Solved Can't get rid of Trojan Poweliks.Gen.2

[clarkgriswold]

I can't get rid of this nasty bugger. Picked up by Bitdefender, often says deleted, cleaned but it always comes back.

Any help would be huge-thanks!

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 19-02-2017

Ran by Glen (administrator) on DESKTOP (20-02-2017 00:18:34)
Running from C:\Users\Glen\Desktop
Loaded Profiles: Glen (Available Profiles: Glen & UpdatusUser & Administrator)
Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) Language: English (United States)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\vsserv.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Wondershare) C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
(Andrea Electronics Corporation) C:\Windows\System32\AERTSrv.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\updatesrv.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Macrovision Corporation) C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
() C:\Program Files\Web Assistant\ExtensionUpdaterService.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON Software\FAX Utility\FUFAXSTM.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON Software\FAX Utility\FUFAXRCV.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON Software\Event Manager\EEventManager.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(WIBU-SYSTEMS AG) C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\bdagent.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Akamai Technologies, Inc.) C:\Users\Glen\AppData\Local\Akamai\netsession_win.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\bdwtxag.exe
() C:\Program Files\USB Sharing\usbshare.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Akamai Technologies, Inc.) C:\Users\Glen\AppData\Local\Akamai\netsession_win.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [1980416 2013-12-18] (Wondershare)
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [4907008 2008-01-17] (Realtek Semiconductor)
HKLM\...\Run: [ISUSScheduler] => C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [81920 2006-10-03] (Macrovision Corporation)
HKLM\...\Run: [ISUSPM Startup] => C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [221184 2006-10-03] (Macrovision Corporation)
HKLM\...\Run: [IAAnotif] => C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [174872 2007-03-21] (Intel Corporation)
HKLM\...\Run: [HP Software Update] => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)
HKLM\...\Run: [FUFAXSTM] => C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe [863848 2014-05-26] (SEIKO EPSON CORPORATION)
HKLM\...\Run: [FUFAXRCV] => C:\Program Files\Epson Software\FAX Utility\FUFAXRCV.exe [642664 2014-05-26] (SEIKO EPSON CORPORATION)
HKLM\...\Run: [EEventManager] => C:\Program Files\Epson Software\Event Manager\EEventManager.exe [1065024 2014-06-10] (SEIKO EPSON CORPORATION)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1045720 2015-09-14] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle Corporation)
HKLM\...\Run: [Bdagent] => C:\Program Files\Bitdefender\Bitdefender 2015\bdagent.exe [1865664 2015-06-12] (Bitdefender)
HKLM\...\Policies\Explorer: [NoCDBurning] 0
HKU\S-1-5-21-3490785829-169181324-3712256341-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-19] (Microsoft Corporation)
HKU\S-1-5-21-3490785829-169181324-3712256341-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-19] (Microsoft Corporation)
HKU\S-1-5-21-3490785829-169181324-3712256341-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Glen\AppData\Local\Akamai\netsession_win.exe [4490200 2017-01-03] (Akamai Technologies, Inc.) <===== ATTENTION
HKU\S-1-5-21-3490785829-169181324-3712256341-1000\...\Run: [Bitdefender Wallet Agent] => C:\Program Files\Bitdefender\Bitdefender 2015\bdwtxag.exe [687864 2017-01-31] (Bitdefender)
HKU\S-1-5-21-3490785829-169181324-3712256341-1000\...\Run: [*sneu<*>] => "C:\Users\Glen\AppData\Local\1e17e\9fab6.cc1c98" <===== ATTENTION (Value Name with invalid characters)
HKU\S-1-5-21-3490785829-169181324-3712256341-1000\...\MountPoints2: F - F:\AutoRun\AutoRun.exe
HKU\S-1-5-21-3490785829-169181324-3712256341-1000\...\MountPoints2: {60deb600-6e3c-11e3-913b-001aa08d1be6} - O:\InnoTabSetup.exe
HKU\S-1-5-21-3490785829-169181324-3712256341-1000\...\MountPoints2: {ddc90d2f-8f2b-11de-9f2c-001aa08d1be6} - L:\ImageViewer4.exe -COPYFILE
HKU\S-1-5-21-3490785829-169181324-3712256341-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Aurora.scr [1370624 2008-01-19] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [__SafeBox1] -> {152C96EB-288E-4EDC-B7C6-D21F8250ADF3} => -> No File
ShellIconOverlayIdentifiers: [__SafeBox2] -> {342DAA0B-D796-460D-8566-901E08A1CCAD} => -> No File
ShellIconOverlayIdentifiers: [__SafeBox3] -> {57595DAE-1AE1-4D97-A49E-67CBB53B52DF} => -> No File
ShellIconOverlayIdentifiers: [__SafeBox4] -> {33816773-98AE-4723-ADE0-EBE54C8B5A67} => -> No File
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\APC UPS Status.lnk [2008-09-04]
ShortcutTarget: APC UPS Status.lnk -> C:\Program Files\APC\APC PowerChute Personal Edition\Display.exe (No File)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\DataViz Inc Messenger.lnk [2008-07-18]
ShortcutTarget: DataViz Inc Messenger.lnk -> C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe (No File)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HotSync Manager.lnk [2008-07-18]
ShortcutTarget: HotSync Manager.lnk -> C:\Program Files\palmOne\Hotsync.exe (No File)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ImageMixer 3 SE Camera Monitor Ver.3.lnk [2011-05-29]
ShortcutTarget: ImageMixer 3 SE Camera Monitor Ver.3.lnk -> C:\Program Files\PIXELA\ImageMixer 3 SE Ver.3\CameraMonitor.exe (PIXELA CORPORATION)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\USB Sharing.lnk [2008-09-05]
ShortcutTarget: USB Sharing.lnk -> C:\Program Files\USB Sharing\usbshare.exe ()
BootExecute:

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{98C63B37-7ECC-43D4-AA4D-322215D7E7A2}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-3490785829-169181324-3712256341-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
URLSearchHook: HKU\S-1-5-21-3490785829-169181324-3712256341-1000 - (No Name) - {a94e8dc9-07aa-45a7-8af2-a0375473a5cd} - No File
URLSearchHook: HKU\S-1-5-21-3490785829-169181324-3712256341-1000 - (No Name) - {91da5e8a-3318-4f8c-b67e-5964de3ab546} - No File
URLSearchHook: HKU\S-1-5-21-3490785829-169181324-3712256341-1000 - (No Name) - {f897eb0e-a3a4-46c3-80eb-2729699d8892} - No File
URLSearchHook: HKU\S-1-5-21-3490785829-169181324-3712256341-1000 - (No Name) - {f4c28532-b9d0-4950-a2df-e83f9929242b} - C:\Program Files\MyFunCards_5m\bar\1.bin\5mSrcAs.dll No File
SearchScopes: HKLM -> DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://search.yahoo.com/yhs/search?type=756&hspart=avast&hsimp=yhs-corp&p={searchTerms}
SearchScopes: HKLM -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://search.yahoo.com/yhs/search?type=756&hspart=avast&hsimp=yhs-corp&p={searchTerms}
SearchScopes: HKLM -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2925418
SearchScopes: HKU\.DEFAULT -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\S-1-5-21-3490785829-169181324-3712256341-1000 -> DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://search.yahoo.com/yhs/search?type=756&hspart=avast&hsimp=yhs-corp&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3490785829-169181324-3712256341-1000 -> {4DFE95E1-324C-4BF8-BDE1-266927F9598A} URL = hxxps://search.yahoo.com/search?p={searchTerms}&intl=us&fr=yset_ie_syc_oracle&type=orcl_default&partnerexternal-oracle=external-oracle
SearchScopes: HKU\S-1-5-21-3490785829-169181324-3712256341-1000 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://search.yahoo.com/yhs/search?type=756&hspart=avast&hsimp=yhs-corp&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3490785829-169181324-3712256341-1000 -> {CFF4DB9B-135F-47c0-9269-B4C6572FD61A} URL = hxxp://mystart.smilebox.com/?search={searchTerms}&loc=SB_IE_DS&a=6R8FRqYkDD
BHO: Bitdefender Wallet -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender 2015\pmbxie.dll [2015-04-03] (Bitdefender)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_121\bin\ssv.dll [2017-01-21] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-01-21] (Oracle Corporation)
Toolbar: HKLM - Bitdefender Wallet - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2015\pmbxie.dll [2015-04-03] (Bitdefender)
Toolbar: HKU\S-1-5-21-3490785829-169181324-3712256341-1000 -> No Name - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No File
Toolbar: HKU\S-1-5-21-3490785829-169181324-3712256341-1000 -> No Name - {F897EB0E-A3A4-46C3-80EB-2729699D8892} - No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2006-06-05] (Microsoft Corporation)

FireFox:
========
FF DefaultProfile: pooixovy.default-1413691062373
FF ProfilePath: C:\Users\Glen\AppData\Roaming\Mozilla\Firefox\Profiles\pooixovy.default-1413691062373 [2017-02-20]
FF NewTab: Mozilla\Firefox\Profiles\pooixovy.default-1413691062373 -> about:newtab
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\pooixovy.default-1413691062373 -> Yahoo! (Avast)
FF DefaultSearchEngine.US: Mozilla\Firefox\Profiles\pooixovy.default-1413691062373 -> DuckDuckGo
FF DefaultSearchUrl: Mozilla\Firefox\Profiles\pooixovy.default-1413691062373 -> hxxps://search.yahoo.com/yhs/search
FF SearchEngineOrder.1: Mozilla\Firefox\Profiles\pooixovy.default-1413691062373 -> Yahoo! (Avast)
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\pooixovy.default-1413691062373 -> Yahoo! (Avast)
FF Homepage: Mozilla\Firefox\Profiles\pooixovy.default-1413691062373 -> hxxps://duckduckgo.com/
FF SearchPlugin: C:\Users\Glen\AppData\Roaming\Mozilla\Firefox\Profiles\pooixovy.default-1413691062373\searchplugins\duckduckgo.xml [2014-10-18]
FF SearchPlugin: C:\Users\Glen\AppData\Roaming\Mozilla\Firefox\Profiles\pooixovy.default-1413691062373\searchplugins\yahoo-avast.xml [2017-01-22]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: (Microsoft .NET Framework Assistant) - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-09-02] [not signed]
FF HKLM\...\Firefox\Extensions: [bdwteffv19@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2015\\bdwteff
FF Extension: (Bitdefender Wallet) - C:\Program Files\Bitdefender\Bitdefender 2015\\bdwteff [2017-01-31]
FF HKLM\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2015\bdtbext
FF Extension: (Bitdefender Antispam Toolbar) - C:\Program Files\Bitdefender\Bitdefender 2015\bdtbext [2015-06-22] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_24_0_0_221.dll [2017-02-14] ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2015-09-04] ()
FF Plugin: @checkpoint.com/FFApi -> C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll [No File]
FF Plugin: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-01-21] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-01-21] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @nvidia.com/3DVision -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll [2013-01-18] (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2013-01-18] (NVIDIA Corporation)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-09-24] (Adobe Systems Inc.)
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\itms.js [2015-09-09]

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [fabcmochhfpldjekobfaaggijgohadih] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [phfmiknmhngmmlcppkpmbnopohlnfpbh] - C:\Users\Glen\AppData\Local\CRE\phfmiknmhngmmlcppkpmbnopohlnfpbh.crx [2012-09-09]
CHR HKU\S-1-5-21-3490785829-169181324-3712256341-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [phfmiknmhngmmlcppkpmbnopohlnfpbh] - C:\Users\Glen\AppData\Local\CRE\phfmiknmhngmmlcppkpmbnopohlnfpbh.crx [2012-09-09]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AERTFilters; C:\Windows\system32\AERTSrv.exe [77824 2007-12-05] (Andrea Electronics Corporation)
S4 Automatic LiveUpdate Scheduler; C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [194240 2006-12-03] (Symantec Corporation)
S3 BdDesktopParental; C:\Program Files\Bitdefender\Bitdefender 2015\bdparentalservice.exe [69880 2014-12-09] (Bitdefender)
R2 CodeMeter.exe; C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe [3105144 2013-11-27] (WIBU-SYSTEMS AG)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc.exe [126128 2012-05-17] (Seiko Epson Corporation)
S3 getPlusHelper; C:\Program Files\NOS\bin\getPlus_Helper.dll [68000 2010-03-22] (NOS Microsystems Ltd.)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]
S4 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [73728 2011-03-04] (Hewlett-Packard Company) [File not signed]
S4 LiveUpdate; C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE [2541248 2006-12-03] (Symantec Corporation)
S4 LiveUpdate Notice Service; C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe [517768 2007-03-12] (Symantec Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44032 2010-08-06] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2010-08-06] (Hewlett-Packard) [File not signed]
S4 SafeBox; C:\Program Files\Bitdefender\Bitdefender SafeBox\safeboxservice.exe [81704 2013-07-08] (Bitdefender)
R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender 2015\updatesrv.exe [54424 2014-10-27] (Bitdefender)
R2 VSSERV; C:\Program Files\Bitdefender\Bitdefender 2015\vsserv.exe [1335176 2017-01-31] (Bitdefender)
R2 Web Assistant Updater; C:\Program Files\Web Assistant\ExtensionUpdaterService.exe [185856 2012-07-12] () [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-19] (Microsoft Corporation)
S2 CLTNetCnService; "C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon [X]
S2 LiveUpdate Notice Ex; "C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon [X]
S4 stllssvr; "C:\Program Files\Common Files\SureThing Shared\stllssvr.exe" [X]
S2 ZAPrivacyService; "C:\Program Files\CheckPoint\ZoneAlarm\ZAPrivacyService.exe" [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [1258376 2017-01-26] (BitDefender)
R3 avchv; C:\Windows\System32\DRIVERS\avchv.sys [252184 2015-05-29] (BitDefender)
R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [696632 2017-01-26] (BitDefender)
R1 BdfNdisf; c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys [77632 2014-12-15] (BitDefender LLC)
R1 bdftdif; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdftdif.sys [131432 2012-02-07] (BitDefender LLC)
S3 BDSandBox; C:\Windows\system32\drivers\bdsandbox.sys [66832 2015-01-09] (BitDefender SRL)
R1 bdselfpr; C:\Program Files\Bitdefender\Bitdefender 2015\bdselfpr.sys [135600 2013-07-26] (BitDefender LLC)
R1 BDVEDISK; C:\Windows\System32\DRIVERS\bdvedisk.sys [72704 2012-04-17] (BitDefender)
R1 CLBStor; C:\Windows\system32\Drivers\CLBStor.sys [16048 2007-06-04] (Cyberlink Co.,Ltd.)
R2 CLBUDF; C:\Windows\system32\Drivers\CLBUDF.sys [162096 2007-06-04] (CyberLink Corporation.)
S3 Dot4Scan; C:\Windows\System32\DRIVERS\Dot4Scan.sys [10752 2008-01-19] (Microsoft Corporation)
R1 ElRawDisk; C:\Windows\system32\drivers\elrawdsk.sys [12800 2007-09-20] (EldoS Corporation) [File not signed]
S3 FlyUsb; C:\Windows\System32\DRIVERS\FlyUsb.sys [19456 2008-04-01] (LeapFrog) [File not signed]
S3 grmnusb; C:\Windows\System32\drivers\grmnusb.sys [9344 2009-04-17] (GARMIN Corp.) [File not signed]
R0 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [173832 2015-04-29] (BitDefender LLC)
S3 PalmUSBD; C:\Windows\System32\drivers\PalmUSBD.sys [16640 2007-12-04] (PalmSource, Inc.)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [74848 2013-10-08] (Kaspersky Lab ZAO)
S0 Lbd; system32\DRIVERS\Lbd.sys [X]
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 vsdatant7; System32\drivers\vsdatant.win7.sys [X]
S3 XE102Mp5; System32\Drivers\XE102Mp5.sys [X]
S3 XE102Sp5; System32\Drivers\XE102Sp5.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-02-20 00:18 - 2017-02-20 00:20 - 00021763 _____ C:\Users\Glen\Desktop\FRST.txt
2017-02-20 00:16 - 2017-02-20 00:18 - 00000000 ____D C:\FRST
2017-02-20 00:15 - 2017-02-20 00:15 - 01764864 _____ (Farbar) C:\Users\Glen\Desktop\FRST.exe
2017-02-20 00:01 - 2017-02-20 00:01 - 00000000 ____H C:\ProgramData\cm-lock
2017-02-19 23:54 - 2017-02-19 23:57 - 00002178 _____ C:\Users\Glen\Desktop\Rkill.txt
2017-02-19 21:44 - 2017-02-19 21:44 - 00001994 _____ C:\Users\Glen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Vista Upgrade Advisor.lnk
2017-02-19 11:54 - 2017-02-19 14:13 - 00000000 ____D C:\Users\Glen\Desktop\Old Files
2017-02-18 21:20 - 2017-02-18 21:20 - 00422664 _____ (BitDefender S.R.L.) C:\Windows\system32\Drivers\trufos.sys
2017-02-03 00:19 - 2017-02-03 00:19 - 00000000 ____D C:\239deb8e4b0bd0ad0d434b4b
2017-02-03 00:17 - 2017-02-03 00:17 - 00000000 ____D C:\975cafc51b3f32eaa4bd77e09f6d1040
2017-02-02 15:51 - 2017-02-02 15:53 - 00000000 ____D C:\Users\Glen\AppData\Local\Roblox
2017-02-01 17:18 - 2017-02-01 17:18 - 00000000 ____D C:\ProgramData\Roblox
2017-02-01 17:17 - 2017-02-02 16:00 - 00000163 _____ C:\Users\Glen\AppData\LocalLow\rbxcsettings.rbx
2017-02-01 17:17 - 2017-02-01 17:17 - 00000000 ____D C:\Program Files\Roblox
2017-01-27 10:20 - 2017-01-27 10:21 - 00000000 ____D C:\Users\Glen\AppData\Local\AvgSetupLog
2017-01-26 11:30 - 2017-01-26 11:30 - 00000385 _____ C:\Windows\system32\user_gensett.xml
2017-01-26 09:22 - 2017-01-26 09:22 - 00935286 _____ C:\ProgramData\1485439235.bdinstall.bin
2017-01-26 09:19 - 2017-01-26 09:19 - 00000308 ____H C:\bdr-cf01
2017-01-26 09:18 - 2017-01-26 09:18 - 00001959 _____ C:\Users\Public\Desktop\Bitdefender Total Security 2015.lnk
2017-01-26 09:18 - 2017-01-26 09:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bitdefender 2015
2017-01-26 09:17 - 2015-01-09 11:58 - 00066832 _____ (BitDefender SRL) C:\Windows\system32\Drivers\bdsandbox.sys
2017-01-26 09:17 - 2015-01-09 11:44 - 00074000 _____ (BitDefender SRL) C:\Windows\system32\bdsandboxuiskin.dll
2017-01-26 09:17 - 2015-01-09 11:44 - 00026624 _____ (BitDefender SRL) C:\Windows\system32\bdsandboxuh.dll
2017-01-26 09:17 - 2014-12-15 17:56 - 00077632 _____ (BitDefender LLC) C:\Windows\system32\Drivers\BdfNdisf6.sys
2017-01-26 09:17 - 2012-04-17 14:40 - 00072704 _____ (BitDefender) C:\Windows\system32\Drivers\bdvedisk.sys
2017-01-26 09:16 - 2017-01-26 09:47 - 01258376 _____ (BitDefender) C:\Windows\system32\Drivers\avc3.sys
2017-01-26 09:16 - 2017-01-26 09:47 - 00696632 _____ (BitDefender) C:\Windows\system32\Drivers\avckf.sys
2017-01-26 09:16 - 2015-05-29 09:50 - 00252184 _____ (BitDefender) C:\Windows\system32\Drivers\avchv.sys
2017-01-26 09:06 - 2017-01-26 09:23 - 00000000 ____D C:\Users\Glen\AppData\Roaming\Bitdefender
2017-01-26 09:06 - 2017-01-26 09:19 - 00253404 ____H C:\bdr-ld01
2017-01-26 09:06 - 2017-01-26 09:19 - 00009216 ____H C:\bdr-ld01.mbr
2017-01-26 09:06 - 2015-05-19 15:52 - 39533906 ____H C:\bdr-im01.gz
2017-01-26 09:06 - 2012-08-15 15:28 - 02294848 ____H C:\bdr-bz01
2017-01-26 09:00 - 2017-01-26 09:21 - 00000000 ____D C:\ProgramData\Bitdefender
2017-01-26 09:00 - 2017-01-26 09:06 - 00000000 ____D C:\Program Files\Bitdefender
2017-01-26 09:00 - 2017-01-26 09:00 - 00000000 ____D C:\Program Files\Common Files\Bitdefender
2017-01-26 09:00 - 2015-04-29 13:31 - 00173832 _____ (BitDefender LLC) C:\Windows\system32\Drivers\gzflt.sys
2017-01-26 08:56 - 2017-01-26 08:56 - 00000000 ____D C:\Users\Administrator\AppData\Local\CrashDumps
2017-01-26 08:53 - 2017-01-26 08:53 - 00084944 _____ C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
2017-01-26 08:53 - 2017-01-26 08:53 - 00000000 ____D C:\Users\Administrator\AppData\Local\AvgSetupLog
2017-01-26 08:52 - 2017-01-26 08:52 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Adobe
2017-01-26 08:51 - 2017-01-26 08:51 - 00000951 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2017-01-26 08:51 - 2017-01-26 08:51 - 00000946 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2017-01-26 08:51 - 2017-01-26 08:51 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Epson
2017-01-26 08:51 - 2017-01-26 08:51 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Apple Computer
2017-01-26 08:51 - 2017-01-26 08:51 - 00000000 ____D C:\Users\Administrator\AppData\Local\Wondershare
2017-01-26 08:51 - 2017-01-26 08:51 - 00000000 ____D C:\Users\Administrator\AppData\Local\Avg
2017-01-26 08:51 - 2017-01-26 08:51 - 00000000 ____D C:\Users\Administrator\AppData\Local\Apple Computer
2017-01-26 08:50 - 2017-01-26 08:51 - 00000000 ____D C:\Users\Administrator
2017-01-26 08:50 - 2017-01-26 08:50 - 00000917 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk
2017-01-26 08:50 - 2017-01-26 08:50 - 00000020 ___SH C:\Users\Administrator\ntuser.ini
2017-01-26 08:50 - 2017-01-26 08:50 - 00000000 _SHDL C:\Users\Administrator\My Documents
2017-01-26 08:50 - 2017-01-26 08:50 - 00000000 _SHDL C:\Users\Administrator\Documents\My Videos
2017-01-26 08:50 - 2017-01-26 08:50 - 00000000 _SHDL C:\Users\Administrator\Documents\My Pictures
2017-01-26 08:50 - 2017-01-26 08:50 - 00000000 _SHDL C:\Users\Administrator\Documents\My Music
2017-01-26 08:50 - 2010-03-27 09:21 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Macromedia
2017-01-26 08:50 - 2006-11-02 07:37 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Media Center Programs
2017-01-25 23:16 - 2017-01-25 23:16 - 00000000 ____D C:\74b5dafec5ddf39806d5d11a11
2017-01-25 23:03 - 2017-01-25 23:03 - 00000000 ____D C:\a51f592706bbcae6374e3a720ddf
2017-01-25 22:35 - 2017-01-25 22:35 - 00000000 ____D C:\2e35ff875d9f9e874ec13ed34c92e8
2017-01-21 23:53 - 2017-01-21 23:53 - 00000000 ____D C:\Users\Glen\AppData\Local\CEF
2017-01-21 23:51 - 2017-01-27 10:39 - 00000000 ____D C:\ProgramData\Avg
2017-01-21 23:51 - 2017-01-21 23:51 - 00000000 ____D C:\Users\Glen\AppData\Local\Avg
2017-01-21 23:44 - 2017-01-21 23:44 - 00000000 ____D C:\Users\Glen\AppData\Roaming\Yahoo
2017-01-21 23:44 - 2017-01-21 23:44 - 00000000 ____D C:\Users\Glen\AppData\Local\YSearchUtil
2017-01-21 23:44 - 2017-01-21 23:44 - 00000000 ____D C:\Program Files\Yahoo!

