f4c28532-b9d0-4950-a2df-e83f9929242b} - C:\Program Files\MyFunCards_5m\bar\1.bin\5mSrcAs.dll No File
          SearchScopes: HKLM → DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://search.yahoo.com/yhs/search?type=756&hspart=avast&hsimp=yhs-corp&p={searchTerms}
          SearchScopes: HKLM → {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://search.yahoo.com/yhs/search?type=756&hspart=avast&hsimp=yhs-corp&p={searchTerms}
          SearchScopes: HKLM → {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&cti d=CT2925418
          SearchScopes: HKU.DEFAULT → {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
          SearchScopes: HKU\S-1-5-21-3490785829-169181324-3712256341-1000 → DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://search.yahoo.com/yhs/search?type=756&hspart=avast&hsimp=yhs-corp&p={searchTerms}
          SearchScopes: HKU\S-1-5-21-3490785829-169181324-3712256341-1000 → {4DFE95E1-324C-4BF8-BDE1-266927F9598A} URL = hxxps://search.yahoo.com/search?p={searchTerms}&intl=us&fr=yset_ie_syc_orac le&type=orcl_default&partnerexternal-oracle=external-oracle
          SearchScopes: HKU\S-1-5-21-3490785829-169181324-3712256341-1000 → {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://search.yahoo.com/yhs/search?type=756&hspart=avast&hsimp=yhs-corp&p={searchTerms}
          SearchScopes: HKU\S-1-5-21-3490785829-169181324-3712256341-1000 → {CFF4DB9B-135F-47c0-9269-B4C6572FD61A} URL = hxxp://mystart.smilebox.com/?search={searchTerms}&loc=SB_IE_DS&a=6R8FRqYkDD
          BHO: Bitdefender Wallet → {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} → C:\Program Files\Bitdefender\Bitdefender 2015\pmbxie.dll [2015-04-03] (Bitdefender)
          BHO: Java™ Plug-In SSV Helper → {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} → C:\Program Files\Java\jre1.8.0_121\bin\ssv.dll [2017-01-21] (Oracle Corporation)
          BHO: Windows Live ID Sign-in Helper → {9030D464-4C02-4ABF-8ECC-5164760863C6} → C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
          BHO: Java™ Plug-In 2 SSV Helper → {DBC80044-A445-435b-BC74-9C25C1C588A9} → C:\Program Files\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-01-21] (Oracle Corporation)
          Toolbar: HKLM - Bitdefender Wallet - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2015\pmbxie.dll [2015-04-03] (Bitdefender)
          Toolbar: HKU\S-1-5-21-3490785829-169181324-3712256341-1000 → No Name - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No File
          Toolbar: HKU\S-1-5-21-3490785829-169181324-3712256341-1000 → No Name - {F897EB0E-A3A4-46C3-80EB-2729699D8892} - No File
          DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
          DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
          DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
          DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
          DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
          DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100
          Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2006-06-05] (Microsoft Corporation)
          FF DefaultSearchEngine: Mozilla\Firefox\Profiles\pooixovy.default-1413691062373 → Yahoo! (Avast)
          FF DefaultSearchUrl: Mozilla\Firefox\Profiles\pooixovy.default-1413691062373 → hxxps://search.yahoo.com/yhs/search
          FF SearchEngineOrder.1: Mozilla\Firefox\Profiles\pooixovy.default-1413691062373 → Yahoo! (Avast)
          FF SelectedSearchEngine: Mozilla\Firefox\Profiles\pooixovy.default-1413691062373 → Yahoo! (Avast)
          FF SearchPlugin: C:\Users\Glen\AppData\Roaming\Mozilla\Firefox\Prof iles\pooixovy.default-1413691062373\searchplugins\yahoo-avast.xml [2017-01-22]
          FF Plugin: @checkpoint.com/FFApi → C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npF FApi.dll [No File]
          CHR HKLM...\Chrome\Extension: [fabcmochhfpldjekobfaaggijgohadih] - hxxps://clients2.google.com/service/update2/crx
          CHR HKLM...\Chrome\Extension: [phfmiknmhngmmlcppkpmbnopohlnfpbh] - C:\Users\Glen\AppData\Local\CRE\phfmiknmhngmmlcppk pmbnopohlnfpbh.crx [2012-09-09]
          CHR HKU\S-1-5-21-3490785829-169181324-3712256341-1000\SOFTWARE\Google\Chrome\Extensions...\Chrome\E xtension: [phfmiknmhngmmlcppkpmbnopohlnfpbh] - C:\Users\Glen\AppData\Local\CRE\phfmiknmhngmmlcppk pmbnopohlnfpbh.crx [2012-09-09]
          S2 CLTNetCnService; “C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe” /h ccCommon
          S2 LiveUpdate Notice Ex; “C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe” /h ccCommon
          S4 stllssvr; “C:\Program Files\Common Files\SureThing Shared\stllssvr.exe”
          S2 ZAPrivacyService; “C:\Program Files\CheckPoint\ZoneAlarm\ZAPrivacyService.exe”
          S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys
          S3 IpInIp; system32\DRIVERS\ipinip.sys
          U5 klflt; C:\Windows\System32\Drivers\klflt.sys [74848 2013-10-08] (Kaspersky Lab ZAO)
          S0 Lbd; system32\DRIVERS\Lbd.sys
          S3 MBAMSwissArmy; ??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
          S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys
          S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys
          S3 vsdatant7; System32\drivers\vsdatant.win7.sys
          S3 XE102Mp5; System32\Drivers\XE102Mp5.sys
          S3 XE102Sp5; System32\Drivers\XE102Sp5.sys
          C:\239deb8e4b0bd0ad0d434b4b
          C:\975cafc51b3f32eaa4bd77e09f6d1040
          C:\Users\Glen\AppData\Local\AvgSetupLog
          C:\Users\Administrator\AppData\Local\Avg
          C:\74b5dafec5ddf39806d5d11a11
          C:\a51f592706bbcae6374e3a720ddf
          C:\2e35ff875d9f9e874ec13ed34c92e8
          C:\ProgramData\Avg
          C:\Users\Glen\AppData\Local\Avg
          S4 Automatic LiveUpdate Scheduler; C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [194240 2006-12-03] (Symantec Corporation)
          C:\Program Files\Symantec
          S4 LiveUpdate; C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE [2541248 2006-12-03] (Symantec Corporation)
          C:\Windows\Tasks\EPSON WF-4630 Series Update {E3062EAB-2698-476F-8702-41D3C9FF90BE}.job
          C:\Windows\Tasks\EPSON WF-4630 Series Invitation {E3062EAB-2698-476F-8702-41D3C9FF90BE}.job
          C:\Windows\Tasks\Adobe Flash Player Updater.job
          C:\ProgramData\Lavasoft
          CustomCLSID: HKU\S-1-5-21-3490785829-169181324-3712256341-1000_Classes\CLSID{188047CE-0F0A-11D7-8331-00C04FA03755}\localserver32 → C:\PROGRA~1\palmOne\QUICKI~1.EXE => No File
          CustomCLSID: HKU\S-1-5-21-3490785829-169181324-3712256341-1000_Classes\CLSID{209DAEB8-0F02-11D7-8331-00C04FA03755}\localserver32 → C:\PROGRA~1\palmOne\QUICKI~1.EXE => No File
          CustomCLSID: HKU\S-1-5-21-3490785829-169181324-3712256341-1000_Classes\CLSID{382C9F93-9BA4-4FC6-88DC-AD52F5812FF8}\localserver32 → “C:\Users\Glen\AppData\Roaming\Smilebox\OzDesktopI mporter.exe” => No File
          CustomCLSID: HKU\S-1-5-21-3490785829-169181324-3712256341-1000_Classes\CLSID{763F9014-A89C-11D6-82E7-00C04FA03755}\localserver32 → C:\PROGRA~1\palmOne\QUICKI~1.EXE => No File
          CustomCLSID: HKU\S-1-5-21-3490785829-169181324-3712256341-1000_Classes\CLSID{BE1B5231-A3E2-11D6-82E3-00C04FA03755}\localserver32 → C:\PROGRA~1\palmOne\QUICKI~1.EXE => No File
          CustomCLSID: HKU\S-1-5-21-3490785829-169181324-3712256341-1000_Classes\CLSID{C42B23DF-334C-4AD0-9AB4-91FF53D04239}\localserver32 → “C:\Users\Glen\AppData\Roaming\Smilebox\OzDesktopI mporter.exe” => No File
          CustomCLSID: HKU\S-1-5-21-3490785829-169181324-3712256341-1000_Classes\CLSID{DFD4C164-AE18-11D6-82EC-00C04FA03755}\localserver32 → C:\PROGRA~1\palmOne\QUICKI~1.EXE => No File
          CustomCLSID: HKU\S-1-5-21-3490785829-169181324-3712256341-1000_Classes\CLSID{f4c28532-b9d0-4950-a2df-e83f9929242b}\InprocServer32 → C:\Program Files\MyFunCards_5m\bar\1.bin\5mSrcAs.dll => No File
          C:\Program Files\Lavasoft
          Task: {17C3711D-7E21-4D2A-8FD4-80ECB19BB36C} - System32\Tasks\Ad-Aware Update (Weekly) => C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
          Task: {1C2BFEBB-C9B8-40EF-BA7B-D5201E63806B} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2015-08-27] (Apple Inc.)
          Task: {220D309F-59EE-44D4-99C7-A4063687102B} - System32\Tasks{2028ABC9-32ED-4C06-91E9-053878041268} => pcalua.exe -a F:\SETUP.EXE -d F:\ -c /AUTORUN
          Task: {3EBAC6B0-0E01-48FE-B28F-5994609B6EA9} - System32\Tasks{D9AF9D65-BB9E-4F69-A722-44379F8B0934} => pcalua.exe -a “C:\Program Files\GetData\Recover My Files\RecoverMyFiles.exe” -d “C:\Program Files\GetData\Recover My Files”
          Task: {423C1562-2B26-44D9-9E6A-D02D256A28FF} - System32\Tasks{C1FCE3D9-EAB2-4CA3-AE11-663AAD4DFC16} => pcalua.exe -a F:\autorun.exe -d F:
          Task: {62F6A621-F6AE-464E-BE66-74793BFF7AAD} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpda teService.exe [2017-02-14] (Adobe Systems Incorporated)
          Task: {80603F12-8AF1-4B9A-982B-EBA598909069} - System32\Tasks\EPSON WF-4630 Series Invitation {E3062EAB-2698-476F-8702-41D3C9FF90BE} => C:\Windows\system32\spool\DRIVERS\W32X86\3\E_TTSKL E.EXE [2013-02-28] (SEIKO EPSON CORPORATION)
          Task: {A84A6B12-A206-4D22-9AD6-89B0AF492116} - System32\Tasks{82C6B9FC-0BA2-4CBF-9D00-3128DBE5866A} => pcalua.exe -a “C:\Users\Glen\AppData\Local\Microsoft\Windows\Tem porary Internet Files\Content.IE5\N137I7QO\USBDrivers_221[1].exe” -d C:\Users\Glen
          Task: {AF06B840-555F-46B4-93DC-5D1C64A78890} - System32\Tasks{8E1D13D6-A0B1-4413-ADE5-58072754FAAA} => pcalua.exe -a F:\setup.exe -d F:
          Task: {AFAE7C3D-6E97-4942-84D4-B3F4874AB1EB} - System32\Tasks\EPSON WF-4630 Series Update {E3062EAB-2698-476F-8702-41D3C9FF90BE} => C:\Windows\system32\spool\DRIVERS\W32X86\3\E_TTSKL E.EXE [2013-02-28] (SEIKO EPSON CORPORATION)
          Task: {B5BC98B8-08C6-42D2-A44C-2FB0A629D4BD} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-09-14] (Adobe Systems Incorporated)
          Task: {FED34180-25B7-4EAD-BB57-DC18F9037D18} - System32\Tasks{12BA5604-D8C7-4859-A9A9-72D73BACEE54} => pcalua.exe -a “C:\Program Files\palmOne\QuickInstall.exe” -d C:\Users\Glen\Desktop
          Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpda teService.exe
          Task: C:\Windows\Tasks\EPSON WF-4630 Series Invitation {E3062EAB-2698-476F-8702-41D3C9FF90BE}.job => C:\Windows\system32\spool\DRIVERS\W32X86\3\E_TTSKL E.EXE
          Task: C:\Windows\Tasks\EPSON WF-4630 Series Update {E3062EAB-2698-476F-8702-41D3C9FF90BE}.job => C:\Windows\system32\spool\DRIVERS\W32X86\3\E_TTSKL E.EXE :/EXE:{E3062EAB-2698-476F-8702-41D3C9FF90BE} /F:Update SYSTEM ĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi
          AlternateDataStreams: C:\ProgramData\TEMP:0B4227B4 [268]
          AlternateDataStreams: C:\ProgramData\TEMP:0CE7F3C9 [312]
          AlternateDataStreams: C:\ProgramData\TEMP:A8ADE5D8 [232]
          AlternateDataStreams: C:\ProgramData\TEMPFC5A2B2 [244]
          AlternateDataStreams: C:\Users\Glen\Desktop\FRST.exe:BDU [0]
          HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\KL1 => “”=“Service”
          HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\kl2 => “”=“Service”
          MSCONFIG\Services: Apple Mobile Device => 2
          MSCONFIG\Services: Automatic LiveUpdate Scheduler => 2
          MSCONFIG\Services: Bonjour Service => 2
          MSCONFIG\Services: iPod Service => 3
          MSCONFIG\Services: Lavasoft Ad-Aware Service => 2
          MSCONFIG\Services: LightScribeService => 2
          MSCONFIG\Services: LiveUpdate => 3
          MSCONFIG\Services: LiveUpdate Notice Service => 2
          MSCONFIG\startupreg: Ad-Watch =>
          MSCONFIG\startupreg: Adobe Reader Speed Launcher =>
          MSCONFIG\startupreg: AppleSyncNotifier => C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
          MSCONFIG\startupreg: APSDaemon => “C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe”
          MSCONFIG\startupreg: Bdagent => “C:\Program Files\Bitdefender\Bitdefender 2015\bdagent.exe”
          MSCONFIG\startupreg: BDRegion =>
          MSCONFIG\startupreg: Bitdefender Wallet Agent => “C:\Program Files\Bitdefender\Bitdefender 2015\bdwtxag.exe”
          MSCONFIG\startupreg: Dell PC TuneUp Startup =>
          MSCONFIG\startupreg: EPLTarget =>
          MSCONFIG\startupreg: InstantBurn => C:\PROGRA~1\CYBERL~1\INSTAN~1\Win2K\IBurn.exe
          MSCONFIG\startupreg: iTunesHelper => “C:\Program Files\iTunes\iTunesHelper.exe”
          MSCONFIG\startupreg: LanguageShortcut =>
          MSCONFIG\startupreg: LGODDFU => “C:\Program Files\lg_fwupdate\fwupdate.exe” blrun
          MSCONFIG\startupreg: Monitor =>
          MSCONFIG\startupreg: QuickTime Task =>
          MSCONFIG\startupreg: RemoteControl =>
          MSCONFIG\startupreg: Symantec PIF AlertEng => “C:\Program Files\Common Files\Symantec Shared\PIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe” /a /m “C:\Program Files\Common Files\Symantec Shared\PIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll”
          MSCONFIG\startupreg: Windows Defender => %ProgramFiles%\Windows Defender\MSASCui.exe -hide
          RemoveProxy:
          CMD: netsh advfirewall reset
          CMD: netsh advfirewall set allprofiles state On
          CMD: ipconfig /flushdns
          C:\windows\system32\Drivers\etc\hosts
          Hosts:
          reboot:
          end

          Processes closed successfully.
          Error: (0) Failed to create a restore point.
          HKLM\Software\Microsoft\Windows\CurrentVersion\Run \Wondershare Helper Compact.exe => value removed successfully.
          HKLM\Software\Microsoft\Windows\CurrentVersion\Run \HP Software Update => value removed successfully.
          HKLM\Software\Microsoft\Windows\CurrentVersion\Run \SunJavaUpdateSched => value removed successfully.
          HKLM\Software\Microsoft\Windows\CurrentVersion\Pol icies\Explorer\NoCDBurning => value removed successfully.
          HKU\S-1-5-21-3490785829-169181324-3712256341-1000\Software\Microsoft\Windows\CurrentVersion\Run \Akamai NetSession Interface => value removed successfully.
          HKU\S-1-5-21-3490785829-169181324-3712256341-1000\Software\Microsoft\Windows\CurrentVersion\Run \sneu<> => value removed successfully.
          HKU\S-1-5-21-3490785829-169181324-3712256341-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\MountPoints2\F => key removed successfully.
          HKU\S-1-5-21-3490785829-169181324-3712256341-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\MountPoints2{60deb600-6e3c-11e3-913b-001aa08d1be6} => key removed successfully.
          HKCR\CLSID{60deb600-6e3c-11e3-913b-001aa08d1be6} => key not found.
          HKU\S-1-5-21-3490785829-169181324-3712256341-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\MountPoints2{ddc90d2f-8f2b-11de-9f2c-001aa08d1be6} => key removed successfully.
          HKCR\CLSID{ddc90d2f-8f2b-11de-9f2c-001aa08d1be6} => key not found.
          C:\Users\Glen\AppData\Local\1e17e\9fab6.cc1c98 => moved successfully
          C:\Users\Glen\AppData\Local\1e17e => moved successfully
          HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\ShellIconOverlayIdentifiers__SafeBox1 => key removed successfully.
          HKCR\CLSID{152C96EB-288E-4EDC-B7C6-D21F8250ADF3} => key not found.
          HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\ShellIconOverlayIdentifiers__SafeBox2 => key removed successfully.
          HKCR\CLSID{342DAA0B-D796-460D-8566-901E08A1CCAD} => key not found.
          HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\ShellIconOverlayIdentifiers__SafeBox3 => key removed successfully.
          HKCR\CLSID{57595DAE-1AE1-4D97-A49E-67CBB53B52DF} => key not found.
          HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\ShellIconOverlayIdentifiers__SafeBox4 => key removed successfully.
          HKCR\CLSID{33816773-98AE-4723-ADE0-EBE54C8B5A67} => key not found.
          C:\Program Files\APC\APC PowerChute Personal Edition\Display.exe => not found.
          C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe => not found.
          C:\Program Files\palmOne\Hotsync.exe => not found.
          HKLM\System\CurrentControlSet\Services\Tcpip\Param eters\DhcpNameServer => value removed successfully.
          HKLM\System\CurrentControlSet\Services\Tcpip\Param eters\Interfaces{98C63B37-7ECC-43D4-AA4D-322215D7E7A2}\DhcpNameServer => value removed successfully.
          HKLM\Software\Microsoft\Internet Explorer\Main\Start Page => value restored successfully
          HKLM\Software\Microsoft\Internet Explorer\Main\Default_Page_URL => value restored successfully
          HKLM\Software\Microsoft\Internet Explorer\Main\Default_Search_URL => value restored successfully
          HKU\S-1-5-21-3490785829-169181324-3712256341-1000\Software\Microsoft\Internet Explorer\Main\Start Page => value restored successfully
          HKU\S-1-5-21-3490785829-169181324-3712256341-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\{a94e8dc9-07aa-45a7-8af2-a0375473a5cd} => value removed successfully.
          HKU\S-1-5-21-3490785829-169181324-3712256341-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\{91da5e8a-3318-4f8c-b67e-5964de3ab546} => value removed successfully.
          HKU\S-1-5-21-3490785829-169181324-3712256341-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\{f897eb0e-a3a4-46c3-80eb-2729699d8892} => value removed successfully.
          HKU\S-1-5-21-3490785829-169181324-3712256341-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\{f4c28532-b9d0-4950-a2df-e83f9929242b} => value removed successfully.
          HKCR\CLSID{f4c28532-b9d0-4950-a2df-e83f9929242b} => key not found.
          HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\DefaultScope => value restored successfully
          HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes{9CB96984-43C3-4D44-90EF-01466EFCF7BB} => key removed successfully.
          HKCR\CLSID{9CB96984-43C3-4D44-90EF-01466EFCF7BB} => key not found.
          HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes{afdbddaa-5d3f-42ee-b79c-185a7020515b} => key removed successfully.
          HKCR\CLSID{afdbddaa-5d3f-42ee-b79c-185a7020515b} => key not found.
          HKU.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => key removed successfully.
          HKCR\CLSID{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => key not found.
          HKU\S-1-5-21-3490785829-169181324-3712256341-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\DefaultScope => value removed successfully.
          HKU\S-1-5-21-3490785829-169181324-3712256341-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes{4DFE95E1-324C-4BF8-BDE1-266927F9598A} => key removed successfully.
          HKCR\CLSID{4DFE95E1-324C-4BF8-BDE1-266927F9598A} => key not found.
          HKU\S-1-5-21-3490785829-169181324-3712256341-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes{9CB96984-43C3-4D44-90EF-01466EFCF7BB} => key removed successfully.
          HKCR\CLSID{9CB96984-43C3-4D44-90EF-01466EFCF7BB} => key not found.
          HKU\S-1-5-21-3490785829-169181324-3712256341-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes{CFF4DB9B-135F-47c0-9269-B4C6572FD61A} => key removed successfully.
          HKCR\CLSID{CFF4DB9B-135F-47c0-9269-B4C6572FD61A} => key not found.
          HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects{1DAC0C53-7D23-4AB3-856A-B04D98CD982A} => key removed successfully.
          HKCR\CLSID{1DAC0C53-7D23-4AB3-856A-B04D98CD982A} => key not found.
          HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => key removed successfully.
          HKCR\CLSID{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => key not found.
          HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects{9030D464-4C02-4ABF-8ECC-5164760863C6} => key removed successfully.
          HKCR\CLSID{9030D464-4C02-4ABF-8ECC-5164760863C6} => key not found.
          HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects{DBC80044-A445-435b-BC74-9C25C1C588A9} => key removed successfully.
          HKCR\CLSID{DBC80044-A445-435b-BC74-9C25C1C588A9} => key not found.
          HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{1DAC0C53-7D23-4AB3-856A-B04D98CD982A} => value removed successfully.
          HKCR\CLSID{1DAC0C53-7D23-4AB3-856A-B04D98CD982A} => key not found.
          HKU\S-1-5-21-3490785829-169181324-3712256341-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} => value removed successfully.
          HKCR\CLSID{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} => key not found.
          HKU\S-1-5-21-3490785829-169181324-3712256341-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{F897EB0E-A3A4-46C3-80EB-2729699D8892} => value removed successfully.
          HKCR\CLSID{F897EB0E-A3A4-46C3-80EB-2729699D8892} => key not found.
          HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units{8AD9C840-044E-11D1-B3E9-00805F499D93} => key removed successfully.
          HKCR\CLSID{8AD9C840-044E-11D1-B3E9-00805F499D93} => key not found.
          HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} => key removed successfully.
          HKCR\CLSID{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} => key not found.
          HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} => key removed successfully.
          HKCR\CLSID{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} => key not found.
          HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} => key removed successfully.
          HKCR\CLSID{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} => key not found.
          HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units{D27CDB6E-AE6D-11CF-96B8-444553540000} => key removed successfully.
          HKCR\CLSID{D27CDB6E-AE6D-11CF-96B8-444553540000} => key not found.
          HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units{FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} => key removed successfully.
          HKCR\CLSID{FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} => key not found.
          HKCR\PROTOCOLS\Handler\ms-itss => key not found.
          HKCR\CLSID{0A9007C0-4076-11D3-8789-0000F8105754} => key not found.
          Firefox DefaultSearchEngine removed successfully.
          Firefox DefaultSearchUrl removed successfully.
          Firefox SearchEngineOrder.1 removed successfully.
          Firefox SelectedSearchEngine removed successfully.
          C:\Users\Glen\AppData\Roaming\Mozilla\Firefox\Prof iles\pooixovy.default-1413691062373\searchplugins\yahoo-avast.xml => moved successfully
          HKLM\Software\MozillaPlugins@checkpoint.com/FFApi => key removed successfully.
          HKLM\SOFTWARE\Google\Chrome\Extensions\fabcmochhfp ldjekobfaaggijgohadih => key removed successfully.
          HKLM\SOFTWARE\Google\Chrome\Extensions\phfmiknmhng mmlcppkpmbnopohlnfpbh => key removed successfully.
          C:\Users\Glen\AppData\Local\CRE\phfmiknmhngmmlcppk pmbnopohlnfpbh.crx => moved successfully
          HKU\S-1-5-21-3490785829-169181324-3712256341-1000\SOFTWARE\Google\Chrome\Extensions\phfmiknmhng mmlcppkpmbnopohlnfpbh => key removed successfully.
          “C:\Users\Glen\AppData\Local\CRE\phfmiknmhngmmlcpp kpmbnopohlnfpbh.crx” => not found.
          HKLM\System\CurrentControlSet\Services\CLTNetCnSer vice => key removed successfully.
          CLTNetCnService => service removed successfully.
          LiveUpdate Notice Ex => service not found.
          HKLM\System\CurrentControlSet\Services\stllssvr => key removed successfully.
          stllssvr => service removed successfully.
          HKLM\System\CurrentControlSet\Services\ZAPrivacySe rvice => key removed successfully.
          ZAPrivacyService => service removed successfully.
          HKLM\System\CurrentControlSet\Services\blbdrive => key removed successfully.
          blbdrive => service removed successfully.
          HKLM\System\CurrentControlSet\Services\IpInIp => key removed successfully.
          IpInIp => service removed successfully.
          HKLM\System\CurrentControlSet\Services\klflt => key removed successfully.
          klflt => service removed successfully.
          HKLM\System\CurrentControlSet\Services\Lbd => key removed successfully.
          Lbd => service removed successfully.
          HKLM\System\CurrentControlSet\Services\MBAMSwissAr my => key removed successfully.
          MBAMSwissArmy => service removed successfully.
          HKLM\System\CurrentControlSet\Services\NwlnkFlt => key removed successfully.
          NwlnkFlt => service removed successfully.
          HKLM\System\CurrentControlSet\Services\NwlnkFwd => key removed successfully.
          NwlnkFwd => service removed successfully.
          HKLM\System\CurrentControlSet\Services\vsdatant7 => key removed successfully.
          vsdatant7 => service removed successfully.
          HKLM\System\CurrentControlSet\Services\XE102Mp5 => key removed successfully.
          XE102Mp5 => service removed successfully.
          HKLM\System\CurrentControlSet\Services\XE102Sp5 => key removed successfully.
          XE102Sp5 => service removed successfully.
          C:\239deb8e4b0bd0ad0d434b4b => moved successfully
          C:\975cafc51b3f32eaa4bd77e09f6d1040 => moved successfully
          C:\Users\Glen\AppData\Local\AvgSetupLog => moved successfully
          C:\Users\Administrator\AppData\Local\Avg => moved successfully
          C:\74b5dafec5ddf39806d5d11a11 => moved successfully
          C:\a51f592706bbcae6374e3a720ddf => moved successfully
          C:\2e35ff875d9f9e874ec13ed34c92e8 => moved successfully
          C:\ProgramData\Avg => moved successfully
          C:\Users\Glen\AppData\Local\Avg => moved successfully
          Automatic LiveUpdate Scheduler => service not found.
          “C:\Program Files\Symantec” => not found.
          LiveUpdate => service not found.
          C:\Windows\Tasks\EPSON WF-4630 Series Update {E3062EAB-2698-476F-8702-41D3C9FF90BE}.job => moved successfully
          C:\Windows\Tasks\EPSON WF-4630 Series Invitation {E3062EAB-2698-476F-8702-41D3C9FF90BE}.job => moved successfully
          C:\Windows\Tasks\Adobe Flash Player Updater.job => moved successfully
          C:\ProgramData\Lavasoft => moved successfully
          HKU\S-1-5-21-3490785829-169181324-3712256341-1000_Classes\CLSID{188047CE-0F0A-11D7-8331-00C04FA03755} => key removed successfully.
          HKU\S-1-5-21-3490785829-169181324-3712256341-1000_Classes\CLSID{209DAEB8-0F02-11D7-8331-00C04FA03755} => key removed successfully.
          HKU\S-1-5-21-3490785829-169181324-3712256341-1000_Classes\CLSID{382C9F93-9BA4-4FC6-88DC-AD52F5812FF8} => key removed successfully.
          HKU\S-1-5-21-3490785829-169181324-3712256341-1000_Classes\CLSID{763F9014-A89C-11D6-82E7-00C04FA03755} => key removed successfully.
          HKU\S-1-5-21-3490785829-169181324-3712256341-1000_Classes\CLSID{BE1B5231-A3E2-11D6-82E3-00C04FA03755} => key removed successfully.
          HKU\S-1-5-21-3490785829-169181324-3712256341-1000_Classes\CLSID{C42B23DF-334C-4AD0-9AB4-91FF53D04239} => key removed successfully.
          HKU\S-1-5-21-3490785829-169181324-3712256341-1000_Classes\CLSID{DFD4C164-AE18-11D6-82EC-00C04FA03755} => key removed successfully.
          HKU\S-1-5-21-3490785829-169181324-3712256341-1000_Classes\CLSID{f4c28532-b9d0-4950-a2df-e83f9929242b} => key removed successfully.
          “C:\Program Files\Lavasoft” => not found.
          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain{17C3711 D-7E21-4D2A-8FD4-80ECB19BB36C} => key removed successfully.
          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{17C3711 D-7E21-4D2A-8FD4-80ECB19BB36C} => key removed successfully.
          C:\Windows\System32\Tasks\Ad-Aware Update (Weekly) => moved successfully
          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Ad-Aware Update (Weekly) => key removed successfully.
          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain{1C2BFEB B-C9B8-40EF-BA7B-D5201E63806B} => key removed successfully.
          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{1C2BFEB B-C9B8-40EF-BA7B-D5201E63806B} => key removed successfully.
          C:\Windows\System32\Tasks\Apple\AppleSoftwareUpdat e => moved successfully
          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Apple\Ap pleSoftwareUpdate => key removed successfully.
          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain{220D309 F-59EE-44D4-99C7-A4063687102B} => key removed successfully.
          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{220D309 F-59EE-44D4-99C7-A4063687102B} => key removed successfully.
          C:\Windows\System32\Tasks{2028ABC9-32ED-4C06-91E9-053878041268} => moved successfully
          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree{2028ABC9-32ED-4C06-91E9-053878041268} => key removed successfully.
          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain{3EBAC6B 0-0E01-48FE-B28F-5994609B6EA9} => key removed successfully.
          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{3EBAC6B 0-0E01-48FE-B28F-5994609B6EA9} => key removed successfully.
          C:\Windows\System32\Tasks{D9AF9D65-BB9E-4F69-A722-44379F8B0934} => moved successfully
          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree{D9AF9D65-BB9E-4F69-A722-44379F8B0934} => key removed successfully.
          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain{423C156 2-2B26-44D9-9E6A-D02D256A28FF} => key removed successfully.
          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{423C156 2-2B26-44D9-9E6A-D02D256A28FF} => key removed successfully.
          C:\Windows\System32\Tasks{C1FCE3D9-EAB2-4CA3-AE11-663AAD4DFC16} => moved successfully
          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree{C1FCE3D9-EAB2-4CA3-AE11-663AAD4DFC16} => key removed successfully.
          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain{62F6A62 1-F6AE-464E-BE66-74793BFF7AAD} => key removed successfully.
          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{62F6A62 1-F6AE-464E-BE66-74793BFF7AAD} => key removed successfully.
          C:\Windows\System32\Tasks\Adobe Flash Player Updater => moved successfully
          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Adobe Flash Player Updater => key removed successfully.
          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain{80603F1 2-8AF1-4B9A-982B-EBA598909069} => key removed successfully.
          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{80603F1 2-8AF1-4B9A-982B-EBA598909069} => key removed successfully.
          C:\Windows\System32\Tasks\EPSON WF-4630 Series Invitation {E3062EAB-2698-476F-8702-41D3C9FF90BE} => moved successfully
          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\EPSON WF-4630 Series Invitation {E3062EAB-2698-476F-8702-41D3C9FF90BE} => key removed successfully.
          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain{A84A6B1 2-A206-4D22-9AD6-89B0AF492116} => key removed successfully.
          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{A84A6B1 2-A206-4D22-9AD6-89B0AF492116} => key removed successfully.
          C:\Windows\System32\Tasks{82C6B9FC-0BA2-4CBF-9D00-3128DBE5866A} => moved successfully
          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree{82C6B9FC-0BA2-4CBF-9D00-3128DBE5866A} => key removed successfully.
          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain{AF06B84 0-555F-46B4-93DC-5D1C64A78890} => key removed successfully.
          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{AF06B84 0-555F-46B4-93DC-5D1C64A78890} => key removed successfully.
          C:\Windows\System32\Tasks{8E1D13D6-A0B1-4413-ADE5-58072754FAAA} => moved successfully
          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree{8E1D13D6-A0B1-4413-ADE5-58072754FAAA} => key removed successfully.
          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain{AFAE7C3 D-6E97-4942-84D4-B3F4874AB1EB} => key removed successfully.
          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{AFAE7C3 D-6E97-4942-84D4-B3F4874AB1EB} => key removed successfully.
          C:\Windows\System32\Tasks\EPSON WF-4630 Series Update {E3062EAB-2698-476F-8702-41D3C9FF90BE} => moved successfully
          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\EPSON WF-4630 Series Update {E3062EAB-2698-476F-8702-41D3C9FF90BE} => key removed successfully.
          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon{B5BC98B 8-08C6-42D2-A44C-2FB0A629D4BD} => key removed successfully.
          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{B5BC98B 8-08C6-42D2-A44C-2FB0A629D4BD} => key removed successfully.
          C:\Windows\System32\Tasks\Adobe Acrobat Update Task => moved successfully
          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Adobe Acrobat Update Task => key removed successfully.
          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain{FED3418 0-25B7-4EAD-BB57-DC18F9037D18} => key removed successfully.
          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{FED3418 0-25B7-4EAD-BB57-DC18F9037D18} => key removed successfully.
          C:\Windows\System32\Tasks{12BA5604-D8C7-4859-A9A9-72D73BACEE54} => moved successfully
          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree{12BA5604-D8C7-4859-A9A9-72D73BACEE54} => key removed successfully.
          C:\Windows\Tasks\Adobe Flash Player Updater.job => not found.
          C:\Windows\Tasks\EPSON WF-4630 Series Invitation {E3062EAB-2698-476F-8702-41D3C9FF90BE}.job => not found.
          C:\Windows\Tasks\EPSON WF-4630 Series Update {E3062EAB-2698-476F-8702-41D3C9FF90BE}.job => not found.
          C:\ProgramData\TEMP => “:0B4227B4” ADS removed successfully..
          C:\ProgramData\TEMP => “:0CE7F3C9” ADS removed successfully..
          C:\ProgramData\TEMP => “:A8ADE5D8” ADS removed successfully..
          C:\ProgramData\TEMP => “FC5A2B2” ADS removed successfully..
          C:\Users\Glen\Desktop\FRST.exe => “:BDU” ADS removed successfully..
          HKLM\System\CurrentControlSet\Control\SafeBoot\Net work\KL1 => key removed successfully.
          HKLM\System\CurrentControlSet\Control\SafeBoot\Net work\kl2 => key removed successfully.
          HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\Apple Mobile Device => key removed successfully.
          HKLM\System\CurrentControlSet\Services\Apple Mobile Device => key removed successfully.
          HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\Automatic LiveUpdate Scheduler => key removed successfully.
          HKLM\System\CurrentControlSet\Services\Automatic LiveUpdate Scheduler => key not found.
          HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\Bonjour Service => key removed successfully.
          HKLM\System\CurrentControlSet\Services\Bonjour Service => key removed successfully.
          HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\iPod Service => key removed successfully.
          HKLM\System\CurrentControlSet\Services\iPod Service => key removed successfully.
          HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\Lavasoft Ad-Aware Service => key removed successfully.
          HKLM\System\CurrentControlSet\Services\Lavasoft Ad-Aware Service => key not found.
          HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\LightScribeService => key removed successfully.
          HKLM\System\CurrentControlSet\Services\LightScribe Service => key not found.
          HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\LiveUpdate => key not found.
          HKLM\System\CurrentControlSet\Services\LiveUpdate => key not found.
          HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\LiveUpdate Notice Service => key removed successfully.
          HKLM\System\CurrentControlSet\Services\LiveUpdate Notice Service => key not found.
          HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MSCONFIG\startupreg: Ad-Watch => => key not found.
          HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MSCONFIG\startupreg: Adobe Reader Speed Launcher => => key not found.
          HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AppleSyncNotifier => key removed successfully.
          HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\APSDaemon => key removed successfully.
          HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Bdagent => key removed successfully.
          HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MSCONFIG\startupreg: BDRegion => => key not found.
          HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Bitdefender Wallet Agent => key removed successfully.
          HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MSCONFIG\startupreg: Dell PC TuneUp Startup => => key not found.
          HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MSCONFIG\startupreg: EPLTarget => => key not found.
          HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\InstantBurn => key removed successfully.
          HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\iTunesHelper => key removed successfully.
          HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MSCONFIG\startupreg: LanguageShortcut => => key not found.
          HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\LGODDFU => key removed successfully.
          HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MSCONFIG\startupreg: Monitor => => key not found.
          HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MSCONFIG\startupreg: QuickTime Task => => key not found.
          HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MSCONFIG\startupreg: RemoteControl => => key not found.
          HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Symantec PIF AlertEng => key removed successfully.
          HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Windows Defender => key removed successfully.