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-02-20 00:19 - 2016-11-16 17:24 - 00000000 ____D C:\Users\Glen\AppData\LocalLow\Mozilla
2017-02-20 00:07 - 2006-11-02 06:18 - 00000000 ____D C:\Windows\inf
2017-02-20 00:07 - 2006-11-02 05:33 - 00763670 _____ C:\Windows\system32\PerfStringBackup.INI
2017-02-20 00:02 - 2016-02-13 13:02 - 00000917 _____ C:\Windows\Tasks\EPSON WF-4630 Series Update {E3062EAB-2698-476F-8702-41D3C9FF90BE}.job
2017-02-20 00:02 - 2016-02-13 13:02 - 00000731 _____ C:\Windows\Tasks\EPSON WF-4630 Series Invitation {E3062EAB-2698-476F-8702-41D3C9FF90BE}.job
2017-02-20 00:01 - 2008-02-16 11:09 - 00000000 ____D C:\ProgramData\NVIDIA
2017-02-20 00:01 - 2006-11-02 08:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-02-20 00:01 - 2006-11-02 07:47 - 00003568 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2017-02-20 00:01 - 2006-11-02 07:47 - 00003568 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2017-02-20 00:00 - 2015-03-28 14:50 - 00451022 _____ C:\bdlog.txt
2017-02-20 00:00 - 2006-11-02 08:01 - 00032564 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2017-02-19 23:57 - 2012-04-08 01:46 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2017-02-19 22:28 - 2016-12-28 10:30 - 00000000 ____D C:\Users\Glen\AppData\Local\CrashDumps
2017-02-19 12:44 - 2006-11-02 07:47 - 00337320 _____ C:\Windows\system32\FNTCACHE.DAT
2017-02-19 12:41 - 2010-05-18 22:51 - 00001356 _____ C:\Users\Glen\AppData\Local\d3d9caps.dat
2017-02-19 12:40 - 2007-08-13 19:41 - 00552296 _____ C:\Windows\ntbtlog.txt
2017-02-18 20:31 - 2007-12-10 09:05 - 00000000 ____D C:\ProgramData\Lavasoft
2017-02-14 20:57 - 2012-04-08 01:46 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2017-02-14 20:57 - 2011-05-19 02:27 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2017-02-14 20:57 - 2007-08-09 16:03 - 00000000 ____D C:\Windows\system32\Macromed
2017-01-28 12:42 - 2016-11-16 10:10 - 00000000 ____D C:\Program Files\Mozilla Firefox
2017-01-27 18:23 - 2014-06-28 10:20 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2017-01-26 09:19 - 2007-08-11 12:05 - 00000000 ____D C:\Users\Glen
2017-01-26 08:58 - 2007-08-11 12:06 - 00000946 _____ C:\Users\Glen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2017-01-25 22:13 - 2007-10-09 20:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fellowes NEATO MediaFACE II
2017-01-24 09:02 - 2011-11-03 21:24 - 00000000 ____D C:\Users\Glen\AppData\Local\Akamai
2017-01-22 13:21 - 2014-06-28 10:20 - 00000836 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-01-22 12:09 - 2008-09-20 22:24 - 00000000 ____D C:\Program Files\lg_fwupdate
2017-01-22 12:08 - 2008-09-20 22:25 - 00000289 _____ C:\Windows\lgfwup.ini
2017-01-21 23:43 - 2015-03-28 15:41 - 00000000 ____D C:\ProgramData\Oracle
2017-01-21 23:42 - 2015-03-28 15:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-01-21 23:42 - 2007-08-09 16:03 - 00000000 ____D C:\Program Files\Java
2017-01-21 23:42 - 2007-08-09 16:03 - 00000000 ____D C:\Program Files\Common Files\Java
2017-01-21 23:40 - 2015-03-28 15:42 - 00095808 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll

==================== Files in the root of some directories =======

2015-07-16 09:17 - 2015-07-16 09:17 - 0001110 _____ () C:\Users\Glen\AppData\Roaming\ConvAPIPlugin.log
2009-02-21 21:23 - 2010-02-07 23:23 - 0000164 _____ () C:\Users\Glen\AppData\Roaming\default.rss
2010-10-03 00:30 - 2010-10-20 10:20 - 0087608 _____ () C:\Users\Glen\AppData\Roaming\inst.exe
2010-10-03 00:30 - 2010-10-20 10:20 - 0007887 _____ () C:\Users\Glen\AppData\Roaming\pcouffin.cat
2010-10-03 00:30 - 2010-10-20 10:20 - 0001144 _____ () C:\Users\Glen\AppData\Roaming\pcouffin.inf
2010-10-03 00:32 - 2010-10-20 10:20 - 0000033 _____ () C:\Users\Glen\AppData\Roaming\pcouffin.log
2010-10-03 00:30 - 2010-10-20 10:20 - 0047360 _____ (VSO Software) C:\Users\Glen\AppData\Roaming\pcouffin.sys
2008-02-06 17:21 - 2016-12-18 22:49 - 0000278 _____ () C:\Users\Glen\AppData\Roaming\wklnhst.dat
2013-12-26 10:06 - 2013-12-26 13:26 - 0000941 _____ () C:\Users\Glen\AppData\Local\cookies.ini
2010-05-18 22:51 - 2017-02-19 12:41 - 0001356 _____ () C:\Users\Glen\AppData\Local\d3d9caps.dat
2007-08-11 12:41 - 2014-08-12 12:40 - 0115200 _____ () C:\Users\Glen\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2009-07-15 17:18 - 2009-07-15 17:18 - 0004096 _____ () C:\Users\Glen\AppData\Local\keyfile3.drm
2010-10-03 20:58 - 2010-10-03 21:18 - 0000040 ___SH () C:\ProgramData\.zreglib
2017-01-26 09:22 - 2017-01-26 09:22 - 0935286 _____ () C:\ProgramData\1485439235.bdinstall.bin
2017-02-20 00:01 - 2017-02-20 00:01 - 0000000 ____H () C:\ProgramData\cm-lock
2010-03-04 21:10 - 2016-02-12 18:31 - 0023445 _____ () C:\ProgramData\hpzinstall.log
2007-08-12 19:52 - 2016-12-26 11:01 - 0009134 _____ () C:\ProgramData\LUUnInstall.LiveUpdate

Files to move or delete:
====================
C:\Users\Glen\AppData\Local\Akamai\netsession_win.exe


Some files in TEMP:
====================
2017-01-21 23:38 - 2017-01-21 23:38 - 0739904 _____ (Oracle Corporation) C:\Users\Glen\AppData\Local\Temp\jre-8u121-windows-au.exe
2017-01-27 08:47 - 2017-01-27 08:47 - 0111936 _____ (Microsoft Corporation) C:\Users\Glen\AppData\Local\Temp\MsiZap.exe
2017-01-02 10:58 - 2010-05-04 12:46 - 0353112 _____ (Microsoft Corporation) C:\Users\Glen\AppData\Local\Temp\MSNF42D.exe
2016-12-26 19:56 - 2016-12-26 19:56 - 0075264 _____ () C:\Users\Glen\AppData\Local\Temp\upd.exE

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-02-20 00:10

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 19-02-2017

Ran by Glen (20-02-2017 00:20:55)
Running from C:\Users\Glen\Desktop
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) (2007-08-09 20:55:55)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3490785829-169181324-3712256341-500 - Administrator - Disabled) => C:\Users\Administrator
Glen (S-1-5-21-3490785829-169181324-3712256341-1000 - Administrator - Enabled) => C:\Users\Glen
Guest (S-1-5-21-3490785829-169181324-3712256341-501 - Limited - Disabled)
UpdatusUser (S-1-5-21-3490785829-169181324-3712256341-1003 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Bitdefender Antivirus (Enabled - Up to date) {3FB17364-4FCC-0FA7-6BBF-973897395371}
AS: Bitdefender Antispyware (Enabled - Up to date) {84D09280-69F6-0029-510F-AC4AECBE19CC}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Bitdefender Firewall (Enabled) {078AF241-05A3-0EFF-40E0-3E0D69EA140A}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

32 Bit HP CIO Components Installer (Version: 7.1.8 - Hewlett-Packard) Hidden
Acrobat.com (HKLM\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 2.0.0.0 - Adobe Systems Incorporated)
Acrobat.com (Version: 2.0.0 - Adobe Systems Incorporated) Hidden
Adobe AIR (HKLM\...\Adobe AIR) (Version: 18.0.0.180 - Adobe Systems Incorporated)
Adobe Download Manager (HKLM\...\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}) (Version: 1.6.2.63 - NOS Microsystems Ltd.)
Adobe Flash Player 24 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 24.0.0.221 - Adobe Systems Incorporated)
Adobe Flash Player 24 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 24.0.0.221 - Adobe Systems Incorporated)
Adobe Reader X (10.1.16) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.16 - Adobe Systems Incorporated)
Akamai NetSession Interface (HKU\S-1-5-21-3490785829-169181324-3712256341-1000\...\Akamai) (Version: - Akamai Technologies, Inc)
Apple Application Support (32-bit) (HKLM\...\{AFA1153A-F547-409B-B837-3A0D6C5A3FEC}) (Version: 3.1.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{A75CA58D-DB9C-4D14-9428-E0C7B0F623DC}) (Version: 9.0.0.26 - Apple Inc.)
Apple Software Update (HKLM\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
AviSynth 2.5 (HKLM\...\AviSynth) (Version: - )
BD/HD Advisor 1.0 (HKLM\...\{2D2D8FE2-605C-4D3C-B706-36E981E7EEF0}) (Version: - )
Bitdefender Total Security 2015 (HKLM\...\Bitdefender) (Version: 18.23.0.1604 - Bitdefender)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
bpd_scan (Version: 3.00.0000 - Hewlett-Packard) Hidden
Canon RAW Image Task for ZoomBrowser EX (HKLM\...\RAW Image Task) (Version: 0.9.3.9 - Canon Inc.)
Canon Utilities CameraWindow (HKLM\...\CameraWindowLauncher) (Version: 7.1.0.2 - Canon Inc.)
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX (HKLM\...\CameraWindowDVC6) (Version: 6.4.2.16 - Canon Inc.)
Canon Utilities MyCamera (HKLM\...\MyCamera) (Version: 6.4.0.5 - Canon Inc.)
Canon Utilities RemoteCapture Task for ZoomBrowser EX (HKLM\...\RemoteCaptureTask) (Version: 1.7.1.9 - Canon Inc.)
Canon Utilities ZoomBrowser EX (HKLM\...\ZoomBrowser EX) (Version: 6.1.1.21 - Canon Inc.)
Canon ZoomBrowser EX Memory Card Utility (HKLM\...\ZoomBrowser EX Memory Card Utility) (Version: 1.1.0.8 - Canon Inc.)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
CyberLink InstantBurn (HKLM\...\{19C64880-BBCA-11D4-9EEE-0004ACDDDB3B}) (Version: - )
Dell DataSafe (HKLM\...\{DF68383B-A940-4ABD-87FF-1D969F2B938B}) (Version: 2.00.0000 - Dell Inc.)
Dell System Customization Wizard (HKLM\...\{13BA7B44-B712-4DEE-A7B8-1DD564F37AE5}) (Version: 1.00.0000 - Dell Inc.)
Document Capture Pro (HKLM\...\{C75B4983-D3A7-4D0A-8B1A-7BC4F2044F37}) (Version: 1.06.0012 - Seiko Epson Corporation)
Documents To Go Desktop for iOS (HKLM\...\DTGDesktop) (Version: 5.0000.013 - DataViz, Inc.)
DVD Shrink 3.2 (HKLM\...\DVD Shrink_is1) (Version: - DVD Shrink)
Epson Event Manager (HKLM\...\{E4631929-CBD3-49A1-9BB7-F36E701F7C34}) (Version: 3.10.0040 - Seiko Epson Corporation)
Epson FAX Utility (HKLM\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 1.51.00 - SEIKO EPSON CORPORATION)
Epson PC-FAX Driver (HKLM\...\EPSON PC-FAX Driver 2) (Version: - )
EPSON Scan (HKLM\...\EPSON Scanner) (Version: - Seiko Epson Corporation)
EPSON Scan OCR Component (HKLM\...\{563B99D8-8895-4E3E-AE8D-15BE8C05F1C1}) (Version: 2.30.00 - SEIKO EPSON Corp.)
EPSON Scan PDF Extensions (HKLM\...\{F9956472-6E16-4F83-BF9A-F887EF4A45B7}) (Version: 1.03.0001 - SEIKO EPSON Corp.)
EPSON WF-4630 Series Printer Uninstall (HKLM\...\EPSON WF-4630 Series) (Version: - SEIKO EPSON Corporation)
Epson WF-4630 User’s Guide version 1.0 (HKLM\...\UsersGuideEpson WF-4630 User’s Guide_is1) (Version: 1.0 - )
EpsonNet Print (HKLM\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.6.0 - SEIKO EPSON CORPORATION)
Hi-Def Suite (HKLM\...\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 5.0.1603 - CyberLink Corporation)
HPDiagnosticAlert (Version: 1.00.0000 - Microsoft) Hidden
ImageMixer 3 SE Ver.3 (HKLM\...\{3A95D49D-0076-4DB7-A91E-0E685DC6D6AD}) (Version: 3.01.020 - PIXELA)
ImagXpress (Version: 7.0.74.0 - Nero AG) Hidden
Intel(R) Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - )
Intel(R) PRO Network Connections 12.1.11.0 (HKLM\...\PROSetDX) (Version: - Intel)
iTunes (HKLM\...\{868B9974-4F23-494D-B6BC-4FAB92B2755D}) (Version: 12.1.3.6 - Apple Inc.)
Java 8 Update 121 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F32180121F0}) (Version: 8.0.1210.13 - Oracle Corporation)
Java 8 Update 45 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
Java(TM) SE Runtime Environment 6 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0160000}) (Version: 1.6.0.0 - Sun Microsystems, Inc.)
LG ODD Auto Firmware Update (HKLM\...\{6179550A-3E7C-499E-BCC9-9E8113E0A285}) (Version: 5.01.0226.01 - )
LightScribe System Software (HKLM\...\{E0E55FC1-C53D-4F8D-B14B-B59C312747C8}) (Version: 1.18.22.2 - LightScribe)
LiveUpdate 3.2 (Symantec Corporation) (HKLM\...\LiveUpdate) (Version: 3.2.0.26 - Symantec Corporation)
LiveUpdate Notice (Symantec Corporation) (HKLM\...\{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}) (Version: 1.2.0 - Symantec Corporation)
MediaFACE II (HKLM\...\{DC1D7AD2-583A-4024-9041-387E8FFA5D8C}) (Version: - )
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM\...\{91E30409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Windows Vista Upgrade Advisor (HKLM\...\{E0EB8881-0CFE-4375-8782-8807D258CD7C}) (Version: 1.0.1 - Microsoft)
Microsoft Works (HKLM\...\{6D52C408-B09A-4520-9B18-475B81D393F1}) (Version: 08.05.0818 - Microsoft Corporation)
MobileMe Control Panel (HKLM\...\{779DECD7-E072-4B56-9B6B-BEB5973EEEB5}) (Version: 3.1.6.0 - Apple Inc.)
Mozilla Firefox 50.1.0 (x86 en-US) (HKLM\...\Mozilla Firefox 50.1.0 (x86 en-US)) (Version: 50.1.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 50.1.0.6186 - Mozilla)
MSVCSetup (Version: 1.00.0000 - HP) Hidden
MSXML 4.0 SP2 (KB927978) (HKLM\...\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}) (Version: 4.20.9841.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB941833) (HKLM\...\{C523D256-313D-4866-B36A-F3DE528246EF}) (Version: 4.20.9849.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NVIDIA 3D Vision Controller Driver 296.10 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 296.10 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 311.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 311.06 - NVIDIA Corporation)
NVIDIA Display Control Panel (HKLM\...\NVIDIA Display Control Panel) (Version: 6.14.11.9745 - NVIDIA Corporation)
NVIDIA Graphics Driver 311.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 311.06 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.12.0213 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.0213 - NVIDIA Corporation)
NVIDIA Update 1.11.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.11.3 - NVIDIA Corporation)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
Product Documentation Launcher (HKLM\...\{89CEAE14-DD0F-448E-9554-15781EC9DB24}) (Version: 1.00.0000 - Dell Inc.)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: - )
Recover My Files (HKLM\...\Recover My Files v5_is1) (Version: 5.2.1.1964 - GetData Pty Ltd)
Software Updater (HKLM\...\{8DBC5A0A-31C4-46C7-B252-6B593EA11A87}) (Version: 4.3.7 - SEIKO EPSON CORPORATION)
Sonic Activation Module (Version: 1.0 - Sonic Solutions) Hidden
Spelling Dictionaries Support For Adobe Reader 8 (HKLM\...\{AC76BA86-7AD7-5464-3428-800000000003}) (Version: 8.0.0 - Adobe Systems)
System Requirements Lab (HKLM\...\SystemRequirementsLab) (Version: - )
USB Sharing (HKLM\...\{25BDEE44-A62C-4DCE-9635-2D1646E2B663}) (Version: - )
User's Guides (HKLM\...\{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}) (Version: - )
VC 9.0 Runtime (Version: 1.0.0 - Check Point Software Technologies Ltd) Hidden
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (HKLM\...\{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01) (Version: 9.0.30729.01 - Microsoft Corporation)
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VTech Download Agent Library (Version: 1.00.0000 - VTech) Hidden
Windows Live ID Sign-in Assistant (HKLM\...\{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}) (Version: 6.500.3165.0 - Microsoft Corporation)
WinRAR archiver (HKLM\...\WinRAR archiver) (Version: - )
Yahoo Search Set (HKLM\...\Yahoo! SearchSet) (Version: - Yahoo Inc.)
ZoneAlarm DataLock (Version: 10.1.065.000 - Check Point Software Technologies Ltd.) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3490785829-169181324-3712256341-1000_Classes\CLSID\{188047CE-0F0A-11D7-8331-00C04FA03755}\localserver32 -> C:\PROGRA~1\palmOne\QUICKI~1.EXE => No File
CustomCLSID: HKU\S-1-5-21-3490785829-169181324-3712256341-1000_Classes\CLSID\{209DAEB8-0F02-11D7-8331-00C04FA03755}\localserver32 -> C:\PROGRA~1\palmOne\QUICKI~1.EXE => No File
CustomCLSID: HKU\S-1-5-21-3490785829-169181324-3712256341-1000_Classes\CLSID\{382C9F93-9BA4-4FC6-88DC-AD52F5812FF8}\localserver32 -> "C:\Users\Glen\AppData\Roaming\Smilebox\OzDesktopImporter.exe" => No File
CustomCLSID: HKU\S-1-5-21-3490785829-169181324-3712256341-1000_Classes\CLSID\{693566bc-21f8-401e-8d42-e2c5ce50dacc}\localserver32 -> C:\Users\Glen\AppData\Local\Temp\{d5641912-e47a-429c-879e-cfe13eac7a13}\IDriver.NonElevated.exe => N (the data entry has 6 more characters).
CustomCLSID: HKU\S-1-5-21-3490785829-169181324-3712256341-1000_Classes\CLSID\{763F9014-A89C-11D6-82E7-00C04FA03755}\localserver32 -> C:\PROGRA~1\palmOne\QUICKI~1.EXE => No File
CustomCLSID: HKU\S-1-5-21-3490785829-169181324-3712256341-1000_Classes\CLSID\{BE1B5231-A3E2-11D6-82E3-00C04FA03755}\localserver32 -> C:\PROGRA~1\palmOne\QUICKI~1.EXE => No File
CustomCLSID: HKU\S-1-5-21-3490785829-169181324-3712256341-1000_Classes\CLSID\{C42B23DF-334C-4AD0-9AB4-91FF53D04239}\localserver32 -> "C:\Users\Glen\AppData\Roaming\Smilebox\OzDesktopImporter.exe" => No File
CustomCLSID: HKU\S-1-5-21-3490785829-169181324-3712256341-1000_Classes\CLSID\{DFD4C164-AE18-11D6-82EC-00C04FA03755}\localserver32 -> C:\PROGRA~1\palmOne\QUICKI~1.EXE => No File
CustomCLSID: HKU\S-1-5-21-3490785829-169181324-3712256341-1000_Classes\CLSID\{f4c28532-b9d0-4950-a2df-e83f9929242b}\InprocServer32 -> C:\Program Files\MyFunCards_5m\bar\1.bin\5mSrcAs.dll => No File

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {17C3711D-7E21-4D2A-8FD4-80ECB19BB36C} - System32\Tasks\Ad-Aware Update (Weekly) => C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
Task: {1C2BFEBB-C9B8-40EF-BA7B-D5201E63806B} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2015-08-27] (Apple Inc.)
Task: {220D309F-59EE-44D4-99C7-A4063687102B} - System32\Tasks\{2028ABC9-32ED-4C06-91E9-053878041268} => pcalua.exe -a F:\SETUP.EXE -d F:\ -c /AUTORUN
Task: {3EBAC6B0-0E01-48FE-B28F-5994609B6EA9} - System32\Tasks\{D9AF9D65-BB9E-4F69-A722-44379F8B0934} => pcalua.exe -a "C:\Program Files\GetData\Recover My Files\RecoverMyFiles.exe" -d "C:\Program Files\GetData\Recover My Files"
Task: {423C1562-2B26-44D9-9E6A-D02D256A28FF} - System32\Tasks\{C1FCE3D9-EAB2-4CA3-AE11-663AAD4DFC16} => pcalua.exe -a F:\autorun.exe -d F:\
Task: {62F6A621-F6AE-464E-BE66-74793BFF7AAD} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2017-02-14] (Adobe Systems Incorporated)
Task: {80603F12-8AF1-4B9A-982B-EBA598909069} - System32\Tasks\EPSON WF-4630 Series Invitation {E3062EAB-2698-476F-8702-41D3C9FF90BE} => C:\Windows\system32\spool\DRIVERS\W32X86\3\E_TTSKLE.EXE [2013-02-28] (SEIKO EPSON CORPORATION)
Task: {A84A6B12-A206-4D22-9AD6-89B0AF492116} - System32\Tasks\{82C6B9FC-0BA2-4CBF-9D00-3128DBE5866A} => pcalua.exe -a "C:\Users\Glen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\N137I7QO\USBDrivers_221[1].exe" -d C:\Users\Glen
Task: {AF06B840-555F-46B4-93DC-5D1C64A78890} - System32\Tasks\{8E1D13D6-A0B1-4413-ADE5-58072754FAAA} => pcalua.exe -a F:\setup.exe -d F:\
Task: {AFAE7C3D-6E97-4942-84D4-B3F4874AB1EB} - System32\Tasks\EPSON WF-4630 Series Update {E3062EAB-2698-476F-8702-41D3C9FF90BE} => C:\Windows\system32\spool\DRIVERS\W32X86\3\E_TTSKLE.EXE [2013-02-28] (SEIKO EPSON CORPORATION)
Task: {B5BC98B8-08C6-42D2-A44C-2FB0A629D4BD} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-09-14] (Adobe Systems Incorporated)
Task: {FED34180-25B7-4EAD-BB57-DC18F9037D18} - System32\Tasks\{12BA5604-D8C7-4859-A9A9-72D73BACEE54} => pcalua.exe -a "C:\Program Files\palmOne\QuickInstall.exe" -d C:\Users\Glen\Desktop

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\EPSON WF-4630 Series Invitation {E3062EAB-2698-476F-8702-41D3C9FF90BE}.job => C:\Windows\system32\spool\DRIVERS\W32X86\3\E_TTSKLE.EXE
Task: C:\Windows\Tasks\EPSON WF-4630 Series Update {E3062EAB-2698-476F-8702-41D3C9FF90BE}.job => C:\Windows\system32\spool\DRIVERS\W32X86\3\E_TTSKLE.EXE :/EXE:{E3062EAB-2698-476F-8702-41D3C9FF90BE} /F:Update SYSTEM ĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2017-01-26 09:17 - 2014-08-27 16:30 - 00204280 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\txmlutil.dll
2017-01-26 09:16 - 2013-09-03 14:29 - 00095088 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\bdmetrics.dll
2017-01-26 09:17 - 2015-06-22 16:22 - 00003072 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\UI\accessl.ui
2017-01-26 09:17 - 2012-10-29 14:22 - 00130656 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\bdfwcore.dll
2017-02-08 00:29 - 2017-02-08 00:29 - 00859344 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\otengines_02643_003\ashttpbr.mdl
2017-02-08 00:29 - 2017-02-08 00:29 - 00466568 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\otengines_02643_003\ashttpdsp.mdl
2017-02-08 00:29 - 2017-02-08 00:29 - 02660936 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\otengines_02643_003\ashttpph.mdl
2017-02-08 00:29 - 2017-02-08 00:30 - 01303008 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\otengines_02643_003\ashttprbl.mdl
2007-10-09 19:58 - 2007-09-20 17:34 - 00129024 _____ () C:\Program Files\WinRAR\rarext.dll
2014-10-11 14:48 - 2013-07-24 08:24 - 00137728 _____ () C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\CBSCreateVC.dll
2012-09-21 12:04 - 2012-07-12 10:48 - 00185856 _____ () C:\Program Files\Web Assistant\ExtensionUpdaterService.exe
2009-09-17 09:55 - 2009-04-11 01:28 - 00368640 _____ () C:\Windows\system32\msjetoledb40.dll
2008-09-05 18:48 - 2003-05-23 11:04 - 00139264 _____ () C:\Program Files\USB Sharing\usbshare.exe

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:0B4227B4 [268]
AlternateDataStreams: C:\ProgramData\TEMP:0CE7F3C9 [312]
AlternateDataStreams: C:\ProgramData\TEMP:A8ADE5D8 [232]
AlternateDataStreams: C:\ProgramData\TEMPFC5A2B2 [244]
AlternateDataStreams: C:\Users\Glen\Desktop\FRST.exe:BDU [0]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\KL1 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\kl2 => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 05:23 - 2008-09-15 14:18 - 00001077 ____N C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3490785829-169181324-3712256341-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Glen\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 1) (EnableLUA: 0)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\Services: Apple Mobile Device => 2
MSCONFIG\Services: Automatic LiveUpdate Scheduler => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: Lavasoft Ad-Aware Service => 2
MSCONFIG\Services: LightScribeService => 2
MSCONFIG\Services: LiveUpdate => 3
MSCONFIG\Services: LiveUpdate Notice Service => 2
MSCONFIG\startupreg: Ad-Watch =>
MSCONFIG\startupreg: Adobe Reader Speed Launcher =>
MSCONFIG\startupreg: AppleSyncNotifier => C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: Bdagent => "C:\Program Files\Bitdefender\Bitdefender 2015\bdagent.exe"
MSCONFIG\startupreg: BDRegion =>
MSCONFIG\startupreg: Bitdefender Wallet Agent => "C:\Program Files\Bitdefender\Bitdefender 2015\bdwtxag.exe"
MSCONFIG\startupreg: Dell PC TuneUp Startup =>
MSCONFIG\startupreg: EPLTarget =>
MSCONFIG\startupreg: InstantBurn => C:\PROGRA~1\CYBERL~1\INSTAN~1\Win2K\IBurn.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: LanguageShortcut =>
MSCONFIG\startupreg: LGODDFU => "C:\Program Files\lg_fwupdate\fwupdate.exe" blrun
MSCONFIG\startupreg: Monitor =>
MSCONFIG\startupreg: QuickTime Task =>
MSCONFIG\startupreg: RemoteControl =>
MSCONFIG\startupreg: Symantec PIF AlertEng => "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
MSCONFIG\startupreg: Windows Defender => %ProgramFiles%\Windows Defender\MSASCui.exe -hide

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [WinCollab-DFSR-In-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [WinCollab-DFSR-Out-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [WinCollab-In-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-Out-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-Out-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [{52487D41-E3F1-4EF6-A850-AE75DAB5FD37}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
FirewallRules: [{5157DDDC-B9DF-4B1F-A40F-0E2A063AF17F}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
FirewallRules: [{E8208C00-15E0-4EC7-93BA-4040582D8CC2}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe
FirewallRules: [{8E3C4D3F-3943-474E-9E01-83C044E02880}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe
FirewallRules: [{B4541D54-F33F-4FFE-A5B9-885FF16DAC9A}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hposid01.exe
FirewallRules: [{15A7338F-F041-4FDD-9A18-5067200B1110}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{1EDC6A38-B229-4A0A-9054-03C480D967F8}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe
FirewallRules: [{9ECC0299-5E11-493E-BF26-614DF0711D39}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe
FirewallRules: [{C82C6C4A-1284-4C7A-8519-C27E392B8617}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [{047EC2CA-1ED7-43C9-B362-40E7D87C7B1A}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpofxs08.exe
FirewallRules: [{76D0149D-C3B7-476B-82FB-1EFDE857E498}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqfxt08.exe
FirewallRules: [{B2BC89BE-BB3B-46C5-AE15-15B06724BC23}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe
FirewallRules: [{A9626A92-2E46-42F5-9E4A-4516ACA719DD}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
FirewallRules: [{A5CB1C6C-1749-4D1D-9D54-4247868E95F2}] => (Allow) LPort=80
FirewallRules: [{8601B18A-1F64-4AC7-8656-43C941D30155}] => (Allow) LPort=80
FirewallRules: [{81B2CB85-C95E-42F0-A772-E419995B3DCC}] => (Allow) LPort=80
FirewallRules: [{02C5A18A-A5AE-4D22-9EDA-1447AF434C0F}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{5FE9330D-6243-4F11-AA9C-D14E8558EEB6}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [TCP Query User{EA2BB518-26DA-4B33-9F31-0FFFD4E756CF}C:\users\glen\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\glen\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{42758F7A-2433-4873-A96C-7FC15ED308C6}C:\users\glen\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\glen\appdata\local\akamai\netsession_win.exe
FirewallRules: [{3406EAF9-9BEA-4C12-A641-48D5D21ABC3F}] => (Allow) C:\Users\Glen\AppData\Roaming\Smilebox\sbtb_install.exe
FirewallRules: [{47B94913-B1CF-4FCC-9513-C6ED761178F5}] => (Allow) C:\Users\Glen\AppData\Roaming\Smilebox\sbtb_install.exe
FirewallRules: [{19A6674F-B218-4482-8DCA-B509C9554BEC}] => (Allow) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{E8B702D1-8C8A-458F-B899-B496CD03149E}] => (Allow) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{891E5A19-FDE6-42CA-BE6F-13C6663ACD95}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{97065B30-F847-48EF-9609-FBEAAB247650}] => (Allow) C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe
FirewallRules: [{3EDA8036-BC40-4092-B930-71CEF04A2B98}] => (Allow) C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe
FirewallRules: [{DE480A04-09F9-4760-A21E-A96725FF1BE7}] => (Allow) C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe
FirewallRules: [{22AD5023-36BA-4FD8-B513-4A7B81A9862B}] => (Allow) C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe
FirewallRules: [{7C831FD3-1C1A-48A2-8B78-7D39723F5029}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{47F533B1-C8F1-44E2-AA57-E3683421FF8E}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{F964E030-FC1A-4BCA-8745-BDE961C72FF4}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe
FirewallRules: [{4EF6A342-B655-4C70-AD64-99D5AB9A62CB}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe
FirewallRules: [{06BC1296-E664-429D-882F-780CECCEDF87}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe
FirewallRules: [{B61F74FA-B878-4D94-9B09-FACA6097B014}] => (Allow) C:\Program Files\HP\hp software update\hpwucli.exe
FirewallRules: [{E0020F70-AA63-4521-9FCE-8EE7AECC2427}] => (Allow) C:\Program Files\HP\digital imaging\smart web printing\smartwebprintexe.exe
FirewallRules: [{51C9D544-C00A-40CA-99D1-01CD2D173363}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{BE8EE55C-5A1E-41C5-8B11-21268C2064E3}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{C78ED4D8-EC48-4290-9E36-2BBE618BE4E8}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{B20CD4FA-78C6-48B0-B8E5-6258D980E0BA}] => (Allow) C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe
FirewallRules: [{2F4D69E1-0B2D-4746-8955-B15962A68A58}] => (Allow) C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe
FirewallRules: [{52122FB5-B1DE-486B-A851-604E292C684A}] => (Allow) C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe
FirewallRules: [{9F25BEBA-C0C3-4C7D-9CF5-EFDE1B2FDF53}] => (Allow) C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe
FirewallRules: [TCP Query User{0D3CEA84-0F80-409B-B844-9FE66B9BC166}C:\users\glen\appdata\local\temp\rarsfx0\x32\pcsftool.exe] => (Block) C:\users\glen\appdata\local\temp\rarsfx0\x32\pcsftool.exe
FirewallRules: [UDP Query User{E0B6F099-84EF-4D55-962B-246F8685949D}C:\users\glen\appdata\local\temp\rarsfx0\x32\pcsftool.exe] => (Block) C:\users\glen\appdata\local\temp\rarsfx0\x32\pcsftool.exe
FirewallRules: [TCP Query User{94CECE24-A8DA-44CA-8F3F-913169E36D82}C:\program files\epson software\event manager\eeventmanager.exe] => (Block) C:\program files\epson software\event manager\eeventmanager.exe
FirewallRules: [UDP Query User{DC703B94-A20B-4CE3-8105-091E7D343834}C:\program files\epson software\event manager\eeventmanager.exe] => (Block) C:\program files\epson software\event manager\eeventmanager.exe
FirewallRules: [TCP Query User{1DAD6339-7599-49FD-841E-D3EEAC1260C0}C:\program files\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files\epson software\event manager\eeventmanager.exe
FirewallRules: [UDP Query User{86601BFA-9F3E-45D3-8517-F3FEF7DFDFF1}C:\program files\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files\epson software\event manager\eeventmanager.exe
FirewallRules: [TCP Query User{7B8523F7-3639-4A14-863D-7F1A572A877E}C:\users\glen\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\glen\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{53FFF5B3-493F-4563-8BA1-F9AC1CAB1FB2}C:\users\glen\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\glen\appdata\local\akamai\netsession_win.exe
FirewallRules: [{6EE273F5-714D-4C29-87F5-532F39349A13}] => (Allow) LPort=49357
FirewallRules: [{84C79808-A714-40A1-A235-CC822DEBCB67}] => (Allow) LPort=5000

==================== Restore Points =========================

ATTENTION: System Restore is disabled

==================== Faulty Device Manager Devices =============

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Microsoft WPD FileSystem Volume Driver
Description: Microsoft WPD FileSystem Volume Driver
Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Manufacturer: (WPD file system device)
Service: WUDFRd
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: USB HS-CF Card
Description: USB HS-CF Card
Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Manufacturer: TEAC
Service: WUDFRd
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: USB HS-MS Card
Description: USB HS-MS Card
Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Manufacturer: TEAC
Service: WUDFRd
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: USB HS-SD Card
Description: USB HS-SD Card
Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Manufacturer: TEAC
Service: WUDFRd
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: USB HS-xD/SM
Description: USB HS-xD/SM
Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Manufacturer: TEAC
Service: WUDFRd
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver


==================== Event log errors: =========================

Application errors:
==================
Error: (02/19/2017 10:28:40 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application nvtray.exe, version 7.17.13.1106, time stamp 0x50f950f4, faulting module nvtray.exe, version 7.17.13.1106, time stamp 0x50f950f4, exception code 0x40000015, fault offset 0x0010333f,
process id 0x16fc, application start time 0x01d28b2953c65f79.

Error: (02/19/2017 10:12:43 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application nvtray.exe, version 7.17.13.1106, time stamp 0x50f950f4, faulting module nvtray.exe, version 7.17.13.1106, time stamp 0x50f950f4, exception code 0x40000015, fault offset 0x0010333f,
process id 0xba0, application start time 0x01d28b1647b852a9.

Error: (02/19/2017 09:01:37 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application usbshare.exe, version 0.0.0.0, time stamp 0x3ecd9dd7, faulting module usbshare.exe, version 0.0.0.0, time stamp 0x3ecd9dd7, exception code 0xc0000005, fault offset 0x000039dd,
process id 0xd54, application start time 0x01d28b164b695489.

Error: (02/19/2017 06:18:51 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application mcupdate.EXE, version 6.0.6002.18005, time stamp 0x49e02324, faulting module KERNEL32.dll, version 6.0.6002.19623, time stamp 0x56ec36ff, exception code 0xe0434f4d, fault offset 0x0003fdb6,
process id 0x1124, application start time 0x01d28b0679ab390d.

Error: (02/19/2017 12:39:45 PM) (Source: EventSystem) (EventID: 4609) (User: )
Description: The COM+ Event System detected a bad return code during its internal processing. HRESULT was 8007043c from line 45 of d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp. Please contact Microsoft Product Support Services to report this error.

Error: (02/19/2017 12:38:18 PM) (Source: EventSystem) (EventID: 4609) (User: )
Description: The COM+ Event System detected a bad return code during its internal processing. HRESULT was 8007043c from line 45 of d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp. Please contact Microsoft Product Support Services to report this error.

Error: (02/18/2017 06:18:43 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application mcupdate.EXE, version 6.0.6002.18005, time stamp 0x49e02324, faulting module KERNEL32.dll, version 6.0.6002.19623, time stamp 0x56ec36ff, exception code 0xe0434f4d, fault offset 0x0003fdb6,
process id 0x10d4, application start time 0x01d28a3d4e091195.

Error: (02/18/2017 03:46:06 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application firefox.exe, version 51.0.1.6234, time stamp 0x5888f28c, faulting module mozglue.dll, version 51.0.1.6234, time stamp 0x5888f27e, exception code 0x80000003, fault offset 0x0000ec83,
process id 0xdf4, application start time 0x01d28a087724e9d5.

Error: (02/17/2017 06:22:19 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application mcupdate.EXE, version 6.0.6002.18005, time stamp 0x49e02324, faulting module KERNEL32.dll, version 6.0.6002.19623, time stamp 0x56ec36ff, exception code 0xe0434f4d, fault offset 0x0003fdb6,
process id 0x1424, application start time 0x01d2897423ceaead.

Error: (02/16/2017 06:18:46 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application mcupdate.EXE, version 6.0.6002.18005, time stamp 0x49e02324, faulting module KERNEL32.dll, version 6.0.6002.19623, time stamp 0x56ec36ff, exception code 0xe0434f4d, fault offset 0x0003fdb6,
process id 0x12a4, application start time 0x01d288aaf9817f1c.


System errors:
=============
Error: (02/20/2017 12:04:02 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The NVIDIA Update Service Daemon service failed to start due to the following error:
The service did not start due to a logon failure.

Error: (02/20/2017 12:04:02 AM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error:
Logon failure: the specified account password has expired.


To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

Error: (02/20/2017 12:02:42 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
Lbd

Error: (02/20/2017 12:02:42 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The ZoneAlarm Privacy Service service failed to start due to the following error:
The system cannot find the path specified.

Error: (02/20/2017 12:02:42 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Diagnostic Policy Service service terminated with the following error:
Access is denied.

Error: (02/19/2017 11:59:18 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.

Error: (02/19/2017 10:51:29 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The NVIDIA Update Service Daemon service failed to start due to the following error:
The service did not start due to a logon failure.

Error: (02/19/2017 10:51:29 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error:
Logon failure: the specified account password has expired.


To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

Error: (02/19/2017 10:49:26 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
Lbd

Error: (02/19/2017 10:49:19 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The ZoneAlarm Privacy Service service failed to start due to the following error:
The system cannot find the path specified.


CodeIntegrity:
===================================
Date: 2017-02-20 00:20:15.353
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\klflt.sys because the set of per-page image hashes could not be found on the system.

Date: 2017-02-20 00:20:14.901
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\klflt.sys because the set of per-page image hashes could not be found on the system.

Date: 2017-02-20 00:20:14.464
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\klflt.sys because the set of per-page image hashes could not be found on the system.

Date: 2017-02-20 00:20:14.011
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\klflt.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-03-09 23:24:01.537
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\klflt.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-03-09 23:24:01.150
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\klflt.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-03-09 23:24:00.733
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\klflt.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-03-09 23:24:00.315
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\klflt.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-11-19 08:06:47.598
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\klflt.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-11-19 08:06:47.175
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\klflt.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel(R) Core(TM)2 Duo CPU E6550 @ 2.33GHz
Percentage of memory in use: 65%
Total physical RAM: 3325.45 MB
Available physical RAM: 1146.65 MB
Total Virtual: 6869.7 MB
Available Virtual: 4763.19 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:167.25 GB) (Free:9.87 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (DELL BACKUP) (Fixed) (Total:55.52 GB) (Free:28.52 GB) NTFS
Drive e: (RECOVERY) (Fixed) (Total:10 GB) (Free:6.14 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 232.8 GB) (Disk ID: 48000000)
Partition 1: (Not Active) - (Size=55 MB) - (Type=DE)
Partition 2: (Not Active) - (Size=10 GB) - (Type=07 NTFS)
Partition 3: (Active) - (Size=167.3 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=55.5 GB) - (Type=OF Extended)

==================== End of Addition.txt ============================

 

[Malnutrition]

Remove the programs below with Geek Uninstaller, if something will not remove then use Force Mode.

Java 8 Update 45 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
LightScribe System Software (HKLM\...\{E0E55FC1-C53D-4F8D-B14B-B59C312747C8}) (Version: 1.18.22.2 - LightScribe)
LiveUpdate 3.2 (Symantec Corporation) (HKLM\...\LiveUpdate) (Version: 3.2.0.26 - Symantec Corporation)
LiveUpdate Notice (Symantec Corporation) (HKLM\...\{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}) (Version: 1.2.0 - Symantec Corporation)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 50.1.0.6186 - Mozilla)
Yahoo Search Set (HKLM\...\Yahoo! SearchSet) (Version: - Yahoo Inc.)

Zemana Scan.

Please download Zemana AntiMalware and save it to your Desktop.

• Install the program and once the installation is complete it will start automatically.
• Click the Cog/Sproket Wheel,
  
  at the top right of Zemana
• Select Advanced - I have read the warning and wish to proceed.
• Place a tick next to Detect Suspicious (Root CA) Certificates.
• Then click the house icon in Zemana.
• Then, press Scan to begin.
• After the short scan is finished, if threats are detected press Next to remove them.

Note: If restart is required to finish the cleaning process, you should click Reboot. If reboot isn't required, please restart your computer manually.

• Open Zemana AntiMalware again.
• Click on
  
  icon and double click the latest report.
• Now click File > Save As and choose your Desktop before pressing Save.
• The only left thing is to Copy Paste saved report in your next message.

• This will open a logfile, post that in your next reply

FRST Fix.


Download attached fixlist.txt file and save it to the Desktop. NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work. NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system Run FRST/FRST64 and press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run. When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

[clarkgriswold]

Hopefully, I followed the process accurately.....

Fix result of Farbar Recovery Scan Tool (x86) Version: 19-02-2017

Ran by Glen (22-02-2017 19:37:51) Run:1
Running from C:\Users\Glen\Desktop
Loaded Profiles: Glen (Available Profiles: Glen & UpdatusUser & Administrator)
Boot Mode: Normal

==============================================

fixlist content:
*****************
start
emptytemp:
CloseProcesses:
CreateRestorePoint:
HKLM\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [1980416 2013-12-18] (Wondershare)
HKLM\...\Run: [HP Software Update] => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle Corporation)
HKLM\...\Policies\Explorer: [NoCDBurning] 0
HKU\S-1-5-21-3490785829-169181324-3712256341-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Glen\AppData\Local\Akamai\netsession_win.exe [4490200 2017-01-03] (Akamai Technologies, Inc.) <===== ATTENTION
HKU\S-1-5-21-3490785829-169181324-3712256341-1000\...\Run: [*sneu<*>] => "C:\Users\Glen\AppData\Local\1e17e\9fab6.cc1c98" <===== ATTENTION (Value Name with invalid characters)
HKU\S-1-5-21-3490785829-169181324-3712256341-1000\...\MountPoints2: F - F:\AutoRun\AutoRun.exe
HKU\S-1-5-21-3490785829-169181324-3712256341-1000\...\MountPoints2: {60deb600-6e3c-11e3-913b-001aa08d1be6} - O:\InnoTabSetup.exe
HKU\S-1-5-21-3490785829-169181324-3712256341-1000\...\MountPoints2: {ddc90d2f-8f2b-11de-9f2c-001aa08d1be6} - L:\ImageViewer4.exe -COPYFILE
C:\Users\Glen\AppData\Local\1e17e\9fab6.cc1c98
C:\Users\Glen\AppData\Local\1e17e
ShellIconOverlayIdentifiers: [__SafeBox1] -> {152C96EB-288E-4EDC-B7C6-D21F8250ADF3} => -> No File
ShellIconOverlayIdentifiers: [__SafeBox2] -> {342DAA0B-D796-460D-8566-901E08A1CCAD} => -> No File
ShellIconOverlayIdentifiers: [__SafeBox3] -> {57595DAE-1AE1-4D97-A49E-67CBB53B52DF} => -> No File
ShellIconOverlayIdentifiers: [__SafeBox4] -> {33816773-98AE-4723-ADE0-EBE54C8B5A67} => -> No File
ShortcutTarget: APC UPS Status.lnk -> C:\Program Files\APC\APC PowerChute Personal Edition\Display.exe (No File)
ShortcutTarget: DataViz Inc Messenger.lnk -> C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe (No File)
ShortcutTarget: HotSync Manager.lnk -> C:\Program Files\palmOne\Hotsync.exe (No File)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{98C63B37-7ECC-43D4-AA4D-322215D7E7A2}: [DhcpNameServer] 192.168.1.1
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-3490785829-169181324-3712256341-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
URLSearchHook: HKU\S-1-5-21-3490785829-169181324-3712256341-1000 - (No Name) - {a94e8dc9-07aa-45a7-8af2-a0375473a5cd} - No File
URLSearchHook: HKU\S-1-5-21-3490785829-169181324-3712256341-1000 - (No Name) - {91da5e8a-3318-4f8c-b67e-5964de3ab546} - No File
URLSearchHook: HKU\S-1-5-21-3490785829-169181324-3712256341-1000 - (No Name) - {f897eb0e-a3a4-46c3-80eb-2729699d8892} - No File
URLSearchHook: HKU\S-1-5-21-3490785829-169181324-3712256341-1000 - (No Name) - {f4c28532-b9d0-4950-a2df-e83f9929242b} - C:\Program Files\MyFunCards_5m\bar\1.bin\5mSrcAs.dll No File
SearchScopes: HKLM -> DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://search.yahoo.com/yhs/search?type=756&hspart=avast&hsimp=yhs-corp&p={searchTerms}
SearchScopes: HKLM -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://search.yahoo.com/yhs/search?type=756&hspart=avast&hsimp=yhs-corp&p={searchTerms}
SearchScopes: HKLM -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2925418
SearchScopes: HKU\.DEFAULT -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\S-1-5-21-3490785829-169181324-3712256341-1000 -> DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://search.yahoo.com/yhs/search?type=756&hspart=avast&hsimp=yhs-corp&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3490785829-169181324-3712256341-1000 -> {4DFE95E1-324C-4BF8-BDE1-266927F9598A} URL = hxxps://search.yahoo.com/search?p={searchTerms}&intl=us&fr=yset_ie_syc_oracle&type=orcl_default&partnerexternal-oracle=external-oracle
SearchScopes: HKU\S-1-5-21-3490785829-169181324-3712256341-1000 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://search.yahoo.com/yhs/search?type=756&hspart=avast&hsimp=yhs-corp&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3490785829-169181324-3712256341-1000 -> {CFF4DB9B-135F-47c0-9269-B4C6572FD61A} URL = hxxp://mystart.smilebox.com/?search={searchTerms}&loc=SB_IE_DS&a=6R8FRqYkDD
BHO: Bitdefender Wallet -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender 2015\pmbxie.dll [2015-04-03] (Bitdefender)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_121\bin\ssv.dll [2017-01-21] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-01-21] (Oracle Corporation)
Toolbar: HKLM - Bitdefender Wallet - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2015\pmbxie.dll [2015-04-03] (Bitdefender)
Toolbar: HKU\S-1-5-21-3490785829-169181324-3712256341-1000 -> No Name - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No File
Toolbar: HKU\S-1-5-21-3490785829-169181324-3712256341-1000 -> No Name - {F897EB0E-A3A4-46C3-80EB-2729699D8892} - No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2006-06-05] (Microsoft Corporation)
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\pooixovy.default-1413691062373 -> Yahoo! (Avast)
FF DefaultSearchUrl: Mozilla\Firefox\Profiles\pooixovy.default-1413691062373 -> hxxps://search.yahoo.com/yhs/search
FF SearchEngineOrder.1: Mozilla\Firefox\Profiles\pooixovy.default-1413691062373 -> Yahoo! (Avast)
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\pooixovy.default-1413691062373 -> Yahoo! (Avast)
FF SearchPlugin: C:\Users\Glen\AppData\Roaming\Mozilla\Firefox\Profiles\pooixovy.default-1413691062373\searchplugins\yahoo-avast.xml [2017-01-22]
FF Plugin: @checkpoint.com/FFApi -> C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll [No File]
CHR HKLM\...\Chrome\Extension: [fabcmochhfpldjekobfaaggijgohadih] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [phfmiknmhngmmlcppkpmbnopohlnfpbh] - C:\Users\Glen\AppData\Local\CRE\phfmiknmhngmmlcppkpmbnopohlnfpbh.crx [2012-09-09]
CHR HKU\S-1-5-21-3490785829-169181324-3712256341-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [phfmiknmhngmmlcppkpmbnopohlnfpbh] - C:\Users\Glen\AppData\Local\CRE\phfmiknmhngmmlcppkpmbnopohlnfpbh.crx [2012-09-09]
S2 CLTNetCnService; "C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon [X]
S2 LiveUpdate Notice Ex; "C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon [X]
S4 stllssvr; "C:\Program Files\Common Files\SureThing Shared\stllssvr.exe" [X]
S2 ZAPrivacyService; "C:\Program Files\CheckPoint\ZoneAlarm\ZAPrivacyService.exe" [X]
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [74848 2013-10-08] (Kaspersky Lab ZAO)
S0 Lbd; system32\DRIVERS\Lbd.sys [X]
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 vsdatant7; System32\drivers\vsdatant.win7.sys [X]
S3 XE102Mp5; System32\Drivers\XE102Mp5.sys [X]
S3 XE102Sp5; System32\Drivers\XE102Sp5.sys [X]
C:\239deb8e4b0bd0ad0d434b4b
C:\975cafc51b3f32eaa4bd77e09f6d1040
C:\Users\Glen\AppData\Local\AvgSetupLog
C:\Users\Administrator\AppData\Local\Avg
C:\74b5dafec5ddf39806d5d11a11
C:\a51f592706bbcae6374e3a720ddf
C:\2e35ff875d9f9e874ec13ed34c92e8
C:\ProgramData\Avg
C:\Users\Glen\AppData\Local\Avg
S4 Automatic LiveUpdate Scheduler; C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [194240 2006-12-03] (Symantec Corporation)
C:\Program Files\Symantec
S4 LiveUpdate; C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE [2541248 2006-12-03] (Symantec Corporation)
C:\Windows\Tasks\EPSON WF-4630 Series Update {E3062EAB-2698-476F-8702-41D3C9FF90BE}.job
C:\Windows\Tasks\EPSON WF-4630 Series Invitation {E3062EAB-2698-476F-8702-41D3C9FF90BE}.job
C:\Windows\Tasks\Adobe Flash Player Updater.job
C:\ProgramData\Lavasoft
CustomCLSID: HKU\S-1-5-21-3490785829-169181324-3712256341-1000_Classes\CLSID\{188047CE-0F0A-11D7-8331-00C04FA03755}\localserver32 -> C:\PROGRA~1\palmOne\QUICKI~1.EXE => No File
CustomCLSID: HKU\S-1-5-21-3490785829-169181324-3712256341-1000_Classes\CLSID\{209DAEB8-0F02-11D7-8331-00C04FA03755}\localserver32 -> C:\PROGRA~1\palmOne\QUICKI~1.EXE => No File
CustomCLSID: HKU\S-1-5-21-3490785829-169181324-3712256341-1000_Classes\CLSID\{382C9F93-9BA4-4FC6-88DC-AD52F5812FF8}\localserver32 -> "C:\Users\Glen\AppData\Roaming\Smilebox\OzDesktopImporter.exe" => No File
CustomCLSID: HKU\S-1-5-21-3490785829-169181324-3712256341-1000_Classes\CLSID\{763F9014-A89C-11D6-82E7-00C04FA03755}\localserver32 -> C:\PROGRA~1\palmOne\QUICKI~1.EXE => No File
CustomCLSID: HKU\S-1-5-21-3490785829-169181324-3712256341-1000_Classes\CLSID\{BE1B5231-A3E2-11D6-82E3-00C04FA03755}\localserver32 -> C:\PROGRA~1\palmOne\QUICKI~1.EXE => No File
CustomCLSID: HKU\S-1-5-21-3490785829-169181324-3712256341-1000_Classes\CLSID\{C42B23DF-334C-4AD0-9AB4-91FF53D04239}\localserver32 -> "C:\Users\Glen\AppData\Roaming\Smilebox\OzDesktopImporter.exe" => No File
CustomCLSID: HKU\S-1-5-21-3490785829-169181324-3712256341-1000_Classes\CLSID\{DFD4C164-AE18-11D6-82EC-00C04FA03755}\localserver32 -> C:\PROGRA~1\palmOne\QUICKI~1.EXE => No File
CustomCLSID: HKU\S-1-5-21-3490785829-169181324-3712256341-1000_Classes\CLSID\{f4c28532-b9d0-4950-a2df-e83f9929242b}\InprocServer32 -> C:\Program Files\MyFunCards_5m\bar\1.bin\5mSrcAs.dll => No File
C:\Program Files\Lavasoft
Task: {17C3711D-7E21-4D2A-8FD4-80ECB19BB36C} - System32\Tasks\Ad-Aware Update (Weekly) => C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
Task: {1C2BFEBB-C9B8-40EF-BA7B-D5201E63806B} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2015-08-27] (Apple Inc.)
Task: {220D309F-59EE-44D4-99C7-A4063687102B} - System32\Tasks\{2028ABC9-32ED-4C06-91E9-053878041268} => pcalua.exe -a F:\SETUP.EXE -d F:\ -c /AUTORUN
Task: {3EBAC6B0-0E01-48FE-B28F-5994609B6EA9} - System32\Tasks\{D9AF9D65-BB9E-4F69-A722-44379F8B0934} => pcalua.exe -a "C:\Program Files\GetData\Recover My Files\RecoverMyFiles.exe" -d "C:\Program Files\GetData\Recover My Files"
Task: {423C1562-2B26-44D9-9E6A-D02D256A28FF} - System32\Tasks\{C1FCE3D9-EAB2-4CA3-AE11-663AAD4DFC16} => pcalua.exe -a F:\autorun.exe -d F:\
Task: {62F6A621-F6AE-464E-BE66-74793BFF7AAD} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2017-02-14] (Adobe Systems Incorporated)
Task: {80603F12-8AF1-4B9A-982B-EBA598909069} - System32\Tasks\EPSON WF-4630 Series Invitation {E3062EAB-2698-476F-8702-41D3C9FF90BE} => C:\Windows\system32\spool\DRIVERS\W32X86\3\E_TTSKLE.EXE [2013-02-28] (SEIKO EPSON CORPORATION)
Task: {A84A6B12-A206-4D22-9AD6-89B0AF492116} - System32\Tasks\{82C6B9FC-0BA2-4CBF-9D00-3128DBE5866A} => pcalua.exe -a "C:\Users\Glen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\N137I7QO\USBDrivers_221[1].exe" -d C:\Users\Glen
Task: {AF06B840-555F-46B4-93DC-5D1C64A78890} - System32\Tasks\{8E1D13D6-A0B1-4413-ADE5-58072754FAAA} => pcalua.exe -a F:\setup.exe -d F:\
Task: {AFAE7C3D-6E97-4942-84D4-B3F4874AB1EB} - System32\Tasks\EPSON WF-4630 Series Update {E3062EAB-2698-476F-8702-41D3C9FF90BE} => C:\Windows\system32\spool\DRIVERS\W32X86\3\E_TTSKLE.EXE [2013-02-28] (SEIKO EPSON CORPORATION)
Task: {B5BC98B8-08C6-42D2-A44C-2FB0A629D4BD} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-09-14] (Adobe Systems Incorporated)
Task: {FED34180-25B7-4EAD-BB57-DC18F9037D18} - System32\Tasks\{12BA5604-D8C7-4859-A9A9-72D73BACEE54} => pcalua.exe -a "C:\Program Files\palmOne\QuickInstall.exe" -d C:\Users\Glen\Desktop
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\EPSON WF-4630 Series Invitation {E3062EAB-2698-476F-8702-41D3C9FF90BE}.job => C:\Windows\system32\spool\DRIVERS\W32X86\3\E_TTSKLE.EXE
Task: C:\Windows\Tasks\EPSON WF-4630 Series Update {E3062EAB-2698-476F-8702-41D3C9FF90BE}.job => C:\Windows\system32\spool\DRIVERS\W32X86\3\E_TTSKLE.EXE :/EXE:{E3062EAB-2698-476F-8702-41D3C9FF90BE} /F:Update SYSTEM ĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi
AlternateDataStreams: C:\ProgramData\TEMP:0B4227B4 [268]
AlternateDataStreams: C:\ProgramData\TEMP:0CE7F3C9 [312]
AlternateDataStreams: C:\ProgramData\TEMP:A8ADE5D8 [232]
AlternateDataStreams: C:\ProgramData\TEMPFC5A2B2 [244]
AlternateDataStreams: C:\Users\Glen\Desktop\FRST.exe:BDU [0]
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\KL1 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\kl2 => ""="Service"
MSCONFIG\Services: Apple Mobile Device => 2
MSCONFIG\Services: Automatic LiveUpdate Scheduler => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: Lavasoft Ad-Aware Service => 2
MSCONFIG\Services: LightScribeService => 2
MSCONFIG\Services: LiveUpdate => 3
MSCONFIG\Services: LiveUpdate Notice Service => 2
MSCONFIG\startupreg: Ad-Watch =>
MSCONFIG\startupreg: Adobe Reader Speed Launcher =>
MSCONFIG\startupreg: AppleSyncNotifier => C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: Bdagent => "C:\Program Files\Bitdefender\Bitdefender 2015\bdagent.exe"
MSCONFIG\startupreg: BDRegion =>
MSCONFIG\startupreg: Bitdefender Wallet Agent => "C:\Program Files\Bitdefender\Bitdefender 2015\bdwtxag.exe"
MSCONFIG\startupreg: Dell PC TuneUp Startup =>
MSCONFIG\startupreg: EPLTarget =>
MSCONFIG\startupreg: InstantBurn => C:\PROGRA~1\CYBERL~1\INSTAN~1\Win2K\IBurn.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: LanguageShortcut =>
MSCONFIG\startupreg: LGODDFU => "C:\Program Files\lg_fwupdate\fwupdate.exe" blrun
MSCONFIG\startupreg: Monitor =>
MSCONFIG\startupreg: QuickTime Task =>
MSCONFIG\startupreg: RemoteControl =>
MSCONFIG\startupreg: Symantec PIF AlertEng => "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
MSCONFIG\startupreg: Windows Defender => %ProgramFiles%\Windows Defender\MSASCui.exe -hide
RemoveProxy:
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state On
CMD: ipconfig /flushdns
C:\windows\system32\Drivers\etc\hosts
Hosts:
reboot:
end