          ========= RemoveProxy: =========

          HKU.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVers ion\Internet Settings\Connections\DefaultConnectionSettings => value removed successfully.
          HKU.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVers ion\Internet Settings\Connections\SavedLegacySettings => value removed successfully.
          HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Inter net Settings\Connections\SavedLegacySettings => value removed successfully.
          HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Inter net Settings\Connections\SavedLegacySettings => value removed successfully.
          HKU\S-1-5-21-3490785829-169181324-3712256341-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Int ernet Settings\Connections\DefaultConnectionSettings => value removed successfully.
          HKU\S-1-5-21-3490785829-169181324-3712256341-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Int ernet Settings\Connections\SavedLegacySettings => value removed successfully.

          ========= End of RemoveProxy: =========

          ========= netsh advfirewall reset =========

          Ok.

          ========= End of CMD: =========

          ========= netsh advfirewall set allprofiles state On =========

          Ok.

          ========= End of CMD: =========

          ========= ipconfig /flushdns =========

          Windows IP Configuration

          Successfully flushed the DNS Resolver Cache.

          ========= End of CMD: =========

          C:\windows\system32\Drivers\etc\hosts => moved successfully
          Hosts restored successfully.

          =========== EmptyTemp: ==========

          BITS transfer queue => 0 B
          DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 307162914 B
          Java, Flash, Steam htmlcache => 773 B
          Windows/system/drivers => 941582135 B
          Edge => 0 B
          Chrome => 0 B
          Firefox => 367889671 B
          Opera => 0 B

          Temp, IE cache, history, cookies, recent:
          Users => 0 B
          Default => 66228 B
          Public => 0 B
          ProgramData => 0 B
          systemprofile => 33643 B
          LocalService => 4640724 B
          NetworkService => 5507682 B
          Glen => 825319780 B
          UpdatusUser => 66228 B
          UpdatusUser => 0 B
          Administrator => 4796833 B

          RecycleBin => 36534032 B
          EmptyTemp: => 2.3 GB temporary data Removed.

          ================================

          The system needed a reboot.

          ==== End of Fixlog 19:51:44 ====


          Zemana AntiMalware 2.72.2.101 (Installed)

          Scan Result : Completed
          Scan Date : 2017/2/22
          Operating System : Windows Vista 32-bit
          Processor : 2X Intel(R) Core™2 Duo CPU E6550 @ 2.33GHz
          BIOS Mode : Legacy
          CUID : 14EA792BCC4FE15F41C6C9
          Scan Type : System Scan
          Duration : 8m 44s
          Scanned Objects : 55902
          Detected Objects : 7
          Excluded Objects : 0
          Read Level : SCSI
          Auto Upload : Enabled
          Detect All Extensions : Disabled
          Scan Documents : Disabled
          Domain Info : WORKGROUP,0,2
          [HEADING=1]Detected Objects[/HEADING]
          Tabs Hijack (System)
          Status : Scanned
          Object : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs\Tabs
          MD5 : -
          Publisher : -
          Size : -
          Version : -
          Detection : Potentially Unwanted Modification
          Cleaning Action : Repair
          Related Objects :
          Registry Entry - HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs\Tabs = about:newtab

          explorer.exe
          Status : Scanned
          Object : %systemroot%\explorer.exe
          MD5 : D07D4C3038F3578FFCE1C0237F2A1253
          Publisher : Microsoft Windows
          Size : 2926592
          Version : 6.0.6002.18005
          Detection : Hollow Process
          Cleaning Action : Repair
          Related Objects :
          Process - 2372 - C:\Windows\explorer.exe
          File - %systemroot%\explorer.exe

          explorer.exe
          Status : Scanned
          Object : %systemroot%\explorer.exe
          MD5 : D07D4C3038F3578FFCE1C0237F2A1253
          Publisher : Microsoft Windows
          Size : 2926592
          Version : 6.0.6002.18005
          Detection : Hollow Process
          Cleaning Action : Repair
          Related Objects :
          Process - 3484 - C:\Windows\explorer.exe
          File - %systemroot%\explorer.exe

          Internet Explorer Search
          Status : Scanned
          Object : ZoneAlarm Extreme Security Customized Web Search - http://search.conduit.com
          MD5 : -
          Publisher : -
          Size : -
          Version : -
          Detection : Suspicious Browser Setting
          Cleaning Action : Repair
          Related Objects :
          Browser Setting - Internet Explorer Search

          Internet Explorer Search
          Status : Scanned
          Object : Yahoo! (Avast) - http://search.yahoo.com
          MD5 : -
          Publisher : -
          Size : -
          Version : -
          Detection : Suspicious Browser Setting
          Cleaning Action : Repair
          Related Objects :
          Browser Setting - Internet Explorer Search

          Internet Explorer Search
          Status : Scanned
          Object : MyStart Search - http://mystart.smilebox.com
          MD5 : -
          Publisher : -
          Size : -
          Version : -
          Detection : Suspicious Browser Setting
          Cleaning Action : Repair
          Related Objects :
          Browser Setting - Internet Explorer Search

          Internet Explorer Search
          Status : Scanned
          Object : Yahoo! (Avast) - http://search.yahoo.com
          MD5 : -
          Publisher : -
          Size : -
          Version : -
          Detection : Suspicious Browser Setting
          Cleaning Action : Repair
          Related Objects :
          Browser Setting - Internet Explorer Search
          [HEADING=1]Cleaning Result[/HEADING]
          Cleaned : 7
          Reported as safe : 0
          Failed : 0

            Comment

            • clarkgriswold
              PCHF Member
              • Feb 2017
              • 39
              #4
              It looks like Bitdefender is still picking up the Trojan.

                Comment

                • Malnutrition
                  PCHF Moderator
                  • Jul 2016
                  • 7041
                  #5
                  Let’s check for remnants now…

                  Malwarebytes AntiRootkit.

                  Please download Malwarebytes Anti-Rootkit from here

                  [ul]
                  [li]Unzip the contents to a folder in a convenient location.[/li][li]Open the folder where the contents were unzipped and run mbar.exe[/li][li]Follow the instructions in the wizard to update and allow the program to scan your computer for threats.[/li][li][/li]
                  [li]Click on the Cleanup button to remove any threats and reboot if prompted to do so.[/li][li]Wait while the system shuts down and the cleanup process is performed.[/li][li]Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.[/li][li]When done, please post the two logs produced they will be in the MBAR folder… mbar-log.txt and system-log.txt[/li][/ul]
                  Poweliks Cleaner.

                  Please download Powelikscleaner (by ESET) and save it to your Desktop.
                  1. Double-click on ESETPoweliksCleaner.exe to start the tool.
                  2. Read the terms of the End-user license agreement and click Agree.
                  3. The tool will run automatically. If the cleaner finds a Poweliks infection, press the Y key on your keyboard to remove it.

                  https://ssl-proxy.herokuapp.com/86f1...036652e706e67/
                  1. If Poweliks was detected “Win32/Poweliks was successfully removed from your system” will be displayed. Press any key to exit the tool and reboot your PC.

                  No such app
                  https://ssl-proxy.herokuapp.com/3b90a0ec638b7ee17788e9aaab5f954c3062c2a3/687474703a2f2f6936382e70686f746f6275636b65742e636f6d2f616c62756d732f6933352f6361726e33732f6e6577746f6f6c325f7a707330653664333962312e706e67/


                  The tool will produce a log in the same directory the tool was run from.
                  Please copy and paste the log in your next reply.

                  JRT Scan.

                  Please download Junkware Removal Tool and save it on your desktop.

                  [ul]
                  [li]Shut down your anti-virus, anti-spyware, and firewall software now to avoid potential conflicts.[/li][li]Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click it and select Run as administrator.[/li][li]The tool will open and start scanning your system.[/li][li]Please be patient as this can take a while to complete depending on your system’s specifications.[/li][li]On completion, a log is saved to your desktop and will automatically open.[/li][li]Please post the JRT log.[/li][/ul]
                  Adware Cleaner Scan.

                  Please download AdwCleaner by Xplode onto your desktop.

                  [ul]
                  [li]Close all open programs and internet browsers.[/li][li]Double click on adwcleaner.exe to run the tool.[/li][li]Click on Scan button.[/li][li]When the scan has finished click on Clean button.[/li][li]Your computer will be rebooted automatically. A text file will open after the restart.[/li][li]Please post the contents of that logfile with your next reply.[/li][li]You can find the logfile at C:\AdwCleaner[S1].txt as well.[/li][/ul]

                  [COLOR=rgb(255, 0, 0)]Eliminate Bad Settings with this nice tool. [/COLOR][COLOR=rgb(255, 0, 0)]
                  [ul]
                  [li]Temporarily disable your antivirus[/li]
                  [li]Download SupRestric.exe save to your desktop.[/li][li]Close all running programs.[/li][li]Double click the file to launch it.[/li][li]Windows: 7/8/10 Vista and run as administrator[/li][li]Click Yes at any prompt.[/li]
                  [li]The analysis takes only a few moments.[/li][li]The report is on the desktop ( CTR.txt )[/li][li]Copy paste report in next reply.[/li][li]A reboot is needed to complete the repairs.[/li][/ul][/color]

                    Comment

                    • Malnutrition
                      PCHF Moderator
                      • Jul 2016
                      • 7041
                      #6
                      After the above scans…
                      Can you screen shot the prompt from Bitdefender?
                      Is it now detecting the malware in the FRST quarantine folder?

                        Comment

                        • clarkgriswold
                          PCHF Member
                          • Feb 2017
                          • 39
                          #7
                          Ok, all scans complete. I am currently running a fresh Bitdefender scan..please standby.


                          Junkware Removal Tool (JRT) by Malwarebytes
                          [/quote]
                          Version: 8.1.0 (12.05.2016)
                          Operating System: Windows Vista ™ Home Premium x86
                          Ran by Glen (Administrator) on Wed 02/22/2017 at 23:07:42.63
                          Code:
                          

File System: 19

Failed to delete: C:\Program Files\web assistant (Folder)
Successfully deleted: C:\end (File)
Successfully deleted: C:\Program Files\mozilla firefox\defaults\pref\itms.js (File)
Successfully deleted: C:\ProgramData\1485439235.bdinstall.bin (File)
Successfully deleted: C:\ProgramData\Start Menu\Programs\pc tune-up (Folder)
Successfully deleted: C:\Users\Glen\AppData\Local\conduit (Folder)
Successfully deleted: C:\Users\Glen\AppData\Local\cre (Folder)
Successfully deleted: C:\Users\Glen\AppData\Local\ysearchutil (Folder)
Successfully deleted: C:\Users\Glen\Appdata\LocalLow\conduit (Folder)
Successfully deleted: C:\Windows\System32\conduitengine.tmp (File)
Successfully deleted: C:\Windows\wininit.ini (File)
Successfully deleted: C:\Users\Glen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\08Y3SC6D (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Glen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CNL4JV6U (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Glen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EYY2ALZ7 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Glen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GP7M657V (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\08Y3SC6D (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CNL4JV6U (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EYY2ALZ7 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GP7M657V (Temporary Internet Files Folder)

Deleted the following from C:\Users\Glen\AppData\Roaming\Mozilla\Firefox\Profiles\pooixovy.default-1413691062373\prefs.js
user_pref(extensions.toolbar.mindspark.hp.enabled, false);
user_pref(extensions.toolbar.mindspark.lastInstalled, [EMAIL]gamingwonderland@mindspark.com[/EMAIL]);



Registry: 1

Successfully deleted: HKLM\SYSTEM\CurrentControlSet\services\Web Assistant Updater (Registry Key)
                          Scan was completed on Wed 02/22/2017 at 23:09:11.90
                          End of JRT log
                          Code:
                          [B]
> Malwarebytes Anti-Rootkit BETA 1.9.3.1001
[/B]
>
                          www.malwarebytes.org

                          Database version:
                          main: v2017.02.23.01
                          rootkit: v2017.02.15.01

                          Windows Vista Service Pack 2 x86 NTFS
                          Internet Explorer 9.0.8112.16421
                          Glen :: DESKTOP [administrator]

                          2/22/2017 9:27:59 PM
                          mbar-log-2017-02-22 (21-27-59).txt

                          Scan type: Quick scan
                          Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
                          Scan options disabled:
                          Objects scanned: 380439
                          Time elapsed: 56 minute(s), 52 second(s)

                          Memory Processes Detected: 0
                          (No malicious items detected)

                          Memory Modules Detected: 0
                          (No malicious items detected)

                          Registry Keys Detected: 0
                          (No malicious items detected)

                          Registry Values Detected: 0
                          (No malicious items detected)

                          Registry Data Items Detected: 0
                          (No malicious items detected)

                          Folders Detected: 0
                          (No malicious items detected)

                          Files Detected: 0
                          (No malicious items detected)

                          Physical Sectors Detected: 0
                          (No malicious items detected)

                          (end)


                          [HEADING=1]AdwCleaner v6.043 - Logfile created 22/02/2017 at 23:15:37[/HEADING]
                          [HEADING=1]Updated on 27/01/2017 by Malwarebytes[/HEADING]
                          [HEADING=1]Database : 2017-01-27.1 [Local][/HEADING]
                          [HEADING=1]Operating System : Windows Vista ™ Home Premium Service Pack 2 (X86)[/HEADING]
                          [HEADING=1]Username : Glen - DESKTOP[/HEADING]
                          [HEADING=1]Running from : C:\Users\Glen\Desktop\adwcleaner_6.043.exe[/HEADING]
                          [HEADING=1]Mode: Clean[/HEADING]
                          [HEADING=1]Support : Malwarebytes Help Center[/HEADING]
                          ***** [ Services ] *****

                          [-] Service deleted: Web Assistant Updater

                          ***** [ Folders ] *****

                          [-] Folder deleted: C:\Users\Glen\AppData\Roaming\Yahoo!\Companion
                          [-] Folder deleted: C:\Program Files\Web Assistant
                          [-] Folder deleted: C:\Windows\system32\config\systemprofile\AppData\L ocal\YSearchUtil

                          ***** [ Files ] *****

                          ***** [ DLL ] *****

                          ***** [ WMI ] *****

                          ***** [ Shortcuts ] *****

                          ***** [ Scheduled Tasks ] *****

                          ***** [ Registry ] *****

                          [-] Key deleted: HKLM\SOFTWARE\Classes\Toolbar.CT2645238
                          [-] Key deleted: HKLM\SOFTWARE\Classes\Toolbar.CT2925418
                          [-] Key deleted: HKLM\SOFTWARE\Classes\Toolbar.CT3061355
                          [-] Key deleted: HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy{43e32fb4-d5e9-41a2-9ded-f0894fb21ad2}
                          [-] Key deleted: HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy{563028cc-55f3-4678-a37a-d9b10cfb2b19}
                          [-] Key deleted: HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy{b03ecee6-cb2f-4338-84a7-1358ac61a918}
                          [-] Key deleted: HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy{c855d636-07b5-4dc3-82c7-a35242ea1d05}
                          [-] Key deleted: HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserTool bar
                          [-] Key deleted: HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserTool bar.1
                          [-] Key deleted: HKLM\SOFTWARE\Classes\AppID{B302A1BD-0157-49FA-90F1-4E94F22C7B4B}
                          [-] Key deleted: HKLM\SOFTWARE\Classes\CLSID{3C471948-F874-49F5-B338-4F214A2EE0B1}
                          [-] Key deleted: HKLM\SOFTWARE\Classes\CLSID{6ABB1C11-E261-4CEA-BBB5-3836225689DD}
                          [-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext \Stats{00000000-6E41-4FD3-8538-502F5495E5FC}
                          [-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext \PreApproved{02478D38-C3F9-4EFB-9B51-7695ECA05670}
                          [-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext \PreApproved{EF99BD32-C1FB-11D2-892F-0090271D4F88}
                          [-] Key deleted: HKU.DEFAULT\Software\Auslogics
                          [-] Key deleted: HKU\S-1-5-21-3490785829-169181324-3712256341-1000\Software\ImInstaller
                          [-] Key deleted: HKU\S-1-5-21-3490785829-169181324-3712256341-1000\Software\YahooPartnerToolbar
                          [-] Key deleted: HKU\S-1-5-21-3490785829-169181324-3712256341-1000\Software\Auslogics
                          [-] Key deleted: HKU\S-1-5-21-3490785829-169181324-3712256341-1000\Software\AppDataLow\Software\adawarebp
                          [-] Key deleted: HKU\S-1-5-21-3490785829-169181324-3712256341-1000\Software\AppDataLow\Software\Conduit
                          [-] Key deleted: HKU\S-1-5-21-3490785829-169181324-3712256341-1000\Software\AppDataLow\Software\Yahoo\Companion
                          [-] Key deleted: HKU\S-1-5-21-3490785829-169181324-3712256341-1000\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache{336D0C35-8A85-403a-B9D2-65C292C39087}_is1
                          [-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3490785829-169181324-3712256341-1000\Software\Web Assistant
                          [-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3490785829-169181324-3712256341-1000\Software\Yahoo\YFriendsBar
                          [#] Key deleted on reboot: HKU\S-1-5-18\Software\Auslogics
                          [#] Key deleted on reboot: HKCU\Software\ImInstaller
                          [#] Key deleted on reboot: HKCU\Software\YahooPartnerToolbar
                          [#] Key deleted on reboot: HKCU\Software\Auslogics
                          [-] Key deleted: HKU.DEFAULT\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-18\Software\Web Assistant
                          [#] Key deleted on reboot: HKCU\Software\AppDataLow\Software\adawarebp
                          [#] Key deleted on reboot: HKCU\Software\AppDataLow\Software\Conduit
                          [#] Key deleted on reboot: HKCU\Software\AppDataLow\Software\Yahoo\Companion
                          [-] Key deleted: HKLM\SOFTWARE\Conduit
                          [-] Key deleted: HKLM\SOFTWARE\W3I
                          [-] Key deleted: HKLM\SOFTWARE\Web Assistant
                          [-] Key deleted: HKLM\SOFTWARE\Yahoo\Companion
                          [-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uni nstall\conduitEngine
                          [#] Key deleted on reboot: HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache{336D0C35-8A85-403a-B9D2-65C292C39087}_is1
                          [-] Key deleted: HKLM\SOFTWARE\Classes\AppID\Extension.DLL

                          ***** [ Web browsers ] *****

                          :: “Tracing” keys deleted
                          :: Winsock settings cleared

                          C:\AdwCleaner\AdwCleaner[C0].txt - [4650 Bytes] - [22/02/2017 23:15:37]
                          C:\AdwCleaner\AdwCleaner[S0].txt - [4645 Bytes] - [22/02/2017 23:12:46]

                          ########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [4796 Bytes] ##########


                          Restricted Access Control Report Pierre13 (CTR version 2.4.0.0) of 22 \ 02 \ 2017 at 23:23:03

                          PC of Glen
                          Windows Vista Home Premium Service Pack 2 (32-bit)
                          Repair error 2203 performed
                          Control presence restrictions
                          PC vaccinated against Java sponsor.
                          Windows Firewall service enabled.
                          Windows Firewall settings restored by default and enabled.
                          235 controlled restrictions.
                          No restrictions found.
                          The report is on the desktop (C: \ Users \ Glen \ Desktop \ CTR.txt)

                            Comment

                            • Malnutrition
                              PCHF Moderator
                              • Jul 2016
                              • 7041
                              #8
                              Alright, awaiting your word. (y)

                              I’d like to check and see if I have missed anything, lets run a tool that looks a little deeper than FRST.

                              ZHP Diag Scan

                              Download ZHP Diag to your desktop.
                              1. Right Click Run as Admin.
                                2. Click the Scanner button.

                              [ATTACH]1647[/ATTACH]

                              When complete please push the report button.
                              A notepad will open… copy and paste the report in your next reply.

                                Comment

                                • clarkgriswold
                                  PCHF Member
                                  • Feb 2017
                                  • 39
                                  #9
                                  Ok, here is the report. I had to play around some to get the tool to run, Bitdefender didn’t like it.


                                  ~ ZHPDiag v2017.2.22.33 By Nicolas Coolman (2017/02/22)
                                  [/quote]



                                  ~ Run by Glen (Administrator) (2017/02/23 08:08:24)
                                  ~ Web: https://www.nicolascoolman.com
                                  ~ Blog: https://nicolascoolman.eu/
                                  ~ Facebook: ZHP
                                  ~ State version: Version OK
                                  ~ Mode: Scan
                                  ~ Report: C:\Users\Glen\Desktop\ZHPDiag.txt
                                  ~ Report: C:\Users\Glen\AppData\Roaming\ZHP\ZHPDiag.txt
                                  ~ UAC: Deactivate
                                  ~ System startup: Normal (Normal boot)
                                  Windows VISTA, 32-bit Service Pack 2 (Build 6002) =>.Microsoft Corporation

                                  —\ Internet Browsers (2) - 0s
                                  ~ MFIE: Mozilla Firefox 50.1.0 (x86 en-US)
                                  ~ MSIE: Internet Explorer v9.0.8112.16421

                                  —\ Windows Product Information (4) - 3s
                                  ~ Windows Server License Manager Script : OK
                                  ~ Licence Script File Génération : OK
                                  Windows Automatic Updates : OK
                                  Windows Activation Technologies : KO

                                  —\ System protection software (1) - 2s
                                  ZoneAlarm DataLock v10.1.065.000 (Protection)

                                  —\ System protection software (Superfluous) (1) - 2s
                                  ~ Zemana AntiMalware v2.72.101 (Superfluous)

                                  —\ Surveillance software (2) - 2s
                                  ~ Adobe Flash Player 24 NPAPI (Surveillance)
                                  ~ Adobe Reader X (Surveillance)

                                  —\ Information on the system (6) - 0s
                                  ~ Operating System: x86 Family 6 Model 15 Stepping 11, GenuineIntel
                                  ~ Operating System: 32-bit
                                  ~ Boot mode: Normal (Normal boot)
                                  Total RAM: 3405.264 MB (27% free) : OK =>.RAM Value
                                  System Restore: Activé (Enable)
                                  System drive C: has 10 GB () free of 171 GB : ATTENTION =>Warning Disk Space

                                  —\ Connection to the system mode (3) - 0s
                                  ~ Computer Name: DESKTOP
                                  ~ User Name: Glen
                                  ~ Logged in as Administrator

                                  —\ Enumeration of the disk units (3) - 0s
                                  ~ Drive C: has 10 GB free of 171 GB (System)
                                  ~ Drive D: has 29 GB free of 56 GB
                                  ~ Drive E: has 6 GB free of 10 GB

                                  —\ State of the Windows Security Center (11) - 0s
                                  [HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiSpywareOverride: OK
                                  [HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusOverride: OK
                                  [HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallOverride: OK
                                  [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\system] EnableLUA: Modified
                                  [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\Advanced\Folder\Hidden\NOHIDDEN] CheckedValue: Modified
                                  [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\Advanced\Folder\Hidden\SHOWALL] CheckedValue: OK
                                  [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\Associations] Application: OK
                                  [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] Shell: OK
                                  [HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] Load: OK
                                  [HKLM\SYSTEM\CurrentControlSet\Services\COMSysApp] Type: OK
                                  [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Win dowsUpdate\Auto Update\Results\Install] LastSuccessTime : OK

                                  —\ Search Generic System Files (23) - 5s
                                  [MD5.D07D4C3038F3578FFCE1C0237F2A1253] - 11/04/2009 - (.Microsoft Corporation - Windows Explorer.) – C:\Windows\Explorer.exe [2926592] =>.Microsoft Corporation
                                  [MD5.4B555106290BD117334E9A08761C035A] - 02/11/2006 - (.Microsoft Corporation - Windows host process (Rundll32).) – C:\Windows\System32\rundll32.exe [44544] =>.Microsoft Corporation
                                  [MD5.101BA3EA053480BB5D957EF37C06B5ED] - 19/01/2008 - (.Microsoft Corporation - Windows Start-Up Application.) – C:\Windows\System32\Wininit.exe [96768] =>.Microsoft Corporation
                                  [MD5.F39B046F12E8AACA681B16F2D3CAC3BC] - 05/10/2016 - (.Microsoft Corporation - Internet Extensions for Win32.) – C:\Windows\System32\wininet.dll [1129984] =>.Microsoft Corporation
                                  [MD5.898E7C06A350D4A1A64A9EA264D55452] - 11/04/2009 - (.Microsoft Corporation - Windows Logon Application.) – C:\Windows\System32\Winlogon.exe [314368] =>.Microsoft Corporation
                                  [MD5.85E861D0B88DB2B54ACB0839654C09F7] - 02/03/2011 - (.Microsoft Corporation - DNS Client API DLL.) – C:\Windows\System32\dnsapi.dll [168448] =>.Microsoft Corporation
                                  [MD5.4A0978779958D8FE8F5849F452BCC812] - 13/10/2015 - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) – C:\Windows\System32\drivers\AFD.sys [273408] =>.Microsoft Corporation
                                  [MD5.9E7E85EC61D1C9C3171CC08427108863] - 09/08/2007 - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) – C:\Windows\System32\drivers\atapi.sys [21688] =>.Microsoft Windows®
                                  [MD5.7ADD03E75BEB9E6DD102C3081D29840A] - 19/01/2008 - (.Microsoft Corporation - CD-ROM File System Driver.) – C:\Windows\System32\drivers\Cdfs.sys [70144] =>.Microsoft Corporation
                                  [MD5.6B4BFFB9BECD728097024276430DB314] - 10/04/2009 - (.Microsoft Corporation - SCSI CD-ROM Driver.) – C:\Windows\System32\drivers\Cdrom.sys [67072] =>.Microsoft Corporation
                                  [MD5.4E428F992C64E061C9AF56CCD3F78DAE] - 08/09/2016 - (.Microsoft Corporation - DFS Namespace Client Driver.) – C:\Windows\System32\drivers\DfsC.sys [79360] =>.Microsoft Corporation
                                  [MD5.062452B7FFD68C8C042A6261FE8DFF4A] - 10/04/2009 - (.Microsoft Corporation - High Definition Audio Bus Driver.) – C:\Windows\System32\drivers\HDAudBus.sys [561152] =>.Microsoft Corporation
                                  [MD5.22D56C8184586B7A1F6FA60BE5F5A2BD] - 19/01/2008 - (.Microsoft Corporation - i8042 Port Driver.) – C:\Windows\System32\drivers\i8042prt.sys [54784] =>.Microsoft Corporation
                                  [MD5.8793643A67B42CEC66490B2A0CF92D68] - 19/01/2008 - (.Microsoft Corporation - IP Network Address Translator.) – C:\Windows\System32\drivers\IpNat.sys [100864] =>.Microsoft Corporation
                                  [MD5.1B864548B2ACEC1C0BB29B615CC42978] - 08/01/2015 - (.Microsoft Corporation - Windows NT SMB Minirdr.) – C:\Windows\System32\drivers\MRxSmb.sys [107008] =>.Microsoft Corporation
                                  [MD5.BF84E55A9B3AD3CBAB4AAE3BE043E579] - 10/05/2016 - (.Microsoft Corporation - MBT Transport driver.) – C:\Windows\System32\drivers\netBT.sys [185856] =>.Microsoft Corporation
                                  [MD5.2C1121F2B87E9A6B12485DF53CD848C7] - 03/03/2013 - (.Microsoft Corporation - NT File System Driver.) – C:\Windows\System32\drivers\ntfs.sys [1082232] =>.Microsoft Windows®
                                  [MD5.0FA9B5055484649D63C303FE404E5F4D] - 02/11/2006 - (.Microsoft Corporation - Parallel Port Driver.) – C:\Windows\System32\drivers\Parport.sys [79360] =>.Microsoft Corporation
                                  [MD5.A214ADBAF4CB47DD2728859EF31F26B0] - 19/01/2008 - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) – C:\Windows\System32\drivers\Rasl2tp.sys [76288] =>.Microsoft Corporation
                                  [MD5.0245418224CFA77BF4B41C2FE0622258] - 09/08/2007 - (.Microsoft Corporation - Microsoft RDP Device redirector.) – C:\Windows\System32\drivers\rdpdr.sys [242688] =>.Microsoft Corporation
                                  [MD5.7B75299A4D201D6A6533603D6914AB04] - 10/04/2009 - (.Microsoft Corporation - SMB Transport driver.) – C:\Windows\System32\drivers\smb.sys [66560] =>.Microsoft Corporation
                                  [MD5.EC565DFA3D9C45D8083B72DEC5B33710] - 13/10/2015 - (.Microsoft Corporation - TDI Translation Driver.) – C:\Windows\System32\drivers\tdx.sys [72192] =>.Microsoft Corporation
                                  [MD5.786DB5771F05EF300390399F626BF30A] - 21/08/2012 - (.Microsoft Corporation - Volume Shadow Copy Driver.) – C:\Windows\System32\drivers\volsnap.sys [224640] =>.Microsoft Windows®

                                  —\ Non Microsoft non disabled Windows Services (12) - 5s
                                  O23 - Service: Andrea RT Filters Service (AERTFilters) . (.Andrea Electronics Corporation - Andrea filters APO access service (32-bit).) - C:\Windows\System32\AERTSrv.exe =>.Andrea Electronics Corporation
                                  O23 - Service: CodeMeter Runtime Server (CodeMeter.exe) . (.WIBU-SYSTEMS AG - CodeMeter Runtime Server.) - C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe =>.WIBU-SYSTEMS AG®
                                  O23 - Service: Epson Scanner Service (EpsonScanSvc) . (.Seiko Epson Corporation - Epson Scanner Service (32bit).) - C:\Windows\System32\escsvc.exe =>.SEIKO EPSON Corporation®
                                  O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) . (.Intel Corporation - RAID Monitor.) - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe =>.Intel Corporation®
                                  O23 - Service: (Net Driver HPZ12) . (.Hewlett-Packard - Dot4Net Module.) - C:\Windows\System32\HPZinw12.dll =>.Hewlett-Packard
                                  O23 - Service: NVIDIA Display Driver Service (nvsvc) . (.NVIDIA Corporation - NVIDIA Driver Helper Service, Version 311.0.) - C:\Windows\System32\nvvsvc.exe =>.NVIDIA Corporation®
                                  O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) . (.NVIDIA Corporation - NVIDIA Settings Update Manager.) - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe =>.NVIDIA Corporation®
                                  O23 - Service: (Pml Driver HPZ12) . (.Hewlett-Packard - PmlDrv Module.) - C:\Windows\System32\HPZipm12.dll =>.Hewlett-Packard
                                  O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) . (.NVIDIA Corporation - Stereo Vision Control Panel API Server.) - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe =>.NVIDIA Corporation®
                                  O23 - Service: Bitdefender Desktop Update Service (UPDATESRV) . (.Bitdefender - Bitdefender Update Service.) - C:\Program Files\Bitdefender\Bitdefender 2015\updatesrv.exe =>.Bitdefender SRL®
                                  O23 - Service: Bitdefender Virus Shield (VSSERV) . (.Bitdefender - Bitdefender Security Service.) - C:\Program Files\Bitdefender\Bitdefender 2015\vsserv.exe =>.Bitdefender SRL®
                                  O23 - Service: ZAM Controller Service (ZAMSvc) . (.Copyright 2017. - ZAM.) - C:\Program Files\Zemana AntiMalware\ZAM.exe =>.Zemana Ltd.®

                                  —\ Services not Microsoft (SR=Run, SS=Stop) (18) - 28s
                                  SS - Demand [14/09/2015] [ 82128] Adobe Acrobat Update Service (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe =>.Adobe Systems, Incorporated®
                                  SS - Demand [14/02/2017] [ 270936] Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\System32\Macromed\Flash\FlashPlayerUpda teService.exe =>.Adobe Systems Incorporated®
                                  SR - Auto [05/12/2007] [ 77824] Andrea RT Filters Service (AERTFilters) . (.Andrea Electronics Corporation.) - C:\Windows\System32\AERTSrv.exe =>.Andrea Electronics Corporation
                                  SS - Demand [09/12/2014] [ 69880] Bitdefender Desktop Parental Control (BdDesktopParental) . (.Bitdefender.) - C:\Program Files\Bitdefender\Bitdefender 2015\bdparentalservice.exe =>.Bitdefender SRL®
                                  SR - Auto [27/11/2013] [ 3105144] CodeMeter Runtime Server (CodeMeter.exe) . (.WIBU-SYSTEMS AG.) - C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe =>.WIBU-SYSTEMS AG®
                                  SR - Auto [17/05/2012] [ 126128] Epson Scanner Service (EpsonScanSvc) . (.Seiko Epson Corporation.) - C:\Windows\System32\escsvc.exe =>.SEIKO EPSON Corporation®
                                  SS - Demand [22/03/2010] [ 68000] C:\Program Files\NOS\bin\getPlus_Helper.dll (getPlusHelper) . (.NOS Microsystems Ltd..) - C:\Program Files\NOS\bin\getPlus_Helper.dll =>.Adobe Systems Incorporated®
                                  SR - Auto [21/03/2007] [ 355096] Intel(R) Matrix Storage Event Monitor (IAANTMON) . (.Intel Corporation.) - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe =>.Intel Corporation®
                                  SS - Demand [03/04/2005] [ 69632] InstallDriver Table Manager (IDriverT) . (.Macrovision Corporation.) - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe =>.Macrovision Corporation
                                  SR - Auto [06/08/2010] [ 44032] (Net Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\HPZinw12.dll =>.Hewlett-Packard
                                  SR - Auto [18/01/2013] [ 639776] NVIDIA Display Driver Service (nvsvc) . (.NVIDIA Corporation.) - C:\Windows\System32\nvvsvc.exe =>.NVIDIA Corporation®
                                  SS - Auto [25/02/2013] [ 1260320] NVIDIA Update Service Daemon (nvUpdatusService) . (.NVIDIA Corporation.) - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe =>.NVIDIA Corporation®
                                  SR - Auto [06/08/2010] [ 53760] (Pml Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\HPZipm12.dll =>.Hewlett-Packard
                                  SS - Disabl [08/07/2013] [ 81704] SafeBox (SafeBox) . (.Bitdefender.) - C:\Program Files\Bitdefender\Bitdefender SafeBox\safeboxservice.exe =>.Bitdefender SRL®
                                  SR - Auto [18/01/2013] [ 383264] NVIDIA Stereoscopic 3D Driver Service (Stereo Service) . (.NVIDIA Corporation.) - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe =>.NVIDIA Corporation®
                                  SR - Auto [27/10/2014] [ 54424] Bitdefender Desktop Update Service (UPDATESRV) . (.Bitdefender.) - C:\Program Files\Bitdefender\Bitdefender 2015\updatesrv.exe =>.Bitdefender SRL®
                                  SR - Auto [31/01/2017] [ 1335176] Bitdefender Virus Shield (VSSERV) . (.Bitdefender.) - C:\Program Files\Bitdefender\Bitdefender 2015\vsserv.exe =>.Bitdefender SRL®
                                  SR - Auto [02/02/2017] [14416624] ZAM Controller Service (ZAMSvc) . (.Copyright 2017..) - C:\Program Files\Zemana AntiMalware\ZAM.exe =>.Zemana Ltd.®

                                  —\ Auto loading programs from Registry and folders (20) - 0s
                                  O4 - HKLM..\Run: [RtHDVCpl] . (.Realtek Semiconductor - HD Audio Control Panel.) – C:\Windows\RtHDVCpl.exe =>.Realtek Semiconductor
                                  O4 - HKLM..\Run: [ISUSScheduler] . (.Macrovision Corporation - Macrovision FLEXnet Connect Scheduler.) – C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe =>.Macrovision Corporation
                                  O4 - HKLM..\Run: [ISUSPM Startup] . (.Macrovision Corporation - Macrovision FLEXnet Connect Software Manage.) – C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe =>.Macrovision Corporation
                                  O4 - HKLM..\Run: [IAAnotif] . (.Intel Corporation - Event Monitor User Notification Tool.) – C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe =>.Intel Corporation®
                                  O4 - HKLM..\Run: [FUFAXSTM] . (.SEIKO EPSON CORPORATION - Fax Transmission.) – C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe =>.SEIKO EPSON CORPORATION®
                                  O4 - HKLM..\Run: [FUFAXRCV] . (.SEIKO EPSON CORPORATION - Fax Reception.) – C:\Program Files\Epson Software\FAX Utility\FUFAXRCV.exe =>.SEIKO EPSON CORPORATION®
                                  O4 - HKLM..\Run: [EEventManager] . (.SEIKO EPSON CORPORATION - EEventManager Application.) – C:\Program Files\Epson Software\Event Manager\EEventManager.exe =>.SEIKO EPSON CORPORATION®
                                  O4 - HKLM..\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) – C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems, Incorporated®
                                  O4 - HKLM..\Run: [Bdagent] . (.Bitdefender - Bitdefender Agent.) – C:\Program Files\Bitdefender\Bitdefender 2015\bdagent.exe =>.Bitdefender SRL®
                                  O4 - HKLM..\Run: [ZAM] . (.Copyright 2017. - ZAM.) – C:\Program Files\Zemana AntiMalware\ZAM.exe =>.Zemana Ltd.®
                                  O4 - HKCU..\Run: [WMPNSCFG] . (.Microsoft Corporation - Windows Media Player Network Sharing Servic.) – C:\Program Files\Windows Media Player\wmpnscfg.exe =>.Microsoft Corporation
                                  O4 - HKCU..\Run: [ehTray.exe] . (.Microsoft Corporation - Media Center Tray Applet.) – C:\Windows\ehome\ehtray.exe =>.Microsoft Corporation
                                  O4 - HKCU..\Run: [Bitdefender Wallet Agent] . (.Bitdefender - Bitdefender Wallet Agent.) – C:\Program Files\Bitdefender\Bitdefender 2015\bdwtxag.exe =>.Bitdefender SRL®
                                  O4 - HKUS\S-1-5-19..\Run: [Sidebar] . (.Microsoft Corporation - Windows Sidebar.) – C:\Program Files\Windows Sidebar\sidebar.exe =>.Microsoft Corporation
                                  O4 - HKUS\S-1-5-19..\Run: [WindowsWelcomeCenter] . (.Microsoft Corporation - Windows host process (Rundll32).) – C:\Windows\System32\rundll32.exe =>.Microsoft Corporation
                                  O4 - HKUS\S-1-5-20..\Run: [Sidebar] . (.Microsoft Corporation - Windows Sidebar.) – C:\Program Files\Windows Sidebar\sidebar.exe =>.Microsoft Corporation
                                  O4 - HKUS\S-1-5-20..\Run: [WindowsWelcomeCenter] . (.Microsoft Corporation - Windows host process (Rundll32).) – C:\Windows\System32\rundll32.exe =>.Microsoft Corporation
                                  O4 - HKUS\S-1-5-21-3490785829-169181324-3712256341-1000..\Run: [WMPNSCFG] . (.Microsoft Corporation - Windows Media Player Network Sharing Servic.) – C:\Program Files\Windows Media Player\wmpnscfg.exe =>.Microsoft Corporation
                                  O4 - HKUS\S-1-5-21-3490785829-169181324-3712256341-1000..\Run: [ehTray.exe] . (.Microsoft Corporation - Media Center Tray Applet.) – C:\Windows\ehome\ehtray.exe =>.Microsoft Corporation
                                  O4 - HKUS\S-1-5-21-3490785829-169181324-3712256341-1000..\Run: [Bitdefender Wallet Agent] . (.Bitdefender - Bitdefender Wallet Agent.) – C:\Program Files\Bitdefender\Bitdefender 2015\bdwtxag.exe =>.Bitdefender SRL®

                                  —\ Process running (26) - 2s
                                  [MD5.61385EF23C1E18D606A975DB8D6B10E3] - (.Bitdefender - Bitdefender Security Service.) – C:\Program Files\Bitdefender\Bitdefender 2015\vsserv.exe [1335176] [PID.1004] =>.Bitdefender SRL®
                                  [MD5.E4284FCF99FEA13A7E1836F87AE356F6] - (.NVIDIA Corporation - NVIDIA Driver Helper Service, Version 311.0.) – C:\Windows\System32\nvvsvc.exe [639776] [PID.1284] =>.NVIDIA Corporation®
                                  [MD5.5A19667A580B1CE886EAF968B9743F45] - (.NVIDIA Corporation - Stereo Vision Control Panel API Server.) – C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [383264] [PID.1296] =>.NVIDIA Corporation®
                                  [MD5.8619BE54EC51A74A2C3F82B313AB445E] - (.NVIDIA Corporation - NVIDIA User Experience Driver Component.) – C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe [873248] [PID.1844] =>.NVIDIA Corporation®
                                  [MD5.E4284FCF99FEA13A7E1836F87AE356F6] - (.NVIDIA Corporation - NVIDIA Driver Helper Service, Version 311.0.) – C:\Windows\System32\nvvsvc.exe [639776] [PID.1856] =>.NVIDIA Corporation®
                                  [MD5.330A1E4DF07C2E29949ED8631CD8828E] - (.Andrea Electronics Corporation - Andrea filters APO access service (32-bit).) – C:\Windows\System32\AERTSrv.exe [77824] [PID.2796] =>.Andrea Electronics Corporation
                                  [MD5.B503285B5D1CAC5AE445D60C690DCFF9] - (.Realtek Semiconductor - HD Audio Control Panel.) – C:\Windows\RtHDVCpl.exe [4907008] [PID.2804] =>.Realtek Semiconductor
                                  [MD5.B538590B338F5379D4B33E266902008B] - (.Seiko Epson Corporation - Epson Scanner Service (32bit).) – C:\Windows\System32\escsvc.exe [126128] [PID.2840] =>.SEIKO EPSON Corporation®
                                  [MD5.FF3BF05021BFECC92DB81B8257EEB026] - (.Macrovision Corporation - Macrovision FLEXnet Connect Scheduler.) – C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [81920] [PID.2848] =>.Macrovision Corporation
                                  [MD5.AE38A12F79A4980DDB88F36514F8A1DA] - (.Intel Corporation - RAID Monitor.) – C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe [355096] [PID.2892] =>.Intel Corporation®
                                  [MD5.F371C6DF9A810EF2E6E4FA60ACBB5C33] - (.Intel Corporation - Event Monitor User Notification Tool.) – C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe [174872] [PID.2944] =>.Intel Corporation®
                                  [MD5.C039D1E17B08CC50AA919452A6DFF7BD] - (.SEIKO EPSON CORPORATION - Fax Transmission.) – C:\Program Files\EPSON Software\FAX Utility\FUFAXSTM.exe [863848] [PID.2988] =>.SEIKO EPSON CORPORATION®
                                  [MD5.494AB1A80F7BBF60D79116E4EEB86C71] - (.SEIKO EPSON CORPORATION - Fax Reception.) – C:\Program Files\EPSON Software\FAX Utility\FUFAXRCV.exe [642664] [PID.3024] =>.SEIKO EPSON CORPORATION®
                                  [MD5.47C9EF1600EDD9EBD8155EB6B5206B6B] - (.NVIDIA Corporation - NVIDIA Settings.) – C:\Program Files\NVIDIA Corporation\Display\nvtray.exe [1821984] [PID.3068] =>.NVIDIA Corporation®
                                  [MD5.4ABA86D5B0D440F33BDBDBDAEA065C42] - (.SEIKO EPSON CORPORATION - EEventManager Application.) – C:\Program Files\EPSON Software\Event Manager\EEventManager.exe [1065024] [PID.3084] =>.SEIKO EPSON CORPORATION®
                                  [MD5.F2C614240A6D97EE36110D7268D467AE] - (.Bitdefender - Bitdefender Agent.) – C:\Program Files\Bitdefender\Bitdefender 2015\bdagent.exe [1865664] [PID.3176] =>.Bitdefender SRL®
                                  [MD5.C78761C2A5475EA16ADCD438CC17841F] - (.Copyright 2017. - ZAM.) – C:\Program Files\Zemana AntiMalware\ZAM.exe [14416624] [PID.3184] =>.Zemana Ltd.®
                                  [MD5.D226EFE06C8AD16423E40898E43FC53F] - (.Bitdefender - Bitdefender Update Service.) – C:\Program Files\Bitdefender\Bitdefender 2015\updatesrv.exe [54424] [PID.3232] =>.Bitdefender SRL®
                                  [MD5.F14F474ACC5C1103FA79104B10AA3AA2] - (.Bitdefender - Bitdefender Wallet Agent.) – C:\Program Files\Bitdefender\Bitdefender 2015\bdwtxag.exe [687864] [PID.3248] =>.Bitdefender SRL®
                                  [MD5.C78761C2A5475EA16ADCD438CC17841F] - (.Copyright 2017. - ZAM.) – C:\Program Files\Zemana AntiMalware\ZAM.exe [14416624] [PID.3608] =>.Zemana Ltd.®
                                  [MD5.F97961FD74E83E3E96DB45B69B33B157] - (.WIBU-SYSTEMS AG - CodeMeter Runtime Server.) – C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe [3105144] [PID.3924] =>.WIBU-SYSTEMS AG®
                                  [MD5.CBFEC9262A5E30AD9302C7591D2ABC99] - (.PIXELA CORPORATION - .) – C:\Program Files\PIXELA\ImageMixer 3 SE Ver.3\CameraMonitor.exe [253952] [PID.3968] =>.PIXELA CORPORATION
                                  [MD5.7271ED4A16F4166E13EE9FF73FA7A887] - (…) – C:\Program Files\USB Sharing\usbshare.exe [139264] [PID.3976]
                                  [MD5.2EF2B10E5F65FB054D2D54BDA54D230B] - (.Mozilla Corporation - Firefox.) – C:\Program Files\Mozilla Firefox\firefox.exe [517576] [PID.940] =>.Mozilla Corporation®
                                  [MD5.2EF2B10E5F65FB054D2D54BDA54D230B] - (.Mozilla Corporation - Firefox.) – C:\Program Files\Mozilla Firefox\firefox.exe [517576] [PID.3852] =>.Mozilla Corporation®
                                  [MD5.C591EEEC3B25AAEA3842521219F6646B] - (.Nicolas Coolman - ZHPDiag.) – C:\Users\Glen\Desktop\test\ZHPDiag3.exe [2699264] [PID.3796] =>.Nicolas Coolman

                                  —\ Mozilla Firefox,Plugins,Start,Search,Extensions (4) - 1s
                                  M0 - MFSP: prefs.js [Glen - pooixovy.default-1413691062373] http://duckduckgo.com/
                                  P2 - EXT FILE: (…) – C:\Users\Glen\AppData\Roaming\Mozilla\Firefox\Prof iles\pooixovy.default-1413691062373\searchplugins\duckduckgo.xml
                                  P2 - FPN: [HKLM] [@adobe.com/FlashPlayer] - (.Adobe Systems Incorporated.) – C:\Windows\System32\Macromed\Flash\NPSWF32_24_0_0_ 221.dll =>.Adobe Systems Incorporated
                                  P2 - FPN: [HKLM] [@Apple.com/iTunes,version=1.0] - (.Apple Inc..) – C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll =>.Apple Inc.

                                  —\ Internet Explorer Extensions, Start, Search (10) - 0s
                                  R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank =>.Microsoft Corporation
                                  R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank =>.Microsoft Corporation
                                  R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/ =>.Microsoft Corporation
                                  R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/ =>.Yahoo! Inc.
                                  R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/ =>.Microsoft Corporation
                                  R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons =>.Microsoft Corporation
                                  R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk =>.Microsoft Corporation
                                  R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs = res://ieframe.dll/tabswelcome.htm
                                  R3 - URLSearchHook: (no name) - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} Orphan =>.Microsoft Internet Explorer
                                  R4 - HKCU\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter,Enabled = 0

                                  —\ Internet Explorer, Proxy Management (6) - 0s
                                  R5 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyEnable = 0
                                  R5 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Int ernet Settings,MigrateProxy = 1
                                  R5 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Int ernet Settings,EnableHttp1_1 = 1
                                  R5 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyHttp1.1 = 0
                                  R5 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Int ernet Settings,AutoConfigProxy = wininet.dll
                                  R5 - HKLM\SYSTEM\CurrentControlSet\services\NlaSvc\Para meters\Internet\ManualProxies

                                  —\ Line Analysis, IniFiles, Auto loading programs (3) - 1s
                                  F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe (.Microsoft Corporation.) =>.Microsoft Corporation
                                  F2 - REG:system.ini: Shell=C:\Windows\explorer.exe (.Microsoft Corporation.) =>.Microsoft Corporation
                                  F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL “sysdm.cpl”

                                  —\ Hosts file redirection (1) - 0s
                                  ~ Le fichier hôte est sain (The hosts file is clean) (1)