*****************

Processes closed successfully.
Error: (0) Failed to create a restore point.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Wondershare Helper Compact.exe => value removed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\HP Software Update => value removed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched => value removed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoCDBurning => value removed successfully.
HKU\S-1-5-21-3490785829-169181324-3712256341-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Akamai NetSession Interface => value removed successfully.
HKU\S-1-5-21-3490785829-169181324-3712256341-1000\Software\Microsoft\Windows\CurrentVersion\Run\\*sneu<*> => value removed successfully.
HKU\S-1-5-21-3490785829-169181324-3712256341-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F => key removed successfully.
HKU\S-1-5-21-3490785829-169181324-3712256341-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{60deb600-6e3c-11e3-913b-001aa08d1be6} => key removed successfully.
HKCR\CLSID\{60deb600-6e3c-11e3-913b-001aa08d1be6} => key not found.
HKU\S-1-5-21-3490785829-169181324-3712256341-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ddc90d2f-8f2b-11de-9f2c-001aa08d1be6} => key removed successfully.
HKCR\CLSID\{ddc90d2f-8f2b-11de-9f2c-001aa08d1be6} => key not found.
C:\Users\Glen\AppData\Local\1e17e\9fab6.cc1c98 => moved successfully
C:\Users\Glen\AppData\Local\1e17e => moved successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\__SafeBox1 => key removed successfully.
HKCR\CLSID\{152C96EB-288E-4EDC-B7C6-D21F8250ADF3} => key not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\__SafeBox2 => key removed successfully.
HKCR\CLSID\{342DAA0B-D796-460D-8566-901E08A1CCAD} => key not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\__SafeBox3 => key removed successfully.
HKCR\CLSID\{57595DAE-1AE1-4D97-A49E-67CBB53B52DF} => key not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\__SafeBox4 => key removed successfully.
HKCR\CLSID\{33816773-98AE-4723-ADE0-EBE54C8B5A67} => key not found.
C:\Program Files\APC\APC PowerChute Personal Edition\Display.exe => not found.
C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe => not found.
C:\Program Files\palmOne\Hotsync.exe => not found.
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\\DhcpNameServer => value removed successfully.
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{98C63B37-7ECC-43D4-AA4D-322215D7E7A2}\\DhcpNameServer => value removed successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully
HKU\S-1-5-21-3490785829-169181324-3712256341-1000\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKU\S-1-5-21-3490785829-169181324-3712256341-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{a94e8dc9-07aa-45a7-8af2-a0375473a5cd} => value removed successfully.
HKU\S-1-5-21-3490785829-169181324-3712256341-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{91da5e8a-3318-4f8c-b67e-5964de3ab546} => value removed successfully.
HKU\S-1-5-21-3490785829-169181324-3712256341-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{f897eb0e-a3a4-46c3-80eb-2729699d8892} => value removed successfully.
HKU\S-1-5-21-3490785829-169181324-3712256341-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{f4c28532-b9d0-4950-a2df-e83f9929242b} => value removed successfully.
HKCR\CLSID\{f4c28532-b9d0-4950-a2df-e83f9929242b} => key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9CB96984-43C3-4D44-90EF-01466EFCF7BB} => key removed successfully.
HKCR\CLSID\{9CB96984-43C3-4D44-90EF-01466EFCF7BB} => key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b} => key removed successfully.
HKCR\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b} => key not found.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => key removed successfully.
HKCR\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => key not found.
HKU\S-1-5-21-3490785829-169181324-3712256341-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully.
HKU\S-1-5-21-3490785829-169181324-3712256341-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{4DFE95E1-324C-4BF8-BDE1-266927F9598A} => key removed successfully.
HKCR\CLSID\{4DFE95E1-324C-4BF8-BDE1-266927F9598A} => key not found.
HKU\S-1-5-21-3490785829-169181324-3712256341-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9CB96984-43C3-4D44-90EF-01466EFCF7BB} => key removed successfully.
HKCR\CLSID\{9CB96984-43C3-4D44-90EF-01466EFCF7BB} => key not found.
HKU\S-1-5-21-3490785829-169181324-3712256341-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A} => key removed successfully.
HKCR\CLSID\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A} => key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1DAC0C53-7D23-4AB3-856A-B04D98CD982A} => key removed successfully.
HKCR\CLSID\{1DAC0C53-7D23-4AB3-856A-B04D98CD982A} => key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => key removed successfully.
HKCR\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6} => key removed successfully.
HKCR\CLSID\{9030D464-4C02-4ABF-8ECC-5164760863C6} => key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9} => key removed successfully.
HKCR\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9} => key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{1DAC0C53-7D23-4AB3-856A-B04D98CD982A} => value removed successfully.
HKCR\CLSID\{1DAC0C53-7D23-4AB3-856A-B04D98CD982A} => key not found.
HKU\S-1-5-21-3490785829-169181324-3712256341-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} => value removed successfully.
HKCR\CLSID\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} => key not found.
HKU\S-1-5-21-3490785829-169181324-3712256341-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{F897EB0E-A3A4-46C3-80EB-2729699D8892} => value removed successfully.
HKCR\CLSID\{F897EB0E-A3A4-46C3-80EB-2729699D8892} => key not found.
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93} => key removed successfully.
HKCR\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93} => key not found.
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} => key removed successfully.
HKCR\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} => key not found.
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} => key removed successfully.
HKCR\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} => key not found.
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} => key removed successfully.
HKCR\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} => key not found.
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{D27CDB6E-AE6D-11CF-96B8-444553540000} => key removed successfully.
HKCR\CLSID\{D27CDB6E-AE6D-11CF-96B8-444553540000} => key not found.
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} => key removed successfully.
HKCR\CLSID\{FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} => key not found.
HKCR\PROTOCOLS\Handler\ms-itss => key not found.
HKCR\CLSID\{0A9007C0-4076-11D3-8789-0000F8105754} => key not found.
Firefox DefaultSearchEngine removed successfully.
Firefox DefaultSearchUrl removed successfully.
Firefox SearchEngineOrder.1 removed successfully.
Firefox SelectedSearchEngine removed successfully.
C:\Users\Glen\AppData\Roaming\Mozilla\Firefox\Profiles\pooixovy.default-1413691062373\searchplugins\yahoo-avast.xml => moved successfully
HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi => key removed successfully.
HKLM\SOFTWARE\Google\Chrome\Extensions\fabcmochhfpldjekobfaaggijgohadih => key removed successfully.
HKLM\SOFTWARE\Google\Chrome\Extensions\phfmiknmhngmmlcppkpmbnopohlnfpbh => key removed successfully.
C:\Users\Glen\AppData\Local\CRE\phfmiknmhngmmlcppkpmbnopohlnfpbh.crx => moved successfully
HKU\S-1-5-21-3490785829-169181324-3712256341-1000\SOFTWARE\Google\Chrome\Extensions\phfmiknmhngmmlcppkpmbnopohlnfpbh => key removed successfully.
"C:\Users\Glen\AppData\Local\CRE\phfmiknmhngmmlcppkpmbnopohlnfpbh.crx" => not found.
HKLM\System\CurrentControlSet\Services\CLTNetCnService => key removed successfully.
CLTNetCnService => service removed successfully.
LiveUpdate Notice Ex => service not found.
HKLM\System\CurrentControlSet\Services\stllssvr => key removed successfully.
stllssvr => service removed successfully.
HKLM\System\CurrentControlSet\Services\ZAPrivacyService => key removed successfully.
ZAPrivacyService => service removed successfully.
HKLM\System\CurrentControlSet\Services\blbdrive => key removed successfully.
blbdrive => service removed successfully.
HKLM\System\CurrentControlSet\Services\IpInIp => key removed successfully.
IpInIp => service removed successfully.
HKLM\System\CurrentControlSet\Services\klflt => key removed successfully.
klflt => service removed successfully.
HKLM\System\CurrentControlSet\Services\Lbd => key removed successfully.
Lbd => service removed successfully.
HKLM\System\CurrentControlSet\Services\MBAMSwissArmy => key removed successfully.
MBAMSwissArmy => service removed successfully.
HKLM\System\CurrentControlSet\Services\NwlnkFlt => key removed successfully.
NwlnkFlt => service removed successfully.
HKLM\System\CurrentControlSet\Services\NwlnkFwd => key removed successfully.
NwlnkFwd => service removed successfully.
HKLM\System\CurrentControlSet\Services\vsdatant7 => key removed successfully.
vsdatant7 => service removed successfully.
HKLM\System\CurrentControlSet\Services\XE102Mp5 => key removed successfully.
XE102Mp5 => service removed successfully.
HKLM\System\CurrentControlSet\Services\XE102Sp5 => key removed successfully.
XE102Sp5 => service removed successfully.
C:\239deb8e4b0bd0ad0d434b4b => moved successfully
C:\975cafc51b3f32eaa4bd77e09f6d1040 => moved successfully
C:\Users\Glen\AppData\Local\AvgSetupLog => moved successfully
C:\Users\Administrator\AppData\Local\Avg => moved successfully
C:\74b5dafec5ddf39806d5d11a11 => moved successfully
C:\a51f592706bbcae6374e3a720ddf => moved successfully
C:\2e35ff875d9f9e874ec13ed34c92e8 => moved successfully
C:\ProgramData\Avg => moved successfully
C:\Users\Glen\AppData\Local\Avg => moved successfully
Automatic LiveUpdate Scheduler => service not found.
"C:\Program Files\Symantec" => not found.
LiveUpdate => service not found.
C:\Windows\Tasks\EPSON WF-4630 Series Update {E3062EAB-2698-476F-8702-41D3C9FF90BE}.job => moved successfully
C:\Windows\Tasks\EPSON WF-4630 Series Invitation {E3062EAB-2698-476F-8702-41D3C9FF90BE}.job => moved successfully
C:\Windows\Tasks\Adobe Flash Player Updater.job => moved successfully
C:\ProgramData\Lavasoft => moved successfully
HKU\S-1-5-21-3490785829-169181324-3712256341-1000_Classes\CLSID\{188047CE-0F0A-11D7-8331-00C04FA03755} => key removed successfully.
HKU\S-1-5-21-3490785829-169181324-3712256341-1000_Classes\CLSID\{209DAEB8-0F02-11D7-8331-00C04FA03755} => key removed successfully.
HKU\S-1-5-21-3490785829-169181324-3712256341-1000_Classes\CLSID\{382C9F93-9BA4-4FC6-88DC-AD52F5812FF8} => key removed successfully.
HKU\S-1-5-21-3490785829-169181324-3712256341-1000_Classes\CLSID\{763F9014-A89C-11D6-82E7-00C04FA03755} => key removed successfully.
HKU\S-1-5-21-3490785829-169181324-3712256341-1000_Classes\CLSID\{BE1B5231-A3E2-11D6-82E3-00C04FA03755} => key removed successfully.
HKU\S-1-5-21-3490785829-169181324-3712256341-1000_Classes\CLSID\{C42B23DF-334C-4AD0-9AB4-91FF53D04239} => key removed successfully.
HKU\S-1-5-21-3490785829-169181324-3712256341-1000_Classes\CLSID\{DFD4C164-AE18-11D6-82EC-00C04FA03755} => key removed successfully.
HKU\S-1-5-21-3490785829-169181324-3712256341-1000_Classes\CLSID\{f4c28532-b9d0-4950-a2df-e83f9929242b} => key removed successfully.
"C:\Program Files\Lavasoft" => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{17C3711D-7E21-4D2A-8FD4-80ECB19BB36C} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{17C3711D-7E21-4D2A-8FD4-80ECB19BB36C} => key removed successfully.
C:\Windows\System32\Tasks\Ad-Aware Update (Weekly) => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Ad-Aware Update (Weekly) => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1C2BFEBB-C9B8-40EF-BA7B-D5201E63806B} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1C2BFEBB-C9B8-40EF-BA7B-D5201E63806B} => key removed successfully.
C:\Windows\System32\Tasks\Apple\AppleSoftwareUpdate => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Apple\AppleSoftwareUpdate => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{220D309F-59EE-44D4-99C7-A4063687102B} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{220D309F-59EE-44D4-99C7-A4063687102B} => key removed successfully.
C:\Windows\System32\Tasks\{2028ABC9-32ED-4C06-91E9-053878041268} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{2028ABC9-32ED-4C06-91E9-053878041268} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3EBAC6B0-0E01-48FE-B28F-5994609B6EA9} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3EBAC6B0-0E01-48FE-B28F-5994609B6EA9} => key removed successfully.
C:\Windows\System32\Tasks\{D9AF9D65-BB9E-4F69-A722-44379F8B0934} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{D9AF9D65-BB9E-4F69-A722-44379F8B0934} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{423C1562-2B26-44D9-9E6A-D02D256A28FF} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{423C1562-2B26-44D9-9E6A-D02D256A28FF} => key removed successfully.
C:\Windows\System32\Tasks\{C1FCE3D9-EAB2-4CA3-AE11-663AAD4DFC16} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{C1FCE3D9-EAB2-4CA3-AE11-663AAD4DFC16} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{62F6A621-F6AE-464E-BE66-74793BFF7AAD} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{62F6A621-F6AE-464E-BE66-74793BFF7AAD} => key removed successfully.
C:\Windows\System32\Tasks\Adobe Flash Player Updater => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Adobe Flash Player Updater => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{80603F12-8AF1-4B9A-982B-EBA598909069} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{80603F12-8AF1-4B9A-982B-EBA598909069} => key removed successfully.
C:\Windows\System32\Tasks\EPSON WF-4630 Series Invitation {E3062EAB-2698-476F-8702-41D3C9FF90BE} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\EPSON WF-4630 Series Invitation {E3062EAB-2698-476F-8702-41D3C9FF90BE} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A84A6B12-A206-4D22-9AD6-89B0AF492116} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A84A6B12-A206-4D22-9AD6-89B0AF492116} => key removed successfully.
C:\Windows\System32\Tasks\{82C6B9FC-0BA2-4CBF-9D00-3128DBE5866A} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{82C6B9FC-0BA2-4CBF-9D00-3128DBE5866A} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AF06B840-555F-46B4-93DC-5D1C64A78890} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AF06B840-555F-46B4-93DC-5D1C64A78890} => key removed successfully.
C:\Windows\System32\Tasks\{8E1D13D6-A0B1-4413-ADE5-58072754FAAA} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{8E1D13D6-A0B1-4413-ADE5-58072754FAAA} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AFAE7C3D-6E97-4942-84D4-B3F4874AB1EB} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AFAE7C3D-6E97-4942-84D4-B3F4874AB1EB} => key removed successfully.
C:\Windows\System32\Tasks\EPSON WF-4630 Series Update {E3062EAB-2698-476F-8702-41D3C9FF90BE} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\EPSON WF-4630 Series Update {E3062EAB-2698-476F-8702-41D3C9FF90BE} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{B5BC98B8-08C6-42D2-A44C-2FB0A629D4BD} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B5BC98B8-08C6-42D2-A44C-2FB0A629D4BD} => key removed successfully.
C:\Windows\System32\Tasks\Adobe Acrobat Update Task => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Adobe Acrobat Update Task => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FED34180-25B7-4EAD-BB57-DC18F9037D18} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FED34180-25B7-4EAD-BB57-DC18F9037D18} => key removed successfully.
C:\Windows\System32\Tasks\{12BA5604-D8C7-4859-A9A9-72D73BACEE54} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{12BA5604-D8C7-4859-A9A9-72D73BACEE54} => key removed successfully.
C:\Windows\Tasks\Adobe Flash Player Updater.job => not found.
C:\Windows\Tasks\EPSON WF-4630 Series Invitation {E3062EAB-2698-476F-8702-41D3C9FF90BE}.job => not found.
C:\Windows\Tasks\EPSON WF-4630 Series Update {E3062EAB-2698-476F-8702-41D3C9FF90BE}.job => not found.
C:\ProgramData\TEMP => ":0B4227B4" ADS removed successfully..
C:\ProgramData\TEMP => ":0CE7F3C9" ADS removed successfully..
C:\ProgramData\TEMP => ":A8ADE5D8" ADS removed successfully..
C:\ProgramData\TEMP => "FC5A2B2" ADS removed successfully..
C:\Users\Glen\Desktop\FRST.exe => ":BDU" ADS removed successfully..
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\KL1 => key removed successfully.
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\kl2 => key removed successfully.
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\Apple Mobile Device => key removed successfully.
HKLM\System\CurrentControlSet\Services\Apple Mobile Device => key removed successfully.
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\Automatic LiveUpdate Scheduler => key removed successfully.
HKLM\System\CurrentControlSet\Services\Automatic LiveUpdate Scheduler => key not found.
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\Bonjour Service => key removed successfully.
HKLM\System\CurrentControlSet\Services\Bonjour Service => key removed successfully.
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\iPod Service => key removed successfully.
HKLM\System\CurrentControlSet\Services\iPod Service => key removed successfully.
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\Lavasoft Ad-Aware Service => key removed successfully.
HKLM\System\CurrentControlSet\Services\Lavasoft Ad-Aware Service => key not found.
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\LightScribeService => key removed successfully.
HKLM\System\CurrentControlSet\Services\LightScribeService => key not found.
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\LiveUpdate => key not found.
HKLM\System\CurrentControlSet\Services\LiveUpdate => key not found.
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\LiveUpdate Notice Service => key removed successfully.
HKLM\System\CurrentControlSet\Services\LiveUpdate Notice Service => key not found.
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MSCONFIG\startupreg: Ad-Watch => => key not found.
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MSCONFIG\startupreg: Adobe Reader Speed Launcher => => key not found.
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AppleSyncNotifier => key removed successfully.
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\APSDaemon => key removed successfully.
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Bdagent => key removed successfully.
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MSCONFIG\startupreg: BDRegion => => key not found.
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Bitdefender Wallet Agent => key removed successfully.
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MSCONFIG\startupreg: Dell PC TuneUp Startup => => key not found.
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MSCONFIG\startupreg: EPLTarget => => key not found.
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\InstantBurn => key removed successfully.
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\iTunesHelper => key removed successfully.
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MSCONFIG\startupreg: LanguageShortcut => => key not found.
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\LGODDFU => key removed successfully.
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MSCONFIG\startupreg: Monitor => => key not found.
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MSCONFIG\startupreg: QuickTime Task => => key not found.
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MSCONFIG\startupreg: RemoteControl => => key not found.
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Symantec PIF AlertEng => key removed successfully.
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Windows Defender => key removed successfully.