                                  —\ Global shortcuts Startup (107) - 6s
                                  O4 - GS\Desktop [Administrator]: Dell DataSafe.lnk . (…) C:\DELL\DataSafe\DataSafe.htm
                                  O4 - GS\Desktop [Administrator]: My DocsToGo.lnk . (…) C:\Users\Glen\Documents\My DocsToGo
                                  O4 - GS\Desktop [Administrator]: Sling.lnk . (…) C:\ProgramData\Sling\Sling.exe
                                  O4 - GS\Desktop [Administrator]: USB Sharing.lnk . (…) C:\Program Files\USB Sharing\usbshare.exe
                                  O4 - GS\Desktop [Administrator]: ZHPDiag.lnk . (.Nicolas Coolman - ZHPDiag.) C:\Users\Glen\AppData\Roaming\ZHP\ZHPDiag3.exe =>.Nicolas Coolman
                                  O4 - GS\Quicklaunch [Administrator]: iTunes (2).lnk . (.Apple Inc. - iTunes.) C:\Program Files\iTunes\iTunes.exe =>.Apple Inc.®
                                  O4 - GS\Quicklaunch [Administrator]: Microsoft Office Excel 2003.lnk . (…) C:\Windows\Installer{91E30409-6000-11D3-8CFE-0150048383C9}\xlicons.exe =>.Microsoft Corporation
                                  O4 - GS\Quicklaunch [Administrator]: Microsoft Office Word 2003.lnk . (…) C:\Windows\Installer{91E30409-6000-11D3-8CFE-0150048383C9}\wordicon.exe =>.Microsoft Corporation
                                  O4 - GS\Quicklaunch [Administrator]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) C:\Program Files\Mozilla Firefox\firefox.exe =>.Mozilla Corporation®
                                  O4 - GS\Quicklaunch [Administrator]: Snipping Tool.lnk . (.Microsoft Corporation - Snipping Tool.) C:\Windows\System32\SnippingTool.exe =>.Microsoft Corporation
                                  O4 - GS\sendTo [Administrator]: Drag-to-Disc Drive (F).lnk . (…) F:\
                                  O4 - GS\sendTo [Administrator]: Drag-to-Disc Drive (G).lnk . (…) G:\
                                  O4 - GS\sendTo [Administrator]: InstantBurn CD (F).Lnk . (…) F:\
                                  O4 - GS\sendTo [Administrator]: InstantBurn CD (G).Lnk . (…) G:\
                                  O4 - GS\Programs [Administrator]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) C:\Program Files\Internet Explorer\iexplore.exe =>.Microsoft Corporation®
                                  O4 - GS\Programs [Administrator]: Windows Mail.lnk . (.Microsoft Corporation - Windows Mail.) C:\Program Files\Windows Mail\WinMail.exe =>.Microsoft Corporation
                                  O4 - GS\Programs [Administrator]: Windows Media Player.lnk . (.Microsoft Corporation - Windows Media Player.) C:\Program Files\Windows Media Player\wmplayer.exe /prefetch:1 =>.Microsoft Corporation
                                  O4 - GS\Programs [Administrator]: Windows Vista Upgrade Advisor.lnk . (…) C:\Users\Glen\AppData\Roaming\Microsoft\Installer{ E0EB8881-0CFE-4375-8782-8807D258CD7C}_294823.exe
                                  O4 - GS\Desktop [Glen]: Dell DataSafe.lnk . (…) C:\DELL\DataSafe\DataSafe.htm
                                  O4 - GS\Desktop [Glen]: My DocsToGo.lnk . (…) C:\Users\Glen\Documents\My DocsToGo
                                  O4 - GS\Desktop [Glen]: Sling.lnk . (…) C:\ProgramData\Sling\Sling.exe
                                  O4 - GS\Desktop [Glen]: USB Sharing.lnk . (…) C:\Program Files\USB Sharing\usbshare.exe
                                  O4 - GS\Desktop [Glen]: ZHPDiag.lnk . (.Nicolas Coolman - ZHPDiag.) C:\Users\Glen\AppData\Roaming\ZHP\ZHPDiag3.exe =>.Nicolas Coolman
                                  O4 - GS\Quicklaunch [Glen]: iTunes (2).lnk . (.Apple Inc. - iTunes.) C:\Program Files\iTunes\iTunes.exe =>.Apple Inc.®
                                  O4 - GS\Quicklaunch [Glen]: Microsoft Office Excel 2003.lnk . (…) C:\Windows\Installer{91E30409-6000-11D3-8CFE-0150048383C9}\xlicons.exe =>.Microsoft Corporation
                                  O4 - GS\Quicklaunch [Glen]: Microsoft Office Word 2003.lnk . (…) C:\Windows\Installer{91E30409-6000-11D3-8CFE-0150048383C9}\wordicon.exe =>.Microsoft Corporation
                                  O4 - GS\Quicklaunch [Glen]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) C:\Program Files\Mozilla Firefox\firefox.exe =>.Mozilla Corporation®
                                  O4 - GS\Quicklaunch [Glen]: Snipping Tool.lnk . (.Microsoft Corporation - Snipping Tool.) C:\Windows\System32\SnippingTool.exe =>.Microsoft Corporation
                                  O4 - GS\sendTo [Glen]: Drag-to-Disc Drive (F).lnk . (…) F:\
                                  O4 - GS\sendTo [Glen]: Drag-to-Disc Drive (G).lnk . (…) G:\
                                  O4 - GS\sendTo [Glen]: InstantBurn CD (F).Lnk . (…) F:\
                                  O4 - GS\sendTo [Glen]: InstantBurn CD (G).Lnk . (…) G:\
                                  O4 - GS\Programs [Glen]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) C:\Program Files\Internet Explorer\iexplore.exe =>.Microsoft Corporation®
                                  O4 - GS\Programs [Glen]: Windows Mail.lnk . (.Microsoft Corporation - Windows Mail.) C:\Program Files\Windows Mail\WinMail.exe =>.Microsoft Corporation
                                  O4 - GS\Programs [Glen]: Windows Media Player.lnk . (.Microsoft Corporation - Windows Media Player.) C:\Program Files\Windows Media Player\wmplayer.exe /prefetch:1 =>.Microsoft Corporation
                                  O4 - GS\Programs [Glen]: Windows Vista Upgrade Advisor.lnk . (…) C:\Users\Glen\AppData\Roaming\Microsoft\Installer{ E0EB8881-0CFE-4375-8782-8807D258CD7C}_294823.exe
                                  O4 - GS\Desktop [Guest]: Dell DataSafe.lnk . (…) C:\DELL\DataSafe\DataSafe.htm
                                  O4 - GS\Desktop [Guest]: My DocsToGo.lnk . (…) C:\Users\Glen\Documents\My DocsToGo
                                  O4 - GS\Desktop [Guest]: Sling.lnk . (…) C:\ProgramData\Sling\Sling.exe
                                  O4 - GS\Desktop [Guest]: USB Sharing.lnk . (…) C:\Program Files\USB Sharing\usbshare.exe
                                  O4 - GS\Desktop [Guest]: ZHPDiag.lnk . (.Nicolas Coolman - ZHPDiag.) C:\Users\Glen\AppData\Roaming\ZHP\ZHPDiag3.exe =>.Nicolas Coolman
                                  O4 - GS\Quicklaunch [Guest]: iTunes (2).lnk . (.Apple Inc. - iTunes.) C:\Program Files\iTunes\iTunes.exe =>.Apple Inc.®
                                  O4 - GS\Quicklaunch [Guest]: Microsoft Office Excel 2003.lnk . (…) C:\Windows\Installer{91E30409-6000-11D3-8CFE-0150048383C9}\xlicons.exe =>.Microsoft Corporation
                                  O4 - GS\Quicklaunch [Guest]: Microsoft Office Word 2003.lnk . (…) C:\Windows\Installer{91E30409-6000-11D3-8CFE-0150048383C9}\wordicon.exe =>.Microsoft Corporation
                                  O4 - GS\Quicklaunch [Guest]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) C:\Program Files\Mozilla Firefox\firefox.exe =>.Mozilla Corporation®
                                  O4 - GS\Quicklaunch [Guest]: Snipping Tool.lnk . (.Microsoft Corporation - Snipping Tool.) C:\Windows\System32\SnippingTool.exe =>.Microsoft Corporation
                                  O4 - GS\sendTo [Guest]: Drag-to-Disc Drive (F).lnk . (…) F:\
                                  O4 - GS\sendTo [Guest]: Drag-to-Disc Drive (G).lnk . (…) G:\
                                  O4 - GS\sendTo [Guest]: InstantBurn CD (F).Lnk . (…) F:\
                                  O4 - GS\sendTo [Guest]: InstantBurn CD (G).Lnk . (…) G:\
                                  O4 - GS\Programs [Guest]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) C:\Program Files\Internet Explorer\iexplore.exe =>.Microsoft Corporation®
                                  O4 - GS\Programs [Guest]: Windows Mail.lnk . (.Microsoft Corporation - Windows Mail.) C:\Program Files\Windows Mail\WinMail.exe =>.Microsoft Corporation
                                  O4 - GS\Programs [Guest]: Windows Media Player.lnk . (.Microsoft Corporation - Windows Media Player.) C:\Program Files\Windows Media Player\wmplayer.exe /prefetch:1 =>.Microsoft Corporation
                                  O4 - GS\Programs [Guest]: Windows Vista Upgrade Advisor.lnk . (…) C:\Users\Glen\AppData\Roaming\Microsoft\Installer{ E0EB8881-0CFE-4375-8782-8807D258CD7C}_294823.exe
                                  O4 - GS\CommonDesktop [Public]: Bitdefender Total Security 2015.lnk . (.Bitdefender - Bitdefender Security Center.) C:\Program Files\Bitdefender\Bitdefender 2015\seccenter.exe =>.Bitdefender SRL®
                                  O4 - GS\CommonDesktop [Public]: Documents To Go Desktop for iOS.lnk . (.DataViz, Inc. - Documents To Go Desktop.) C:\Program Files\Documents To Go Desktop\DocsToGoDesktop.exe =>.DataViz, Inc.
                                  O4 - GS\CommonDesktop [Public]: Documents To Go Desktop.lnk . (.DataViz, Inc. - Documents To Go Desktop.) C:\Program Files\Documents To Go Desktop\DocsToGoDesktop.exe =>.DataViz, Inc.
                                  O4 - GS\CommonDesktop [Public]: EPSON Scan.lnk . (.SEIKO EPSON CORP. - EPSON Scan.) C:\Windows\twain_32\escndv\escndv.exe =>.SEIKO EPSON CORPORATION®
                                  O4 - GS\CommonDesktop [Public]: Zemana AntiMalware.lnk . (.Copyright 2017. - ZAM.) C:\Program Files\Zemana AntiMalware\ZAM.exe =>.Zemana Ltd.®
                                  O4 - GS\Programs [Public]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) C:\Program Files\Internet Explorer\iexplore.exe =>.Microsoft Corporation®
                                  O4 - GS\Programs [Public]: Windows Mail.lnk . (.Microsoft Corporation - Windows Mail.) C:\Program Files\Windows Mail\WinMail.exe =>.Microsoft Corporation
                                  O4 - GS\Programs [Public]: Windows Media Player.lnk . (.Microsoft Corporation - Windows Media Player.) C:\Program Files\Windows Media Player\wmplayer.exe /prefetch:1 =>.Microsoft Corporation
                                  O4 - GS\Programs [Public]: Windows Vista Upgrade Advisor.lnk . (…) C:\Users\Glen\AppData\Roaming\Microsoft\Installer{ E0EB8881-0CFE-4375-8782-8807D258CD7C}_294823.exe
                                  O4 - GS\Accessories [Public]: Command Prompt.lnk . (.Microsoft Corporation - Windows Command Processor.) C:\Windows\System32\cmd.exe =>.Microsoft Corporation
                                  O4 - GS\Accessories [Public]: Notepad.lnk . (.Microsoft Corporation - Notepad.) C:\Windows\System32\notepad.exe =>.Microsoft Corporation
                                  O4 - GS\Accessories [Public]: Windows Explorer.lnk . (.Microsoft Corporation - Windows Explorer.) C:\Windows\explorer.exe =>.Microsoft Corporation
                                  O4 - GS\SystemTools [Public]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) C:\Program Files\Internet Explorer\iexplore.exe -extoff =>.Microsoft Corporation®
                                  O4 - GS\Startup [Public]: APC UPS Status.lnk . (…) C:\Program Files\APC\APC PowerChute Personal Edition\Display.exe
                                  O4 - GS\Startup [Public]: DataViz Inc Messenger.lnk . (…) C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
                                  O4 - GS\Startup [Public]: HotSync Manager.lnk . (…) C:\Program Files\palmOne\Hotsync.exe
                                  O4 - GS\Startup [Public]: ImageMixer 3 SE Camera Monitor Ver.3.lnk . (.PIXELA CORPORATION - .) C:\Program Files\PIXELA\ImageMixer 3 SE Ver.3\CameraMonitor.exe =>.PIXELA CORPORATION
                                  O4 - GS\Startup [Public]: USB Sharing.lnk . (…) C:\Program Files\USB Sharing\usbshare.exe
                                  O4 - GS\Accessories [Public]: Calculator.lnk . (.Microsoft Corporation - Windows Calculator.) C:\Windows\System32\calc.exe =>.Microsoft Corporation
                                  O4 - GS\Accessories [Public]: Mobility Center.lnk . (.Microsoft Corporation - Windows Mobility Center.) C:\Windows\System32\mblctr.exe /open =>.Microsoft Corporation
                                  O4 - GS\Accessories [Public]: NetworkProjection.lnk . (.Microsoft Corporation - Connect to a Network Projector.) C:\Windows\System32\NetProj.exe =>.Microsoft Corporation
                                  O4 - GS\Accessories [Public]: Paint.lnk . (.Microsoft Corporation - Paint.) C:\Windows\System32\mspaint.exe =>.Microsoft Corporation
                                  O4 - GS\Accessories [Public]: Remote Desktop Connection.lnk . (.Microsoft Corporation - Remote Desktop Connection.) C:\Windows\System32\mstsc.exe =>.Microsoft Corporation
                                  O4 - GS\Accessories [Public]: Sidebar.lnk . (.Microsoft Corporation - Windows Sidebar.) C:\Program Files\Windows Sidebar\sidebar.exe =>.Microsoft Corporation
                                  O4 - GS\Accessories [Public]: Snipping Tool.lnk . (.Microsoft Corporation - Snipping Tool.) C:\Windows\System32\SnippingTool.exe =>.Microsoft Corporation
                                  O4 - GS\Accessories [Public]: Sound Recorder.lnk . (.Microsoft Corporation - Windows Sound Recorder.) C:\Windows\System32\SoundRecorder.exe =>.Microsoft Corporation
                                  O4 - GS\Accessories [Public]: Sync Center.lnk . (.Microsoft Corporation - Microsoft Sync Center.) C:\Windows\System32\mobsync.exe =>.Microsoft Corporation
                                  O4 - GS\Accessories [Public]: Welcome Center.lnk . (.Microsoft Corporation - Windows Control Panel.) C:\Windows\System32\control.exe /name Microsoft.WelcomeCenter =>.Microsoft Corporation
                                  O4 - GS\Accessories [Public]: Wordpad.lnk . (.Microsoft Corporation - Windows Wordpad Application.) C:\Program Files\Windows NT\Accessories\wordpad.exe =>.Microsoft Corporation
                                  O4 - GS\SystemTools [Public]: Backup.lnk . (.Microsoft Corporation - Microsoft® Windows Backup.) C:\Windows\System32\sdclt.exe =>.Microsoft Corporation
                                  O4 - GS\SystemTools [Public]: Character Map.lnk . (.Microsoft Corporation - Character Map.) C:\Windows\System32\charmap.exe =>.Microsoft Corporation
                                  O4 - GS\SystemTools [Public]: dfrgui.lnk . (.Microsoft Corporation - Microsoft® Disk Defragmenter.) C:\Windows\System32\dfrgui.exe =>.Microsoft Corporation
                                  O4 - GS\SystemTools [Public]: Disk Cleanup.lnk . (.Microsoft Corporation - Disk Space Cleanup Manager for Windows.) C:\Windows\System32\cleanmgr.exe =>.Microsoft Corporation
                                  O4 - GS\SystemTools [Public]: migwiz.lnk . (.Microsoft Corporation - Windows Easy Transfer.) C:\Windows\System32\migwiz\migwiz.exe =>.Microsoft Windows®
                                  O4 - GS\SystemTools [Public]: System Information.lnk . (.Microsoft Corporation - System Information.) C:\Windows\System32\msinfo32.exe =>.Microsoft Corporation
                                  O4 - GS\SystemTools [Public]: System Restore.lnk . (.Microsoft Corporation - Microsoft® Windows System Restore.) C:\Windows\System32\rstrui.exe =>.Microsoft Corporation
                                  O4 - GS\SystemTools [Public]: Task Scheduler.lnk . (…) C:\Windows\System32\taskschd.msc /s =>..Microsoft Corporation
                                  O4 - GS\ProgramsCommon [Public]: Acrobat_com.lnk . (…) C:\Program Files\Adobe\Acrobat_com\Acrobat_com.exe
                                  O4 - GS\ProgramsCommon [Public]: Adobe Reader X.lnk . (…) C:\Windows\Installer{AC76BA86-7AD7-1033-7B44-AA1000000001}\SC_Reader.ico =>.Adobe Inc.
                                  O4 - GS\ProgramsCommon [Public]: Apple Software Update.lnk . (…) C:\Windows\Installer{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}\AppleSoftwareUpdateIco.exe =>.Apple Inc.
                                  O4 - GS\ProgramsCommon [Public]: Media Center.lnk . (.Microsoft Corporation - Media Center.) C:\Windows\ehome\ehshell.exe =>.Microsoft Corporation
                                  O4 - GS\ProgramsCommon [Public]: Microsoft Office PowerPoint Viewer 2003.lnk . (.Microsoft Corporation - Microsoft Office PowerPoint Viewer.) C:\Program Files\Microsoft Office\PowerPoint Viewer\PPTVIEW.EXE =>.Microsoft Corporation®
                                  O4 - GS\ProgramsCommon [Public]: Microsoft Works Task Launcher.lnk . (.Microsoft® Corporation - Microsoft® Works.) C:\Program Files\Microsoft Works\MSWorks.exe =>.Microsoft® Corporation
                                  O4 - GS\ProgramsCommon [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) C:\Program Files\Mozilla Firefox\firefox.exe =>.Mozilla Corporation®
                                  O4 - GS\ProgramsCommon [Public]: Windows Calendar.lnk . (.Microsoft Corporation - Windows Calendar.) C:\Program Files\Windows Calendar\WinCal.exe =>.Microsoft Corporation
                                  O4 - GS\ProgramsCommon [Public]: Windows Collaboration.lnk . (.Microsoft Corporation - Windows Meeting Space.) C:\Program Files\Windows Collaboration\WinCollab.exe =>.Microsoft Corporation
                                  O4 - GS\ProgramsCommon [Public]: Windows Contacts.lnk . (.Microsoft Corporation - Windows Contacts.) C:\Program Files\Windows Mail\wab.exe =>.Microsoft Corporation
                                  O4 - GS\ProgramsCommon [Public]: Windows Defender.lnk . (.Microsoft Corporation - Windows Defender User Interface.) C:\Program Files\Windows Defender\MSASCui.exe =>.Microsoft Windows®
                                  O4 - GS\ProgramsCommon [Public]: Windows DVD Maker.lnk . (.Microsoft Corporation - Windows DVD Maker.) C:\Program Files\Movie Maker\DVDMaker.exe =>.Microsoft Corporation
                                  O4 - GS\ProgramsCommon [Public]: Windows Live ID.lnk . (.Microsoft Corporation - Sign in Options.) C:\Program Files\Common Files\microsoft shared\Windows Live\SIGNINOPTIONS.EXE =>.Microsoft Corporation®
                                  O4 - GS\ProgramsCommon [Public]: Windows Mail.lnk . (.Microsoft Corporation - Windows Mail.) C:\Program Files\Windows Mail\WinMail.exe =>.Microsoft Corporation
                                  O4 - GS\ProgramsCommon [Public]: Windows Movie Maker.lnk . (.Microsoft Corporation - Windows Movie Maker.) C:\Program Files\Movie Maker\MOVIEMK.exe =>.Microsoft Corporation
                                  O4 - GS\ProgramsCommon [Public]: Windows Photo Gallery.lnk . (.Microsoft Corporation - Windows Photo Gallery.) C:\Program Files\Windows Photo Gallery\WindowsPhotoGallery.exe =>.Microsoft Corporation

                                  —\ Lop.com/Domain Hijackers (4) - 0s
                                  O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpDomain = frontier.com
                                  O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.110.4.175 =>.Private IP
                                  O17 - HKLM\System\CCS\Services\Tcpip..{98C63B37-7ECC-43D4-AA4D-322215D7E7A2}: DhcpNameServer = 10.110.4.175 =>.Private IP (10.0.0.0 - 10.255.255.255) =>.Private IP
                                  O17 - HKLM\System\CCS\Services\Tcpip..{98C63B37-7ECC-43D4-AA4D-322215D7E7A2}: DhcpDomain = frontier.com

                                  —\ Extra protocols (24) - 1s
                                  O18 - Handler: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft (R) HTML Viewer.) – C:\Windows\System32\mshtml.dll =>.Microsoft Corporation
                                  O18 - Handler: cdl - {3dd53d40-7b8b-11D0-b013-00aa0059ce02} . (.Microsoft Corporation - OLE32 Extensions for Win32.) – C:\Windows\System32\urlmon.dll =>.Microsoft Corporation
                                  O18 - Handler: dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} . (.Microsoft Corporation - ActiveX control for streaming video.) – C:\Windows\System32\MSVidCtl.dll =>.Microsoft Corporation
                                  O18 - Handler: file - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) – C:\Windows\System32\urlmon.dll =>.Microsoft Corporation
                                  O18 - Handler: ftp - {79eac9e3-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) – C:\Windows\System32\urlmon.dll =>.Microsoft Corporation
                                  O18 - Handler: http - {79eac9e2-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) – C:\Windows\System32\urlmon.dll =>.Microsoft Corporation
                                  O18 - Handler: https - {79eac9e5-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) – C:\Windows\System32\urlmon.dll =>.Microsoft Corporation
                                  O18 - Handler: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} . (.Microsoft Corporation - Microsoft® InfoTech Storage System Library.) – C:\Windows\System32\itss.dll =>.Microsoft Corporation
                                  O18 - Handler: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft (R) HTML Viewer.) – C:\Windows\System32\mshtml.dll =>.Microsoft Corporation
                                  O18 - Handler: local - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) – C:\Windows\System32\urlmon.dll =>.Microsoft Corporation
                                  O18 - Handler: mailto - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft (R) HTML Viewer.) – C:\Windows\System32\mshtml.dll =>.Microsoft Corporation
                                  O18 - Handler: mhtml - {05300401-BCBC-11d0-85E3-00C04FD85AB4} . (.Microsoft Corporation - Microsoft Internet Messaging API Resources.) – C:\Windows\System32\inetcomm.dll =>.Microsoft Corporation
                                  O18 - Handler: mk - {79eac9e6-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) – C:\Windows\System32\urlmon.dll =>.Microsoft Corporation
                                  O18 - Handler: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} . (.Microsoft Corporation - Microsoft® InfoTech Storage System Library.) – C:\Windows\System32\itss.dll =>.Microsoft Corporation
                                  O18 - Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} . (.Microsoft Corporation - Microsoft® InfoTech Storage System Library.) – C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll =>.Microsoft Corporation
                                  O18 - Handler: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} . (.Microsoft Corporation - Microsoft Office XP Web Components.) – C:\Program Files\Common Files\microsoft shared\Web Components\10\OWC10.DLL =>.Microsoft Corporation®
                                  O18 - Handler: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} . (.Microsoft Corporation - Microsoft Office Web Components 2003.) – C:\Program Files\Common Files\microsoft shared\Web Components\11\OWC11.DLL =>.Microsoft Corporation®
                                  O18 - Handler: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft (R) HTML Viewer.) – C:\Windows\System32\mshtml.dll =>.Microsoft Corporation
                                  O18 - Handler: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} . (.Microsoft Corporation - ActiveX control for streaming video.) – C:\Windows\System32\MSVidCtl.dll =>.Microsoft Corporation
                                  O18 - Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft (R) HTML Viewer.) – C:\Windows\System32\mshtml.dll =>.Microsoft Corporation
                                  O18 - Filter: application/octet-stream - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) – C:\Windows\System32\mscoree.dll =>.Microsoft Corporation®
                                  O18 - Filter: application/x-complus - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) – C:\Windows\System32\mscoree.dll =>.Microsoft Corporation®
                                  O18 - Filter: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) – C:\Windows\System32\mscoree.dll =>.Microsoft Corporation®
                                  O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) – C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL =>.Microsoft Corporation®

                                  —\ Software installed (101) - 18s
                                  O42 - Logiciel: 32 Bit HP CIO Components Installer - (.Hewlett-Packard.) [HKLM] – {A80FA752-C491-4ED9-ABF0-4278563160B2} =>.Hewlett-Packard
                                  O42 - Logiciel: Acrobat.com - (.Adobe Systems Incorporated.) [HKLM] – {6421F085-1FAA-DE13-D02A-CFB412C522A4} =>.Adobe Systems Incorporated
                                  O42 - Logiciel: Acrobat.com - (.Adobe Systems Incorporated.) [HKLM] – com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B32048 5DF8CE.1 =>.Adobe Systems Incorporated
                                  O42 - Logiciel: Adobe AIR - (.Adobe Systems Incorporated.) [HKLM] – {31B9D218-FED2-4C6C-B19F-7294FFC130B0} =>.Adobe Systems Incorporated
                                  O42 - Logiciel: Adobe AIR - (.Adobe Systems Incorporated.) [HKLM] – Adobe AIR =>.Adobe Systems Incorporated®
                                  O42 - Logiciel: Adobe Download Manager - (.NOS Microsystems Ltd..) [HKLM] – {E2883E8F-472F-4fb0-9522-AC9BF37916A7} =>.NOS Microsystems Ltd.
                                  O42 - Logiciel: Adobe Flash Player 24 ActiveX - (.Adobe Systems Incorporated.) [HKLM] – Adobe Flash Player ActiveX =>.Adobe Systems Incorporated®
                                  O42 - Logiciel: Adobe Flash Player 24 NPAPI - (.Adobe Systems Incorporated.) [HKLM] – Adobe Flash Player NPAPI =>.Adobe Systems Incorporated®
                                  O42 - Logiciel: Adobe Reader X (10.1.16) - (.Adobe Systems Incorporated.) [HKLM] – {AC76BA86-7AD7-1033-7B44-AA1000000001} =>.Adobe Systems Incorporated
                                  O42 - Logiciel: Adobe Refresh Manager - (.Adobe Systems Incorporated.) [HKLM] – {AC76BA86-0804-1033-1959-001824157129} =>.Adobe Systems Incorporated
                                  O42 - Logiciel: Akamai NetSession Interface - (.Akamai Technologies, Inc.) [HKCU] – Akamai =>.Superfluous.AkamaiHD
                                  O42 - Logiciel: Apple Application Support (32-bit) - (.Apple Inc..) [HKLM] – {AFA1153A-F547-409B-B837-3A0D6C5A3FEC} =>.Apple Inc.
                                  O42 - Logiciel: Apple Mobile Device Support - (.Apple Inc..) [HKLM] – {A75CA58D-DB9C-4D14-9428-E0C7B0F623DC} =>.Apple Inc.
                                  O42 - Logiciel: Apple Software Update - (.Apple Inc..) [HKLM] – {FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF} =>.Apple Inc.
                                  O42 - Logiciel: AviSynth 2.5 - (.Ben Rudiak-Gold.) [HKLM] – AviSynth
                                  O42 - Logiciel: BD/HD Advisor 1.0 - (..) [HKLM] – {2D2D8FE2-605C-4D3C-B706-36E981E7EEF0}
                                  O42 - Logiciel: Bitdefender Total Security 2015 - (.Bitdefender.) [HKLM] – Bitdefender =>.Bitdefender SRL®
                                  O42 - Logiciel: Bonjour - (.Apple Inc..) [HKLM] – {79155F2B-9895-49D7-8612-D92580E0DE5B} =>.Apple Inc.
                                  O42 - Logiciel: bpd_scan - (.Hewlett-Packard.) [HKLM] – {3D73DC7A-2D1D-45CF-8A67-24873925C716} =>.Hewlett-Packard
                                  O42 - Logiciel: Canon RAW Image Task for ZoomBrowser EX - (.Canon Inc..) [HKLM] – RAW Image Task =>.Canon Inc.®
                                  O42 - Logiciel: Canon Utilities CameraWindow - (.Canon Inc..) [HKLM] – CameraWindowLauncher =>.Canon Inc.®
                                  O42 - Logiciel: Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX - (.Canon Inc..) [HKLM] – CameraWindowDVC6 =>.Canon Inc.®
                                  O42 - Logiciel: Canon Utilities MyCamera - (.Canon Inc..) [HKLM] – MyCamera =>.Canon Inc.®
                                  O42 - Logiciel: Canon Utilities RemoteCapture Task for ZoomBrowser EX - (.Canon Inc..) [HKLM] – RemoteCaptureTask =>.Canon Inc.®
                                  O42 - Logiciel: Canon Utilities ZoomBrowser EX - (.Canon Inc..) [HKLM] – ZoomBrowser EX =>.Canon Inc.®
                                  O42 - Logiciel: Canon ZoomBrowser EX Memory Card Utility - (.Canon Inc..) [HKLM] – ZoomBrowser EX Memory Card Utility =>.Canon Inc.®
                                  O42 - Logiciel: Compatibility Pack for the 2007 Office system - (.Microsoft Corporation.) [HKLM] – {90120000-0020-0409-0000-0000000FF1CE} =>.Microsoft Corporation
                                  O42 - Logiciel: CyberLink InstantBurn - (..) [HKLM] – {19C64880-BBCA-11D4-9EEE-0004ACDDDB3B}
                                  O42 - Logiciel: Dell DataSafe - (.Dell Inc..) [HKLM] – {DF68383B-A940-4ABD-87FF-1D969F2B938B} =>.Dell Inc.
                                  O42 - Logiciel: Dell System Customization Wizard - (.Dell Inc..) [HKLM] – {13BA7B44-B712-4DEE-A7B8-1DD564F37AE5} =>.Dell Inc.
                                  O42 - Logiciel: Document Capture Pro - (.Seiko Epson Corporation.) [HKLM] – {C75B4983-D3A7-4D0A-8B1A-7BC4F2044F37} =>.Seiko Epson Corporation
                                  O42 - Logiciel: Documents To Go Desktop for iOS - (.DataViz, Inc..) [HKLM] – DTGDesktop =>.DataViz, Inc.
                                  O42 - Logiciel: DVD Shrink 3.2 - (.DVD Shrink.) [HKLM] – DVD Shrink_is1 =>.DVD Shrink
                                  O42 - Logiciel: Epson Event Manager - (.Seiko Epson Corporation.) [HKLM] – {E4631929-CBD3-49A1-9BB7-F36E701F7C34} =>.Seiko Epson Corporation
                                  O42 - Logiciel: Epson FAX Utility - (.SEIKO EPSON CORPORATION.) [HKLM] – {0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A} =>.SEIKO EPSON CORPORATION®
                                  O42 - Logiciel: Epson PC-FAX Driver - (.Epson/Seico.) [HKLM] – EPSON PC-FAX Driver 2 =>.SEIKO EPSON CORPORATION®
                                  O42 - Logiciel: EPSON Scan - (.Seiko Epson Corporation.) [HKLM] – EPSON Scanner =>.SEIKO EPSON CORPORATION®
                                  O42 - Logiciel: EPSON Scan OCR Component - (.SEIKO EPSON Corp..) [HKLM] – {563B99D8-8895-4E3E-AE8D-15BE8C05F1C1} =>.Macrovision Corporation®
                                  O42 - Logiciel: EPSON Scan PDF Extensions - (.SEIKO EPSON Corp..) [HKLM] – {F9956472-6E16-4F83-BF9A-F887EF4A45B7} =>.Macrovision Corporation®
                                  O42 - Logiciel: EPSON WF-4630 Series Printer Uninstall - (.SEIKO EPSON Corporation.) [HKLM] – EPSON WF-4630 Series =>.SEIKO EPSON CORPORATION®
                                  O42 - Logiciel: Epson WF-4630 User’s Guide version 1.0 - (.Epson/Seico.) [HKLM] – UsersGuideEpson WF-4630 User’s Guide_is1 =>.Epson America, Inc.®
                                  O42 - Logiciel: EpsonNet Print - (.SEIKO EPSON CORPORATION.) [HKLM] – {3E31400D-274E-4647-916C-2CACC3741799} =>.Seiko Epson Corporation
                                  O42 - Logiciel: Hi-Def Suite - (.CyberLink Corporation.) [HKLM] – {1FBF6C24-C1FD-4101-A42B-0C564F9E8E79} =>.CyberLink Corporation
                                  O42 - Logiciel: HPDiagnosticAlert - (.Microsoft.) [HKLM] – {846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE} =>.Microsoft
                                  O42 - Logiciel: ImageMixer 3 SE Ver.3 - (.PIXELA.) [HKLM] – {3A95D49D-0076-4DB7-A91E-0E685DC6D6AD} =>.PIXELA
                                  O42 - Logiciel: ImagXpress - (.Nero AG.) [HKLM] – {A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D} =>.Nero AG
                                  O42 - Logiciel: Intel(R) Matrix Storage Manager - (.Intel Corporation.) [HKLM] – {9068B2BE-D93A-4C0A-861C-5E35E2C0E09E} =>.Intel Corporation
                                  O42 - Logiciel: Intel(R) PRO Network Connections 12.1.11.0 - (.Intel.) [HKLM] – {777CA40C-0206-4EF6-A0FC-618BF06BF8D0} =>.Intel
                                  O42 - Logiciel: Intel(R) PRO Network Connections 12.1.11.0 - (.Intel.) [HKLM] – PROSetDX =>.Intel
                                  O42 - Logiciel: iTunes - (.Apple Inc..) [HKLM] – {868B9974-4F23-494D-B6BC-4FAB92B2755D} =>.Apple Inc.
                                  O42 - Logiciel: Java 8 Update 121 - (.Oracle Corporation.) [HKLM] – {26A24AE4-039D-4CA4-87B4-2F32180121F0} =>.Oracle Corporation
                                  O42 - Logiciel: Java Auto Updater - (.Oracle Corporation.) [HKLM] – {4A03706F-666A-4037-7777-5F2748764D10} =>.Oracle Corporation
                                  O42 - Logiciel: Java™ SE Runtime Environment 6 - (.Sun Microsystems, Inc..) [HKLM] – {3248F0A8-6813-11D6-A77B-00B0D0160000} =>.Sun Microsystems, Inc.
                                  O42 - Logiciel: LG ODD Auto Firmware Update - (..) [HKLM] – {6179550A-3E7C-499E-BCC9-9E8113E0A285}
                                  O42 - Logiciel: MediaFACE II - (..) [HKLM] – {DC1D7AD2-583A-4024-9041-387E8FFA5D8C}
                                  O42 - Logiciel: Microsoft Silverlight - (.Microsoft Corporation.) [HKLM] – {89F4137D-6C26-4A84-BDB8-2E5A4BB71E00} =>.Microsoft Corporation
                                  O42 - Logiciel: Microsoft Windows Vista Upgrade Advisor - (.Microsoft.) [HKLM] – {E0EB8881-0CFE-4375-8782-8807D258CD7C} =>.Microsoft
                                  O42 - Logiciel: Microsoft Works - (.Microsoft Corporation.) [HKLM] – {6D52C408-B09A-4520-9B18-475B81D393F1} =>.Microsoft Corporation
                                  O42 - Logiciel: MobileMe Control Panel - (.Apple Inc..) [HKLM] – {779DECD7-E072-4B56-9B6B-BEB5973EEEB5} =>.Apple Inc.
                                  O42 - Logiciel: Mozilla Firefox 50.1.0 (x86 en-US) - (.Mozilla.) [HKLM] – Mozilla Firefox 50.1.0 (x86 en-US) =>.Mozilla Corporation®
                                  O42 - Logiciel: MSVCSetup - (.HP.) [HKLM] – {3700194C-C5DD-439A-BE06-A66960CA4C70} =>.HP
                                  O42 - Logiciel: MSXML 4.0 SP2 (KB927978) - (.Microsoft Corporation.) [HKLM] – {37477865-A3F1-4772-AD43-AAFC6BCFF99F} =>.Microsoft Corporation
                                  O42 - Logiciel: MSXML 4.0 SP2 (KB936181) - (.Microsoft Corporation.) [HKLM] – {C04E32E0-0416-434D-AFB9-6969D703A9EF} =>.Microsoft Corporation
                                  O42 - Logiciel: MSXML 4.0 SP2 (KB941833) - (.Microsoft Corporation.) [HKLM] – {C523D256-313D-4866-B36A-F3DE528246EF} =>.Microsoft Corporation
                                  O42 - Logiciel: MSXML 4.0 SP2 (KB954430) - (.Microsoft Corporation.) [HKLM] – {86493ADD-824D-4B8E-BD72-8C5DCDC52A71} =>.Microsoft Corporation
                                  O42 - Logiciel: MSXML 4.0 SP2 (KB973688) - (.Microsoft Corporation.) [HKLM] – {F662A8E6-F4DC-41A2-901E-8C11F044BDEC} =>.Microsoft Corporation
                                  O42 - Logiciel: neroxml - (.Nero AG.) [HKLM] – {56C049BE-79E9-4502-BEA7-9754A3E60F9B} =>.Nero AG
                                  O42 - Logiciel: NVIDIA 3D Vision Controller Driver - (.NVIDIA Corporation.) [HKLM] – NVIDIA StereoUSB Driver =>.NVIDIA Corporation
                                  O42 - Logiciel: NVIDIA 3D Vision Controller Driver 296.10 - (.NVIDIA Corporation.) [HKLM] – {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB =>.NVIDIA Corporation
                                  O42 - Logiciel: NVIDIA 3D Vision Driver 311.06 - (.NVIDIA Corporation.) [HKLM] – {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision =>.NVIDIA Corporation
                                  O42 - Logiciel: NVIDIA Control Panel 311.06 - (.NVIDIA Corporation.) [HKLM] – {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel =>.NVIDIA Corporation
                                  O42 - Logiciel: NVIDIA Display Control Panel - (.NVIDIA Corporation.) [HKLM] – NVIDIA Display Control Panel =>.NVIDIA Corporation®
                                  O42 - Logiciel: NVIDIA Graphics Driver 311.06 - (.NVIDIA Corporation.) [HKLM] – {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver =>.NVIDIA Corporation
                                  O42 - Logiciel: NVIDIA Install Application - (.NVIDIA Corporation.) [HKLM] – {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer =>.NVIDIA Corporation
                                  O42 - Logiciel: NVIDIA PhysX - (.NVIDIA Corporation.) [HKLM] – {DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9} =>.NVIDIA Corporation
                                  O42 - Logiciel: NVIDIA PhysX System Software 9.12.0213 - (.NVIDIA Corporation.) [HKLM] – {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX =>.NVIDIA Corporation
                                  O42 - Logiciel: NVIDIA Stereoscopic 3D Driver - (.NVIDIA Corporation.) [HKLM] – NVIDIAStereo =>.NVIDIA Corporation®
                                  O42 - Logiciel: NVIDIA Update 1.11.3 - (.NVIDIA Corporation.) [HKLM] – {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update =>.NVIDIA Corporation
                                  O42 - Logiciel: NVIDIA Update Components - (.NVIDIA Corporation.) [HKLM] – {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update =>.NVIDIA Corporation
                                  O42 - Logiciel: OGA Notifier 2.0.0048.0 - (.Microsoft Corporation.) [HKLM] – {B2544A03-10D0-4E5E-BA69-0362FFC20D18} =>.Microsoft Corporation
                                  O42 - Logiciel: Product Documentation Launcher - (.Dell Inc..) [HKLM] – {89CEAE14-DD0F-448E-9554-15781EC9DB24} =>.Dell Inc.
                                  O42 - Logiciel: Realtek High Definition Audio Driver - (.Realtek Semiconductor Corp..) [HKLM] – {F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC} =>.Realtek Semiconductor Corp.
                                  O42 - Logiciel: Recover My Files - (.GetData Pty Ltd.) [HKLM] – Recover My Files v5_is1 =>.GetData Pty Ltd
                                  O42 - Logiciel: Security Update for CAPICOM (KB931906) - (.Microsoft Corporation.) [HKLM] – {0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A} =>.Microsoft Corporation
                                  O42 - Logiciel: Security Update for CAPICOM (KB931906) - (.Microsoft Corporation.) [HKLM] – KB931906 =>.Microsoft Corporation
                                  O42 - Logiciel: Sling - (.Echostar.) [HKLM] – {A0C306FE-01A5-4B94-A037-EF5403F8CE41} =>.Echostar
                                  O42 - Logiciel: Software Updater - (.SEIKO EPSON CORPORATION.) [HKLM] – {8DBC5A0A-31C4-46C7-B252-6B593EA11A87} =>.Seiko Epson Corporation
                                  O42 - Logiciel: Sonic Activation Module - (.Sonic Solutions.) [HKLM] – {35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0} =>.Sonic Solutions
                                  O42 - Logiciel: Spelling Dictionaries Support For Adobe Reader 8 - (.Adobe Systems.) [HKLM] – {AC76BA86-7AD7-5464-3428-800000000003} =>.Adobe Systems
                                  O42 - Logiciel: System Requirements Lab - (.System Requirements Lab.) [HKLM] – SystemRequirementsLab
                                  O42 - Logiciel: USB Sharing - (..) [HKLM] – {25BDEE44-A62C-4DCE-9635-2D1646E2B663}
                                  O42 - Logiciel: User’s Guides - (..) [HKLM] – {5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}
                                  O42 - Logiciel: VC 9.0 Runtime - (.Check Point Software Technologies Ltd.) [HKLM] – {02E89EFC-7B07-4D5A-AA03-9EC0902914EE} =>.Check Point Software Technologies LTD
                                  O42 - Logiciel: VC 9.0 Runtime - (.Check Point Software Technologies Ltd.) [HKLM] – {A040AC77-C1AA-4CC9-8931-9F648AF178F6} =>.Check Point Software Technologies LTD
                                  O42 - Logiciel: Visual C++ 2008 x86 Runtime - (v9.0.30729) - (.Microsoft Corporation.) [HKLM] – {F333A33D-125C-32A2-8DCE-5C5D14231E27} =>.Microsoft Corporation
                                  O42 - Logiciel: Visual C++ 2008 x86 Runtime - v9.0.30729.01 - (.Microsoft Corporation.) [HKLM] – {F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01 =>.Microsoft Corporation
                                  O42 - Logiciel: Visual Studio 2012 x86 Redistributables - (.AVG Technologies CZ, s.r.o..) [HKLM] – {98EFF19A-30AB-4E4B-B943-F06B1C63EBF8} =>.AVG Technologies CZ, s.r.o.
                                  O42 - Logiciel: VTech Download Agent Library - (.VTech.) [HKLM] – {40C4903E-EDFB-4CAE-A611-41FEBA585921} =>.VTech
                                  O42 - Logiciel: WinRAR archiver - (.RarLab.) [HKLM] – WinRAR archiver =>.RarLab
                                  O42 - Logiciel: Zemana AntiMalware - (.Zemana Ltd..) [HKLM] – {8F0CD7D1-42F3-4195-95CD-833578D45057}_is1 =>.Zemana Ltd.
                                  O42 - Logiciel: ZoneAlarm DataLock - (.Check Point Software Technologies Ltd..) [HKLM] – {C03C1C9C-D95F-4D29-A994-967CE049FCC7} =>.Check Point Software Technologies Ltd.

                                  —\ HKCU & HKLM Software Keys (191) - 18s
                                  HKLM\SOFTWARE<company>
                                  HKLM\SOFTWARE\Acudata
                                  HKLM\SOFTWARE\Adobe =>.Adobe
                                  HKLM\SOFTWARE\AGEIA Technologies =>.AGEIA Technologies
                                  HKLM\SOFTWARE\Ahead =>.Ahead
                                  HKLM\SOFTWARE\Apple Computer, Inc. =>.Apple Computer, Inc.
                                  HKLM\SOFTWARE\Apple Inc. =>.Apple Inc.
                                  HKLM\SOFTWARE\ATI Technologies =>.ATI Technologies
                                  HKLM\SOFTWARE\Audible =>.Audible.com
                                  HKLM\SOFTWARE\AVC3
                                  HKLM\SOFTWARE\AVG =>.AVG Software
                                  HKLM\SOFTWARE\AVG Web TuneUp =>.AVG Web TuneUp
                                  HKLM\SOFTWARE\AviSynth =>.Ben Rudiak-Gold
                                  HKLM\SOFTWARE\BAE =>.Dell Inc.
                                  HKLM\SOFTWARE\BitDefender =>.Bitdefender
                                  HKLM\SOFTWARE\Bitdefender SafeBox =>.Bitdefender
                                  HKLM\SOFTWARE\Canon =>.Canon
                                  HKLM\SOFTWARE\Canon_Inc_IC =>.Canon Inc.
                                  HKLM\SOFTWARE\CDDB =>.Cddb Software
                                  HKLM\SOFTWARE\CheckPoint =>.CheckPoint
                                  HKLM\SOFTWARE\Citrix =>.Citrix
                                  HKLM\SOFTWARE\CyberLink =>.CyberLink Corporation
                                  HKLM\SOFTWARE\DataViz
                                  HKLM\SOFTWARE\Dell =>.Dell
                                  HKLM\SOFTWARE\Dell Computer =>.Dell Inc.
                                  HKLM\SOFTWARE\DIOC
                                  HKLM\SOFTWARE\DVDFab =>.Fengtao
                                  HKLM\SOFTWARE\eFilm Medical
                                  HKLM\SOFTWARE\EPSON =>.EPSON
                                  HKLM\SOFTWARE\EpsonNet =>.Epson/Seico
                                  HKLM\SOFTWARE\Fellowes/NEATO LLC
                                  HKLM\SOFTWARE\Garmin =>.Garmin Ltd
                                  HKLM\SOFTWARE\GEAR Software =>.GEAR Software
                                  HKLM\SOFTWARE\Google =>.Google
                                  HKLM\SOFTWARE\Hewlett-Packard =>.Hewlett-Packard
                                  HKLM\SOFTWARE\IncrediMail =>.IncrediMail
                                  HKLM\SOFTWARE\InstallShield =>.InstallShield
                                  HKLM\SOFTWARE\Intel =>.Intel
                                  HKLM\SOFTWARE\iolo =>.Iolo Technologies
                                  HKLM\SOFTWARE\JavaSoft =>.JavaSoft
                                  HKLM\SOFTWARE\JreMetrics =>.JreMetrics
                                  HKLM\SOFTWARE\KasperskyLab =>.Kaspersky Labs
                                  HKLM\SOFTWARE\Khronos =>.Khronos
                                  HKLM\SOFTWARE\Lake =>.Lake Sofware
                                  HKLM\SOFTWARE\Large Software =>.Large Software
                                  HKLM\SOFTWARE\Lavasoft =>.Lavasoft
                                  HKLM\SOFTWARE\LeapFrog =>.LeapFrog
                                  HKLM\SOFTWARE\LG Electronics =>.LG Electronics
                                  HKLM\SOFTWARE\Licenses =>.Microsoft Corporation
                                  HKLM\SOFTWARE\LightScribe =>.LightScribe
                                  HKLM\SOFTWARE\Macromedia =>.Macromedia
                                  HKLM\SOFTWARE\Malwarebytes Anti-Rootkit =>.Malwarebytes
                                  HKLM\SOFTWARE\Malwarebytes’ Anti-Malware =>.Malwarebytes’ Anti-Malware
                                  HKLM\SOFTWARE\McAfee.com =>.McAfee Inc.
                                  HKLM\SOFTWARE\mcafeeupdater =>.McAfee Inc.
                                  HKLM\SOFTWARE\MicroQuill =>.MicroQuill Software
                                  HKLM\SOFTWARE\MimarSinan =>.Mimar Sinan
                                  HKLM\SOFTWARE\Mozilla =>.Mozilla
                                  HKLM\SOFTWARE\mozilla.org =>.mozilla.org
                                  HKLM\SOFTWARE\MozillaPlugins =>.MozillaPlugins
                                  HKLM\SOFTWARE\MyFunCards_5mEI =>PUP.Optional.MyWebSearch
                                  HKLM\SOFTWARE\Nero =>.Ahead Corporation
                                  HKLM\SOFTWARE\NOS
                                  HKLM\SOFTWARE\Nullsoft =>.Nullsoft
                                  HKLM\SOFTWARE\NVIDIA Corporation =>.nVidia Corporation
                                  HKLM\SOFTWARE\ODBC =>.DB Connectivity Solutions
                                  HKLM\SOFTWARE\PalmSource =>.PalmSource
                                  HKLM\SOFTWARE\PCTools
                                  HKLM\SOFTWARE\Persits Software =>.Persits Software
                                  HKLM\SOFTWARE\PIXELA =>.PIXELA
                                  HKLM\SOFTWARE\Pocket Soft
                                  HKLM\SOFTWARE\PocketSoft
                                  HKLM\SOFTWARE\propecfm
                                  HKLM\SOFTWARE\Realtek =>.Realtek Semiconductor Corp.
                                  HKLM\SOFTWARE\RegisteredApplications =>.Microsoft Corporation
                                  HKLM\SOFTWARE\ROBLOX Corporation =>.Roblox Corporation
                                  HKLM\SOFTWARE\Roxio =>.Roxio
                                  HKLM\SOFTWARE\SEIKO EPSON Corp. =>.SEIKO EPSON CORP.
                                  HKLM\SOFTWARE\SEIKO EPSON CORPORATION =>.Seiko Epson Corporation
                                  HKLM\SOFTWARE\Sonic =>.Sonic
                                  HKLM\SOFTWARE\SRS Labs =>.SRS Labs
                                  HKLM\SOFTWARE\Symantec =>.Symantec
                                  HKLM\SOFTWARE\SymDebug =>.Symantec Corporation
                                  HKLM\SOFTWARE\SystemRequirementsLab =>.System Requirements Lab
                                  HKLM\SOFTWARE\Volatile =>.Microsoft Corporation
                                  HKLM\SOFTWARE\WholeSecurity =>.WholeSecurity Inc
                                  HKLM\SOFTWARE\WIBU-SYSTEMS =>.Wibu-Systems
                                  HKLM\SOFTWARE\Windows =>.Microsoft Corporation
                                  HKLM\SOFTWARE\Wondershare =>.Wondershare
                                  HKLM\SOFTWARE\Wow6432Node =>.Microsoft Corporation
                                  HKLM\SOFTWARE\Yahoo =>.Yahoo! Inc.
                                  HKLM\SOFTWARE\Your Company Name =>.Your Company Name
                                  HKLM\SOFTWARE\Zemana =>.Zemana
                                  HKLM\SOFTWARE\ZmnGlobalSDK =>.Zemana Ltd
                                  HKCU\SOFTWARE\Adobe =>.Adobe
                                  HKCU\SOFTWARE\Akamai =>.Superfluous.AkamaiHD
                                  HKCU\SOFTWARE\APC
                                  HKCU\SOFTWARE\AppDataLow =>.Microsoft Corporation
                                  HKCU\SOFTWARE\Apple Computer, Inc. =>.Apple Computer, Inc.
                                  HKCU\SOFTWARE\Apple Inc. =>.Apple Inc.
                                  HKCU\SOFTWARE\ASProtect =>.ASPack Software
                                  HKCU\SOFTWARE\AVG =>.AVG Software
                                  HKCU\SOFTWARE\AVG Web TuneUp =>.AVG Web TuneUp
                                  HKCU\SOFTWARE\Bitdefender =>.Bitdefender
                                  HKCU\SOFTWARE\Canon =>.Canon
                                  HKCU\SOFTWARE\Canon_Inc_IC =>.Canon Inc.
                                  HKCU\SOFTWARE\CDDB =>.Cddb Software
                                  HKCU\SOFTWARE\CheckPoint =>.CheckPoint
                                  HKCU\SOFTWARE\Citrix =>.Citrix
                                  HKCU\SOFTWARE\CyberLink =>.CyberLink Corporation
                                  HKCU\SOFTWARE\DataViz
                                  HKCU\SOFTWARE\DatCard
                                  HKCU\SOFTWARE\DVD Shrink =>.DVD Shrink
                                  HKCU\SOFTWARE\DVDFab =>.Fengtao
                                  HKCU\SOFTWARE\Echostar =>.Echostar
                                  HKCU\SOFTWARE\EffectMgr =>.Legitimate
                                  HKCU\SOFTWARE\eFilm Medical
                                  HKCU\SOFTWARE\Epson =>.EPSON
                                  HKCU\SOFTWARE\EPSON Software Updater =>.Epson/Seico
                                  HKCU\SOFTWARE\ESET =>.ESET
                                  HKCU\SOFTWARE\Fellowes/NEATO LLC.
                                  HKCU\SOFTWARE\Garmin =>.Garmin Ltd
                                  HKCU\SOFTWARE\Geek Uninstaller =>.Geek Uninstaller
                                  HKCU\SOFTWARE\GetData =>.GetData
                                  HKCU\SOFTWARE\Google =>.Google
                                  HKCU\SOFTWARE\GTek
                                  HKCU\SOFTWARE\Haali =>.Haali Media
                                  HKCU\SOFTWARE\Hewlett-Packard =>.Hewlett-Packard
                                  HKCU\SOFTWARE\HP =>.HP
                                  HKCU\SOFTWARE\I.R.I.S. =>.I.R.I.S.
                                  HKCU\SOFTWARE\IM =>Adware.InstallCore
                                  HKCU\SOFTWARE\IncrediMail =>.IncrediMail
                                  HKCU\SOFTWARE\InstallShield =>.InstallShield
                                  HKCU\SOFTWARE\Intel =>.Intel
                                  HKCU\SOFTWARE\iolo =>.Iolo Technologies
                                  HKCU\SOFTWARE\Iris =>.I.R.I.S.
                                  HKCU\SOFTWARE\JavaSoft =>.JavaSoft
                                  HKCU\SOFTWARE\keyhole.com
                                  HKCU\SOFTWARE\Lake =>.Lake Sofware
                                  HKCU\SOFTWARE\Large Software =>.Large Software
                                  HKCU\SOFTWARE\Lavasoft =>.Lavasoft
                                  HKCU\SOFTWARE\Leadertech =>.Leadertech Systems
                                  HKCU\SOFTWARE\Licenses =>.Microsoft Corporation
                                  HKCU\SOFTWARE\LightScribe =>.LightScribe
                                  HKCU\SOFTWARE\Local AppWizard-Generated Applications =>.ZWCAD
                                  HKCU\SOFTWARE\LogMeIn =>.LogMeIn Entreprise
                                  HKCU\SOFTWARE\Macromedia =>.Macromedia
                                  HKCU\SOFTWARE\McAfee =>.McAfee Inc.
                                  HKCU\SOFTWARE\MicroVision =>.MicroVision Developement
                                  HKCU\SOFTWARE\MoveNetworks
                                  HKCU\SOFTWARE\Mozilla =>.Mozilla
                                  HKCU\SOFTWARE\MozillaPlugins =>.MozillaPlugins
                                  HKCU\SOFTWARE\NDS
                                  HKCU\SOFTWARE\Nero =>.Ahead Corporation
                                  HKCU\SOFTWARE\Netscape =>.Netscape
                                  HKCU\SOFTWARE\NVIDIA Corporation =>.nVidia Corporation
                                  HKCU\SOFTWARE\ODBC =>.DB Connectivity Solutions
                                  HKCU\SOFTWARE\PCTuneUp =>.NNJ Corporation
                                  HKCU\SOFTWARE\PIXELA =>.PIXELA
                                  HKCU\SOFTWARE\propecfm
                                  HKCU\SOFTWARE\QtProject =>.QtProject
                                  HKCU\SOFTWARE\Realtek =>.Realtek Semiconductor Corp.
                                  HKCU\SOFTWARE\Roblox =>.ROBLOX
                                  HKCU\SOFTWARE\ROBLOX Corporation =>.Roblox Corporation
                                  HKCU\SOFTWARE\Roxio =>.Roxio
                                  HKCU\SOFTWARE\Sammsoft
                                  HKCU\SOFTWARE\SecureMedia
                                  HKCU\SOFTWARE\SEIKO EPSON CORPORATION =>.Seiko Epson Corporation
                                  HKCU\SOFTWARE\SlySoft =>.SlySoft
                                  HKCU\SOFTWARE\Sonic =>.Sonic
                                  HKCU\SOFTWARE\Sonic Solutions =>.Sonic Solutions
                                  HKCU\SOFTWARE\SupportSoft =>.SupportSoft
                                  HKCU\SOFTWARE\Symantec =>.Symantec
                                  HKCU\SOFTWARE\Totem =>.Superfluous.VirtualGirl
                                  HKCU\SOFTWARE\Trolltech =>.Trolltech
                                  HKCU\SOFTWARE\TuneUp =>.TuneUp
                                  HKCU\SOFTWARE\Vso =>.VSO Software
                                  HKCU\SOFTWARE\WinRAR =>.WinRAR
                                  HKCU\SOFTWARE\WinRAR SFX =>.RarLab
                                  HKCU\SOFTWARE\Wondershare =>.Wondershare
                                  HKCU\SOFTWARE\WSSE
                                  HKCU\SOFTWARE\Zemana =>.Zemana
                                  HKCU\SOFTWARE\ZHP =>.Nicolas Coolman
                                  HKCU\SOFTWARE\Zone Labs =>.Zone Labs
                                  HKCU\SOFTWARE\AppDataLow\Aurigma =>.Aurigma
                                  HKCU\SOFTWARE\AppDataLow\ISWVolatile =>.Legitimate
                                  HKCU\SOFTWARE\AppDataLow\Software =>.Microsoft Corporation
                                  HKCU\SOFTWARE\AppDataLow\Software\JavaSoft =>.JavaSoft
                                  HKCU\SOFTWARE\AppDataLow\Software\Smartbar =>PUP.Optional.QuickShare
                                  HKCU\SOFTWARE\AppDataLow\Software\temp
                                  HKCU\SOFTWARE\AppDataLow\Software\Yahoo =>.Yahoo! Inc.