========= RemoveProxy: =========

HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully.
HKU\S-1-5-21-3490785829-169181324-3712256341-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully.
HKU\S-1-5-21-3490785829-169181324-3712256341-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully.


========= End of RemoveProxy: =========


========= netsh advfirewall reset =========

Ok.


========= End of CMD: =========


========= netsh advfirewall set allprofiles state On =========

Ok.


========= End of CMD: =========


========= ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

C:\windows\system32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

=========== EmptyTemp: ==========

BITS transfer queue => 0 B
DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 307162914 B
Java, Flash, Steam htmlcache => 773 B
Windows/system/drivers => 941582135 B
Edge => 0 B
Chrome => 0 B
Firefox => 367889671 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 66228 B
Public => 0 B
ProgramData => 0 B
systemprofile => 33643 B
LocalService => 4640724 B
NetworkService => 5507682 B
Glen => 825319780 B
UpdatusUser => 66228 B
UpdatusUser => 0 B
Administrator => 4796833 B

RecycleBin => 36534032 B
EmptyTemp: => 2.3 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 19:51:44 ====

Zemana AntiMalware 2.72.2.101 (Installed)

-------------------------------------------------------
Scan Result : Completed
Scan Date : 2017/2/22
Operating System : Windows Vista 32-bit
Processor : 2X Intel(R) Core(TM)2 Duo CPU E6550 @ 2.33GHz
BIOS Mode : Legacy
CUID : 14EA792BCC4FE15F41C6C9
Scan Type : System Scan
Duration : 8m 44s
Scanned Objects : 55902
Detected Objects : 7
Excluded Objects : 0
Read Level : SCSI
Auto Upload : Enabled
Detect All Extensions : Disabled
Scan Documents : Disabled
Domain Info : WORKGROUP,0,2

Detected Objects
-------------------------------------------------------

Tabs Hijack (System)
Status : Scanned
Object : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs\Tabs
MD5 : -
Publisher : -
Size : -
Version : -
Detection : Potentially Unwanted Modification
Cleaning Action : Repair
Related Objects :
Registry Entry - HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs\Tabs = about:newtab

explorer.exe
Status : Scanned
Object : %systemroot%\explorer.exe
MD5 : D07D4C3038F3578FFCE1C0237F2A1253
Publisher : Microsoft Windows
Size : 2926592
Version : 6.0.6002.18005
Detection : Hollow Process
Cleaning Action : Repair
Related Objects :
Process - 2372 - C:\Windows\explorer.exe
File - %systemroot%\explorer.exe

explorer.exe
Status : Scanned
Object : %systemroot%\explorer.exe
MD5 : D07D4C3038F3578FFCE1C0237F2A1253
Publisher : Microsoft Windows
Size : 2926592
Version : 6.0.6002.18005
Detection : Hollow Process
Cleaning Action : Repair
Related Objects :
Process - 3484 - C:\Windows\explorer.exe
File - %systemroot%\explorer.exe

Internet Explorer Search
Status : Scanned
Object : ZoneAlarm Extreme Security Customized Web Search - http://search.conduit.com
MD5 : -
Publisher : -
Size : -
Version : -
Detection : Suspicious Browser Setting
Cleaning Action : Repair
Related Objects :
Browser Setting - Internet Explorer Search

Internet Explorer Search
Status : Scanned
Object : Yahoo! (Avast) - http://search.yahoo.com
MD5 : -
Publisher : -
Size : -
Version : -
Detection : Suspicious Browser Setting
Cleaning Action : Repair
Related Objects :
Browser Setting - Internet Explorer Search

Internet Explorer Search
Status : Scanned
Object : MyStart Search - http://mystart.smilebox.com
MD5 : -
Publisher : -
Size : -
Version : -
Detection : Suspicious Browser Setting
Cleaning Action : Repair
Related Objects :
Browser Setting - Internet Explorer Search

Internet Explorer Search
Status : Scanned
Object : Yahoo! (Avast) - http://search.yahoo.com
MD5 : -
Publisher : -
Size : -
Version : -
Detection : Suspicious Browser Setting
Cleaning Action : Repair
Related Objects :
Browser Setting - Internet Explorer Search


Cleaning Result
-------------------------------------------------------
Cleaned : 7
Reported as safe : 0
Failed : 0

 

[clarkgriswold]

It looks like Bitdefender is still picking up the Trojan.

 

[Malnutrition]

Let's check for remnants now...

Malwarebytes AntiRootkit.



Please download Malwarebytes Anti-Rootkit from here

• Unzip the contents to a folder in a convenient location.
• Open the folder where the contents were unzipped and run mbar.exe
• Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
• 
  
• Click on the Cleanup button to remove any threats and reboot if prompted to do so.
• Wait while the system shuts down and the cleanup process is performed.
• Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
• When done, please post the two logs produced they will be in the MBAR folder... mbar-log.txt and system-log.txt

Poweliks Cleaner.

Please download Powelikscleaner (by ESET) and save it to your Desktop.

1. Double-click on ESETPoweliksCleaner.exe to start the tool.
2. Read the terms of the End-user license agreement and click Agree.
3. The tool will run automatically. If the cleaner finds a Poweliks infection, press the Y key on your keyboard to remove it.

4. If Poweliks was detected "Win32/Poweliks was successfully removed from your system" will be displayed. Press any key to exit the tool and reboot your PC.

The tool will produce a log in the same directory the tool was run from.
Please copy and paste the log in your next reply.


JRT Scan.


Please download Junkware Removal Tool and save it on your desktop.

• Shut down your anti-virus, anti-spyware, and firewall software now to avoid potential conflicts.
• Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click it and select Run as administrator.
• The tool will open and start scanning your system.
• Please be patient as this can take a while to complete depending on your system's specifications.
• On completion, a log is saved to your desktop and will automatically open.
• Please post the JRT log.

Adware Cleaner Scan.

Please download AdwCleaner by Xplode onto your desktop.

• Close all open programs and internet browsers.
• Double click on adwcleaner.exe to run the tool.
• Click on Scan button.
• When the scan has finished click on Clean button.
• Your computer will be rebooted automatically. A text file will open after the restart.
• Please post the contents of that logfile with your next reply.
• You can find the logfile at C:\AdwCleaner[S1].txt as well.

Eliminate Bad Settings with this nice tool.

• Temporarily disable your antivirus
  
• Download SupRestric.exe save to your desktop.
• Close all running programs.
• Double click the file to launch it.
• Windows: 7/8/10 Vista and run as administrator
• Click Yes at any prompt.
  
• The analysis takes only a few moments.
• The report is on the desktop ( CTR.txt )
• Copy paste report in next reply.
• A reboot is needed to complete the repairs.

 

[Malnutrition]

After the above scans...
Can you screen shot the prompt from Bitdefender?
Is it now detecting the malware in the FRST quarantine folder?

 

[clarkgriswold]

Ok, all scans complete. I am currently running a fresh Bitdefender scan..please standby.

Junkware Removal Tool (JRT) by Malwarebytes

Version: 8.1.0 (12.05.2016)
Operating System: Windows Vista (TM) Home Premium x86
Ran by Glen (Administrator) on Wed 02/22/2017 at 23:07:42.63
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 19

Failed to delete: C:\Program Files\web assistant (Folder)
Successfully deleted: C:\end (File)
Successfully deleted: C:\Program Files\mozilla firefox\defaults\pref\itms.js (File)
Successfully deleted: C:\ProgramData\1485439235.bdinstall.bin (File)
Successfully deleted: C:\ProgramData\Start Menu\Programs\pc tune-up (Folder)
Successfully deleted: C:\Users\Glen\AppData\Local\conduit (Folder)
Successfully deleted: C:\Users\Glen\AppData\Local\cre (Folder)
Successfully deleted: C:\Users\Glen\AppData\Local\ysearchutil (Folder)
Successfully deleted: C:\Users\Glen\Appdata\LocalLow\conduit (Folder)
Successfully deleted: C:\Windows\System32\conduitengine.tmp (File)
Successfully deleted: C:\Windows\wininit.ini (File)
Successfully deleted: C:\Users\Glen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\08Y3SC6D (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Glen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CNL4JV6U (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Glen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EYY2ALZ7 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Glen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GP7M657V (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\08Y3SC6D (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CNL4JV6U (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EYY2ALZ7 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GP7M657V (Temporary Internet Files Folder)

Deleted the following from C:\Users\Glen\AppData\Roaming\Mozilla\Firefox\Profiles\pooixovy.default-1413691062373\prefs.js
user_pref(extensions.toolbar.mindspark.hp.enabled, false);
user_pref(extensions.toolbar.mindspark.lastInstalled, gamingwonderland@mindspark.com);



Registry: 1

Successfully deleted: HKLM\SYSTEM\CurrentControlSet\services\Web Assistant Updater (Registry Key)




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 02/22/2017 at 23:09:11.90
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Malwarebytes Anti-Rootkit BETA 1.9.3.1001

www.malwarebytes.org

Database version:
main: v2017.02.23.01
rootkit: v2017.02.15.01

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Glen :: DESKTOP [administrator]

2/22/2017 9:27:59 PM
mbar-log-2017-02-22 (21-27-59).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 380439
Time elapsed: 56 minute(s), 52 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)

# AdwCleaner v6.043 - Logfile created 22/02/2017 at 23:15:37

# Updated on 27/01/2017 by Malwarebytes
# Database : 2017-01-27.1 [Local]
# Operating System : Windows Vista (TM) Home Premium Service Pack 2 (X86)
# Username : Glen - DESKTOP
# Running from : C:\Users\Glen\Desktop\adwcleaner_6.043.exe
# Mode: Clean
# Support : https://www.malwarebytes.com/support



***** [ Services ] *****

[-] Service deleted: Web Assistant Updater


***** [ Folders ] *****

[-] Folder deleted: C:\Users\Glen\AppData\Roaming\Yahoo!\Companion
[-] Folder deleted: C:\Program Files\Web Assistant
[-] Folder deleted: C:\Windows\system32\config\systemprofile\AppData\Local\YSearchUtil


***** [ Files ] *****



***** [ DLL ] *****



***** [ WMI ] *****



***** [ Shortcuts ] *****



***** [ Scheduled Tasks ] *****



***** [ Registry ] *****

[-] Key deleted: HKLM\SOFTWARE\Classes\Toolbar.CT2645238
[-] Key deleted: HKLM\SOFTWARE\Classes\Toolbar.CT2925418
[-] Key deleted: HKLM\SOFTWARE\Classes\Toolbar.CT3061355
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{43e32fb4-d5e9-41a2-9ded-f0894fb21ad2}
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{563028cc-55f3-4678-a37a-d9b10cfb2b19}
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{b03ecee6-cb2f-4338-84a7-1358ac61a918}
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c855d636-07b5-4dc3-82c7-a35242ea1d05}
[-] Key deleted: HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar
[-] Key deleted: HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar.1
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{6ABB1C11-E261-4CEA-BBB5-3836225689DD}
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
[-] Key deleted: HKU\.DEFAULT\Software\Auslogics
[-] Key deleted: HKU\S-1-5-21-3490785829-169181324-3712256341-1000\Software\ImInstaller
[-] Key deleted: HKU\S-1-5-21-3490785829-169181324-3712256341-1000\Software\YahooPartnerToolbar
[-] Key deleted: HKU\S-1-5-21-3490785829-169181324-3712256341-1000\Software\Auslogics
[-] Key deleted: HKU\S-1-5-21-3490785829-169181324-3712256341-1000\Software\AppDataLow\Software\adawarebp
[-] Key deleted: HKU\S-1-5-21-3490785829-169181324-3712256341-1000\Software\AppDataLow\Software\Conduit
[-] Key deleted: HKU\S-1-5-21-3490785829-169181324-3712256341-1000\Software\AppDataLow\Software\Yahoo\Companion
[-] Key deleted: HKU\S-1-5-21-3490785829-169181324-3712256341-1000\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{336D0C35-8A85-403a-B9D2-65C292C39087}_is1
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3490785829-169181324-3712256341-1000\Software\Web Assistant
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3490785829-169181324-3712256341-1000\Software\Yahoo\YFriendsBar
[#] Key deleted on reboot: HKU\S-1-5-18\Software\Auslogics
[#] Key deleted on reboot: HKCU\Software\ImInstaller
[#] Key deleted on reboot: HKCU\Software\YahooPartnerToolbar
[#] Key deleted on reboot: HKCU\Software\Auslogics
[-] Key deleted: HKU\.DEFAULT\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-18\Software\Web Assistant
[#] Key deleted on reboot: HKCU\Software\AppDataLow\Software\adawarebp
[#] Key deleted on reboot: HKCU\Software\AppDataLow\Software\Conduit
[#] Key deleted on reboot: HKCU\Software\AppDataLow\Software\Yahoo\Companion
[-] Key deleted: HKLM\SOFTWARE\Conduit
[-] Key deleted: HKLM\SOFTWARE\W3I
[-] Key deleted: HKLM\SOFTWARE\Web Assistant
[-] Key deleted: HKLM\SOFTWARE\Yahoo\Companion
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine
[#] Key deleted on reboot: HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{336D0C35-8A85-403a-B9D2-65C292C39087}_is1
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\Extension.DLL


***** [ Web browsers ] *****



*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [4650 Bytes] - [22/02/2017 23:15:37]
C:\AdwCleaner\AdwCleaner[S0].txt - [4645 Bytes] - [22/02/2017 23:12:46]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [4796 Bytes] ##########

Restricted Access Control Report Pierre13 (CTR version 2.4.0.0) of 22 \ 02 \ 2017 at 23:23:03

PC of Glen
Windows Vista Home Premium Service Pack 2 (32-bit)
Repair error 2203 performed
Control presence restrictions
PC vaccinated against Java sponsor.
Windows Firewall service enabled.
Windows Firewall settings restored by default and enabled.
235 controlled restrictions.
No restrictions found.
The report is on the desktop (C: \ Users \ Glen \ Desktop \ CTR.txt)

 

[Malnutrition]

Alright, awaiting your word.

I'd like to check and see if I have missed anything, lets run a tool that looks a little deeper than FRST.

ZHP Diag Scan


Download ZHP Diag to your desktop.


1. Right Click Run as Admin.
2. Click the Scanner button.

When complete please push the report button.
A notepad will open... copy and paste the report in your next reply.

 

[clarkgriswold]

Ok, here is the report. I had to play around some to get the tool to run, Bitdefender didn't like it.

~ ZHPDiag v2017.2.22.33 By Nicolas Coolman (2017/02/22)

~ Run by Glen (Administrator) (2017/02/23 08:08:24)
~ Web: https://www.nicolascoolman.com
~ Blog: https://nicolascoolman.eu/
~ Facebook: https://www.facebook.com/nicolascoolman1
~ State version: Version OK
~ Mode: Scan
~ Report: C:\Users\Glen\Desktop\ZHPDiag.txt
~ Report: C:\Users\Glen\AppData\Roaming\ZHP\ZHPDiag.txt
~ UAC: Deactivate
~ System startup: Normal (Normal boot)
Windows VISTA, 32-bit Service Pack 2 (Build 6002) =>.Microsoft Corporation

---\\ Internet Browsers (2) - 0s
~ MFIE: Mozilla Firefox 50.1.0 (x86 en-US)
~ MSIE: Internet Explorer v9.0.8112.16421

---\\ Windows Product Information (4) - 3s
~ Windows Server License Manager Script : OK
~ Licence Script File Génération : OK
Windows Automatic Updates : OK
Windows Activation Technologies : KO

---\\ System protection software (1) - 2s
ZoneAlarm DataLock v10.1.065.000 (Protection)

---\\ System protection software (Superfluous) (1) - 2s
~ Zemana AntiMalware v2.72.101 (Superfluous)

---\\ Surveillance software (2) - 2s
~ Adobe Flash Player 24 NPAPI (Surveillance)
~ Adobe Reader X (Surveillance)

---\\ Information on the system (6) - 0s
~ Operating System: x86 Family 6 Model 15 Stepping 11, GenuineIntel
~ Operating System: 32-bit
~ Boot mode: Normal (Normal boot)
Total RAM: 3405.264 MB (27% free) : OK =>.RAM Value
System Restore: Activé (Enable)
System drive C: has 10 GB () free of 171 GB : ATTENTION =>Warning Disk Space

---\\ Connection to the system mode (3) - 0s
~ Computer Name: DESKTOP
~ User Name: Glen
~ Logged in as Administrator

---\\ Enumeration of the disk units (3) - 0s
~ Drive C: has 10 GB free of 171 GB (System)
~ Drive D: has 29 GB free of 56 GB
~ Drive E: has 6 GB free of 10 GB

---\\ State of the Windows Security Center (11) - 0s
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiSpywareOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallOverride: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: Modified
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN] CheckedValue: Modified
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] CheckedValue: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: OK
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] Shell: OK
[HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] Load: OK
[HKLM\SYSTEM\CurrentControlSet\Services\COMSysApp] Type: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : OK

---\\ Search Generic System Files (23) - 5s
[MD5.D07D4C3038F3578FFCE1C0237F2A1253] - 11/04/2009 - (.Microsoft Corporation - Windows Explorer.) -- C:\Windows\Explorer.exe [2926592] =>.Microsoft Corporation
[MD5.4B555106290BD117334E9A08761C035A] - 02/11/2006 - (.Microsoft Corporation - Windows host process (Rundll32).) -- C:\Windows\System32\rundll32.exe [44544] =>.Microsoft Corporation
[MD5.101BA3EA053480BB5D957EF37C06B5ED] - 19/01/2008 - (.Microsoft Corporation - Windows Start-Up Application.) -- C:\Windows\System32\Wininit.exe [96768] =>.Microsoft Corporation
[MD5.F39B046F12E8AACA681B16F2D3CAC3BC] - 05/10/2016 - (.Microsoft Corporation - Internet Extensions for Win32.) -- C:\Windows\System32\wininet.dll [1129984] =>.Microsoft Corporation
[MD5.898E7C06A350D4A1A64A9EA264D55452] - 11/04/2009 - (.Microsoft Corporation - Windows Logon Application.) -- C:\Windows\System32\Winlogon.exe [314368] =>.Microsoft Corporation
[MD5.85E861D0B88DB2B54ACB0839654C09F7] - 02/03/2011 - (.Microsoft Corporation - DNS Client API DLL.) -- C:\Windows\System32\dnsapi.dll [168448] =>.Microsoft Corporation
[MD5.4A0978779958D8FE8F5849F452BCC812] - 13/10/2015 - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) -- C:\Windows\System32\drivers\AFD.sys [273408] =>.Microsoft Corporation
[MD5.9E7E85EC61D1C9C3171CC08427108863] - 09/08/2007 - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) -- C:\Windows\System32\drivers\atapi.sys [21688] =>.Microsoft Windows®
[MD5.7ADD03E75BEB9E6DD102C3081D29840A] - 19/01/2008 - (.Microsoft Corporation - CD-ROM File System Driver.) -- C:\Windows\System32\drivers\Cdfs.sys [70144] =>.Microsoft Corporation
[MD5.6B4BFFB9BECD728097024276430DB314] - 10/04/2009 - (.Microsoft Corporation - SCSI CD-ROM Driver.) -- C:\Windows\System32\drivers\Cdrom.sys [67072] =>.Microsoft Corporation
[MD5.4E428F992C64E061C9AF56CCD3F78DAE] - 08/09/2016 - (.Microsoft Corporation - DFS Namespace Client Driver.) -- C:\Windows\System32\drivers\DfsC.sys [79360] =>.Microsoft Corporation
[MD5.062452B7FFD68C8C042A6261FE8DFF4A] - 10/04/2009 - (.Microsoft Corporation - High Definition Audio Bus Driver.) -- C:\Windows\System32\drivers\HDAudBus.sys [561152] =>.Microsoft Corporation
[MD5.22D56C8184586B7A1F6FA60BE5F5A2BD] - 19/01/2008 - (.Microsoft Corporation - i8042 Port Driver.) -- C:\Windows\System32\drivers\i8042prt.sys [54784] =>.Microsoft Corporation
[MD5.8793643A67B42CEC66490B2A0CF92D68] - 19/01/2008 - (.Microsoft Corporation - IP Network Address Translator.) -- C:\Windows\System32\drivers\IpNat.sys [100864] =>.Microsoft Corporation
[MD5.1B864548B2ACEC1C0BB29B615CC42978] - 08/01/2015 - (.Microsoft Corporation - Windows NT SMB Minirdr.) -- C:\Windows\System32\drivers\MRxSmb.sys [107008] =>.Microsoft Corporation
[MD5.BF84E55A9B3AD3CBAB4AAE3BE043E579] - 10/05/2016 - (.Microsoft Corporation - MBT Transport driver.) -- C:\Windows\System32\drivers\netBT.sys [185856] =>.Microsoft Corporation
[MD5.2C1121F2B87E9A6B12485DF53CD848C7] - 03/03/2013 - (.Microsoft Corporation - NT File System Driver.) -- C:\Windows\System32\drivers\ntfs.sys [1082232] =>.Microsoft Windows®
[MD5.0FA9B5055484649D63C303FE404E5F4D] - 02/11/2006 - (.Microsoft Corporation - Parallel Port Driver.) -- C:\Windows\System32\drivers\Parport.sys [79360] =>.Microsoft Corporation
[MD5.A214ADBAF4CB47DD2728859EF31F26B0] - 19/01/2008 - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) -- C:\Windows\System32\drivers\Rasl2tp.sys [76288] =>.Microsoft Corporation
[MD5.0245418224CFA77BF4B41C2FE0622258] - 09/08/2007 - (.Microsoft Corporation - Microsoft RDP Device redirector.) -- C:\Windows\System32\drivers\rdpdr.sys [242688] =>.Microsoft Corporation
[MD5.7B75299A4D201D6A6533603D6914AB04] - 10/04/2009 - (.Microsoft Corporation - SMB Transport driver.) -- C:\Windows\System32\drivers\smb.sys [66560] =>.Microsoft Corporation
[MD5.EC565DFA3D9C45D8083B72DEC5B33710] - 13/10/2015 - (.Microsoft Corporation - TDI Translation Driver.) -- C:\Windows\System32\drivers\tdx.sys [72192] =>.Microsoft Corporation
[MD5.786DB5771F05EF300390399F626BF30A] - 21/08/2012 - (.Microsoft Corporation - Volume Shadow Copy Driver.) -- C:\Windows\System32\drivers\volsnap.sys [224640] =>.Microsoft Windows®

---\\ Non Microsoft non disabled Windows Services (12) - 5s
O23 - Service: Andrea RT Filters Service (AERTFilters) . (.Andrea Electronics Corporation - Andrea filters APO access service (32-bit).) - C:\Windows\System32\AERTSrv.exe =>.Andrea Electronics Corporation
O23 - Service: CodeMeter Runtime Server (CodeMeter.exe) . (.WIBU-SYSTEMS AG - CodeMeter Runtime Server.) - C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe =>.WIBU-SYSTEMS AG®
O23 - Service: Epson Scanner Service (EpsonScanSvc) . (.Seiko Epson Corporation - Epson Scanner Service (32bit).) - C:\Windows\System32\escsvc.exe =>.SEIKO EPSON Corporation®
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) . (.Intel Corporation - RAID Monitor.) - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe =>.Intel Corporation®
O23 - Service: (Net Driver HPZ12) . (.Hewlett-Packard - Dot4Net Module.) - C:\Windows\System32\HPZinw12.dll =>.Hewlett-Packard
O23 - Service: NVIDIA Display Driver Service (nvsvc) . (.NVIDIA Corporation - NVIDIA Driver Helper Service, Version 311.0.) - C:\Windows\System32\nvvsvc.exe =>.NVIDIA Corporation®
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) . (.NVIDIA Corporation - NVIDIA Settings Update Manager.) - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe =>.NVIDIA Corporation®
O23 - Service: (Pml Driver HPZ12) . (.Hewlett-Packard - PmlDrv Module.) - C:\Windows\System32\HPZipm12.dll =>.Hewlett-Packard
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) . (.NVIDIA Corporation - Stereo Vision Control Panel API Server.) - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe =>.NVIDIA Corporation®
O23 - Service: Bitdefender Desktop Update Service (UPDATESRV) . (.Bitdefender - Bitdefender Update Service.) - C:\Program Files\Bitdefender\Bitdefender 2015\updatesrv.exe =>.Bitdefender SRL®
O23 - Service: Bitdefender Virus Shield (VSSERV) . (.Bitdefender - Bitdefender Security Service.) - C:\Program Files\Bitdefender\Bitdefender 2015\vsserv.exe =>.Bitdefender SRL®
O23 - Service: ZAM Controller Service (ZAMSvc) . (.Copyright 2017. - ZAM.) - C:\Program Files\Zemana AntiMalware\ZAM.exe =>.Zemana Ltd.®