                                  —\ Contents of the Common Files folders (291) - 13s
                                  O43 - CFD: 28/03/2015 - D – C:\Program Files\Adobe =>.Adobe Systems, Incorporated®
                                  O43 - CFD: 14/02/2016 - D – C:\Program Files\Apple Software Update =>.Apple Inc.
                                  O43 - CFD: 03/10/2010 - D – C:\Program Files\AviSynth 2.5 =>.AviSynth
                                  O43 - CFD: 09/08/2007 - D – C:\Program Files\BAE
                                  O43 - CFD: 26/01/2017 - D – C:\Program Files\Bitdefender =>.Bitdefender
                                  O43 - CFD: 15/10/2011 - D – C:\Program Files\Bonjour =>.Apple Inc.
                                  O43 - CFD: 06/09/2008 - D – C:\Program Files\Canon =>.Canon
                                  O43 - CFD: 29/11/2010 - [0] D – C:\Program Files\Citrix =>.Citrix
                                  O43 - CFD: 26/12/2016 - D – C:\Program Files\CodeMeter =>.Legitimate
                                  O43 - CFD: 22/02/2017 - D – C:\Program Files\Common Files =>.Microsoft Corporation
                                  O43 - CFD: 26/12/2016 - D – C:\Program Files\CyberLink =>.CyberLink Corporation
                                  O43 - CFD: 02/01/2017 - D – C:\Program Files\Dell =>.Dell
                                  O43 - CFD: 03/02/2011 - D – C:\Program Files\DIFX =>.Microsoft Corporation
                                  O43 - CFD: 16/08/2012 - D – C:\Program Files\Documents To Go Desktop
                                  O43 - CFD: 06/10/2010 - D – C:\Program Files\DVD Shrink =>.DVD Shrink
                                  O43 - CFD: 12/02/2016 - D – C:\Program Files\epson =>.Epson America, Inc.®
                                  O43 - CFD: 12/02/2016 - D – C:\Program Files\EPSON Software =>.Epson/Seico
                                  O43 - CFD: 12/02/2016 - D – C:\Program Files\EpsonNet =>.Epson/Seico
                                  O43 - CFD: 02/01/2017 - D – C:\Program Files\GetData =>.GetData Pty Ltd®
                                  O43 - CFD: 20/06/2014 - D – C:\Program Files\GUM9A6A.tmp =>.Google Inc®
                                  O43 - CFD: 12/02/2016 - [0] D – C:\Program Files\Hewlett-Packard =>.Hewlett-Packard
                                  O43 - CFD: 12/02/2016 - D – C:\Program Files\HP =>.Hewlett-Packard
                                  O43 - CFD: 02/01/2017 - HD – C:\Program Files\InstallShield Installation Information =>.InstallShield Software
                                  O43 - CFD: 09/08/2007 - D – C:\Program Files\Intel =>.Intel Corporation
                                  O43 - CFD: 14/11/2016 - D – C:\Program Files\Internet Explorer =>.Microsoft Corporation
                                  O43 - CFD: 14/02/2016 - D – C:\Program Files\iPod =>.Apple Inc.®
                                  O43 - CFD: 14/02/2016 - D – C:\Program Files\iTunes =>.Apple Inc.
                                  O43 - CFD: 22/02/2017 - D – C:\Program Files\Java =>.Oracle
                                  O43 - CFD: 22/01/2017 - D – C:\Program Files\lg_fwupdate
                                  O43 - CFD: 09/10/2007 - D – C:\Program Files\MediaFACE II
                                  O43 - CFD: 19/02/2017 - D – C:\Program Files\Microsoft =>.Microsoft Corporation
                                  O43 - CFD: 11/08/2007 - D – C:\Program Files\Microsoft ActiveSync =>.Microsoft Corporation
                                  O43 - CFD: 11/08/2007 - D – C:\Program Files\Microsoft CAPICOM 2.1.0.2 =>.Microsoft Corporation
                                  O43 - CFD: 02/11/2006 - D – C:\Program Files\Microsoft Games =>.Microsoft Corporation
                                  O43 - CFD: 28/06/2011 - D – C:\Program Files\Microsoft Office =>.Microsoft Corporation
                                  O43 - CFD: 17/10/2016 - D – C:\Program Files\Microsoft Silverlight =>.Microsoft Corporation
                                  O43 - CFD: 14/10/2009 - D – C:\Program Files\Microsoft Works =>.Microsoft Corporation
                                  O43 - CFD: 25/06/2010 - D – C:\Program Files\Microsoft.NET =>.Microsoft Corporation
                                  O43 - CFD: 11/08/2010 - D – C:\Program Files\Movie Maker =>.Microsoft Corporation
                                  O43 - CFD: 23/02/2017 - D – C:\Program Files\Mozilla Firefox =>.Mozilla
                                  O43 - CFD: 22/02/2017 - D – C:\Program Files\Mozilla Maintenance Service =>.Mozilla
                                  O43 - CFD: 02/11/2006 - D – C:\Program Files\MSBuild =>.Microsoft Corporation
                                  O43 - CFD: 10/08/2010 - D – C:\Program Files\MSECache =>.Microsoft Corporation
                                  O43 - CFD: 09/08/2007 - [0] D – C:\Program Files\MSXML 4.0 =>.Microsoft Corporation
                                  O43 - CFD: 26/12/2016 - D – C:\Program Files\Norton Save and Restore =>.Symantec Corporation
                                  O43 - CFD: 27/03/2010 - D – C:\Program Files\NOS =>.Adobe Systems Incorporated®
                                  O43 - CFD: 12/04/2013 - D – C:\Program Files\NVIDIA Corporation =>.nVidia Corporation
                                  O43 - CFD: 29/05/2011 - D – C:\Program Files\PIXELA =>.PIXELA
                                  O43 - CFD: 02/11/2006 - D – C:\Program Files\Reference Assemblies =>.Microsoft Corporation
                                  O43 - CFD: 01/02/2017 - D – C:\Program Files\Roblox {694E215B8DF6F177F50012FEBD09BDA6} =>.ROBLOX
                                  O43 - CFD: 06/09/2011 - D – C:\Program Files\SystemRequirementsLab =>.System Requirements Lab
                                  O43 - CFD: 02/11/2006 - [0] D – C:\Program Files\Uninstall Information =>.Microsoft Corporation
                                  O43 - CFD: 05/09/2008 - D – C:\Program Files\USB Sharing
                                  O43 - CFD: 28/12/2016 - D – C:\Program Files\VDOTool
                                  O43 - CFD: 17/09/2009 - D – C:\Program Files\Windows Calendar =>.Microsoft Corporation
                                  O43 - CFD: 10/02/2016 - D – C:\Program Files\Windows Collaboration =>.Microsoft Corporation
                                  O43 - CFD: 17/09/2009 - D – C:\Program Files\Windows Defender =>.Microsoft Corporation
                                  O43 - CFD: 20/09/2016 - D – C:\Program Files\Windows Journal =>.Microsoft Corporation
                                  O43 - CFD: 09/03/2016 - D – C:\Program Files\Windows Mail =>.Microsoft Corporation
                                  O43 - CFD: 10/06/2015 - D – C:\Program Files\Windows Media Player =>.Microsoft Corporation
                                  O43 - CFD: 02/11/2006 - D – C:\Program Files\Windows NT =>.Microsoft Corporation
                                  O43 - CFD: 17/09/2009 - D – C:\Program Files\Windows Photo Gallery =>.Microsoft Corporation
                                  O43 - CFD: 17/11/2009 - D – C:\Program Files\Windows Portable Devices =>.Microsoft Corporation
                                  O43 - CFD: 02/03/2012 - D – C:\Program Files\Windows Sidebar =>.Microsoft Corporation
                                  O43 - CFD: 15/09/2008 - D – C:\Program Files\WinRAR =>.WinRAR
                                  O43 - CFD: 22/02/2017 - D – C:\Program Files\Zemana AntiMalware =>.Zemana
                                  O43 - CFD: 24/02/2011 - RD – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories =>.Microsoft Corporation
                                  O43 - CFD: 02/01/2017 - RD – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools =>.Administrative Tools
                                  O43 - CFD: 02/01/2017 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AviSynth 2.5 =>.AviSynth
                                  O43 - CFD: 26/01/2017 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bitdefender 2015 =>.Bitdefender
                                  O43 - CFD: 06/09/2008 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities =>.Canon Inc.
                                  O43 - CFD: 02/01/2017 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink Advisor =>.CyberLink Corporation
                                  O43 - CFD: 02/01/2017 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink Hi-Def Suite =>.CyberLink Corporation
                                  O43 - CFD: 09/08/2007 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell =>.Dell
                                  O43 - CFD: 21/11/2011 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell DataSafe =>.Dell Inc.
                                  O43 - CFD: 02/01/2017 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVD Shrink =>.DVD Shrink
                                  O43 - CFD: 13/02/2016 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON =>.EPSON
                                  O43 - CFD: 02/01/2017 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON Software =>.Epson/Seico
                                  O43 - CFD: 20/06/2008 - RD – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Extras and Upgrades =>.Legitimate
                                  O43 - CFD: 25/01/2017 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fellowes NEATO MediaFACE II
                                  O43 - CFD: 20/06/2008 - RD – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games =>.Microsoft Corporation
                                  O43 - CFD: 02/01/2017 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Haali Media Splitter =>.Mike Matsnev
                                  O43 - CFD: 09/08/2007 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel(R) Matrix Storage Manager
                                  O43 - CFD: 02/01/2017 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes =>.Apple Inc.
                                  O43 - CFD: 22/02/2017 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java =>.Oracle
                                  O43 - CFD: 02/01/2017 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LG ODD Auto Firmware Update
                                  O43 - CFD: 02/11/2006 - RD – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance =>.Microsoft Corporation
                                  O43 - CFD: 14/07/2010 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office =>.Microsoft Corporation
                                  O43 - CFD: 02/01/2017 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight =>.Microsoft Corporation
                                  O43 - CFD: 08/12/2009 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Works =>.Microsoft Corporation
                                  O43 - CFD: 19/11/2012 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation =>.nVidia Corporation
                                  O43 - CFD: 29/05/2011 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PIXELA =>.PIXELA
                                  O43 - CFD: 02/01/2017 - RD – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup =>.Microsoft Corporation
                                  O43 - CFD: 02/11/2006 - RHD – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tablet PC =>.Wacom Technology
                                  O43 - CFD: 09/10/2007 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR =>.WinRAR
                                  O43 - CFD: 22/02/2017 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware =>.Zemana
                                  O43 - CFD: 14/02/2016 - D – C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1 =>.GEAR Software, Inc.
                                  O43 - CFD: 27/04/2015 - D – C:\ProgramData\Adobe =>.Adobe
                                  O43 - CFD: 15/06/2011 - D – C:\ProgramData\aJ01842PhEhB01842
                                  O43 - CFD: 14/02/2016 - D – C:\ProgramData\Apple =>.Apple Inc.
                                  O43 - CFD: 15/03/2008 - D – C:\ProgramData\Apple Computer =>.Apple Inc.
                                  O43 - CFD: 11/08/2007 - [0] SHD – C:\ProgramData\Application Data =>.Microsoft Corporation
                                  O43 - CFD: 14/02/2016 - D – C:\ProgramData\B0FFCDD9-5261-4e59-B29A-17A4FABDEBAB
                                  O43 - CFD: 01/07/2015 - D – C:\ProgramData\bdch =>.Softwin
                                  O43 - CFD: 28/03/2015 - D – C:\ProgramData\BDLogging =>.Bitdefender
                                  O43 - CFD: 26/01/2017 - D – C:\ProgramData\Bitdefender =>.Bitdefender
                                  O43 - CFD: 09/04/2014 - D – C:\ProgramData\CheckPoint =>.CheckPoint
                                  O43 - CFD: 01/03/2012 - HD – C:\ProgramData\Common Files =>.Microsoft Corporation
                                  O43 - CFD: 16/05/2010 - D – C:\ProgramData\CyberLink =>.CyberLink Corporation
                                  O43 - CFD: 07/09/2010 - D – C:\ProgramData\Dell =>.Dell
                                  O43 - CFD: 11/08/2007 - [0] SHD – C:\ProgramData\Desktop =>.Microsoft Corporation
                                  O43 - CFD: 11/08/2007 - [0] SHD – C:\ProgramData\Documents =>.Microsoft Corporation
                                  O43 - CFD: 01/01/2017 - [0] D – C:\ProgramData\Dumps
                                  O43 - CFD: 06/10/2010 - D – C:\ProgramData\DVD Shrink =>.DVD Shrink
                                  O43 - CFD: 13/02/2016 - D – C:\ProgramData\EPSON =>.EPSON
                                  O43 - CFD: 11/08/2007 - [0] SHD – C:\ProgramData\Favorites =>.Microsoft Corporation
                                  O43 - CFD: 11/08/2007 - D – C:\ProgramData\Google =>.Google
                                  O43 - CFD: 12/02/2016 - D – C:\ProgramData\HP =>.Hewlett-Packard
                                  O43 - CFD: 09/08/2007 - D – C:\ProgramData\InstallShield =>.InstallShield
                                  O43 - CFD: 15/09/2008 - D – C:\ProgramData\iolo =>.Iolo Technologies
                                  O43 - CFD: 13/03/2010 - D – C:\ProgramData\Kaspersky SDK =>.Kaspersky Labs
                                  O43 - CFD: 03/02/2011 - D – C:\ProgramData\Leapfrog =>.LeapFrog
                                  O43 - CFD: 12/08/2007 - D – C:\ProgramData\MailFrontier
                                  O43 - CFD: 22/02/2017 - D – C:\ProgramData\Malwarebytes =>.Malwarebytes
                                  O43 - CFD: 22/02/2017 - [0] D – C:\ProgramData\Malwarebytes’ Anti-Malware (portable) =>.Malwarebytes
                                  O43 - CFD: 18/03/2011 - D – C:\ProgramData\McAfee =>.McAfee
                                  O43 - CFD: 17/07/2015 - SD – C:\ProgramData\Microsoft =>.Microsoft Corporation
                                  O43 - CFD: 28/06/2014 - D – C:\ProgramData\Mozilla =>.Mozilla Corporation
                                  O43 - CFD: 03/05/2009 - D – C:\ProgramData\MSScanAppDataDir
                                  O43 - CFD: 02/10/2010 - D – C:\ProgramData\Nero =>.Ahead Corporation
                                  O43 - CFD: 24/02/2008 - D – C:\ProgramData\NETGEAR XE102 Powerline Encryption Utility =>.Netgear Inc
                                  O43 - CFD: 26/12/2016 - D – C:\ProgramData\Norton =>.Symantec Corporation
                                  O43 - CFD: 27/03/2010 - D – C:\ProgramData\NOS
                                  O43 - CFD: 23/02/2017 - D – C:\ProgramData\NVIDIA =>.nVidia Corporation
                                  O43 - CFD: 06/09/2011 - D – C:\ProgramData\NVIDIA Corporation =>.nVidia Corporation
                                  O43 - CFD: 03/10/2009 - D – C:\ProgramData\Office Genuine Advantage =>.Microsoft Corporation
                                  O43 - CFD: 21/01/2017 - D – C:\ProgramData\Oracle =>.Oracle
                                  O43 - CFD: 11/03/2010 - D – C:\ProgramData\PIXELA =>.PIXELA
                                  O43 - CFD: 01/02/2017 - D – C:\ProgramData\Roblox =>.ROBLOX
                                  O43 - CFD: 16/05/2010 - D – C:\ProgramData\Roxio =>.Roxio
                                  O43 - CFD: 22/02/2017 - D – C:\ProgramData\Sling
                                  O43 - CFD: 03/10/2010 - D – C:\ProgramData\SlySoft =>.SlySoft
                                  O43 - CFD: 09/08/2007 - D – C:\ProgramData\Sonic =>.Sonic
                                  O43 - CFD: 03/05/2009 - D – C:\ProgramData\SSScanAppDataDir =>.Nuance Communications
                                  O43 - CFD: 11/08/2007 - [0] SHD – C:\ProgramData\Start Menu =>.Microsoft Corporation
                                  O43 - CFD: 03/10/2010 - D – C:\ProgramData\Sun =>.Oracle
                                  O43 - CFD: 26/12/2016 - [0] AD – C:\ProgramData\TEMP =>.Microsoft Corporation
                                  O43 - CFD: 11/08/2007 - [0] SHD – C:\ProgramData\Templates =>.Microsoft Corporation
                                  O43 - CFD: 03/10/2010 - D – C:\ProgramData\vsosdk =>.VSO Software
                                  O43 - CFD: 04/03/2010 - D – C:\ProgramData\WEBREG =>.Hewlett-Packard
                                  O43 - CFD: 19/09/2008 - D – C:\ProgramData\WindowsSearch =>.Microsoft Corporation
                                  O43 - CFD: 29/04/2008 - D – C:\ProgramData\WLInstaller =>.Microsoft Corporation
                                  O43 - CFD: 16/05/2010 - D – C:\ProgramData\Yahoo! =>.Yahoo!
                                  O43 - CFD: 06/09/2008 - [0] D – C:\ProgramData\ZoomBrowser =>.Canon Inc.
                                  O43 - CFD: 13/03/2009 - D – C:\ProgramData{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
                                  O43 - CFD: 01/04/2010 - D – C:\ProgramData{429CAD59-35B1-4DBC-BB6D-1DB246563521} =>.Apple Inc.
                                  O43 - CFD: 12/09/2009 - D – C:\ProgramData{755AC846-7372-4AC8-8550-C52491DAA8BD}
                                  O43 - CFD: 08/04/2009 - D – C:\ProgramData{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
                                  O43 - CFD: 16/10/2015 - D – C:\Program Files\Common Files\Adobe =>.Adobe
                                  O43 - CFD: 20/07/2015 - D – C:\Program Files\Common Files\Adobe AIR =>.Adobe Inc.
                                  O43 - CFD: 14/02/2016 - D – C:\Program Files\Common Files\Apple =>.Apple Inc.
                                  O43 - CFD: 26/01/2017 - D – C:\Program Files\Common Files\Bitdefender =>.Bitdefender
                                  O43 - CFD: 06/09/2008 - D – C:\Program Files\Common Files\Canon =>.Canon
                                  O43 - CFD: 21/12/2008 - D – C:\Program Files\Common Files\DataViz
                                  O43 - CFD: 11/08/2007 - D – C:\Program Files\Common Files\DESIGNER =>.Designer
                                  O43 - CFD: 12/02/2016 - D – C:\Program Files\Common Files\EPSON =>.EPSON
                                  O43 - CFD: 04/03/2010 - D – C:\Program Files\Common Files\Hewlett-Packard =>.Hewlett-Packard
                                  O43 - CFD: 16/02/2008 - D – C:\Program Files\Common Files\InstallShield =>.InstallShield
                                  O43 - CFD: 21/01/2017 - D – C:\Program Files\Common Files\Java =>.Oracle
                                  O43 - CFD: 16/07/2015 - D – C:\Program Files\Common Files\microsoft shared =>.Microsoft Corporation
                                  O43 - CFD: 16/05/2010 - D – C:\Program Files\Common Files\Roxio Shared =>.Roxio
                                  O43 - CFD: 02/11/2006 - D – C:\Program Files\Common Files\Services =>.Microsoft Corporation
                                  O43 - CFD: 02/11/2006 - D – C:\Program Files\Common Files\SpeechEngines =>.Microsoft Corporation
                                  O43 - CFD: 22/02/2017 - D – C:\Program Files\Common Files\Symantec Shared =>.Symantec Corporation
                                  O43 - CFD: 09/03/2016 - D – C:\Program Files\Common Files\System =>.Microsoft Corporation
                                  O43 - CFD: 11/10/2014 - D – C:\Program Files\Common Files\Wondershare =>.Wondershare
                                  O43 - CFD: 28/03/2015 - D – C:\Users\Glen\AppData\Roaming\Adobe =>.Adobe
                                  O43 - CFD: 24/08/2007 - [0] D – C:\Users\Glen\AppData\Roaming\AdobeUM =>.Adobe Inc.
                                  O43 - CFD: 19/10/2011 - D – C:\Users\Glen\AppData\Roaming\Apple Computer =>.Apple Inc.
                                  O43 - CFD: 03/10/2010 - D – C:\Users\Glen\AppData\Roaming\Arcsoft =>.ArcSoft
                                  O43 - CFD: 26/01/2017 - D – C:\Users\Glen\AppData\Roaming\Bitdefender =>.Bitdefender
                                  O43 - CFD: 09/04/2014 - D – C:\Users\Glen\AppData\Roaming\CheckPoint =>.CheckPoint
                                  O43 - CFD: 20/07/2015 - D – C:\Users\Glen\AppData\Roaming\com.radioio.ioDeskto p
                                  O43 - CFD: 01/02/2011 - D – C:\Users\Glen\AppData\Roaming\com.radioio.ioDeskto p.CB8A51FDBDF8B5F2BC25A3DD7F59CC4ED6D8CF65.1
                                  O43 - CFD: 20/01/2009 - D – C:\Users\Glen\AppData\Roaming\CyberLink =>.CyberLink Corporation
                                  O43 - CFD: 15/06/2014 - D – C:\Users\Glen\AppData\Roaming\DocumentsToGoDesktop
                                  O43 - CFD: 13/02/2016 - D – C:\Users\Glen\AppData\Roaming\Epson =>.EPSON
                                  O43 - CFD: 05/11/2011 - D – C:\Users\Glen\AppData\Roaming\Garmin =>.Garmin Ltd
                                  O43 - CFD: 22/02/2017 - D – C:\Users\Glen\AppData\Roaming\Geek Uninstaller =>.Geek Uninstaller
                                  O43 - CFD: 11/08/2007 - [0] D – C:\Users\Glen\AppData\Roaming\Google =>.Google
                                  O43 - CFD: 21/12/2008 - D – C:\Users\Glen\AppData\Roaming\HotSync
                                  O43 - CFD: 16/07/2015 - D – C:\Users\Glen\AppData\Roaming\HP =>.Hewlett-Packard
                                  O43 - CFD: 30/08/2015 - D – C:\Users\Glen\AppData\Roaming\HpUpdate =>.Hewlett-Packard
                                  O43 - CFD: 11/10/2014 - D – C:\Users\Glen\AppData\Roaming\HYXDevPsnList
                                  O43 - CFD: 11/08/2007 - D – C:\Users\Glen\AppData\Roaming\Identities =>.Microsoft Corporation
                                  O43 - CFD: 12/02/2016 - D – C:\Users\Glen\AppData\Roaming\InstallShield =>.InstallShield
                                  O43 - CFD: 15/09/2008 - D – C:\Users\Glen\AppData\Roaming\iolo =>.Iolo Technologies
                                  O43 - CFD: 18/07/2008 - D – C:\Users\Glen\AppData\Roaming\Leadertech =>.Leadertech Systems
                                  O43 - CFD: 11/08/2007 - D – C:\Users\Glen\AppData\Roaming\Macromedia =>.Macromedia
                                  O43 - CFD: 27/06/2011 - D – C:\Users\Glen\AppData\Roaming\MailFrontier
                                  O43 - CFD: 02/11/2006 - [0] D – C:\Users\Glen\AppData\Roaming\Media Center Programs =>.Microsoft Corporation
                                  O43 - CFD: 31/12/2014 - SD – C:\Users\Glen\AppData\Roaming\Microsoft =>.Microsoft Corporation
                                  O43 - CFD: 28/06/2014 - D – C:\Users\Glen\AppData\Roaming\Mozilla =>.Mozilla Corporation
                                  O43 - CFD: 22/06/2011 - D – C:\Users\Glen\AppData\Roaming\Nero =>.Ahead Corporation
                                  O43 - CFD: 22/02/2017 - D – C:\Users\Glen\AppData\Roaming\NVIDIA =>.nVidia Corporation
                                  O43 - CFD: 28/03/2015 - [0] D – C:\Users\Glen\AppData\Roaming\QuickScan =>.Bitdefender
                                  O43 - CFD: 13/08/2007 - D – C:\Users\Glen\AppData\Roaming\Roxio =>.Roxio
                                  O43 - CFD: 22/02/2017 - [0] D – C:\Users\Glen\AppData\Roaming\SecureMedia
                                  O43 - CFD: 26/12/2016 - D – C:\Users\Glen\AppData\Roaming\Sun =>.Oracle
                                  O43 - CFD: 06/02/2008 - D – C:\Users\Glen\AppData\Roaming\Template =>.Microsoft Corporation
                                  O43 - CFD: 20/10/2010 - [0] D – C:\Users\Glen\AppData\Roaming\Vso =>.VSO Software
                                  O43 - CFD: 09/10/2007 - [0] D – C:\Users\Glen\AppData\Roaming\WinRAR =>.WinRAR
                                  O43 - CFD: 22/02/2017 - [0] D – C:\Users\Glen\AppData\Roaming\Yahoo! =>.Yahoo!
                                  O43 - CFD: 23/02/2017 - D – C:\Users\Glen\AppData\Roaming\ZHP =>.Nicolas Coolman
                                  O43 - CFD: 22/09/2008 - [0] D – C:\Users\Glen\AppData\Roaming\ZoomBrowser EX =>.Canon Inc.
                                  O43 - CFD: 09/01/2017 - D – C:\Users\Glen\AppData\Local\0303933
                                  O43 - CFD: 22/02/2017 - D – C:\Users\Glen\AppData\Local\1e17e
                                  O43 - CFD: 20/07/2015 - D – C:\Users\Glen\AppData\Local\Adobe =>.Adobe
                                  O43 - CFD: 24/01/2017 - D – C:\Users\Glen\AppData\Local\Akamai =>.Superfluous.AkamaiHD
                                  O43 - CFD: 31/08/2007 - D – C:\Users\Glen\AppData\Local\Apple =>.Apple Inc.
                                  O43 - CFD: 21/03/2010 - D – C:\Users\Glen\AppData\Local\Apple Computer =>.Apple Inc.
                                  O43 - CFD: 11/08/2007 - [0] SHD – C:\Users\Glen\AppData\Local\Application Data =>.Microsoft Corporation
                                  O43 - CFD: 21/01/2017 - D – C:\Users\Glen\AppData\Local\CEF =>.CEF
                                  O43 - CFD: 21/02/2017 - D – C:\Users\Glen\AppData\Local\CrashDumps =>.Microsoft Corporation
                                  O43 - CFD: 13/10/2016 - D – C:\Users\Glen\AppData\Local\Google =>.Google
                                  O43 - CFD: 11/08/2007 - [0] SHD – C:\Users\Glen\AppData\Local\History =>.Microsoft Corporation
                                  O43 - CFD: 04/03/2010 - D – C:\Users\Glen\AppData\Local\HP =>.Hewlett-Packard
                                  O43 - CFD: 28/06/2014 - D – C:\Users\Glen\AppData\Local\Macromedia =>.Macromedia
                                  O43 - CFD: 02/01/2017 - D – C:\Users\Glen\AppData\Local\Microsoft =>.Microsoft Corporation
                                  O43 - CFD: 26/12/2016 - D – C:\Users\Glen\AppData\Local\Microsoft Corporation =>.Microsoft Corporation
                                  O43 - CFD: 03/09/2007 - D – C:\Users\Glen\AppData\Local\Microsoft Games =>.Microsoft Corporation
                                  O43 - CFD: 09/10/2007 - D – C:\Users\Glen\AppData\Local\MicroVision Applications =>.MicroVision
                                  O43 - CFD: 11/08/2007 - D – C:\Users\Glen\AppData\Local\MigWiz =>.MigWiz
                                  O43 - CFD: 28/06/2014 - D – C:\Users\Glen\AppData\Local\Mozilla =>.Mozilla Corporation
                                  O43 - CFD: 21/06/2011 - D – C:\Users\Glen\AppData\Local\Nero =>.Ahead Corporation
                                  O43 - CFD: 21/06/2011 - D – C:\Users\Glen\AppData\Local\Nero_AG =>.Ahead
                                  O43 - CFD: 26/12/2016 - D – C:\Users\Glen\AppData\Local\NPE =>.NPE
                                  O43 - CFD: 02/02/2017 - D – C:\Users\Glen\AppData\Local\Roblox =>.ROBLOX
                                  O43 - CFD: 20/01/2009 - D – C:\Users\Glen\AppData\Local\Roxio =>.Roxio
                                  O43 - CFD: 22/02/2017 - D – C:\Users\Glen\AppData\Local\Sling_cache
                                  O43 - CFD: 22/09/2010 - D – C:\Users\Glen\AppData\Local\Sunbelt Software =>.Sunbelt Software
                                  O43 - CFD: 21/11/2011 - [0] D – C:\Users\Glen\AppData\Local\SupportSoft =>.SupportSoft
                                  O43 - CFD: 11/08/2007 - D – C:\Users\Glen\AppData\Local\Symantec_Corporation =>.Symantec
                                  O43 - CFD: 23/02/2017 - D – C:\Users\Glen\AppData\Local\Temp =>.Microsoft Corporation
                                  O43 - CFD: 11/08/2007 - [0] SHD – C:\Users\Glen\AppData\Local\Temporary Internet Files =>.Microsoft Corporation
                                  O43 - CFD: 12/08/2007 - D – C:\Users\Glen\AppData\Local\The Weather Channel
                                  O43 - CFD: 04/04/2010 - D – C:\Users\Glen\AppData\Local\Threat Expert =>.Threat Expert
                                  O43 - CFD: 18/07/2008 - D – C:\Users\Glen\AppData\Local\VirtualStore =>.Microsoft Corporation
                                  O43 - CFD: 11/08/2007 - D – C:\Users\Glen\AppData\Local\WindowsUpdate =>.Microsoft Corporation
                                  O43 - CFD: 11/10/2014 - D – C:\Users\Glen\AppData\Local\Wondershare =>.Wondershare
                                  O43 - CFD: 22/02/2017 - D – C:\Users\Glen\AppData\Local\Zemana =>.Zemana
                                  O43 - CFD: 02/11/2006 - RD – C:\Users\Glen\AppData\Roaming\Microsoft\Windows\St art Menu\Programs\Accessories =>.Microsoft Corporation
                                  O43 - CFD: 11/08/2007 - RD – C:\Users\Glen\AppData\Roaming\Microsoft\Windows\St art Menu\Programs\Administrative Tools =>.Administrative Tools
                                  O43 - CFD: 03/10/2010 - [0] D – C:\Users\Glen\AppData\Roaming\Microsoft\Windows\St art Menu\Programs\AviSynth 2.5 =>.AviSynth
                                  O43 - CFD: 02/11/2006 - RD – C:\Users\Glen\AppData\Roaming\Microsoft\Windows\St art Menu\Programs\Maintenance =>.Microsoft Corporation
                                  O43 - CFD: 26/12/2016 - D – C:\Users\Glen\AppData\Roaming\Microsoft\Windows\St art Menu\Programs\Recover My Files v5 =>.GetData
                                  O43 - CFD: 22/02/2017 - D – C:\Users\Glen\AppData\Roaming\Microsoft\Windows\St art Menu\Programs\Sling
                                  O43 - CFD: 12/10/2008 - RD – C:\Users\Glen\AppData\Roaming\Microsoft\Windows\St art Menu\Programs\Startup =>.Microsoft Corporation
                                  O43 - CFD: 09/10/2007 - D – C:\Users\Glen\AppData\Roaming\Microsoft\Windows\St art Menu\Programs\WinRAR =>.WinRAR
                                  O43 - CFD: 11/08/2007 - [0] SHD – C:\Users\Default\AppData\Local\Application Data =>.Microsoft Corporation
                                  O43 - CFD: 11/08/2007 - [0] SHD – C:\Users\Default\AppData\Local\History =>.Microsoft Corporation
                                  O43 - CFD: 02/11/2006 - D – C:\Users\Default\AppData\Local\Microsoft =>.Microsoft Corporation
                                  O43 - CFD: 02/11/2006 - [0] D – C:\Users\Default\AppData\Local\Temp =>.Microsoft Corporation
                                  O43 - CFD: 11/08/2007 - [0] SHD – C:\Users\Default\AppData\Local\Temporary Internet Files =>.Microsoft Corporation
                                  O43 - CFD: 11/08/2007 - [0] SHD – C:\Users\Default User\AppData\Local\Application Data =>.Microsoft Corporation
                                  O43 - CFD: 11/08/2007 - [0] SHD – C:\Users\Default User\AppData\Local\History =>.Microsoft Corporation
                                  O43 - CFD: 02/11/2006 - D – C:\Users\Default User\AppData\Local\Microsoft =>.Microsoft Corporation
                                  O43 - CFD: 02/11/2006 - [0] D – C:\Users\Default User\AppData\Local\Temp =>.Microsoft Corporation
                                  O43 - CFD: 11/08/2007 - [0] SHD – C:\Users\Default User\AppData\Local\Temporary Internet Files =>.Microsoft Corporation
                                  O43 - CFD: 18/07/2008 - [0] SHD – C:\Windows\System32\Config\systemprofile\AppData\L ocal\Application Data =>.Microsoft Corporation
                                  O43 - CFD: 27/01/2017 - D – C:\Windows\System32\Config\systemprofile\AppData\L ocal\Avg =>.AVG Software
                                  O43 - CFD: 27/01/2017 - D – C:\Windows\System32\Config\systemprofile\AppData\L ocal\AvgSetupLog =>.AVG Software
                                  O43 - CFD: 01/07/2015 - D – C:\Windows\System32\Config\systemprofile\AppData\L ocal\bdch =>.Softwin
                                  O43 - CFD: 20/01/2017 - D – C:\Windows\System32\Config\systemprofile\AppData\L ocal\CrashDumps =>.Microsoft Corporation
                                  O43 - CFD: 25/04/2011 - D – C:\Windows\System32\Config\systemprofile\AppData\L ocal\Google =>.Google
                                  O43 - CFD: 18/07/2008 - [0] SHD – C:\Windows\System32\Config\systemprofile\AppData\L ocal\History =>.Microsoft Corporation
                                  O43 - CFD: 16/05/2010 - D – C:\Windows\System32\Config\systemprofile\AppData\L ocal\ICS =>.ICS
                                  O43 - CFD: 16/07/2015 - D – C:\Windows\System32\Config\systemprofile\AppData\L ocal\Microsoft =>.Microsoft Corporation
                                  O43 - CFD: 15/05/2010 - D – C:\Windows\System32\Config\systemprofile\AppData\L ocal\Sunbelt Software =>.Sunbelt Software
                                  O43 - CFD: 27/12/2009 - [0] D – C:\Windows\System32\Config\systemprofile\AppData\L ocal\Temp =>.Microsoft Corporation
                                  O43 - CFD: 18/07/2008 - [0] SHD – C:\Windows\System32\Config\systemprofile\AppData\L ocal\Temporary Internet Files =>.Microsoft Corporation
                                  O43 - CFD: 22/02/2017 - D – C:\Windows\System32\Config\systemprofile\AppData\L ocal\Zemana =>.Zemana
                                  O43 - CFD: 05/07/2010 - D – C:\Windows\System32\Config\systemprofile\AppData\R oaming\Apple Computer =>.Apple Inc.
                                  O43 - CFD: 27/01/2017 - D – C:\Windows\System32\Config\systemprofile\AppData\R oaming\Bitdefender =>.Bitdefender
                                  O43 - CFD: 15/09/2008 - [0] D – C:\Windows\System32\Config\systemprofile\AppData\R oaming\iolo =>.Iolo Technologies
                                  O43 - CFD: 13/08/2012 - D – C:\Windows\System32\Config\systemprofile\AppData\R oaming\McAfee =>.McAfee
                                  O43 - CFD: 16/07/2015 - SD – C:\Windows\System32\Config\systemprofile\AppData\R oaming\Microsoft =>.Microsoft Corporation
                                  O43 - CFD: 28/03/2015 - [0] D – C:\Windows\System32\Config\systemprofile\AppData\R oaming\QuickScan =>.Bitdefender
                                  O43 - CFD: 09/10/2007 - D – C:\Windows\System32\Config\systemprofile\AppData\R oaming\Roxio =>.Roxio
                                  O43 - CFD: 18/07/2008 - RD – C:\Windows\System32\Config\systemprofile\Start Menu\Programs\Administrative Tools =>.Administrative Tools
                                  O43 - CFD: 18/07/2008 - RD – C:\Windows\System32\Config\systemprofile\Start Menu\Programs\Startup =>.Microsoft Corporation

                                  —\ ShellIconOverlayIdentifiers (SIOI) (1) - 0s
                                  O106 - SIOI: Enhanced Storage Icon Overlay Handler Class [EnhancedStorageShell] - {D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D}. (.Microsoft Corporation - Windows Enhanced Storage Shell Extension.) – C:\Windows\System32\EhStorShell.dll =>.Microsoft Corporation