---\\ Services not Microsoft (SR=Run, SS=Stop) (18) - 28s
SS - Demand [14/09/2015] [ 82128] Adobe Acrobat Update Service (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe =>.Adobe Systems, Incorporated®
SS - Demand [14/02/2017] [ 270936] Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe =>.Adobe Systems Incorporated®
SR - Auto [05/12/2007] [ 77824] Andrea RT Filters Service (AERTFilters) . (.Andrea Electronics Corporation.) - C:\Windows\System32\AERTSrv.exe =>.Andrea Electronics Corporation
SS - Demand [09/12/2014] [ 69880] Bitdefender Desktop Parental Control (BdDesktopParental) . (.Bitdefender.) - C:\Program Files\Bitdefender\Bitdefender 2015\bdparentalservice.exe =>.Bitdefender SRL®
SR - Auto [27/11/2013] [ 3105144] CodeMeter Runtime Server (CodeMeter.exe) . (.WIBU-SYSTEMS AG.) - C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe =>.WIBU-SYSTEMS AG®
SR - Auto [17/05/2012] [ 126128] Epson Scanner Service (EpsonScanSvc) . (.Seiko Epson Corporation.) - C:\Windows\System32\escsvc.exe =>.SEIKO EPSON Corporation®
SS - Demand [22/03/2010] [ 68000] C:\Program Files\NOS\bin\getPlus_Helper.dll (getPlusHelper) . (.NOS Microsystems Ltd..) - C:\Program Files\NOS\bin\getPlus_Helper.dll =>.Adobe Systems Incorporated®
SR - Auto [21/03/2007] [ 355096] Intel(R) Matrix Storage Event Monitor (IAANTMON) . (.Intel Corporation.) - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe =>.Intel Corporation®
SS - Demand [03/04/2005] [ 69632] InstallDriver Table Manager (IDriverT) . (.Macrovision Corporation.) - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe =>.Macrovision Corporation
SR - Auto [06/08/2010] [ 44032] (Net Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\HPZinw12.dll =>.Hewlett-Packard
SR - Auto [18/01/2013] [ 639776] NVIDIA Display Driver Service (nvsvc) . (.NVIDIA Corporation.) - C:\Windows\System32\nvvsvc.exe =>.NVIDIA Corporation®
SS - Auto [25/02/2013] [ 1260320] NVIDIA Update Service Daemon (nvUpdatusService) . (.NVIDIA Corporation.) - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe =>.NVIDIA Corporation®
SR - Auto [06/08/2010] [ 53760] (Pml Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\HPZipm12.dll =>.Hewlett-Packard
SS - Disabl [08/07/2013] [ 81704] SafeBox (SafeBox) . (.Bitdefender.) - C:\Program Files\Bitdefender\Bitdefender SafeBox\safeboxservice.exe =>.Bitdefender SRL®
SR - Auto [18/01/2013] [ 383264] NVIDIA Stereoscopic 3D Driver Service (Stereo Service) . (.NVIDIA Corporation.) - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe =>.NVIDIA Corporation®
SR - Auto [27/10/2014] [ 54424] Bitdefender Desktop Update Service (UPDATESRV) . (.Bitdefender.) - C:\Program Files\Bitdefender\Bitdefender 2015\updatesrv.exe =>.Bitdefender SRL®
SR - Auto [31/01/2017] [ 1335176] Bitdefender Virus Shield (VSSERV) . (.Bitdefender.) - C:\Program Files\Bitdefender\Bitdefender 2015\vsserv.exe =>.Bitdefender SRL®
SR - Auto [02/02/2017] [14416624] ZAM Controller Service (ZAMSvc) . (.Copyright 2017..) - C:\Program Files\Zemana AntiMalware\ZAM.exe =>.Zemana Ltd.®

---\\ Auto loading programs from Registry and folders (20) - 0s
O4 - HKLM\..\Run: [RtHDVCpl] . (.Realtek Semiconductor - HD Audio Control Panel.) -- C:\Windows\RtHDVCpl.exe =>.Realtek Semiconductor
O4 - HKLM\..\Run: [ISUSScheduler] . (.Macrovision Corporation - Macrovision FLEXnet Connect Scheduler.) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe =>.Macrovision Corporation
O4 - HKLM\..\Run: [ISUSPM Startup] . (.Macrovision Corporation - Macrovision FLEXnet Connect Software Manage.) -- C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe =>.Macrovision Corporation
O4 - HKLM\..\Run: [IAAnotif] . (.Intel Corporation - Event Monitor User Notification Tool.) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe =>.Intel Corporation®
O4 - HKLM\..\Run: [FUFAXSTM] . (.SEIKO EPSON CORPORATION - Fax Transmission.) -- C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe =>.SEIKO EPSON CORPORATION®
O4 - HKLM\..\Run: [FUFAXRCV] . (.SEIKO EPSON CORPORATION - Fax Reception.) -- C:\Program Files\Epson Software\FAX Utility\FUFAXRCV.exe =>.SEIKO EPSON CORPORATION®
O4 - HKLM\..\Run: [EEventManager] . (.SEIKO EPSON CORPORATION - EEventManager Application.) -- C:\Program Files\Epson Software\Event Manager\EEventManager.exe =>.SEIKO EPSON CORPORATION®
O4 - HKLM\..\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems, Incorporated®
O4 - HKLM\..\Run: [Bdagent] . (.Bitdefender - Bitdefender Agent.) -- C:\Program Files\Bitdefender\Bitdefender 2015\bdagent.exe =>.Bitdefender SRL®
O4 - HKLM\..\Run: [ZAM] . (.Copyright 2017. - ZAM.) -- C:\Program Files\Zemana AntiMalware\ZAM.exe =>.Zemana Ltd.®
O4 - HKCU\..\Run: [WMPNSCFG] . (.Microsoft Corporation - Windows Media Player Network Sharing Servic.) -- C:\Program Files\Windows Media Player\wmpnscfg.exe =>.Microsoft Corporation
O4 - HKCU\..\Run: [ehTray.exe] . (.Microsoft Corporation - Media Center Tray Applet.) -- C:\Windows\ehome\ehtray.exe =>.Microsoft Corporation
O4 - HKCU\..\Run: [Bitdefender Wallet Agent] . (.Bitdefender - Bitdefender Wallet Agent.) -- C:\Program Files\Bitdefender\Bitdefender 2015\bdwtxag.exe =>.Bitdefender SRL®
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Windows Sidebar.) -- C:\Program Files\Windows Sidebar\sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] . (.Microsoft Corporation - Windows host process (Rundll32).) -- C:\Windows\System32\rundll32.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Windows Sidebar.) -- C:\Program Files\Windows Sidebar\sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] . (.Microsoft Corporation - Windows host process (Rundll32).) -- C:\Windows\System32\rundll32.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-3490785829-169181324-3712256341-1000\..\Run: [WMPNSCFG] . (.Microsoft Corporation - Windows Media Player Network Sharing Servic.) -- C:\Program Files\Windows Media Player\wmpnscfg.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-3490785829-169181324-3712256341-1000\..\Run: [ehTray.exe] . (.Microsoft Corporation - Media Center Tray Applet.) -- C:\Windows\ehome\ehtray.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-3490785829-169181324-3712256341-1000\..\Run: [Bitdefender Wallet Agent] . (.Bitdefender - Bitdefender Wallet Agent.) -- C:\Program Files\Bitdefender\Bitdefender 2015\bdwtxag.exe =>.Bitdefender SRL®

---\\ Process running (26) - 2s
[MD5.61385EF23C1E18D606A975DB8D6B10E3] - (.Bitdefender - Bitdefender Security Service.) -- C:\Program Files\Bitdefender\Bitdefender 2015\vsserv.exe [1335176] [PID.1004] =>.Bitdefender SRL®
[MD5.E4284FCF99FEA13A7E1836F87AE356F6] - (.NVIDIA Corporation - NVIDIA Driver Helper Service, Version 311.0.) -- C:\Windows\System32\nvvsvc.exe [639776] [PID.1284] =>.NVIDIA Corporation®
[MD5.5A19667A580B1CE886EAF968B9743F45] - (.NVIDIA Corporation - Stereo Vision Control Panel API Server.) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [383264] [PID.1296] =>.NVIDIA Corporation®
[MD5.8619BE54EC51A74A2C3F82B313AB445E] - (.NVIDIA Corporation - NVIDIA User Experience Driver Component.) -- C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe [873248] [PID.1844] =>.NVIDIA Corporation®
[MD5.E4284FCF99FEA13A7E1836F87AE356F6] - (.NVIDIA Corporation - NVIDIA Driver Helper Service, Version 311.0.) -- C:\Windows\System32\nvvsvc.exe [639776] [PID.1856] =>.NVIDIA Corporation®
[MD5.330A1E4DF07C2E29949ED8631CD8828E] - (.Andrea Electronics Corporation - Andrea filters APO access service (32-bit).) -- C:\Windows\System32\AERTSrv.exe [77824] [PID.2796] =>.Andrea Electronics Corporation
[MD5.B503285B5D1CAC5AE445D60C690DCFF9] - (.Realtek Semiconductor - HD Audio Control Panel.) -- C:\Windows\RtHDVCpl.exe [4907008] [PID.2804] =>.Realtek Semiconductor
[MD5.B538590B338F5379D4B33E266902008B] - (.Seiko Epson Corporation - Epson Scanner Service (32bit).) -- C:\Windows\System32\escsvc.exe [126128] [PID.2840] =>.SEIKO EPSON Corporation®
[MD5.FF3BF05021BFECC92DB81B8257EEB026] - (.Macrovision Corporation - Macrovision FLEXnet Connect Scheduler.) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [81920] [PID.2848] =>.Macrovision Corporation
[MD5.AE38A12F79A4980DDB88F36514F8A1DA] - (.Intel Corporation - RAID Monitor.) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe [355096] [PID.2892] =>.Intel Corporation®
[MD5.F371C6DF9A810EF2E6E4FA60ACBB5C33] - (.Intel Corporation - Event Monitor User Notification Tool.) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe [174872] [PID.2944] =>.Intel Corporation®
[MD5.C039D1E17B08CC50AA919452A6DFF7BD] - (.SEIKO EPSON CORPORATION - Fax Transmission.) -- C:\Program Files\EPSON Software\FAX Utility\FUFAXSTM.exe [863848] [PID.2988] =>.SEIKO EPSON CORPORATION®
[MD5.494AB1A80F7BBF60D79116E4EEB86C71] - (.SEIKO EPSON CORPORATION - Fax Reception.) -- C:\Program Files\EPSON Software\FAX Utility\FUFAXRCV.exe [642664] [PID.3024] =>.SEIKO EPSON CORPORATION®
[MD5.47C9EF1600EDD9EBD8155EB6B5206B6B] - (.NVIDIA Corporation - NVIDIA Settings.) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe [1821984] [PID.3068] =>.NVIDIA Corporation®
[MD5.4ABA86D5B0D440F33BDBDBDAEA065C42] - (.SEIKO EPSON CORPORATION - EEventManager Application.) -- C:\Program Files\EPSON Software\Event Manager\EEventManager.exe [1065024] [PID.3084] =>.SEIKO EPSON CORPORATION®
[MD5.F2C614240A6D97EE36110D7268D467AE] - (.Bitdefender - Bitdefender Agent.) -- C:\Program Files\Bitdefender\Bitdefender 2015\bdagent.exe [1865664] [PID.3176] =>.Bitdefender SRL®
[MD5.C78761C2A5475EA16ADCD438CC17841F] - (.Copyright 2017. - ZAM.) -- C:\Program Files\Zemana AntiMalware\ZAM.exe [14416624] [PID.3184] =>.Zemana Ltd.®
[MD5.D226EFE06C8AD16423E40898E43FC53F] - (.Bitdefender - Bitdefender Update Service.) -- C:\Program Files\Bitdefender\Bitdefender 2015\updatesrv.exe [54424] [PID.3232] =>.Bitdefender SRL®
[MD5.F14F474ACC5C1103FA79104B10AA3AA2] - (.Bitdefender - Bitdefender Wallet Agent.) -- C:\Program Files\Bitdefender\Bitdefender 2015\bdwtxag.exe [687864] [PID.3248] =>.Bitdefender SRL®
[MD5.C78761C2A5475EA16ADCD438CC17841F] - (.Copyright 2017. - ZAM.) -- C:\Program Files\Zemana AntiMalware\ZAM.exe [14416624] [PID.3608] =>.Zemana Ltd.®
[MD5.F97961FD74E83E3E96DB45B69B33B157] - (.WIBU-SYSTEMS AG - CodeMeter Runtime Server.) -- C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe [3105144] [PID.3924] =>.WIBU-SYSTEMS AG®
[MD5.CBFEC9262A5E30AD9302C7591D2ABC99] - (.PIXELA CORPORATION - .) -- C:\Program Files\PIXELA\ImageMixer 3 SE Ver.3\CameraMonitor.exe [253952] [PID.3968] =>.PIXELA CORPORATION
[MD5.7271ED4A16F4166E13EE9FF73FA7A887] - (...) -- C:\Program Files\USB Sharing\usbshare.exe [139264] [PID.3976]
[MD5.2EF2B10E5F65FB054D2D54BDA54D230B] - (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe [517576] [PID.940] =>.Mozilla Corporation®
[MD5.2EF2B10E5F65FB054D2D54BDA54D230B] - (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe [517576] [PID.3852] =>.Mozilla Corporation®
[MD5.C591EEEC3B25AAEA3842521219F6646B] - (.Nicolas Coolman - ZHPDiag.) -- C:\Users\Glen\Desktop\test\ZHPDiag3.exe [2699264] [PID.3796] =>.Nicolas Coolman

---\\ Mozilla Firefox,Plugins,Start,Search,Extensions (4) - 1s
M0 - MFSP: prefs.js [Glen - pooixovy.default-1413691062373] http://duckduckgo.com/
P2 - EXT FILE: (...) -- C:\Users\Glen\AppData\Roaming\Mozilla\Firefox\Profiles\pooixovy.default-1413691062373\searchplugins\duckduckgo.xml
P2 - FPN: [HKLM] [@adobe.com/FlashPlayer] - (.Adobe Systems Incorporated.) -- C:\Windows\System32\Macromed\Flash\NPSWF32_24_0_0_221.dll =>.Adobe Systems Incorporated
P2 - FPN: [HKLM] [@Apple.com/iTunes,version=1.0] - (.Apple Inc..) -- C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll =>.Apple Inc.

---\\ Internet Explorer Extensions, Start, Search (10) - 0s
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank =>.Microsoft Corporation
R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank =>.Microsoft Corporation
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/ =>.Microsoft Corporation
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/ =>.Yahoo! Inc.
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/ =>.Microsoft Corporation
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons =>.Microsoft Corporation
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk =>.Microsoft Corporation
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs = res://ieframe.dll/tabswelcome.htm
R3 - URLSearchHook: (no name) - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} Orphan =>.Microsoft Internet Explorer
R4 - HKCU\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter,Enabled = 0

---\\ Internet Explorer, Proxy Management (6) - 0s
R5 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 0
R5 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
R5 - HKLM\SYSTEM\CurrentControlSet\services\NlaSvc\Parameters\Internet\ManualProxies []

---\\ Line Analysis, IniFiles, Auto loading programs (3) - 1s
F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe (.Microsoft Corporation.) =>.Microsoft Corporation
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe (.Microsoft Corporation.) =>.Microsoft Corporation
F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl"

---\\ Hosts file redirection (1) - 0s
~ Le fichier hôte est sain (The hosts file is clean) (1)

---\\ Global shortcuts Startup (107) - 6s
O4 - GS\Desktop [Administrator]: Dell DataSafe.lnk . (...) C:\DELL\DataSafe\DataSafe.htm
O4 - GS\Desktop [Administrator]: My DocsToGo.lnk . (...) C:\Users\Glen\Documents\My DocsToGo
O4 - GS\Desktop [Administrator]: Sling.lnk . (...) C:\ProgramData\Sling\Sling.exe
O4 - GS\Desktop [Administrator]: USB Sharing.lnk . (...) C:\Program Files\USB Sharing\usbshare.exe
O4 - GS\Desktop [Administrator]: ZHPDiag.lnk . (.Nicolas Coolman - ZHPDiag.) C:\Users\Glen\AppData\Roaming\ZHP\ZHPDiag3.exe =>.Nicolas Coolman
O4 - GS\Quicklaunch [Administrator]: iTunes (2).lnk . (.Apple Inc. - iTunes.) C:\Program Files\iTunes\iTunes.exe =>.Apple Inc.®
O4 - GS\Quicklaunch [Administrator]: Microsoft Office Excel 2003.lnk . (...) C:\Windows\Installer\{91E30409-6000-11D3-8CFE-0150048383C9}\xlicons.exe =>.Microsoft Corporation
O4 - GS\Quicklaunch [Administrator]: Microsoft Office Word 2003.lnk . (...) C:\Windows\Installer\{91E30409-6000-11D3-8CFE-0150048383C9}\wordicon.exe =>.Microsoft Corporation
O4 - GS\Quicklaunch [Administrator]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) C:\Program Files\Mozilla Firefox\firefox.exe =>.Mozilla Corporation®
O4 - GS\Quicklaunch [Administrator]: Snipping Tool.lnk . (.Microsoft Corporation - Snipping Tool.) C:\Windows\System32\SnippingTool.exe =>.Microsoft Corporation
O4 - GS\sendTo [Administrator]: Drag-to-Disc Drive (F).lnk . (...) F:\
O4 - GS\sendTo [Administrator]: Drag-to-Disc Drive (G).lnk . (...) G:\
O4 - GS\sendTo [Administrator]: InstantBurn CD (F).Lnk . (...) F:\
O4 - GS\sendTo [Administrator]: InstantBurn CD (G).Lnk . (...) G:\
O4 - GS\Programs [Administrator]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) C:\Program Files\Internet Explorer\iexplore.exe =>.Microsoft Corporation®
O4 - GS\Programs [Administrator]: Windows Mail.lnk . (.Microsoft Corporation - Windows Mail.) C:\Program Files\Windows Mail\WinMail.exe =>.Microsoft Corporation
O4 - GS\Programs [Administrator]: Windows Media Player.lnk . (.Microsoft Corporation - Windows Media Player.) C:\Program Files\Windows Media Player\wmplayer.exe /prefetch:1 =>.Microsoft Corporation
O4 - GS\Programs [Administrator]: Windows Vista Upgrade Advisor.lnk . (...) C:\Users\Glen\AppData\Roaming\Microsoft\Installer\{E0EB8881-0CFE-4375-8782-8807D258CD7C}\_294823.exe
O4 - GS\Desktop [Glen]: Dell DataSafe.lnk . (...) C:\DELL\DataSafe\DataSafe.htm
O4 - GS\Desktop [Glen]: My DocsToGo.lnk . (...) C:\Users\Glen\Documents\My DocsToGo
O4 - GS\Desktop [Glen]: Sling.lnk . (...) C:\ProgramData\Sling\Sling.exe
O4 - GS\Desktop [Glen]: USB Sharing.lnk . (...) C:\Program Files\USB Sharing\usbshare.exe
O4 - GS\Desktop [Glen]: ZHPDiag.lnk . (.Nicolas Coolman - ZHPDiag.) C:\Users\Glen\AppData\Roaming\ZHP\ZHPDiag3.exe =>.Nicolas Coolman
O4 - GS\Quicklaunch [Glen]: iTunes (2).lnk . (.Apple Inc. - iTunes.) C:\Program Files\iTunes\iTunes.exe =>.Apple Inc.®
O4 - GS\Quicklaunch [Glen]: Microsoft Office Excel 2003.lnk . (...) C:\Windows\Installer\{91E30409-6000-11D3-8CFE-0150048383C9}\xlicons.exe =>.Microsoft Corporation
O4 - GS\Quicklaunch [Glen]: Microsoft Office Word 2003.lnk . (...) C:\Windows\Installer\{91E30409-6000-11D3-8CFE-0150048383C9}\wordicon.exe =>.Microsoft Corporation
O4 - GS\Quicklaunch [Glen]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) C:\Program Files\Mozilla Firefox\firefox.exe =>.Mozilla Corporation®
O4 - GS\Quicklaunch [Glen]: Snipping Tool.lnk . (.Microsoft Corporation - Snipping Tool.) C:\Windows\System32\SnippingTool.exe =>.Microsoft Corporation
O4 - GS\sendTo [Glen]: Drag-to-Disc Drive (F).lnk . (...) F:\
O4 - GS\sendTo [Glen]: Drag-to-Disc Drive (G).lnk . (...) G:\
O4 - GS\sendTo [Glen]: InstantBurn CD (F).Lnk . (...) F:\
O4 - GS\sendTo [Glen]: InstantBurn CD (G).Lnk . (...) G:\
O4 - GS\Programs [Glen]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) C:\Program Files\Internet Explorer\iexplore.exe =>.Microsoft Corporation®
O4 - GS\Programs [Glen]: Windows Mail.lnk . (.Microsoft Corporation - Windows Mail.) C:\Program Files\Windows Mail\WinMail.exe =>.Microsoft Corporation
O4 - GS\Programs [Glen]: Windows Media Player.lnk . (.Microsoft Corporation - Windows Media Player.) C:\Program Files\Windows Media Player\wmplayer.exe /prefetch:1 =>.Microsoft Corporation
O4 - GS\Programs [Glen]: Windows Vista Upgrade Advisor.lnk . (...) C:\Users\Glen\AppData\Roaming\Microsoft\Installer\{E0EB8881-0CFE-4375-8782-8807D258CD7C}\_294823.exe
O4 - GS\Desktop [Guest]: Dell DataSafe.lnk . (...) C:\DELL\DataSafe\DataSafe.htm
O4 - GS\Desktop [Guest]: My DocsToGo.lnk . (...) C:\Users\Glen\Documents\My DocsToGo
O4 - GS\Desktop [Guest]: Sling.lnk . (...) C:\ProgramData\Sling\Sling.exe
O4 - GS\Desktop [Guest]: USB Sharing.lnk . (...) C:\Program Files\USB Sharing\usbshare.exe
O4 - GS\Desktop [Guest]: ZHPDiag.lnk . (.Nicolas Coolman - ZHPDiag.) C:\Users\Glen\AppData\Roaming\ZHP\ZHPDiag3.exe =>.Nicolas Coolman
O4 - GS\Quicklaunch [Guest]: iTunes (2).lnk . (.Apple Inc. - iTunes.) C:\Program Files\iTunes\iTunes.exe =>.Apple Inc.®
O4 - GS\Quicklaunch [Guest]: Microsoft Office Excel 2003.lnk . (...) C:\Windows\Installer\{91E30409-6000-11D3-8CFE-0150048383C9}\xlicons.exe =>.Microsoft Corporation
O4 - GS\Quicklaunch [Guest]: Microsoft Office Word 2003.lnk . (...) C:\Windows\Installer\{91E30409-6000-11D3-8CFE-0150048383C9}\wordicon.exe =>.Microsoft Corporation
O4 - GS\Quicklaunch [Guest]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) C:\Program Files\Mozilla Firefox\firefox.exe =>.Mozilla Corporation®
O4 - GS\Quicklaunch [Guest]: Snipping Tool.lnk . (.Microsoft Corporation - Snipping Tool.) C:\Windows\System32\SnippingTool.exe =>.Microsoft Corporation
O4 - GS\sendTo [Guest]: Drag-to-Disc Drive (F).lnk . (...) F:\
O4 - GS\sendTo [Guest]: Drag-to-Disc Drive (G).lnk . (...) G:\
O4 - GS\sendTo [Guest]: InstantBurn CD (F).Lnk . (...) F:\
O4 - GS\sendTo [Guest]: InstantBurn CD (G).Lnk . (...) G:\
O4 - GS\Programs [Guest]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) C:\Program Files\Internet Explorer\iexplore.exe =>.Microsoft Corporation®
O4 - GS\Programs [Guest]: Windows Mail.lnk . (.Microsoft Corporation - Windows Mail.) C:\Program Files\Windows Mail\WinMail.exe =>.Microsoft Corporation
O4 - GS\Programs [Guest]: Windows Media Player.lnk . (.Microsoft Corporation - Windows Media Player.) C:\Program Files\Windows Media Player\wmplayer.exe /prefetch:1 =>.Microsoft Corporation
O4 - GS\Programs [Guest]: Windows Vista Upgrade Advisor.lnk . (...) C:\Users\Glen\AppData\Roaming\Microsoft\Installer\{E0EB8881-0CFE-4375-8782-8807D258CD7C}\_294823.exe
O4 - GS\CommonDesktop [Public]: Bitdefender Total Security 2015.lnk . (.Bitdefender - Bitdefender Security Center.) C:\Program Files\Bitdefender\Bitdefender 2015\seccenter.exe =>.Bitdefender SRL®
O4 - GS\CommonDesktop [Public]: Documents To Go Desktop for iOS.lnk . (.DataViz, Inc. - Documents To Go Desktop.) C:\Program Files\Documents To Go Desktop\DocsToGoDesktop.exe =>.DataViz, Inc.
O4 - GS\CommonDesktop [Public]: Documents To Go Desktop.lnk . (.DataViz, Inc. - Documents To Go Desktop.) C:\Program Files\Documents To Go Desktop\DocsToGoDesktop.exe =>.DataViz, Inc.
O4 - GS\CommonDesktop [Public]: EPSON Scan.lnk . (.SEIKO EPSON CORP. - EPSON Scan.) C:\Windows\twain_32\escndv\escndv.exe =>.SEIKO EPSON CORPORATION®
O4 - GS\CommonDesktop [Public]: Zemana AntiMalware.lnk . (.Copyright 2017. - ZAM.) C:\Program Files\Zemana AntiMalware\ZAM.exe =>.Zemana Ltd.®
O4 - GS\Programs [Public]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) C:\Program Files\Internet Explorer\iexplore.exe =>.Microsoft Corporation®
O4 - GS\Programs [Public]: Windows Mail.lnk . (.Microsoft Corporation - Windows Mail.) C:\Program Files\Windows Mail\WinMail.exe =>.Microsoft Corporation
O4 - GS\Programs [Public]: Windows Media Player.lnk . (.Microsoft Corporation - Windows Media Player.) C:\Program Files\Windows Media Player\wmplayer.exe /prefetch:1 =>.Microsoft Corporation
O4 - GS\Programs [Public]: Windows Vista Upgrade Advisor.lnk . (...) C:\Users\Glen\AppData\Roaming\Microsoft\Installer\{E0EB8881-0CFE-4375-8782-8807D258CD7C}\_294823.exe
O4 - GS\Accessories [Public]: Command Prompt.lnk . (.Microsoft Corporation - Windows Command Processor.) C:\Windows\System32\cmd.exe =>.Microsoft Corporation
O4 - GS\Accessories [Public]: Notepad.lnk . (.Microsoft Corporation - Notepad.) C:\Windows\System32\notepad.exe =>.Microsoft Corporation
O4 - GS\Accessories [Public]: Windows Explorer.lnk . (.Microsoft Corporation - Windows Explorer.) C:\Windows\explorer.exe =>.Microsoft Corporation
O4 - GS\SystemTools [Public]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) C:\Program Files\Internet Explorer\iexplore.exe -extoff =>.Microsoft Corporation®
O4 - GS\Startup [Public]: APC UPS Status.lnk . (...) C:\Program Files\APC\APC PowerChute Personal Edition\Display.exe
O4 - GS\Startup [Public]: DataViz Inc Messenger.lnk . (...) C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
O4 - GS\Startup [Public]: HotSync Manager.lnk . (...) C:\Program Files\palmOne\Hotsync.exe
O4 - GS\Startup [Public]: ImageMixer 3 SE Camera Monitor Ver.3.lnk . (.PIXELA CORPORATION - .) C:\Program Files\PIXELA\ImageMixer 3 SE Ver.3\CameraMonitor.exe =>.PIXELA CORPORATION
O4 - GS\Startup [Public]: USB Sharing.lnk . (...) C:\Program Files\USB Sharing\usbshare.exe
O4 - GS\Accessories [Public]: Calculator.lnk . (.Microsoft Corporation - Windows Calculator.) C:\Windows\System32\calc.exe =>.Microsoft Corporation
O4 - GS\Accessories [Public]: Mobility Center.lnk . (.Microsoft Corporation - Windows Mobility Center.) C:\Windows\System32\mblctr.exe /open =>.Microsoft Corporation
O4 - GS\Accessories [Public]: NetworkProjection.lnk . (.Microsoft Corporation - Connect to a Network Projector.) C:\Windows\System32\NetProj.exe =>.Microsoft Corporation
O4 - GS\Accessories [Public]: Paint.lnk . (.Microsoft Corporation - Paint.) C:\Windows\System32\mspaint.exe =>.Microsoft Corporation
O4 - GS\Accessories [Public]: Remote Desktop Connection.lnk . (.Microsoft Corporation - Remote Desktop Connection.) C:\Windows\System32\mstsc.exe =>.Microsoft Corporation
O4 - GS\Accessories [Public]: Sidebar.lnk . (.Microsoft Corporation - Windows Sidebar.) C:\Program Files\Windows Sidebar\sidebar.exe =>.Microsoft Corporation
O4 - GS\Accessories [Public]: Snipping Tool.lnk . (.Microsoft Corporation - Snipping Tool.) C:\Windows\System32\SnippingTool.exe =>.Microsoft Corporation
O4 - GS\Accessories [Public]: Sound Recorder.lnk . (.Microsoft Corporation - Windows Sound Recorder.) C:\Windows\System32\SoundRecorder.exe =>.Microsoft Corporation
O4 - GS\Accessories [Public]: Sync Center.lnk . (.Microsoft Corporation - Microsoft Sync Center.) C:\Windows\System32\mobsync.exe =>.Microsoft Corporation
O4 - GS\Accessories [Public]: Welcome Center.lnk . (.Microsoft Corporation - Windows Control Panel.) C:\Windows\System32\control.exe /name Microsoft.WelcomeCenter =>.Microsoft Corporation
O4 - GS\Accessories [Public]: Wordpad.lnk . (.Microsoft Corporation - Windows Wordpad Application.) C:\Program Files\Windows NT\Accessories\wordpad.exe =>.Microsoft Corporation
O4 - GS\SystemTools [Public]: Backup.lnk . (.Microsoft Corporation - Microsoft® Windows Backup.) C:\Windows\System32\sdclt.exe =>.Microsoft Corporation
O4 - GS\SystemTools [Public]: Character Map.lnk . (.Microsoft Corporation - Character Map.) C:\Windows\System32\charmap.exe =>.Microsoft Corporation
O4 - GS\SystemTools [Public]: dfrgui.lnk . (.Microsoft Corporation - Microsoft® Disk Defragmenter.) C:\Windows\System32\dfrgui.exe =>.Microsoft Corporation
O4 - GS\SystemTools [Public]: Disk Cleanup.lnk . (.Microsoft Corporation - Disk Space Cleanup Manager for Windows.) C:\Windows\System32\cleanmgr.exe =>.Microsoft Corporation
O4 - GS\SystemTools [Public]: migwiz.lnk . (.Microsoft Corporation - Windows Easy Transfer.) C:\Windows\System32\migwiz\migwiz.exe =>.Microsoft Windows®
O4 - GS\SystemTools [Public]: System Information.lnk . (.Microsoft Corporation - System Information.) C:\Windows\System32\msinfo32.exe =>.Microsoft Corporation
O4 - GS\SystemTools [Public]: System Restore.lnk . (.Microsoft Corporation - Microsoft® Windows System Restore.) C:\Windows\System32\rstrui.exe =>.Microsoft Corporation
O4 - GS\SystemTools [Public]: Task Scheduler.lnk . (...) C:\Windows\System32\taskschd.msc /s =>..Microsoft Corporation
O4 - GS\ProgramsCommon [Public]: Acrobat_com.lnk . (...) C:\Program Files\Adobe\Acrobat_com\Acrobat_com.exe
O4 - GS\ProgramsCommon [Public]: Adobe Reader X.lnk . (...) C:\Windows\Installer\{AC76BA86-7AD7-1033-7B44-AA1000000001}\SC_Reader.ico =>.Adobe Inc.
O4 - GS\ProgramsCommon [Public]: Apple Software Update.lnk . (...) C:\Windows\Installer\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}\AppleSoftwareUpdateIco.exe =>.Apple Inc.
O4 - GS\ProgramsCommon [Public]: Media Center.lnk . (.Microsoft Corporation - Media Center.) C:\Windows\ehome\ehshell.exe =>.Microsoft Corporation
O4 - GS\ProgramsCommon [Public]: Microsoft Office PowerPoint Viewer 2003.lnk . (.Microsoft Corporation - Microsoft Office PowerPoint Viewer.) C:\Program Files\Microsoft Office\PowerPoint Viewer\PPTVIEW.EXE =>.Microsoft Corporation®
O4 - GS\ProgramsCommon [Public]: Microsoft Works Task Launcher.lnk . (.Microsoft® Corporation - Microsoft® Works.) C:\Program Files\Microsoft Works\MSWorks.exe =>.Microsoft® Corporation
O4 - GS\ProgramsCommon [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) C:\Program Files\Mozilla Firefox\firefox.exe =>.Mozilla Corporation®
O4 - GS\ProgramsCommon [Public]: Windows Calendar.lnk . (.Microsoft Corporation - Windows Calendar.) C:\Program Files\Windows Calendar\WinCal.exe =>.Microsoft Corporation
O4 - GS\ProgramsCommon [Public]: Windows Collaboration.lnk . (.Microsoft Corporation - Windows Meeting Space.) C:\Program Files\Windows Collaboration\WinCollab.exe =>.Microsoft Corporation
O4 - GS\ProgramsCommon [Public]: Windows Contacts.lnk . (.Microsoft Corporation - Windows Contacts.) C:\Program Files\Windows Mail\wab.exe =>.Microsoft Corporation
O4 - GS\ProgramsCommon [Public]: Windows Defender.lnk . (.Microsoft Corporation - Windows Defender User Interface.) C:\Program Files\Windows Defender\MSASCui.exe =>.Microsoft Windows®
O4 - GS\ProgramsCommon [Public]: Windows DVD Maker.lnk . (.Microsoft Corporation - Windows DVD Maker.) C:\Program Files\Movie Maker\DVDMaker.exe =>.Microsoft Corporation
O4 - GS\ProgramsCommon [Public]: Windows Live ID.lnk . (.Microsoft Corporation - Sign in Options.) C:\Program Files\Common Files\microsoft shared\Windows Live\SIGNINOPTIONS.EXE =>.Microsoft Corporation®
O4 - GS\ProgramsCommon [Public]: Windows Mail.lnk . (.Microsoft Corporation - Windows Mail.) C:\Program Files\Windows Mail\WinMail.exe =>.Microsoft Corporation
O4 - GS\ProgramsCommon [Public]: Windows Movie Maker.lnk . (.Microsoft Corporation - Windows Movie Maker.) C:\Program Files\Movie Maker\MOVIEMK.exe =>.Microsoft Corporation
O4 - GS\ProgramsCommon [Public]: Windows Photo Gallery.lnk . (.Microsoft Corporation - Windows Photo Gallery.) C:\Program Files\Windows Photo Gallery\WindowsPhotoGallery.exe =>.Microsoft Corporation

---\\ Lop.com/Domain Hijackers (4) - 0s
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpDomain = frontier.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.110.4.175 =>.Private IP
O17 - HKLM\System\CCS\Services\Tcpip\..\{98C63B37-7ECC-43D4-AA4D-322215D7E7A2}: DhcpNameServer = 10.110.4.175 =>.Private IP (10.0.0.0 - 10.255.255.255) =>.Private IP
O17 - HKLM\System\CCS\Services\Tcpip\..\{98C63B37-7ECC-43D4-AA4D-322215D7E7A2}: DhcpDomain = frontier.com

---\\ Extra protocols (24) - 1s
O18 - Handler: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft (R) HTML Viewer.) -- C:\Windows\System32\mshtml.dll =>.Microsoft Corporation
O18 - Handler: cdl - {3dd53d40-7b8b-11D0-b013-00aa0059ce02} . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\Windows\System32\urlmon.dll =>.Microsoft Corporation
O18 - Handler: dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} . (.Microsoft Corporation - ActiveX control for streaming video.) -- C:\Windows\System32\MSVidCtl.dll =>.Microsoft Corporation
O18 - Handler: file - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\Windows\System32\urlmon.dll =>.Microsoft Corporation
O18 - Handler: ftp - {79eac9e3-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\Windows\System32\urlmon.dll =>.Microsoft Corporation
O18 - Handler: http - {79eac9e2-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\Windows\System32\urlmon.dll =>.Microsoft Corporation
O18 - Handler: https - {79eac9e5-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\Windows\System32\urlmon.dll =>.Microsoft Corporation
O18 - Handler: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} . (.Microsoft Corporation - Microsoft® InfoTech Storage System Library.) -- C:\Windows\System32\itss.dll =>.Microsoft Corporation
O18 - Handler: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft (R) HTML Viewer.) -- C:\Windows\System32\mshtml.dll =>.Microsoft Corporation
O18 - Handler: local - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\Windows\System32\urlmon.dll =>.Microsoft Corporation
O18 - Handler: mailto - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft (R) HTML Viewer.) -- C:\Windows\System32\mshtml.dll =>.Microsoft Corporation
O18 - Handler: mhtml - {05300401-BCBC-11d0-85E3-00C04FD85AB4} . (.Microsoft Corporation - Microsoft Internet Messaging API Resources.) -- C:\Windows\System32\inetcomm.dll =>.Microsoft Corporation
O18 - Handler: mk - {79eac9e6-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\Windows\System32\urlmon.dll =>.Microsoft Corporation
O18 - Handler: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} . (.Microsoft Corporation - Microsoft® InfoTech Storage System Library.) -- C:\Windows\System32\itss.dll =>.Microsoft Corporation
O18 - Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} . (.Microsoft Corporation - Microsoft® InfoTech Storage System Library.) -- C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll =>.Microsoft Corporation
O18 - Handler: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} . (.Microsoft Corporation - Microsoft Office XP Web Components.) -- C:\Program Files\Common Files\microsoft shared\Web Components\10\OWC10.DLL =>.Microsoft Corporation®
O18 - Handler: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} . (.Microsoft Corporation - Microsoft Office Web Components 2003.) -- C:\Program Files\Common Files\microsoft shared\Web Components\11\OWC11.DLL =>.Microsoft Corporation®
O18 - Handler: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft (R) HTML Viewer.) -- C:\Windows\System32\mshtml.dll =>.Microsoft Corporation
O18 - Handler: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} . (.Microsoft Corporation - ActiveX control for streaming video.) -- C:\Windows\System32\MSVidCtl.dll =>.Microsoft Corporation
O18 - Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft (R) HTML Viewer.) -- C:\Windows\System32\mshtml.dll =>.Microsoft Corporation
O18 - Filter: application/octet-stream - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll =>.Microsoft Corporation®
O18 - Filter: application/x-complus - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll =>.Microsoft Corporation®
O18 - Filter: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll =>.Microsoft Corporation®
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL =>.Microsoft Corporation®

---\\ Software installed (101) - 18s
O42 - Logiciel: 32 Bit HP CIO Components Installer - (.Hewlett-Packard.) [HKLM] -- {A80FA752-C491-4ED9-ABF0-4278563160B2} =>.Hewlett-Packard
O42 - Logiciel: Acrobat.com - (.Adobe Systems Incorporated.) [HKLM] -- {6421F085-1FAA-DE13-D02A-CFB412C522A4} =>.Adobe Systems Incorporated
O42 - Logiciel: Acrobat.com - (.Adobe Systems Incorporated.) [HKLM] -- com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 =>.Adobe Systems Incorporated
O42 - Logiciel: Adobe AIR - (.Adobe Systems Incorporated.) [HKLM] -- {31B9D218-FED2-4C6C-B19F-7294FFC130B0} =>.Adobe Systems Incorporated
O42 - Logiciel: Adobe AIR - (.Adobe Systems Incorporated.) [HKLM] -- Adobe AIR =>.Adobe Systems Incorporated®
O42 - Logiciel: Adobe Download Manager - (.NOS Microsystems Ltd..) [HKLM] -- {E2883E8F-472F-4fb0-9522-AC9BF37916A7} =>.NOS Microsystems Ltd.
O42 - Logiciel: Adobe Flash Player 24 ActiveX - (.Adobe Systems Incorporated.) [HKLM] -- Adobe Flash Player ActiveX =>.Adobe Systems Incorporated®
O42 - Logiciel: Adobe Flash Player 24 NPAPI - (.Adobe Systems Incorporated.) [HKLM] -- Adobe Flash Player NPAPI =>.Adobe Systems Incorporated®
O42 - Logiciel: Adobe Reader X (10.1.16) - (.Adobe Systems Incorporated.) [HKLM] -- {AC76BA86-7AD7-1033-7B44-AA1000000001} =>.Adobe Systems Incorporated
O42 - Logiciel: Adobe Refresh Manager - (.Adobe Systems Incorporated.) [HKLM] -- {AC76BA86-0804-1033-1959-001824157129} =>.Adobe Systems Incorporated
O42 - Logiciel: Akamai NetSession Interface - (.Akamai Technologies, Inc.) [HKCU] -- Akamai =>.Superfluous.AkamaiHD
O42 - Logiciel: Apple Application Support (32-bit) - (.Apple Inc..) [HKLM] -- {AFA1153A-F547-409B-B837-3A0D6C5A3FEC} =>.Apple Inc.
O42 - Logiciel: Apple Mobile Device Support - (.Apple Inc..) [HKLM] -- {A75CA58D-DB9C-4D14-9428-E0C7B0F623DC} =>.Apple Inc.
O42 - Logiciel: Apple Software Update - (.Apple Inc..) [HKLM] -- {FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF} =>.Apple Inc.
O42 - Logiciel: AviSynth 2.5 - (.Ben Rudiak-Gold.) [HKLM] -- AviSynth
O42 - Logiciel: BD/HD Advisor 1.0 - (..) [HKLM] -- {2D2D8FE2-605C-4D3C-B706-36E981E7EEF0}
O42 - Logiciel: Bitdefender Total Security 2015 - (.Bitdefender.) [HKLM] -- Bitdefender =>.Bitdefender SRL®
O42 - Logiciel: Bonjour - (.Apple Inc..) [HKLM] -- {79155F2B-9895-49D7-8612-D92580E0DE5B} =>.Apple Inc.
O42 - Logiciel: bpd_scan - (.Hewlett-Packard.) [HKLM] -- {3D73DC7A-2D1D-45CF-8A67-24873925C716} =>.Hewlett-Packard
O42 - Logiciel: Canon RAW Image Task for ZoomBrowser EX - (.Canon Inc..) [HKLM] -- RAW Image Task =>.Canon Inc.®
O42 - Logiciel: Canon Utilities CameraWindow - (.Canon Inc..) [HKLM] -- CameraWindowLauncher =>.Canon Inc.®
O42 - Logiciel: Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX - (.Canon Inc..) [HKLM] -- CameraWindowDVC6 =>.Canon Inc.®
O42 - Logiciel: Canon Utilities MyCamera - (.Canon Inc..) [HKLM] -- MyCamera =>.Canon Inc.®
O42 - Logiciel: Canon Utilities RemoteCapture Task for ZoomBrowser EX - (.Canon Inc..) [HKLM] -- RemoteCaptureTask =>.Canon Inc.®
O42 - Logiciel: Canon Utilities ZoomBrowser EX - (.Canon Inc..) [HKLM] -- ZoomBrowser EX =>.Canon Inc.®
O42 - Logiciel: Canon ZoomBrowser EX Memory Card Utility - (.Canon Inc..) [HKLM] -- ZoomBrowser EX Memory Card Utility =>.Canon Inc.®
O42 - Logiciel: Compatibility Pack for the 2007 Office system - (.Microsoft Corporation.) [HKLM] -- {90120000-0020-0409-0000-0000000FF1CE} =>.Microsoft Corporation
O42 - Logiciel: CyberLink InstantBurn - (..) [HKLM] -- {19C64880-BBCA-11D4-9EEE-0004ACDDDB3B}
O42 - Logiciel: Dell DataSafe - (.Dell Inc..) [HKLM] -- {DF68383B-A940-4ABD-87FF-1D969F2B938B} =>.Dell Inc.
O42 - Logiciel: Dell System Customization Wizard - (.Dell Inc..) [HKLM] -- {13BA7B44-B712-4DEE-A7B8-1DD564F37AE5} =>.Dell Inc.
O42 - Logiciel: Document Capture Pro - (.Seiko Epson Corporation.) [HKLM] -- {C75B4983-D3A7-4D0A-8B1A-7BC4F2044F37} =>.Seiko Epson Corporation
O42 - Logiciel: Documents To Go Desktop for iOS - (.DataViz, Inc..) [HKLM] -- DTGDesktop =>.DataViz, Inc.
O42 - Logiciel: DVD Shrink 3.2 - (.DVD Shrink.) [HKLM] -- DVD Shrink_is1 =>.DVD Shrink
O42 - Logiciel: Epson Event Manager - (.Seiko Epson Corporation.) [HKLM] -- {E4631929-CBD3-49A1-9BB7-F36E701F7C34} =>.Seiko Epson Corporation
O42 - Logiciel: Epson FAX Utility - (.SEIKO EPSON CORPORATION.) [HKLM] -- {0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A} =>.SEIKO EPSON CORPORATION®
O42 - Logiciel: Epson PC-FAX Driver - (.Epson/Seico.) [HKLM] -- EPSON PC-FAX Driver 2 =>.SEIKO EPSON CORPORATION®
O42 - Logiciel: EPSON Scan - (.Seiko Epson Corporation.) [HKLM] -- EPSON Scanner =>.SEIKO EPSON CORPORATION®
O42 - Logiciel: EPSON Scan OCR Component - (.SEIKO EPSON Corp..) [HKLM] -- {563B99D8-8895-4E3E-AE8D-15BE8C05F1C1} =>.Macrovision Corporation®
O42 - Logiciel: EPSON Scan PDF Extensions - (.SEIKO EPSON Corp..) [HKLM] -- {F9956472-6E16-4F83-BF9A-F887EF4A45B7} =>.Macrovision Corporation®
O42 - Logiciel: EPSON WF-4630 Series Printer Uninstall - (.SEIKO EPSON Corporation.) [HKLM] -- EPSON WF-4630 Series =>.SEIKO EPSON CORPORATION®
O42 - Logiciel: Epson WF-4630 User’s Guide version 1.0 - (.Epson/Seico.) [HKLM] -- UsersGuideEpson WF-4630 User’s Guide_is1 =>.Epson America, Inc.®
O42 - Logiciel: EpsonNet Print - (.SEIKO EPSON CORPORATION.) [HKLM] -- {3E31400D-274E-4647-916C-2CACC3741799} =>.Seiko Epson Corporation
O42 - Logiciel: Hi-Def Suite - (.CyberLink Corporation.) [HKLM] -- {1FBF6C24-C1FD-4101-A42B-0C564F9E8E79} =>.CyberLink Corporation
O42 - Logiciel: HPDiagnosticAlert - (.Microsoft.) [HKLM] -- {846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE} =>.Microsoft
O42 - Logiciel: ImageMixer 3 SE Ver.3 - (.PIXELA.) [HKLM] -- {3A95D49D-0076-4DB7-A91E-0E685DC6D6AD} =>.PIXELA
O42 - Logiciel: ImagXpress - (.Nero AG.) [HKLM] -- {A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D} =>.Nero AG
O42 - Logiciel: Intel(R) Matrix Storage Manager - (.Intel Corporation.) [HKLM] -- {9068B2BE-D93A-4C0A-861C-5E35E2C0E09E} =>.Intel Corporation
O42 - Logiciel: Intel(R) PRO Network Connections 12.1.11.0 - (.Intel.) [HKLM] -- {777CA40C-0206-4EF6-A0FC-618BF06BF8D0} =>.Intel
O42 - Logiciel: Intel(R) PRO Network Connections 12.1.11.0 - (.Intel.) [HKLM] -- PROSetDX =>.Intel
O42 - Logiciel: iTunes - (.Apple Inc..) [HKLM] -- {868B9974-4F23-494D-B6BC-4FAB92B2755D} =>.Apple Inc.
O42 - Logiciel: Java 8 Update 121 - (.Oracle Corporation.) [HKLM] -- {26A24AE4-039D-4CA4-87B4-2F32180121F0} =>.Oracle Corporation
O42 - Logiciel: Java Auto Updater - (.Oracle Corporation.) [HKLM] -- {4A03706F-666A-4037-7777-5F2748764D10} =>.Oracle Corporation
O42 - Logiciel: Java(TM) SE Runtime Environment 6 - (.Sun Microsystems, Inc..) [HKLM] -- {3248F0A8-6813-11D6-A77B-00B0D0160000} =>.Sun Microsystems, Inc.
O42 - Logiciel: LG ODD Auto Firmware Update - (..) [HKLM] -- {6179550A-3E7C-499E-BCC9-9E8113E0A285}
O42 - Logiciel: MediaFACE II - (..) [HKLM] -- {DC1D7AD2-583A-4024-9041-387E8FFA5D8C}
O42 - Logiciel: Microsoft Silverlight - (.Microsoft Corporation.) [HKLM] -- {89F4137D-6C26-4A84-BDB8-2E5A4BB71E00} =>.Microsoft Corporation
O42 - Logiciel: Microsoft Windows Vista Upgrade Advisor - (.Microsoft.) [HKLM] -- {E0EB8881-0CFE-4375-8782-8807D258CD7C} =>.Microsoft
O42 - Logiciel: Microsoft Works - (.Microsoft Corporation.) [HKLM] -- {6D52C408-B09A-4520-9B18-475B81D393F1} =>.Microsoft Corporation
O42 - Logiciel: MobileMe Control Panel - (.Apple Inc..) [HKLM] -- {779DECD7-E072-4B56-9B6B-BEB5973EEEB5} =>.Apple Inc.
O42 - Logiciel: Mozilla Firefox 50.1.0 (x86 en-US) - (.Mozilla.) [HKLM] -- Mozilla Firefox 50.1.0 (x86 en-US) =>.Mozilla Corporation®
O42 - Logiciel: MSVCSetup - (.HP.) [HKLM] -- {3700194C-C5DD-439A-BE06-A66960CA4C70} =>.HP
O42 - Logiciel: MSXML 4.0 SP2 (KB927978) - (.Microsoft Corporation.) [HKLM] -- {37477865-A3F1-4772-AD43-AAFC6BCFF99F} =>.Microsoft Corporation
O42 - Logiciel: MSXML 4.0 SP2 (KB936181) - (.Microsoft Corporation.) [HKLM] -- {C04E32E0-0416-434D-AFB9-6969D703A9EF} =>.Microsoft Corporation
O42 - Logiciel: MSXML 4.0 SP2 (KB941833) - (.Microsoft Corporation.) [HKLM] -- {C523D256-313D-4866-B36A-F3DE528246EF} =>.Microsoft Corporation
O42 - Logiciel: MSXML 4.0 SP2 (KB954430) - (.Microsoft Corporation.) [HKLM] -- {86493ADD-824D-4B8E-BD72-8C5DCDC52A71} =>.Microsoft Corporation
O42 - Logiciel: MSXML 4.0 SP2 (KB973688) - (.Microsoft Corporation.) [HKLM] -- {F662A8E6-F4DC-41A2-901E-8C11F044BDEC} =>.Microsoft Corporation
O42 - Logiciel: neroxml - (.Nero AG.) [HKLM] -- {56C049BE-79E9-4502-BEA7-9754A3E60F9B} =>.Nero AG
O42 - Logiciel: NVIDIA 3D Vision Controller Driver - (.NVIDIA Corporation.) [HKLM] -- NVIDIA StereoUSB Driver =>.NVIDIA Corporation
O42 - Logiciel: NVIDIA 3D Vision Controller Driver 296.10 - (.NVIDIA Corporation.) [HKLM] -- {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB =>.NVIDIA Corporation
O42 - Logiciel: NVIDIA 3D Vision Driver 311.06 - (.NVIDIA Corporation.) [HKLM] -- {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision =>.NVIDIA Corporation
O42 - Logiciel: NVIDIA Control Panel 311.06 - (.NVIDIA Corporation.) [HKLM] -- {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel =>.NVIDIA Corporation
O42 - Logiciel: NVIDIA Display Control Panel - (.NVIDIA Corporation.) [HKLM] -- NVIDIA Display Control Panel =>.NVIDIA Corporation®
O42 - Logiciel: NVIDIA Graphics Driver 311.06 - (.NVIDIA Corporation.) [HKLM] -- {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver =>.NVIDIA Corporation
O42 - Logiciel: NVIDIA Install Application - (.NVIDIA Corporation.) [HKLM] -- {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer =>.NVIDIA Corporation
O42 - Logiciel: NVIDIA PhysX - (.NVIDIA Corporation.) [HKLM] -- {DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9} =>.NVIDIA Corporation
O42 - Logiciel: NVIDIA PhysX System Software 9.12.0213 - (.NVIDIA Corporation.) [HKLM] -- {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX =>.NVIDIA Corporation
O42 - Logiciel: NVIDIA Stereoscopic 3D Driver - (.NVIDIA Corporation.) [HKLM] -- NVIDIAStereo =>.NVIDIA Corporation®
O42 - Logiciel: NVIDIA Update 1.11.3 - (.NVIDIA Corporation.) [HKLM] -- {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update =>.NVIDIA Corporation
O42 - Logiciel: NVIDIA Update Components - (.NVIDIA Corporation.) [HKLM] -- {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update =>.NVIDIA Corporation
O42 - Logiciel: OGA Notifier 2.0.0048.0 - (.Microsoft Corporation.) [HKLM] -- {B2544A03-10D0-4E5E-BA69-0362FFC20D18} =>.Microsoft Corporation
O42 - Logiciel: Product Documentation Launcher - (.Dell Inc..) [HKLM] -- {89CEAE14-DD0F-448E-9554-15781EC9DB24} =>.Dell Inc.
O42 - Logiciel: Realtek High Definition Audio Driver - (.Realtek Semiconductor Corp..) [HKLM] -- {F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC} =>.Realtek Semiconductor Corp.
O42 - Logiciel: Recover My Files - (.GetData Pty Ltd.) [HKLM] -- Recover My Files v5_is1 =>.GetData Pty Ltd
O42 - Logiciel: Security Update for CAPICOM (KB931906) - (.Microsoft Corporation.) [HKLM] -- {0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A} =>.Microsoft Corporation
O42 - Logiciel: Security Update for CAPICOM (KB931906) - (.Microsoft Corporation.) [HKLM] -- KB931906 =>.Microsoft Corporation
O42 - Logiciel: Sling - (.Echostar.) [HKLM] -- {A0C306FE-01A5-4B94-A037-EF5403F8CE41} =>.Echostar
O42 - Logiciel: Software Updater - (.SEIKO EPSON CORPORATION.) [HKLM] -- {8DBC5A0A-31C4-46C7-B252-6B593EA11A87} =>.Seiko Epson Corporation
O42 - Logiciel: Sonic Activation Module - (.Sonic Solutions.) [HKLM] -- {35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0} =>.Sonic Solutions
O42 - Logiciel: Spelling Dictionaries Support For Adobe Reader 8 - (.Adobe Systems.) [HKLM] -- {AC76BA86-7AD7-5464-3428-800000000003} =>.Adobe Systems
O42 - Logiciel: System Requirements Lab - (.System Requirements Lab.) [HKLM] -- SystemRequirementsLab
O42 - Logiciel: USB Sharing - (..) [HKLM] -- {25BDEE44-A62C-4DCE-9635-2D1646E2B663}
O42 - Logiciel: User's Guides - (..) [HKLM] -- {5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}
O42 - Logiciel: VC 9.0 Runtime - (.Check Point Software Technologies Ltd.) [HKLM] -- {02E89EFC-7B07-4D5A-AA03-9EC0902914EE} =>.Check Point Software Technologies LTD
O42 - Logiciel: VC 9.0 Runtime - (.Check Point Software Technologies Ltd.) [HKLM] -- {A040AC77-C1AA-4CC9-8931-9F648AF178F6} =>.Check Point Software Technologies LTD
O42 - Logiciel: Visual C++ 2008 x86 Runtime - (v9.0.30729) - (.Microsoft Corporation.) [HKLM] -- {F333A33D-125C-32A2-8DCE-5C5D14231E27} =>.Microsoft Corporation
O42 - Logiciel: Visual C++ 2008 x86 Runtime - v9.0.30729.01 - (.Microsoft Corporation.) [HKLM] -- {F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01 =>.Microsoft Corporation
O42 - Logiciel: Visual Studio 2012 x86 Redistributables - (.AVG Technologies CZ, s.r.o..) [HKLM] -- {98EFF19A-30AB-4E4B-B943-F06B1C63EBF8} =>.AVG Technologies CZ, s.r.o.
O42 - Logiciel: VTech Download Agent Library - (.VTech.) [HKLM] -- {40C4903E-EDFB-4CAE-A611-41FEBA585921} =>.VTech
O42 - Logiciel: WinRAR archiver - (.RarLab.) [HKLM] -- WinRAR archiver =>.RarLab
O42 - Logiciel: Zemana AntiMalware - (.Zemana Ltd..) [HKLM] -- {8F0CD7D1-42F3-4195-95CD-833578D45057}_is1 =>.Zemana Ltd.
O42 - Logiciel: ZoneAlarm DataLock - (.Check Point Software Technologies Ltd..) [HKLM] -- {C03C1C9C-D95F-4D29-A994-967CE049FCC7} =>.Check Point Software Technologies Ltd.