                                  —\ System Drivers List (93) - 87s
                                  O58 - SDL:2006/11/02 04:51:38 A . (.Adaptec, Inc. - Adaptec Windows SAS/SATA Storport Driver.) – C:\Windows\System32\drivers\adp94xx.sys [420968] =>.Microsoft Windows®
                                  O58 - SDL:2006/11/02 04:51:32 A . (.Adaptec, Inc. - Adaptec Windows SATA Storport Driver.) – C:\Windows\System32\drivers\adpahci.sys [297576] =>.Microsoft Windows®
                                  O58 - SDL:2006/11/02 04:50:35 A . (.Adaptec, Inc. - Adaptec LH Ultra160 Driver (x86).) – C:\Windows\System32\drivers\adpu160m.sys [98408] =>.Microsoft Windows®
                                  O58 - SDL:2006/11/02 04:51:00 A . (.Adaptec, Inc. - Adaptec StorPort Ultra320 SCSI Driver.) – C:\Windows\System32\drivers\adpu320.sys [147048] =>.Microsoft Windows®
                                  O58 - SDL:2007/08/09 23:49:14 N . (.Acer Laboratories Inc. - ALi mini IDE Driver.) – C:\Windows\System32\drivers\aliide.sys [17592] =>.Microsoft Windows®
                                  O58 - SDL:2006/11/02 04:50:09 A . (.Adaptec, Inc. - Adaptec RAID Storport Driver.) – C:\Windows\System32\drivers\arc.sys [67688] =>.Microsoft Windows®
                                  O58 - SDL:2006/11/02 04:50:10 A . (.Adaptec, Inc. - Adaptec SAS RAID WS03 Driver.) – C:\Windows\System32\drivers\arcsas.sys [67688] =>.Microsoft Windows®
                                  O58 - SDL:2006/11/02 02:36:43 A . (.ATI Technologies Inc. - ATI Radeon Kernel Mode Driver.) – C:\Windows\System32\drivers\atikmdag.sys [2028032] =>.ATI Technologies Inc.
                                  O58 - SDL:2017/01/26 09:47:55 A . (.BitDefender - Active Virus Control filter driver.) – C:\Windows\System32\drivers\avc3.sys [1258376] =>.Bitdefender SRL®
                                  O58 - SDL:2015/05/29 09:50:59 A . (.BitDefender - BitDefender AntiVirus Active Virus Control.) – C:\Windows\System32\drivers\avchv.sys [252184] =>.Bitdefender SRL®
                                  O58 - SDL:2017/01/26 09:47:54 A . (.BitDefender - Active Virus Control Kernel Filtering drive.) – C:\Windows\System32\drivers\avckf.sys [696632] =>.Bitdefender SRL®
                                  O58 - SDL:2014/12/15 17:56:44 A . (.BitDefender LLC - BitDefender Firewall NDIS6 Filter Driver.) – C:\Windows\System32\drivers\BdfNdisf6.sys [77632] =>.Bitdefender SRL®
                                  O58 - SDL:2015/01/09 11:58:54 A . (.BitDefender SRL - BitDefender SandBox Filter Driver.) – C:\Windows\System32\drivers\bdsandbox.sys [66832] =>.Bitdefender SRL®
                                  O58 - SDL:2012/04/17 14:40:22 A . (.BitDefender - FileVault Disk Driver.) – C:\Windows\System32\drivers\bdvedisk.sys [72704] =>.BitDefender SRL®
                                  O58 - SDL:2006/11/02 03:24:45 A . (.Brother Industries, Ltd. - Windows ME USB Mass-Storage Bulk-Only Lower.) – C:\Windows\System32\drivers\BrFiltLo.sys [13568] =>.Brother Industries, Ltd.
                                  O58 - SDL:2006/11/02 03:24:46 A . (.Brother Industries, Ltd. - Windows ME USB Mass-Storage Bulk-Only Upper.) – C:\Windows\System32\drivers\BrFiltUp.sys [5248] =>.Brother Industries, Ltd.
                                  O58 - SDL:2006/11/02 03:25:24 A . (.Brother Industries Ltd. - Brotehr Serial I/F Driver (WDM).) – C:\Windows\System32\drivers\BrSerId.sys [71808] =>.Brother Industries Ltd.
                                  O58 - SDL:2006/11/02 03:24:44 A . (.Brother Industries Ltd. - Brother Serial driver (WDM version).) – C:\Windows\System32\drivers\BrSerWdm.sys [62336] =>.Brother Industries Ltd.
                                  O58 - SDL:2006/11/02 03:24:44 A . (.Brother Industries Ltd. - Brother USB MDM Driver.) – C:\Windows\System32\drivers\BrUsbMdm.sys [12160] =>.Brother Industries Ltd.
                                  O58 - SDL:2006/11/02 03:24:47 A . (.Brother Industries Ltd. - Brother USB Serial Driver.) – C:\Windows\System32\drivers\BrUsbSer.sys [11904] =>.Brother Industries Ltd.
                                  O58 - SDL:2007/06/04 17:25:14 N . (.Cyberlink Co.,Ltd. - Cyberlink Storage Helper Driver (WindowsNT5.) – C:\Windows\System32\drivers\CLBStor.sys [16048] =>.CyberLink®
                                  O58 - SDL:2007/06/04 17:25:12 N . (.CyberLink Corporation. - UDF File System Driver.) – C:\Windows\System32\drivers\CLBUDF.sys [162096] =>.CyberLink®
                                  O58 - SDL:2007/08/09 23:49:14 N . (.CMD Technology, Inc. - CMD PCI IDE Bus Driver.) – C:\Windows\System32\drivers\cmdide.sys [19128] =>.Microsoft Windows®
                                  O58 - SDL:2006/11/02 04:50:11 A . (.Adaptec, Inc. - Adaptec Ultra SCSI miniport.) – C:\Windows\System32\drivers\djsvs.sys [71272] =>.Microsoft Windows®
                                  O58 - SDL:2007/04/29 03:42:24 A . (.Intel Corporation - Intel(R) PRO/1000 Adapter NDIS 6 deserializ.) – C:\Windows\System32\drivers\e1e6032.sys [228224] =>.Intel Corporation®
                                  O58 - SDL:2006/11/02 02:30:54 A . (.Intel Corporation - Intel(R) PRO/1000 Adapter NDIS 6 deserializ.) – C:\Windows\System32\drivers\E1G60I32.sys [117760] =>.Intel Corporation
                                  O58 - SDL:2007/09/20 13:12:34 A . (.EldoS Corporation - RawDisk Driver. Allows write-access to raw.) – C:\Windows\System32\drivers\elrawdsk.sys [12800] =>.EldoS Corporation
                                  O58 - SDL:2006/11/02 04:51:34 A . (.Emulex - Storport Miniport Driver for LightPulse HBA.) – C:\Windows\System32\drivers\elxstor.sys [316520] =>.Microsoft Windows®
                                  O58 - SDL:2008/04/01 13:33:16 A . (.LeapFrog - FLY Fusion USB Driver.) – C:\Windows\System32\drivers\FlyUsb.sys [19456] =>.LeapFrog
                                  O58 - SDL:2012/08/21 12:01:22 A . (.GEAR Software Inc. - CD DVD Filter.) – C:\Windows\System32\drivers\GEARAspiWDM.sys [26840] =>.GEAR Software Inc.®
                                  O58 - SDL:2009/04/17 14:48:14 A . (.GARMIN Corp. - Generic WDM Support Driver.) – C:\Windows\System32\drivers\grmngen.sys [18304] =>.GARMIN Corp.
                                  O58 - SDL:2009/04/17 14:48:14 A . (.GARMIN Corp. - grmnusb.sys.) – C:\Windows\System32\drivers\grmnusb.sys [9344] =>.GARMIN Corp.
                                  O58 - SDL:2015/04/29 13:31:46 A . (.BitDefender LLC - BitDefender Gonzales FileSystem Driver.) – C:\Windows\System32\drivers\gzflt.sys [173832] =>.Bitdefender SRL®
                                  O58 - SDL:2006/11/02 04:50:10 A . (.Hewlett-Packard Company - Smart Array Storport Driver.) – C:\Windows\System32\drivers\HpCISSs.sys [37480] =>.Microsoft Windows®
                                  O58 - SDL:2007/04/26 05:41:38 A . (.Intel Corporation - Intel Matrix Storage Manager driver - ia32.) – C:\Windows\System32\drivers\iaStor.sys [304920] =>.Intel Corporation®
                                  O58 - SDL:2006/11/02 04:51:25 A . (.Intel Corporation - Intel Matrix Storage Manager driver (base).) – C:\Windows\System32\drivers\iaStorV.sys [232040] =>.Microsoft Windows®
                                  O58 - SDL:2006/11/02 04:50:17 A . (.Intel Corp./ICP vortex GmbH - Intel/ICP Raid Storport Driver.) – C:\Windows\System32\drivers\iirsp.sys [41576] =>.Microsoft Windows®
                                  O58 - SDL:2007/03/09 16:04:42 A . (.Intel Corporation - Intel(R) Network Adapter Diagnostic Driver.) – C:\Windows\System32\drivers\iqvw32.sys [31072] =>.Intel Corporation®
                                  O58 - SDL:2006/11/02 04:50:07 A . (.Integrated Technology Express, Inc. - ITE IT8211 ATA/ATAPI SCSI miniport.) – C:\Windows\System32\drivers\iteatapi.sys [35944] =>.Microsoft Windows®
                                  O58 - SDL:2006/11/02 04:50:09 A . (.Integrated Technology Express, Inc. - ITE IT8212 ATA RAID SCSI miniport.) – C:\Windows\System32\drivers\iteraid.sys [35944] =>.Microsoft Windows®
                                  O58 - SDL:2013/10/08 05:47:52 A . (.Kaspersky Lab ZAO - Filter Core [fre_wlh_x86_sdk].) – C:\Windows\System32\drivers\klflt.sys [74848] =>.Kaspersky Lab®
                                  O58 - SDL:2006/11/02 04:50:04 A . (.LSI Logic - LSI Logic Fusion-MPT FC Driver (StorPort).) – C:\Windows\System32\drivers\lsi_fc.sys [65640] =>.Microsoft Windows®
                                  O58 - SDL:2006/11/02 04:50:05 A . (.LSI Logic - LSI Logic Fusion-MPT SAS Driver (StorPort).) – C:\Windows\System32\drivers\lsi_sas.sys [65640] =>.Microsoft Windows®
                                  O58 - SDL:2006/11/02 04:50:10 A . (.LSI Logic - LSI Logic Fusion-MPT SCSI Driver (StorPort).) – C:\Windows\System32\drivers\lsi_scsi.sys [65640] =>.Microsoft Windows®
                                  O58 - SDL:2017/02/22 21:26:50 A . (.Malwarebytes - Malwarebytes Chameleon Protection Driver.) – C:\Windows\System32\drivers\mbamchameleon.sys [94936] =>.Malwarebytes Corporation®
                                  O58 - SDL:2017/02/22 21:27:35 A . (.Malwarebytes - Malwarebytes Anti-Malware.) – C:\Windows\System32\drivers\MBAMSwissArmy.sys [170200] =>.Malwarebytes Corporation®
                                  O58 - SDL:2006/11/02 04:49:53 A . (.LSI Logic Corporation - MEGASAS RAID Controller Driver for Windows.) – C:\Windows\System32\drivers\megasas.sys [28776] =>.Microsoft Windows®
                                  O58 - SDL:2006/11/02 04:49:59 A . (.LSI Logic Corporation - MegaRAID RAID Controller Driver for Windows.) – C:\Windows\System32\drivers\Mraid35x.sys [33384] =>.Microsoft Windows®
                                  O58 - SDL:2006/11/02 04:50:19 A . (.IBM Corporation - IBM ServeRAID Controller Driver.) – C:\Windows\System32\drivers\nfrd960.sys [45160] =>.Microsoft Windows®
                                  O58 - SDL:2006/11/02 02:36:50 A . (.N-trig Innovative Technologies - N-trig tablet digitizer in-box driver.) – C:\Windows\System32\drivers\ntrigdigi.sys [20608] =>.N-trig Innovative Technologies
                                  O58 - SDL:2013/02/25 23:22:06 A . (.NVIDIA Corporation - NVIDIA Windows Kernel Mode Driver, Version.) – C:\Windows\System32\drivers\nvlddmkm.sys [8939296] =>.NVIDIA Corporation®
                                  O58 - SDL:2006/11/02 04:50:24 A . (.NVIDIA Corporation - NVIDIA® nForce™ RAID Driver.) – C:\Windows\System32\drivers\nvraid.sys [88680] =>.Microsoft Windows®
                                  O58 - SDL:2006/11/02 04:50:13 A . (.NVIDIA Corporation - NVIDIA® nForce™ Sata Performance Driver.) – C:\Windows\System32\drivers\nvstor.sys [40040] =>.Microsoft Windows®
                                  O58 - SDL:2007/12/04 16:10:30 A . (.PalmSource, Inc. - USB Driver for Palm OS Handheld Devices.) – C:\Windows\System32\drivers\PalmUSBD.sys [16640] =>.PalmSource, Inc.
                                  O58 - SDL:2010/10/03 00:30:53 A . (.VSO Software - low level access layer for CD/DVD/BD device.) – C:\Windows\System32\drivers\pcouffin.sys [47360] =>.VSO Software
                                  O58 - SDL:2007/03/07 18:51:00 N . (.Sonic Solutions - Px Engine Device Driver for Windows 2000/XP.) – C:\Windows\System32\drivers\pxhelp20.sys [43528] =>.Sonic Solutions®
                                  O58 - SDL:2006/11/02 04:51:45 A . (.QLogic Corporation - QLogic Fibre Channel Stor Miniport Driver.) – C:\Windows\System32\drivers\ql2300.sys [900712] =>.Microsoft Windows®
                                  O58 - SDL:2006/11/02 04:50:35 A . (.QLogic Corporation - QLogic iSCSI Storport Miniport Driver.) – C:\Windows\System32\drivers\ql40xx.sys [106088] =>.Microsoft Windows®
                                  O58 - SDL:2008/01/24 10:06:40 A . (.Realtek Semiconductor Corp. - Realtek(r) High Definition Audio Function D.) – C:\Windows\System32\drivers\RTKVHDA.sys [2054872] =>.Realtek Semiconductor Corp®
                                  O58 - SDL:2011/06/30 10:59:47 A . (.Sunbelt Software - Anti-Rootkit Engine.) – C:\Windows\System32\drivers\SBREDrv.sys [101720] =>.Sunbelt Software, Inc.®
                                  O58 - SDL:2006/11/02 01:37:21 A . (.Macrovision Corporation, Macrovision Europe Limited, - Macrovision SECURITY Driver.) – C:\Windows\System32\drivers\secdrv.sys [20480] =>.Macrovision Corporation, Macrovision Europe Limited,
                                  O58 - SDL:2006/11/02 04:50:10 A . (.Silicon Integrated Systems Corp. - SiS RAID Stor Miniport Driver.) – C:\Windows\System32\drivers\sisraid2.sys [38504] =>.Microsoft Windows®
                                  O58 - SDL:2006/11/02 04:50:16 A . (.Silicon Integrated Systems - SiS AHCI Stor-Miniport Driver.) – C:\Windows\System32\drivers\sisraid4.sys [71784] =>.Microsoft Windows®
                                  O58 - SDL:2006/11/02 04:50:05 A . (.LSI Logic - LSI Logic 8XX SCSI Miniport Driver.) – C:\Windows\System32\drivers\symc8xx.sys [35944] =>.Microsoft Windows®
                                  O58 - SDL:2007/02/13 17:33:06 A . (.StorageCraft - StorageCraft Volume Snap-Shot.) – C:\Windows\System32\drivers\symsnap.sys [131944] =>.Symantec Corporation®
                                  O58 - SDL:2006/11/02 04:49:56 A . (.LSI Logic - LSI Logic Hi-Perf SCSI Miniport Driver.) – C:\Windows\System32\drivers\sym_hi.sys [31848] =>.Microsoft Windows®
                                  O58 - SDL:2006/11/02 04:50:03 A . (.LSI Logic - LSI Logic Ultra160 SCSI Miniport Driver.) – C:\Windows\System32\drivers\sym_u3.sys [34920] =>.Microsoft Windows®
                                  O58 - SDL:2017/02/18 21:20:24 A . (.BitDefender S.R.L. - Trufos Kernel Module.) – C:\Windows\System32\drivers\trufos.sys [422664] =>.Bitdefender SRL®
                                  O58 - SDL:2006/11/02 04:51:25 A . (.ULi Electronics Inc. - ULi SATA Controller Driver.) – C:\Windows\System32\drivers\uliahci.sys [235112] =>.Microsoft Windows®
                                  O58 - SDL:2006/11/02 04:50:35 A . (.Promise Technology, Inc. - Promise Ultra/Sata Series Driver for Win200.) – C:\Windows\System32\drivers\ulsata.sys [98408] =>.Microsoft Windows®
                                  O58 - SDL:2006/11/02 04:50:45 A . (.Promise Technology, Inc. - Promise SATAII150 Series Windows Drivers.) – C:\Windows\System32\drivers\ulsata2.sys [115816] =>.Microsoft Windows®
                                  O58 - SDL:2015/06/17 17:04:22 A . (.Apple, Inc. - Apple Mobile Device USB Driver.) – C:\Windows\System32\drivers\usbaapl.sys [45056] =>.Apple, Inc.
                                  O58 - SDL:2007/02/13 17:33:04 A . (.Symantec Corporation - V2iMount.sys - Image Mounting Device Driver.) – C:\Windows\System32\drivers\v2imount.sys [37864] =>.Symantec Corporation®
                                  O58 - SDL:2007/08/09 23:49:14 N . (.VIA Technologies, Inc. - VIA Generic PCI IDE Bus Driver.) – C:\Windows\System32\drivers\viaide.sys [20152] =>.Microsoft Windows®
                                  O58 - SDL:2007/06/27 17:31:26 A . (.Symantec Corporation - VProEventMonitor.Sys - Event Monitoring dri.) – C:\Windows\System32\drivers\vproeventmonitor.sys [14072] =>.Symantec Corporation®
                                  O58 - SDL:2006/11/02 04:50:41 A . (.VIA Technologies Inc.,Ltd - VIA RAID DRIVER FOR X86-32.) – C:\Windows\System32\drivers\vsmraid.sys [112232] =>.Microsoft Windows®
                                  O58 - SDL:2017/02/22 19:19:38 A . (.Zemana Ltd. - ZAM.) – C:\Windows\System32\drivers\zam32.sys [181496] =>.Zemana Ltd.®
                                  O58 - SDL:2017/02/22 19:19:37 A . (.Zemana Ltd. - ZAM.) – C:\Windows\System32\drivers\zamguard32.sys [181496] =>.Zemana Ltd.®
                                  O58 - SDL:2006/11/02 02:09:42 A . (…) – C:\Windows\System32\ANSI.SYS [9029] =>.Microsoft Corporation
                                  O58 - SDL:2006/11/02 02:09:45 A . (…) – C:\Windows\System32\country.sys [27097] =>.Microsoft Corporation
                                  O58 - SDL:2006/11/02 02:09:41 A . (…) – C:\Windows\System32\HIMEM.SYS [4768] =>.Microsoft Corporation
                                  O58 - SDL:2006/11/02 02:09:44 A . (…) – C:\Windows\System32\KEY01.SYS [42809] =>.Microsoft Corporation
                                  O58 - SDL:2006/11/02 02:09:44 A . (…) – C:\Windows\System32\KEYBOARD.SYS [42537] =>.Microsoft Corporation
                                  O58 - SDL:2006/11/02 02:09:29 A . (…) – C:\Windows\System32\NTDOS.SYS [27866] =>.Microsoft Corporation
                                  O58 - SDL:2006/11/02 02:09:35 A . (…) – C:\Windows\System32\NTDOS404.SYS [29146] =>.Microsoft Corporation
                                  O58 - SDL:2006/11/02 02:09:38 A . (…) – C:\Windows\System32\NTDOS411.SYS [29370] =>.Microsoft Corporation
                                  O58 - SDL:2006/11/02 02:09:40 A . (…) – C:\Windows\System32\NTDOS412.SYS [29274] =>.Microsoft Corporation
                                  O58 - SDL:2006/11/02 02:09:31 A . (…) – C:\Windows\System32\NTDOS804.SYS [29146] =>.Microsoft Corporation
                                  O58 - SDL:2006/11/02 02:09:20 A . (…) – C:\Windows\System32\NTIO.SYS [33952] =>.Microsoft Corporation
                                  O58 - SDL:2006/11/02 02:09:23 A . (…) – C:\Windows\System32\NTIO404.SYS [34672] =>.Microsoft Corporation
                                  O58 - SDL:2006/11/02 02:09:24 A . (…) – C:\Windows\System32\NTIO411.SYS [35776] =>.Microsoft Corporation
                                  O58 - SDL:2006/11/02 02:09:26 A . (…) – C:\Windows\System32\NTIO412.SYS [35536] =>.Microsoft Corporation
                                  O58 - SDL:2006/11/02 02:09:22 A . (…) – C:\Windows\System32\NTIO804.SYS [34672] =>.Microsoft Corporation

                                  —\ Last modified or created user files (2) - 37s
                                  O61 - LFC: 2017/02/19 21:44:27 RA . (..) – C:\Users\Glen\AppData\Roaming\Microsoft\Installer{ E0EB8881-0CFE-4375-8782-8807D258CD7C}_18be6784.exe [25214]
                                  O61 - LFC: 2017/02/19 21:44:27 RA . (..) – C:\Users\Glen\AppData\Roaming\Microsoft\Installer{ E0EB8881-0CFE-4375-8782-8807D258CD7C}_294823.exe [25214]

                                  —\ File Associations Shell Spawning (11) - 0s
                                  O67 - Shell Spawning: <.bat> [HKLM..\open\Command] (…) – “%1” %*
                                  O67 - Shell Spawning: <.cpl> [HKLM..\cplopen\Command] (.Microsoft Corporation - Windows Control Panel.) – C:\Windows\System32\control.exe =>.Microsoft Corporation
                                  O67 - Shell Spawning: <.cmd> [HKLM..\open\Command] (…) – “%1” %*
                                  O67 - Shell Spawning: <.com> [HKLM..\open\Command] (…) – “%1” %*
                                  O67 - Shell Spawning: <.evt> [HKLM..\open\Command] (.Microsoft Corporation - Event Viewer Snapin Launcher.) – C:\Windows\System32\eventvwr.exe =>.Microsoft Corporation
                                  O67 - Shell Spawning: <.exe> [HKLM..\open\Command] (…) – “%1” %*
                                  O67 - Shell Spawning: <.html> [HKLM..\open\Command] (.Microsoft Corporation - Internet Explorer.) – C:\Program Files\Internet Explorer\iexplore.exe =>.Microsoft Corporation®
                                  O67 - Shell Spawning: <.js> [HKLM..\open\Command] (.Microsoft Corporation - Microsoft (R) Windows Based Script Host.) – C:\Windows\System32\wscript.exe =>.Microsoft Corporation
                                  O67 - Shell Spawning: <.reg> [HKLM..\open\Command] (.Microsoft Corporation - Registry Editor.) – C:\Windows\regedit.exe =>.Microsoft Corporation
                                  O67 - Shell Spawning: <.scr> [HKLM..\open\Command] (…) – “%1” /S
                                  O67 - Shell Spawning: <.html> [HKCU..\open\Command] (.Mozilla Corporation - Firefox.) – C:\Program Files\Mozilla Firefox\firefox.exe =>.Mozilla Corporation®

                                  —\ Start Menu Internet (8) - 1s
                                  O68 - StartMenuInternet: <FIREFOX.EXE> [HKLM..\Shell\open\Command] (.Mozilla Corporation - Firefox.) – C:\Program Files\Mozilla Firefox\firefox.exe =>.Mozilla Corporation®
                                  O68 - StartMenuInternet: <IEXPLORE.EXE> [HKLM..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) – C:\Program Files\Internet Explorer\iexplore.exe =>.Microsoft Corporation®
                                  O68 - StartMenuInternet: <FIREFOX.EXE> [HKLM..\InstallInfo\ShowIconsCommand] (.Mozilla Corporation - Firefox Helper.) – C:\Program Files\Mozilla Firefox\uninstall\helper.exe =>.Mozilla Corporation
                                  O68 - StartMenuInternet: <IEXPLORE.EXE> [HKLM..\InstallInfo\ShowIconsCommand] (.Microsoft Corporation - IE Per-User Initialization Utility.) – C:\Windows\System32\ie4uinit.exe =>.Microsoft Corporation
                                  O68 - StartMenuInternet: <FIREFOX.EXE> [HKLM..\InstallInfo\ReinstallCommand] (.Mozilla Corporation - Firefox Helper.) – C:\Program Files\Mozilla Firefox\uninstall\helper.exe =>.Mozilla Corporation
                                  O68 - StartMenuInternet: <IEXPLORE.EXE> [HKLM..\InstallInfo\ReinstallCommand] (.Microsoft Corporation - IE Per-User Initialization Utility.) – C:\Windows\System32\ie4uinit.exe =>.Microsoft Corporation
                                  O68 - StartMenuInternet: <FIREFOX.EXE> [HKLM..\InstallInfo\HideIconsCommand] (.Mozilla Corporation - Firefox Helper.) – C:\Program Files\Mozilla Firefox\uninstall\helper.exe =>.Mozilla Corporation
                                  O68 - StartMenuInternet: <IEXPLORE.EXE> [HKLM..\InstallInfo\HideIconsCommand] (.Microsoft Corporation - IE Per-User Initialization Utility.) – C:\Windows\System32\ie4uinit.exe =>.Microsoft Corporation

                                  —\ Search Browser Infection (4) - 20s
                                  O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - http://www.bing.com/ =>.Bing.com
                                  O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (Google) - http://www.google.com/ =>.Google Inc.
                                  O69 - SBI: SearchScopes [HKLM] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - (@ieframe.dll,-12512) - http://www.bing.com/ =>.Bing.com
                                  O69 - SBI: SearchScopes [HKLM] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (Google) - http://www.google.com/ =>.Google Inc.

                                  —\ Search Svchost Services (31) - 1s
                                  O83 - Search Svchost Services: AeLookupSvc (AeLookupSvc) . (.Microsoft Corporation - Application Experience Service.) – C:\Windows\System32\aelupsvc.dll [24576] =>.Microsoft Corporation
                                  O83 - Search Svchost Services: wercplsupport (wercplsupport) . (.Microsoft Corporation - Problem Reports and Solutions.) – C:\Windows\System32\wercplsupport.dll [62976] =>.Microsoft Corporation
                                  O83 - Search Svchost Services: Themes (Themes) . (.Microsoft Corporation - Windows Shell Services Dll.) – C:\Windows\System32\shsvcs.dll [247808] =>.Microsoft Corporation
                                  O83 - Search Svchost Services: CertPropSvc (CertPropSvc) . (.Microsoft Corporation - Microsoft Smartcard Certificate Propagation.) – C:\Windows\System32\certprop.dll [40448] =>.Microsoft Corporation
                                  O83 - Search Svchost Services: SCPolicySvc (SCPolicySvc) . (.Microsoft Corporation - Microsoft Smartcard Certificate Propagation.) – C:\Windows\System32\certprop.dll [40448] =>.Microsoft Corporation
                                  O83 - Search Svchost Services: lanmanserver (lanmanserver) . (.Microsoft Corporation - Server Service DLL.) – C:\Windows\System32\srvsvc.dll [125952] =>.Microsoft Corporation
                                  O83 - Search Svchost Services: gpsvc (gpsvc) . (.Microsoft Corporation - Group Policy Client.) – C:\Windows\System32\gpsvc.dll [582144] =>.Microsoft Corporation
                                  O83 - Search Svchost Services: IKEEXT (IKEEXT) . (.Microsoft Corporation - IKE extension.) – C:\Windows\System32\IKEEXT.DLL [444928] =>.Microsoft Corporation
                                  O83 - Search Svchost Services: AudioSrv (AudioSrv) . (.Microsoft Corporation - Windows Audio Service.) – C:\Windows\System32\audiosrv.dll [316928] =>.Microsoft Corporation
                                  O83 - Search Svchost Services: Rasauto (Rasauto) . (.Microsoft Corporation - Remote Access AutoDial Manager.) – C:\Windows\System32\rasauto.dll [90624] =>.Microsoft Corporation
                                  O83 - Search Svchost Services: Rasman (Rasman) . (.Microsoft Corporation - Remote Access Connection Manager.) – C:\Windows\System32\rasmans.dll [262144] =>.Microsoft Corporation
                                  O83 - Search Svchost Services: Remoteaccess (Remoteaccess) . (.Microsoft Corporation - Dynamic Interface Manager.) – C:\Windows\System32\mprdim.dll [68608] =>.Microsoft Corporation
                                  O83 - Search Svchost Services: SENS (SENS) . (.Microsoft Corporation - System Event Notification Service (SENS).) – C:\Windows\System32\Sens.dll [47104] =>.Microsoft Corporation
                                  O83 - Search Svchost Services: Sharedaccess (Sharedaccess) . (.Microsoft Corporation - Microsoft NAT Helper Components.) – C:\Windows\System32\ipnathlp.dll [288256] =>.Microsoft Corporation
                                  O83 - Search Svchost Services: Tapisrv (Tapisrv) . (.Microsoft Corporation - Microsoft® Windows™ Telephony Server.) – C:\Windows\System32\tapisrv.dll [242688] =>.Microsoft Corporation
                                  O83 - Search Svchost Services: TermService (TermService) . (.Microsoft Corporation - Terminal Server Remote Connections Manager.) – C:\Windows\System32\termsrv.dll [449536] =>.Microsoft Corporation
                                  O83 - Search Svchost Services: wuauserv (wuauserv) . (.Microsoft Corporation - Windows Update Agent.) – C:\Windows\System32\wuaueng.dll [1933848] =>.Microsoft Windows Component Publisher®
                                  O83 - Search Svchost Services: BITS (BITS) . (.Microsoft Corporation - Background Intelligent Transfer Service.) – C:\Windows\System32\qmgr.dll [758784] =>.Microsoft Corporation
                                  O83 - Search Svchost Services: ShellHWDetection (ShellHWDetection) . (.Microsoft Corporation - Windows Shell Services Dll.) – C:\Windows\System32\shsvcs.dll [247808] =>.Microsoft Corporation
                                  O83 - Search Svchost Services: iphlpsvc (iphlpsvc) . (.Microsoft Corporation - Service that offers IPv6 connectivity over.) – C:\Windows\System32\iphlpsvc.dll [200704] =>.Microsoft Corporation
                                  O83 - Search Svchost Services: seclogon (seclogon) . (.Microsoft Corporation - Secondary Logon Service DLL.) – C:\Windows\System32\seclogon.dll [19968] =>.Microsoft Corporation
                                  O83 - Search Svchost Services: AppInfo (AppInfo) . (.Microsoft Corporation - Application Information Service.) – C:\Windows\System32\appinfo.dll [33280] =>.Microsoft Corporation
                                  O83 - Search Svchost Services: msiscsi (msiscsi) . (.Microsoft Corporation - iSCSI Discovery service.) – C:\Windows\System32\iscsiexe.dll [111616] =>.Microsoft Corporation
                                  O83 - Search Svchost Services: MMCSS (MMCSS) . (.Microsoft Corporation - Multimedia Class Scheduler Service.) – C:\Windows\System32\mmcss.dll [45056] =>.Microsoft Corporation
                                  O83 - Search Svchost Services: ProfSvc (ProfSvc) . (.Microsoft Corporation - ProfSvc.) – C:\Windows\System32\profsvc.dll [153600] =>.Microsoft Corporation
                                  O83 - Search Svchost Services: EapHost (EapHost) . (.Microsoft Corporation - Microsoft EAPHost service.) – C:\Windows\System32\eapsvc.dll [57344] =>.Microsoft Corporation
                                  O83 - Search Svchost Services: winmgmt (winmgmt) . (.Microsoft Corporation - WMI.) – C:\Windows\System32\wbem\WMIsvc.dll [162304] =>.Microsoft Corporation
                                  O83 - Search Svchost Services: schedule (schedule) . (.Microsoft Corporation - Task Scheduler Service.) – C:\Windows\System32\schedsvc.dll [602112] =>.Microsoft Corporation
                                  O83 - Search Svchost Services: SessionEnv (SessionEnv) . (.Microsoft Corporation - Terminal Services Configuration service.) – C:\Windows\System32\SessEnv.dll [84992] =>.Microsoft Corporation
                                  O83 - Search Svchost Services: browser (browser) . (.Microsoft Corporation - Computer Browser Service DLL.) – C:\Windows\System32\browser.dll [81920] =>.Microsoft Corporation
                                  O83 - Search Svchost Services: hkmsvc (hkmsvc) . (.Microsoft Corporation - Key Management Service.) – C:\Windows\System32\KMSVC.DLL [68096] =>.Microsoft Corporation

                                  —\ Additional Scan (O88) (2) - 0s
                                  C:\Users\Glen\AppData\Local\Akamai =>.Superfluous.AkamaiHD
                                  C:\Users\Glen\AppData\Roaming\inst.exe =>Heuristic.Suspect

                                  —\ Summary of the elements found (6) - 0s
                                  https://www.nicolascoolman.com/fr/adware-mywebsearch/ =>PUP.Optional.MyWebSearch
                                  Logiciels Potentiellement Superflus (LPS). - ZAM =>.Superfluous.AkamaiHD
                                  Redirecting... =>Adware.InstallCore
                                  https://www.nicolascoolman.com/fr/su...us-virtualgirl =>.Superfluous.VirtualGirl
                                  https://www.nicolascoolman.com/fr/pup-quickshare/ =>PUP.Optional.QuickShare
                                  Heuristic Suspect, 1 Logiciel Indésirable. - ZAM =>Heuristic.Suspect

                                  ~ Unselected Options: O82,
                                  ~ End of the scan, 25670 items in 11mn14s (1115)(0)

                                    Comment

                                    • Malnutrition
                                      PCHF Moderator
                                      • Jul 2016
                                      • 7041
                                      #10
                                      Originally posted by clarkgriswold
                                      Ok, here is the report.
                                      Ok, while I look over this log; is the malware being detected in the FRST quarantine?
                                      Are you having any other issues?

                                      System drive C: has 10 GB () free of 171 GB : ATTENTION =>Warning Disk Space

                                      I’d suggest that you clean the machine with Privazer, then defrag with SmartDefrag.

                                        Comment

                                        • clarkgriswold
                                          PCHF Member
                                          • Feb 2017
                                          • 39
                                          #11
                                          Nothing came up on the last Bitdefender scan. I am running one final scan because sometimes Bitdefender detects it and sometimes it doesn’t.
                                          Then I will run the Privazer and defrag.

                                          What software would you recommend for a full security suite? I have lost some confidence in Bitdefener, although it’s probably not it’s fault that I contracted the trojan.
                                          Or, would you recommend separate applications for virus and firewall control? I am trying to make sure this machine is clean before I transfer files to a new PC. I then want to have the best

                                          One last question… is there any program that can run in the back round in addition to the above; that could prevent future malware and trojans like this in real time?

                                          I will be transferring files from this machine (when deemed clean) to a brand new PC. I want to make sure that I have the best applications available going forward.

                                            Comment

                                            • Malnutrition
                                              PCHF Moderator
                                              • Jul 2016
                                              • 7041
                                              #12
                                              Lets run one last FRST fix, I found some additional malware on your machine… As well as some trash.
                                              Also, it seems system restore is disabled on your machine. ======> Click Here For Instructions to enable.
                                              I will answer your questions after this fix…

                                              FRST Fix.

                                              Download attached fixlist.txt file and save it to the Desktop. NOTE. It’s important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work. NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system Run FRST/FRST64 and press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run. When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

                                              HijackThis.

                                              1- Please click HERE to download HijackThis.
                                              2- Unzip to your desktop – Right Click Run as Admin.
                                              3- Click on the Main Menu button if not already there.
                                              4- Select Do a system scan and save a logfile.
                                              5- Copy & Paste Log in your next reply.

                                                Comment

                                                • clarkgriswold
                                                  PCHF Member
                                                  • Feb 2017
                                                  • 39
                                                  #13
                                                  I tried to run Privazer but it would not execute. “PrivaZer setup has stopped working”
                                                  I skipped the defrag for the time being (figuring this would take a while)
                                                  Below I have attached the logs from FRST and Hijack This.

                                                  Bitdefender seems to be showing clean for now.


                                                  Fix result of Farbar Recovery Scan Tool (x86) Version: 19-02-2017
                                                  [/quote]
                                                  Ran by Glen (23-02-2017 10:20:02) Run:2
                                                  Running from C:\Users\Glen\Desktop
                                                  Loaded Profiles: Glen (Available Profiles: Glen & UpdatusUser & Administrator)
                                                  Boot Mode: Normal

                                                  ==============================================

                                                  fixlist content:

                                                  start
                                                  emptytemp:
                                                  CloseProcesses:
                                                  CreateRestorePoint:
                                                  DeleteKey: HKLM\SOFTWARE\AVG
                                                  DeleteKey: HKLM\SOFTWARE\AVG Web TuneUp
                                                  DeleteKey: HKLM\SOFTWARE\iolo
                                                  DeleteKey: HKLM\SOFTWARE\KasperskyLab
                                                  DeleteKey: HKLM\SOFTWARE\Lavasoft
                                                  DeleteKey: HKLM\SOFTWARE\Large Software
                                                  DeleteKey: HKLM\SOFTWARE\McAfee.com
                                                  DeleteKey: HKLM\SOFTWARE\mcafeeupdater
                                                  DeleteKey: HKLM\SOFTWARE\MyFunCards_5mEI
                                                  DeleteKey: HKLM\SOFTWARE\WholeSecurity
                                                  DeleteKey: HKLM\SOFTWARE\Symante
                                                  DeleteKey: HKLM\SOFTWARE\SymDebug
                                                  DeleteKey: HKLM\SOFTWARE\Yahoo
                                                  DeleteKey: HKCU\SOFTWARE\AVG
                                                  DeleteKey: HKCU\SOFTWARE\AVG Web TuneUp
                                                  DeleteKey: HKCU\SOFTWARE\IM
                                                  DeleteKey: HKCU\SOFTWARE\iolo
                                                  DeleteKey: HKCU\SOFTWARE\Lavasoft
                                                  DeleteKey: HKCU\SOFTWARE\Large Software
                                                  DeleteKey: HKCU\SOFTWARE\McAfee
                                                  DeleteKey: HKCU\SOFTWARE\Symantec
                                                  DeleteKey: HKCU\SOFTWARE\Totem
                                                  DeleteKey: HKCU\SOFTWARE\AppDataLow\Software\Yahoo
                                                  C:\Program Files\GUM9A6A.tmp
                                                  C:\Program Files\Norton Save and Restore
                                                  C:\ProgramData\aJ01842PhEhB01842
                                                  C:\ProgramData\B0FFCDD9-5261-4e59-B29A-17A4FABDEBAB
                                                  C:\ProgramData\McAfee
                                                  C:\ProgramData\Norton
                                                  C:\ProgramData\Yahoo!
                                                  C:\Program Files\Common Files\Symantec Shared
                                                  C:\Users\Glen\AppData\Roaming\HpUpdate
                                                  C:\Users\Glen\AppData\Roaming\iolo
                                                  C:\Users\Glen\AppData\Roaming\Yahoo!
                                                  C:\Users\Glen\AppData\Local\0303933
                                                  C:\Users\Glen\AppData\Local\1e17e
                                                  C:\Users\Glen\AppData\Roaming\inst.exe
                                                  C:\Users\Glen\AppData\Local\Sunbelt Software
                                                  C:\Users\Glen\AppData\Local\Symantec_Corporation
                                                  C:\Users\Glen\AppData\Local\The Weather Channel
                                                  C:\Users\Glen\AppData\Local\Threat Expert
                                                  C:\Windows\System32\Config\systemprofile\AppData\L ocal\Avg
                                                  C:\Windows\System32\Config\systemprofile\AppData\L ocal\AvgSetupLog
                                                  C:\Windows\System32\Config\systemprofile\AppData\L ocal\Sunbelt Software
                                                  C:\Windows\System32\Config\systemprofile\AppData\R oaming\iolo
                                                  C:\Windows\System32\Config\systemprofile\AppData\R oaming\McAfee
                                                  C:\Windows\System32\drivers\klflt.sys
                                                  C:\Windows\System32\drivers\SBREDrv.sys
                                                  C:\Windows\System32\drivers\v2imount.sys
                                                  C:\Windows\System32\drivers\vproeventmonitor.sys
                                                  RemoveProxy:
                                                  CMD: netsh advfirewall reset
                                                  CMD: netsh advfirewall set allprofiles state On
                                                  CMD: ipconfig /flushdns
                                                  C:\windows\system32\Drivers\etc\hosts
                                                  Hosts:
                                                  DeleteQuarantine:
                                                  reboot:
                                                  end

                                                  Processes closed successfully.
                                                  Restore point was successfully created.
                                                  HKLM\SOFTWARE\AVG => key removed successfully.
                                                  HKLM\SOFTWARE\AVG Web TuneUp => key removed successfully.
                                                  HKLM\SOFTWARE\iolo => key removed successfully.
                                                  HKLM\SOFTWARE\KasperskyLab => key removed successfully.
                                                  HKLM\SOFTWARE\Lavasoft => key removed successfully.
                                                  HKLM\SOFTWARE\Large Software => key removed successfully.
                                                  HKLM\SOFTWARE\McAfee.com => key removed successfully.
                                                  HKLM\SOFTWARE\mcafeeupdater => key removed successfully.
                                                  HKLM\SOFTWARE\MyFunCards_5mEI => key removed successfully.
                                                  HKLM\SOFTWARE\WholeSecurity => key removed successfully.
                                                  HKLM\SOFTWARE\Symante => key not found.
                                                  HKLM\SOFTWARE\SymDebug => key removed successfully.
                                                  HKLM\SOFTWARE\Yahoo => key removed successfully.
                                                  HKCU\SOFTWARE\AVG => key removed successfully.
                                                  HKCU\SOFTWARE\AVG Web TuneUp => key removed successfully.
                                                  HKCU\SOFTWARE\IM => key removed successfully.
                                                  HKCU\SOFTWARE\iolo => key removed successfully.
                                                  HKCU\SOFTWARE\Lavasoft => key removed successfully.
                                                  HKCU\SOFTWARE\Large Software => key removed successfully.
                                                  HKCU\SOFTWARE\McAfee => key removed successfully.
                                                  HKCU\SOFTWARE\Symantec => key removed successfully.
                                                  HKCU\SOFTWARE\Totem => key removed successfully.
                                                  HKCU\SOFTWARE\AppDataLow\Software\Yahoo => key removed successfully.
                                                  C:\Program Files\GUM9A6A.tmp => moved successfully
                                                  C:\Program Files\Norton Save and Restore => moved successfully
                                                  C:\ProgramData\aJ01842PhEhB01842 => moved successfully
                                                  C:\ProgramData\B0FFCDD9-5261-4e59-B29A-17A4FABDEBAB => moved successfully
                                                  C:\ProgramData\McAfee => moved successfully
                                                  C:\ProgramData\Norton => moved successfully
                                                  C:\ProgramData\Yahoo! => moved successfully
                                                  C:\Program Files\Common Files\Symantec Shared => moved successfully
                                                  C:\Users\Glen\AppData\Roaming\HpUpdate => moved successfully
                                                  C:\Users\Glen\AppData\Roaming\iolo => moved successfully
                                                  C:\Users\Glen\AppData\Roaming\Yahoo! => moved successfully
                                                  C:\Users\Glen\AppData\Local\0303933 => moved successfully
                                                  C:\Users\Glen\AppData\Local\1e17e => moved successfully
                                                  C:\Users\Glen\AppData\Roaming\inst.exe => moved successfully
                                                  C:\Users\Glen\AppData\Local\Sunbelt Software => moved successfully
                                                  C:\Users\Glen\AppData\Local\Symantec_Corporation => moved successfully
                                                  C:\Users\Glen\AppData\Local\The Weather Channel => moved successfully
                                                  C:\Users\Glen\AppData\Local\Threat Expert => moved successfully
                                                  C:\Windows\System32\Config\systemprofile\AppData\L ocal\Avg => moved successfully
                                                  C:\Windows\System32\Config\systemprofile\AppData\L ocal\AvgSetupLog => moved successfully
                                                  C:\Windows\System32\Config\systemprofile\AppData\L ocal\Sunbelt Software => moved successfully
                                                  C:\Windows\System32\Config\systemprofile\AppData\R oaming\iolo => moved successfully
                                                  C:\Windows\System32\Config\systemprofile\AppData\R oaming\McAfee => moved successfully
                                                  C:\Windows\System32\drivers\klflt.sys => moved successfully
                                                  C:\Windows\System32\drivers\SBREDrv.sys => moved successfully
                                                  C:\Windows\System32\drivers\v2imount.sys => moved successfully
                                                  C:\Windows\System32\drivers\vproeventmonitor.sys => moved successfully

                                                  ========= RemoveProxy: =========

                                                  HKU\S-1-5-21-3490785829-169181324-3712256341-1000\SOFTWARE\Policies\Microsoft\Internet Explorer => key removed successfully.
                                                  HKU.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVers ion\Internet Settings\Connections\DefaultConnectionSettings => value removed successfully.
                                                  HKU\S-1-5-21-3490785829-169181324-3712256341-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Int ernet Settings\Connections\DefaultConnectionSettings => value removed successfully.
                                                  HKU\S-1-5-21-3490785829-169181324-3712256341-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Int ernet Settings\Connections\SavedLegacySettings => value removed successfully.

                                                  ========= End of RemoveProxy: =========

                                                  ========= netsh advfirewall reset =========

                                                  Ok.

                                                  ========= End of CMD: =========

                                                  ========= netsh advfirewall set allprofiles state On =========

                                                  Ok.

                                                  ========= End of CMD: =========

                                                  ========= ipconfig /flushdns =========

                                                  Windows IP Configuration

                                                  Successfully flushed the DNS Resolver Cache.

                                                  ========= End of CMD: =========

                                                  C:\windows\system32\Drivers\etc\hosts => moved successfully
                                                  Hosts restored successfully.
                                                  “C:\FRST\Quarantine” => removed successfully..

                                                  =========== EmptyTemp: ==========

                                                  BITS transfer queue => 0 B
                                                  DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 4788593 B
                                                  Java, Flash, Steam htmlcache => 0 B
                                                  Windows/system/drivers => 2926592 B
                                                  Edge => 0 B
                                                  Chrome => 0 B
                                                  Firefox => 12719316 B
                                                  Opera => 0 B

                                                  Temp, IE cache, history, cookies, recent:
                                                  Users => 0 B
                                                  Default => 0 B
                                                  Public => 0 B
                                                  ProgramData => 0 B
                                                  systemprofile => 0 B
                                                  LocalService => 0 B
                                                  NetworkService => 0 B
                                                  Glen => 638737 B
                                                  UpdatusUser => 0 B
                                                  UpdatusUser => 0 B
                                                  Administrator => 0 B

                                                  RecycleBin => 0 B
                                                  EmptyTemp: => 20.1 MB temporary data Removed.

                                                  ================================

                                                  The system needed a reboot.

                                                  ==== End of Fixlog 10:28:41 ====


                                                  Logfile of Trend Micro HiJackThis 2.0.6 - Private Fork by Alex Dragokas ver. Alpha 4.3

                                                  Platform: x32 Windows Vista (Home Premium), 6.0.6002, Service Pack: 2
                                                  Time: 23.02.2017 - 10:33
                                                  Language: OS: English (0x409). Display: English (0x409). Non-Unicode: English (0x409)
                                                  Elevated: Yes
                                                  Ran by: Glen (group: Administrator) on DESKTOP

                                                  Chrome: 35.0.1916.153
                                                  Firefox: 51.0.1.6234
                                                  Internet Explorer: 9.0.8112.16834

                                                  Boot mode: Normal

                                                  Running processes:
                                                  Number | Path

                                                  1 C:\Program Files\Bitdefender\Bitdefender 2015\bdagent.exe
                                                  1 C:\Program Files\Bitdefender\Bitdefender 2015\bdwtxag.exe
                                                  1 C:\Program Files\Bitdefender\Bitdefender 2015\updatesrv.exe
                                                  1 C:\Program Files\Bitdefender\Bitdefender 2015\vsserv.exe
                                                  1 C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe
                                                  1 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
                                                  1 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
                                                  1 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
                                                  1 C:\Program Files\EPSON Software\Event Manager\EEventManager.exe
                                                  1 C:\Program Files\EPSON Software\FAX Utility\FUFAXRCV.exe
                                                  1 C:\Program Files\EPSON Software\FAX Utility\FUFAXSTM.exe
                                                  1 C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
                                                  1 C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
                                                  2 C:\Program Files\Mozilla Firefox\firefox.exe
                                                  1 C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
                                                  1 C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
                                                  1 C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
                                                  1 C:\Program Files\PIXELA\ImageMixer 3 SE Ver.3\CameraMonitor.exe
                                                  1 C:\Program Files\USB Sharing\usbshare.exe
                                                  2 C:\Program Files\Zemana AntiMalware\ZAM.exe
                                                  1 C:\Users\Glen\Desktop\HiJackThis.exe
                                                  1 C:\Windows\RtHDVCpl.exe
                                                  1 C:\Windows\System32\AERTSrv.exe
                                                  1 C:\Windows\System32\SLsvc.exe
                                                  1 C:\Windows\System32\SearchIndexer.exe
                                                  1 C:\Windows\System32\audiodg.exe
                                                  2 C:\Windows\System32\csrss.exe
                                                  1 C:\Windows\System32\dwm.exe
                                                  1 C:\Windows\System32\escsvc.exe
                                                  1 C:\Windows\System32\lsass.exe
                                                  1 C:\Windows\System32\lsm.exe
                                                  2 C:\Windows\System32\nvvsvc.exe
                                                  1 C:\Windows\System32\services.exe
                                                  1 C:\Windows\System32\smss.exe
                                                  1 C:\Windows\System32\spoolsv.exe
                                                  15 C:\Windows\System32\svchost.exe
                                                  2 C:\Windows\System32\taskeng.exe
                                                  1 C:\Windows\System32\wbem\WmiPrvSE.exe
                                                  1 C:\Windows\System32\wininit.exe
                                                  1 C:\Windows\System32\winlogon.exe
                                                  1 C:\Windows\ehome\ehmsas.exe
                                                  1 C:\Windows\ehome\ehtray.exe
                                                  1 C:\Windows\explorer.exe

                                                  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Yahoo on osa Yahoo-konsernia.
                                                  R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = Yahoo on osa Yahoo-konsernia.
                                                  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
                                                  O4 - Global User Startup: APC UPS Status.lnk → C:\Program Files\APC\APC PowerChute Personal Edition\Display.exe
                                                  O4 - Global User Startup: DataViz Inc Messenger.lnk → C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
                                                  O4 - Global User Startup: HotSync Manager.lnk → C:\Program Files\palmOne\Hotsync.exe
                                                  O4 - Global User Startup: ImageMixer 3 SE Camera Monitor Ver.3.lnk → C:\Program Files\PIXELA\ImageMixer 3 SE Ver.3\CameraMonitor.exe
                                                  O4 - Global User Startup: USB Sharing.lnk → C:\Program Files\USB Sharing\usbshare.exe
                                                  O4 - HKCU..: [Cancel_PIP] 1
                                                  O4 - HKCU..: [Resume] 0
                                                  O4 - HKCU..\Run: [Bitdefender Wallet Agent] “C:\Program Files\Bitdefender\Bitdefender 2015\bdwtxag.exe”
                                                  O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
                                                  O4 - HKCU..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
                                                  O4 - HKLM..\Run: [Adobe ARM] “C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe”
                                                  O4 - HKLM..\Run: [Bdagent] “C:\Program Files\Bitdefender\Bitdefender 2015\bdagent.exe”
                                                  O4 - HKLM..\Run: [EEventManager] “C:\Program Files\Epson Software\Event Manager\EEventManager.exe”
                                                  O4 - HKLM..\Run: [FUFAXRCV] “C:\Program Files\Epson Software\FAX Utility\FUFAXRCV.exe”
                                                  O4 - HKLM..\Run: [FUFAXSTM] “C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe”
                                                  O4 - HKLM..\Run: [IAAnotif] “C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe”
                                                  O4 - HKLM..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
                                                  O4 - HKLM..\Run: [ISUSScheduler] “C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe” -start
                                                  O4 - HKLM..\Run: [RtHDVCpl] RtHDVCpl.exe
                                                  O4 - HKLM..\Run: [ZAM] “C:\Program Files\Zemana AntiMalware\ZAM.exe” /minimized
                                                  O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files\Windows Sidebar\Sidebar.exe /detectMem
                                                  O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
                                                  O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files\Windows Sidebar\Sidebar.exe /detectMem
                                                  O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
                                                  O4 - MSConfig\startupreg: [Ad-Watch] (2010/03/09) (no file)
                                                  O4 - MSConfig\startupreg: [Adobe Reader Speed Launcher] (2010/03/09) (no file)
                                                  O4 - MSConfig\startupreg: [BDRegion] (2010/03/09) (no file)
                                                  O4 - MSConfig\startupreg: [Dell PC TuneUp Startup] (2010/03/09) (no file)
                                                  O4 - MSConfig\startupreg: [EPLTarget] (2017/01/02) (no file)
                                                  O4 - MSConfig\startupreg: [LanguageShortcut] (2010/03/09) (no file)
                                                  O4 - MSConfig\startupreg: [Monitor] (2015/09/04) (no file)
                                                  O4 - MSConfig\startupreg: [QuickTime Task] (2011/08/11) (no file)
                                                  O4 - MSConfig\startupreg: [RemoteControl] (2010/03/09) (no file)
                                                  O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
                                                  O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file) (HKLM)
                                                  O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file) (HKLM)
                                                  O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL (HKLM)
                                                  O17 - DHCP DNS - 1: 10.110.4.175
                                                  O22 - ScheduledTask: (Ready) ManualDefrag - \Microsoft\Windows\Defrag - C:\Windows\system32\defrag.exe \?\Volume{92cc5bc4-46ba-11dc-9fe6-806e6f6e6963}\ \?\Volume{92cc5bc5-46ba-11dc-9fe6-806e6f6e6963}\ \?\Volume{92cc5bc6-46ba-11dc-9fe6-806e6f6e6963}
                                                  O22 - ScheduledTask: (Ready) ScheduledDefrag - \Microsoft\Windows\Defrag - C:\Windows\system32\defrag.exe -c -i -g
                                                  O23 - Service R2: Bitdefender Desktop Update Service - (UPDATESRV) - Bitdefender - C:\Program Files\Bitdefender\Bitdefender 2015\updatesrv.exe
                                                  O23 - Service R2: Bitdefender Virus Shield - (VSSERV) - Bitdefender - C:\Program Files\Bitdefender\Bitdefender 2015\vsserv.exe
                                                  O23 - Service R2: CodeMeter Runtime Server - (CodeMeter.exe) - WIBU-SYSTEMS AG - C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe
                                                  O23 - Service R2: Epson Scanner Service - (EpsonScanSvc) - Seiko Epson Corporation - C:\Windows\system32\EscSvc.exe
                                                  O23 - Service R2: Intel(R) Matrix Storage Event Monitor - (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
                                                  O23 - Service R2: NVIDIA Display Driver Service - (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
                                                  O23 - Service R2: NVIDIA Stereoscopic 3D Driver Service - (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
                                                  O23 - Service R2: ZAM Controller Service - (ZAMSvc) - Copyright 2017. - C:\Program Files\Zemana AntiMalware\ZAM.exe
                                                  O23 - Service S2: NVIDIA Update Service Daemon - (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
                                                  O23 - Service S3: Adobe Acrobat Update Service - (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
                                                  O23 - Service S3: Adobe Flash Player Update Service - (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpda teService.exe
                                                  O23 - Service S3: Bitdefender Desktop Parental Control - (BdDesktopParental) - Bitdefender - C:\Program Files\Bitdefender\Bitdefender 2015\bdparentalservice.exe
                                                  O23 - Service S3: InstallDriver Table Manager - (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
                                                  O23 - Service S3: Windows Installer - (msiserver) - Microsoft Corporation - C:\Windows\system32\msiexec /V.exe (file missing)


                                                  End of file - Time spent: 12 sec. - 17364 bytes, CRC32: FFFFFFFF. Sign:

                                                    Comment

                                                    • Malnutrition
                                                      PCHF Moderator
                                                      • Jul 2016
                                                      • 7041
                                                      #14
                                                      HijackThis Fix.

                                                      Locate the HijackThis file, Right Click Run as Admin.
                                                      Close all other open programs prior to running this tool!!
                                                      Click System Scan Only.
                                                      Then check mark the items listed below.

                                                      O4 - Global User Startup: DataViz Inc Messenger.lnk → C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
                                                      O4 - Global User Startup: HotSync Manager.lnk → C:\Program Files\palmOne\Hotsync.exe
                                                      O4 - Global User Startup: ImageMixer 3 SE Camera Monitor Ver.3.lnk → C:\Program Files\PIXELA\ImageMixer 3 SE Ver.3\CameraMonitor.exe
                                                      O4 - Global User Startup: USB Sharing.lnk → C:\Program Files\USB Sharing\usbshare.exe
                                                      O4 - HKCU..: [Cancel_PIP] 1
                                                      O4 - HKCU..: [Resume] 0
                                                      O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
                                                      O4 - HKCU..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
                                                      O4 - HKLM..\Run: [Adobe ARM] “C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe”
                                                      O4 - HKLM..\Run: [EEventManager] “C:\Program Files\Epson Software\Event Manager\EEventManager.exe”
                                                      O4 - HKLM..\Run: [FUFAXRCV] “C:\Program Files\Epson Software\FAX Utility\FUFAXRCV.exe”
                                                      O4 - HKLM..\Run: [FUFAXSTM] “C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe”
                                                      O4 - HKLM..\Run: [IAAnotif] “C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe”
                                                      O4 - HKLM..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
                                                      O4 - HKLM..\Run: [ISUSScheduler] “C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe” -start
                                                      O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files\Windows Sidebar\Sidebar.exe /detectMem
                                                      O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
                                                      O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files\Windows Sidebar\Sidebar.exe /detectMem
                                                      O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
                                                      O4 - MSConfig\startupreg: [Ad-Watch] (2010/03/09) (no file)
                                                      O4 - MSConfig\startupreg: [Adobe Reader Speed Launcher] (2010/03/09) (no file)
                                                      O4 - MSConfig\startupreg: [BDRegion] (2010/03/09) (no file)
                                                      O4 - MSConfig\startupreg: [Dell PC TuneUp Startup] (2010/03/09) (no file)
                                                      O4 - MSConfig\startupreg: [EPLTarget] (2017/01/02) (no file)
                                                      O4 - MSConfig\startupreg: [LanguageShortcut] (2010/03/09) (no file)
                                                      O4 - MSConfig\startupreg: [Monitor] (2015/09/04) (no file)
                                                      O4 - MSConfig\startupreg: [QuickTime Task] (2011/08/11) (no file)
                                                      O4 - MSConfig\startupreg: [RemoteControl] (2010/03/09) (no file)
                                                      O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file) (HKLM)
                                                      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file) (HKLM)
                                                      O22 - ScheduledTask: (Ready) ManualDefrag - \Microsoft\Windows\Defrag - C:\Windows\system32\defrag.exe \?\Volume{92cc5bc4-46ba-11dc-9fe6-806e6f6e6963}\ \?\Volume{92cc5bc5-46ba-11dc-9fe6-806e6f6e6963}\ \?\Volume{92cc5bc6-46ba-11dc-9fe6-806e6f6e6963}
                                                      O22 - ScheduledTask: (Ready) ScheduledDefrag - \Microsoft\Windows\Defrag - C:\Windows\system32\defrag.exe -c -i -g
                                                      O23 - Service S3: Adobe Acrobat Update Service - (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
                                                      O23 - Service S3: Adobe Flash Player Update Service - (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpda teService.exe

                                                      Now click on fix checked.
                                                      After the fix is complete, then reboot your machine.


                                                      Something regenerated a file, we removed it twice already. No evidence it is back now… I want to make sure the last fix got it!!

                                                      Lets see if it is back.

                                                      C:\Users\Glen\AppData\Local\1e17e => moved successfully
                                                      C:\Users\Glen\AppData\Local\1e17e => moved successfully

                                                      Download and install the Everything Search Engine
                                                      Right Click Run As Admin. Type or Copy Paste 1e17e into search window.
                                                      Then Click Edit. >>>Select all.
                                                      Right Click highlighted items>>>>>>>> Copy full name to clipboard.
                                                      Paste content of clipboard, here in your next reply.


                                                      Rogue Killer Scan.

                                                      Download RogueKiller – (Portable) – from one of the following links and save it to your Desktop:

                                                      Link 1
                                                      Link 2

                                                      [ul]
                                                      [li]Close all other the running programs[/li][li]Disable ALL Antivirus – Antimalware – Applications.[/li][li]Right Click Rogue Killer and Run as Administrator.[/li][li]Click the Start Scan button.[/li][li]Allow the scan to run – it can take ten minutes or more.[/li][li]Once the scan is complete check All items for removal.[/li][li][ATTACH]1658[/ATTACH][/li]
                                                      [li]After All items are checked then press Remove Selected.[/li]
                                                      [li]Wait until the Status box shows Deleting Finished.[/li][li]Click on open report – then open txt[/li]
                                                      [li]Copy the content of the report and paste it here in your next reply.[/li][/ul]

                                                        Comment

                                                        • clarkgriswold
                                                          PCHF Member
                                                          • Feb 2017
                                                          • 39
                                                          #15
                                                          Procedures followed and scans were run… This is the latest:

                                                          Everything search engine results:
                                                          C:\Program Files\Bitdefender\Bitdefender 2015\mitm_cache\cache\92a81516bf62e1fcfb1e44e51e17 ef0a6ede50e9t


                                                          RogueKiller V12.9.8.0 [Feb 21 2017] (Free) by Adlice Software
                                                          [/quote]


                                                          mail : Support Form | Contact • Adlice Software
                                                          Feedback : http://forum.adlice.com
                                                          Website : Free Virus Cleaner | RogueKiller AntiMalware • Adlice Software
                                                          Blog : http://www.adlice.com

                                                          Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
                                                          Started in : Normal mode
                                                          User : Glen [Administrator]
                                                          Started from : C:\Users\Glen\Desktop\RogueKiller.exe
                                                          Mode : Delete – Date : 02/23/2017 23:55:59 (Duration : 00:57:08)

                                                          ¤¤¤ Processes : 0 ¤¤¤

                                                          ¤¤¤ Registry : 5 ¤¤¤
                                                          [PUP.Gen0] HKEY_CLASSES_ROOT\CLSID{6E993643-8FBC-44FE-BC85-D318495C4D96} (C:\PROGRA~1\COMMON~1\WONDER~1\WONDER~1\WSHelper.e xe) → Deleted
                                                          [Hj.RegVal] HKEY_LOCAL_MACHINE\RK_Software_ON_E_4E25\Microsoft \Windows NT\CurrentVersion\Winlogon | Shell : cmd.exe /k start cmd.exe → Replaced (explorer.exe)
                                                          [PUM.Proxy] HKEY_LOCAL_MACHINE\RK_System_ON_E_2A9C\ControlSet0 01\Services\NlaSvc\Parameters\Internet\ManualProxi es | (default) : → Deleted
                                                          [PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\T cpip\Parameters | DhcpNameServer : 10.110.4.175 () → Replaced ()
                                                          [PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\T cpip\Parameters\Interfaces{98C63B37-7ECC-43D4-AA4D-322215D7E7A2} | DhcpNameServer : 10.110.4.175 () → Not selected

                                                          ¤¤¤ Tasks : 0 ¤¤¤

                                                          ¤¤¤ Files : 0 ¤¤¤

                                                          ¤¤¤ WMI : 0 ¤¤¤

                                                          ¤¤¤ Hosts File : 0 ¤¤¤

                                                          ¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

                                                          ¤¤¤ Web browsers : 1 ¤¤¤
                                                          [PUM.HomePage][Firefox:Config] pooixovy.default-1413691062373 : user_pref(“browser.startup.homepage”, " https://duckduckgo.com/ "); → Replaced (about:home)

                                                          ¤¤¤ MBR Check : ¤¤¤
                                                          +++++ PhysicalDrive0: +++++
                                                          — User —
                                                          [MBR] 511052c2894b04abe8c83e7afcf212ea
                                                          [BSP] 12363dafc8b1110c9583683a9ba0f769 : HP MBR Code
                                                          Partition table:
                                                          0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 54 MB
                                                          1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 112640 | Size: 10240 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
                                                          2 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 21084160 | Size: 171264 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
                                                          3 - [XXXXXX] EXTEN-LBA (0xf) [VISIBLE] Offset (sectors): 371832832 | Size: 56856 MB
                                                          User = LL1 … OK
                                                          Error reading LL2 MBR! ([57] The parameter is incorrect. )

                                                          +++++ PhysicalDrive1: +++++
                                                          Error reading User MBR! ([15] The device is not ready. )
                                                          Error reading LL1 MBR! NOT VALID!
                                                          Error reading LL2 MBR! ([32] The request is not supported. )

                                                          +++++ PhysicalDrive2: +++++
                                                          Error reading User MBR! ([15] The device is not ready. )
                                                          Error reading LL1 MBR! NOT VALID!
                                                          Error reading LL2 MBR! ([32] The request is not supported. )

                                                          +++++ PhysicalDrive3: +++++
                                                          Error reading User MBR! ([15] The device is not ready. )
                                                          Error reading LL1 MBR! NOT VALID!
                                                          Error reading LL2 MBR! ([32] The request is not supported. )

                                                          +++++ PhysicalDrive4: +++++
                                                          Error reading User MBR! ([15] The device is not ready. )
                                                          Error reading LL1 MBR! NOT VALID!
                                                          Error reading LL2 MBR! ([32] The request is not supported. )

                                                            Comment

                                                            Previous 1 2 template Next
                                                            Working...

                                                              We process personal data about users of our site, through the use of cookies and other technologies, to deliver our services, personalize advertising, and to analyze site activity. We may share certain information about our users with our advertising and analytics partners. For additional details, refer to our Privacy Policy.

                                                              By clicking "I AGREE" below, you agree to our Privacy Policy and our personal data processing and cookie practices as described therein. You also acknowledge that this forum may be hosted outside your country and you consent to the collection, storage, and processing of your data in the country where this forum is hosted.

                                                              I Agree