---\\ HKCU & HKLM Software Keys (191) - 18s
HKLM\SOFTWARE\<company>
HKLM\SOFTWARE\Acudata
HKLM\SOFTWARE\Adobe =>.Adobe
HKLM\SOFTWARE\AGEIA Technologies =>.AGEIA Technologies
HKLM\SOFTWARE\Ahead =>.Ahead
HKLM\SOFTWARE\Apple Computer, Inc. =>.Apple Computer, Inc.
HKLM\SOFTWARE\Apple Inc. =>.Apple Inc.
HKLM\SOFTWARE\ATI Technologies =>.ATI Technologies
HKLM\SOFTWARE\Audible =>.Audible.com
HKLM\SOFTWARE\AVC3
HKLM\SOFTWARE\AVG =>.AVG Software
HKLM\SOFTWARE\AVG Web TuneUp =>.AVG Web TuneUp
HKLM\SOFTWARE\AviSynth =>.Ben Rudiak-Gold
HKLM\SOFTWARE\BAE =>.Dell Inc.
HKLM\SOFTWARE\BitDefender =>.Bitdefender
HKLM\SOFTWARE\Bitdefender SafeBox =>.Bitdefender
HKLM\SOFTWARE\Canon =>.Canon
HKLM\SOFTWARE\Canon_Inc_IC =>.Canon Inc.
HKLM\SOFTWARE\CDDB =>.Cddb Software
HKLM\SOFTWARE\CheckPoint =>.CheckPoint
HKLM\SOFTWARE\Citrix =>.Citrix
HKLM\SOFTWARE\CyberLink =>.CyberLink Corporation
HKLM\SOFTWARE\DataViz
HKLM\SOFTWARE\Dell =>.Dell
HKLM\SOFTWARE\Dell Computer =>.Dell Inc.
HKLM\SOFTWARE\DIOC
HKLM\SOFTWARE\DVDFab =>.Fengtao
HKLM\SOFTWARE\eFilm Medical
HKLM\SOFTWARE\EPSON =>.EPSON
HKLM\SOFTWARE\EpsonNet =>.Epson/Seico
HKLM\SOFTWARE\Fellowes/NEATO LLC
HKLM\SOFTWARE\Garmin =>.Garmin Ltd
HKLM\SOFTWARE\GEAR Software =>.GEAR Software
HKLM\SOFTWARE\Google =>.Google
HKLM\SOFTWARE\Hewlett-Packard =>.Hewlett-Packard
HKLM\SOFTWARE\IncrediMail =>.IncrediMail
HKLM\SOFTWARE\InstallShield =>.InstallShield
HKLM\SOFTWARE\Intel =>.Intel
HKLM\SOFTWARE\iolo =>.Iolo Technologies
HKLM\SOFTWARE\JavaSoft =>.JavaSoft
HKLM\SOFTWARE\JreMetrics =>.JreMetrics
HKLM\SOFTWARE\KasperskyLab =>.Kaspersky Labs
HKLM\SOFTWARE\Khronos =>.Khronos
HKLM\SOFTWARE\Lake =>.Lake Sofware
HKLM\SOFTWARE\Large Software =>.Large Software
HKLM\SOFTWARE\Lavasoft =>.Lavasoft
HKLM\SOFTWARE\LeapFrog =>.LeapFrog
HKLM\SOFTWARE\LG Electronics =>.LG Electronics
HKLM\SOFTWARE\Licenses =>.Microsoft Corporation
HKLM\SOFTWARE\LightScribe =>.LightScribe
HKLM\SOFTWARE\Macromedia =>.Macromedia
HKLM\SOFTWARE\Malwarebytes Anti-Rootkit =>.Malwarebytes
HKLM\SOFTWARE\Malwarebytes' Anti-Malware =>.Malwarebytes' Anti-Malware
HKLM\SOFTWARE\McAfee.com =>.McAfee Inc.
HKLM\SOFTWARE\mcafeeupdater =>.McAfee Inc.
HKLM\SOFTWARE\MicroQuill =>.MicroQuill Software
HKLM\SOFTWARE\MimarSinan =>.Mimar Sinan
HKLM\SOFTWARE\Mozilla =>.Mozilla
HKLM\SOFTWARE\mozilla.org =>.mozilla.org
HKLM\SOFTWARE\MozillaPlugins =>.MozillaPlugins
HKLM\SOFTWARE\MyFunCards_5mEI =>PUP.Optional.MyWebSearch
HKLM\SOFTWARE\Nero =>.Ahead Corporation
HKLM\SOFTWARE\NOS
HKLM\SOFTWARE\Nullsoft =>.Nullsoft
HKLM\SOFTWARE\NVIDIA Corporation =>.nVidia Corporation
HKLM\SOFTWARE\ODBC =>.DB Connectivity Solutions
HKLM\SOFTWARE\PalmSource =>.PalmSource
HKLM\SOFTWARE\PCTools
HKLM\SOFTWARE\Persits Software =>.Persits Software
HKLM\SOFTWARE\PIXELA =>.PIXELA
HKLM\SOFTWARE\Pocket Soft
HKLM\SOFTWARE\PocketSoft
HKLM\SOFTWARE\propecfm
HKLM\SOFTWARE\Realtek =>.Realtek Semiconductor Corp.
HKLM\SOFTWARE\RegisteredApplications =>.Microsoft Corporation
HKLM\SOFTWARE\ROBLOX Corporation =>.Roblox Corporation
HKLM\SOFTWARE\Roxio =>.Roxio
HKLM\SOFTWARE\SEIKO EPSON Corp. =>.SEIKO EPSON CORP.
HKLM\SOFTWARE\SEIKO EPSON CORPORATION =>.Seiko Epson Corporation
HKLM\SOFTWARE\Sonic =>.Sonic
HKLM\SOFTWARE\SRS Labs =>.SRS Labs
HKLM\SOFTWARE\Symantec =>.Symantec
HKLM\SOFTWARE\SymDebug =>.Symantec Corporation
HKLM\SOFTWARE\SystemRequirementsLab =>.System Requirements Lab
HKLM\SOFTWARE\Volatile =>.Microsoft Corporation
HKLM\SOFTWARE\WholeSecurity =>.WholeSecurity Inc
HKLM\SOFTWARE\WIBU-SYSTEMS =>.Wibu-Systems
HKLM\SOFTWARE\Windows =>.Microsoft Corporation
HKLM\SOFTWARE\Wondershare =>.Wondershare
HKLM\SOFTWARE\Wow6432Node =>.Microsoft Corporation
HKLM\SOFTWARE\Yahoo =>.Yahoo! Inc.
HKLM\SOFTWARE\Your Company Name =>.Your Company Name
HKLM\SOFTWARE\Zemana =>.Zemana
HKLM\SOFTWARE\ZmnGlobalSDK =>.Zemana Ltd
HKCU\SOFTWARE\Adobe =>.Adobe
HKCU\SOFTWARE\Akamai =>.Superfluous.AkamaiHD
HKCU\SOFTWARE\APC
HKCU\SOFTWARE\AppDataLow =>.Microsoft Corporation
HKCU\SOFTWARE\Apple Computer, Inc. =>.Apple Computer, Inc.
HKCU\SOFTWARE\Apple Inc. =>.Apple Inc.
HKCU\SOFTWARE\ASProtect =>.ASPack Software
HKCU\SOFTWARE\AVG =>.AVG Software
HKCU\SOFTWARE\AVG Web TuneUp =>.AVG Web TuneUp
HKCU\SOFTWARE\Bitdefender =>.Bitdefender
HKCU\SOFTWARE\Canon =>.Canon
HKCU\SOFTWARE\Canon_Inc_IC =>.Canon Inc.
HKCU\SOFTWARE\CDDB =>.Cddb Software
HKCU\SOFTWARE\CheckPoint =>.CheckPoint
HKCU\SOFTWARE\Citrix =>.Citrix
HKCU\SOFTWARE\CyberLink =>.CyberLink Corporation
HKCU\SOFTWARE\DataViz
HKCU\SOFTWARE\DatCard
HKCU\SOFTWARE\DVD Shrink =>.DVD Shrink
HKCU\SOFTWARE\DVDFab =>.Fengtao
HKCU\SOFTWARE\Echostar =>.Echostar
HKCU\SOFTWARE\EffectMgr =>.Legitimate
HKCU\SOFTWARE\eFilm Medical
HKCU\SOFTWARE\Epson =>.EPSON
HKCU\SOFTWARE\EPSON Software Updater =>.Epson/Seico
HKCU\SOFTWARE\ESET =>.ESET
HKCU\SOFTWARE\Fellowes/NEATO LLC.
HKCU\SOFTWARE\Garmin =>.Garmin Ltd
HKCU\SOFTWARE\Geek Uninstaller =>.Geek Uninstaller
HKCU\SOFTWARE\GetData =>.GetData
HKCU\SOFTWARE\Google =>.Google
HKCU\SOFTWARE\GTek
HKCU\SOFTWARE\Haali =>.Haali Media
HKCU\SOFTWARE\Hewlett-Packard =>.Hewlett-Packard
HKCU\SOFTWARE\HP =>.HP
HKCU\SOFTWARE\I.R.I.S. =>.I.R.I.S.
HKCU\SOFTWARE\IM =>Adware.InstallCore
HKCU\SOFTWARE\IncrediMail =>.IncrediMail
HKCU\SOFTWARE\InstallShield =>.InstallShield
HKCU\SOFTWARE\Intel =>.Intel
HKCU\SOFTWARE\iolo =>.Iolo Technologies
HKCU\SOFTWARE\Iris =>.I.R.I.S.
HKCU\SOFTWARE\JavaSoft =>.JavaSoft
HKCU\SOFTWARE\keyhole.com
HKCU\SOFTWARE\Lake =>.Lake Sofware
HKCU\SOFTWARE\Large Software =>.Large Software
HKCU\SOFTWARE\Lavasoft =>.Lavasoft
HKCU\SOFTWARE\Leadertech =>.Leadertech Systems
HKCU\SOFTWARE\Licenses =>.Microsoft Corporation
HKCU\SOFTWARE\LightScribe =>.LightScribe
HKCU\SOFTWARE\Local AppWizard-Generated Applications =>.ZWCAD
HKCU\SOFTWARE\LogMeIn =>.LogMeIn Entreprise
HKCU\SOFTWARE\Macromedia =>.Macromedia
HKCU\SOFTWARE\McAfee =>.McAfee Inc.
HKCU\SOFTWARE\MicroVision =>.MicroVision Developement
HKCU\SOFTWARE\MoveNetworks
HKCU\SOFTWARE\Mozilla =>.Mozilla
HKCU\SOFTWARE\MozillaPlugins =>.MozillaPlugins
HKCU\SOFTWARE\NDS
HKCU\SOFTWARE\Nero =>.Ahead Corporation
HKCU\SOFTWARE\Netscape =>.Netscape
HKCU\SOFTWARE\NVIDIA Corporation =>.nVidia Corporation
HKCU\SOFTWARE\ODBC =>.DB Connectivity Solutions
HKCU\SOFTWARE\PCTuneUp =>.NNJ Corporation
HKCU\SOFTWARE\PIXELA =>.PIXELA
HKCU\SOFTWARE\propecfm
HKCU\SOFTWARE\QtProject =>.QtProject
HKCU\SOFTWARE\Realtek =>.Realtek Semiconductor Corp.
HKCU\SOFTWARE\Roblox =>.ROBLOX
HKCU\SOFTWARE\ROBLOX Corporation =>.Roblox Corporation
HKCU\SOFTWARE\Roxio =>.Roxio
HKCU\SOFTWARE\Sammsoft
HKCU\SOFTWARE\SecureMedia
HKCU\SOFTWARE\SEIKO EPSON CORPORATION =>.Seiko Epson Corporation
HKCU\SOFTWARE\SlySoft =>.SlySoft
HKCU\SOFTWARE\Sonic =>.Sonic
HKCU\SOFTWARE\Sonic Solutions =>.Sonic Solutions
HKCU\SOFTWARE\SupportSoft =>.SupportSoft
HKCU\SOFTWARE\Symantec =>.Symantec
HKCU\SOFTWARE\Totem =>.Superfluous.VirtualGirl
HKCU\SOFTWARE\Trolltech =>.Trolltech
HKCU\SOFTWARE\TuneUp =>.TuneUp
HKCU\SOFTWARE\Vso =>.VSO Software
HKCU\SOFTWARE\WinRAR =>.WinRAR
HKCU\SOFTWARE\WinRAR SFX =>.RarLab
HKCU\SOFTWARE\Wondershare =>.Wondershare
HKCU\SOFTWARE\WSSE
HKCU\SOFTWARE\Zemana =>.Zemana
HKCU\SOFTWARE\ZHP =>.Nicolas Coolman
HKCU\SOFTWARE\Zone Labs =>.Zone Labs
HKCU\SOFTWARE\AppDataLow\Aurigma =>.Aurigma
HKCU\SOFTWARE\AppDataLow\ISWVolatile =>.Legitimate
HKCU\SOFTWARE\AppDataLow\Software =>.Microsoft Corporation
HKCU\SOFTWARE\AppDataLow\Software\JavaSoft =>.JavaSoft
HKCU\SOFTWARE\AppDataLow\Software\Smartbar =>PUP.Optional.QuickShare
HKCU\SOFTWARE\AppDataLow\Software\temp
HKCU\SOFTWARE\AppDataLow\Software\Yahoo =>.Yahoo! Inc.

---\\ Contents of the Common Files folders (291) - 13s
O43 - CFD: 28/03/2015 - [] D -- C:\Program Files\Adobe =>.Adobe Systems, Incorporated®
O43 - CFD: 14/02/2016 - [] D -- C:\Program Files\Apple Software Update =>.Apple Inc.
O43 - CFD: 03/10/2010 - [] D -- C:\Program Files\AviSynth 2.5 =>.AviSynth
O43 - CFD: 09/08/2007 - [] D -- C:\Program Files\BAE
O43 - CFD: 26/01/2017 - [] D -- C:\Program Files\Bitdefender =>.Bitdefender
O43 - CFD: 15/10/2011 - [] D -- C:\Program Files\Bonjour =>.Apple Inc.
O43 - CFD: 06/09/2008 - [] D -- C:\Program Files\Canon =>.Canon
O43 - CFD: 29/11/2010 - [0] D -- C:\Program Files\Citrix =>.Citrix
O43 - CFD: 26/12/2016 - [] D -- C:\Program Files\CodeMeter =>.Legitimate
O43 - CFD: 22/02/2017 - [] D -- C:\Program Files\Common Files =>.Microsoft Corporation
O43 - CFD: 26/12/2016 - [] D -- C:\Program Files\CyberLink =>.CyberLink Corporation
O43 - CFD: 02/01/2017 - [] D -- C:\Program Files\Dell =>.Dell
O43 - CFD: 03/02/2011 - [] D -- C:\Program Files\DIFX =>.Microsoft Corporation
O43 - CFD: 16/08/2012 - [] D -- C:\Program Files\Documents To Go Desktop
O43 - CFD: 06/10/2010 - [] D -- C:\Program Files\DVD Shrink =>.DVD Shrink
O43 - CFD: 12/02/2016 - [] D -- C:\Program Files\epson =>.Epson America, Inc.®
O43 - CFD: 12/02/2016 - [] D -- C:\Program Files\EPSON Software =>.Epson/Seico
O43 - CFD: 12/02/2016 - [] D -- C:\Program Files\EpsonNet =>.Epson/Seico
O43 - CFD: 02/01/2017 - [] D -- C:\Program Files\GetData =>.GetData Pty Ltd®
O43 - CFD: 20/06/2014 - [] D -- C:\Program Files\GUM9A6A.tmp =>.Google Inc®
O43 - CFD: 12/02/2016 - [0] D -- C:\Program Files\Hewlett-Packard =>.Hewlett-Packard
O43 - CFD: 12/02/2016 - [] D -- C:\Program Files\HP =>.Hewlett-Packard
O43 - CFD: 02/01/2017 - [] HD -- C:\Program Files\InstallShield Installation Information =>.InstallShield Software
O43 - CFD: 09/08/2007 - [] D -- C:\Program Files\Intel =>.Intel Corporation
O43 - CFD: 14/11/2016 - [] D -- C:\Program Files\Internet Explorer =>.Microsoft Corporation
O43 - CFD: 14/02/2016 - [] D -- C:\Program Files\iPod =>.Apple Inc.®
O43 - CFD: 14/02/2016 - [] D -- C:\Program Files\iTunes =>.Apple Inc.
O43 - CFD: 22/02/2017 - [] D -- C:\Program Files\Java =>.Oracle
O43 - CFD: 22/01/2017 - [] D -- C:\Program Files\lg_fwupdate
O43 - CFD: 09/10/2007 - [] D -- C:\Program Files\MediaFACE II
O43 - CFD: 19/02/2017 - [] D -- C:\Program Files\Microsoft =>.Microsoft Corporation
O43 - CFD: 11/08/2007 - [] D -- C:\Program Files\Microsoft ActiveSync =>.Microsoft Corporation
O43 - CFD: 11/08/2007 - [] D -- C:\Program Files\Microsoft CAPICOM 2.1.0.2 =>.Microsoft Corporation
O43 - CFD: 02/11/2006 - [] D -- C:\Program Files\Microsoft Games =>.Microsoft Corporation
O43 - CFD: 28/06/2011 - [] D -- C:\Program Files\Microsoft Office =>.Microsoft Corporation
O43 - CFD: 17/10/2016 - [] D -- C:\Program Files\Microsoft Silverlight =>.Microsoft Corporation
O43 - CFD: 14/10/2009 - [] D -- C:\Program Files\Microsoft Works =>.Microsoft Corporation
O43 - CFD: 25/06/2010 - [] D -- C:\Program Files\Microsoft.NET =>.Microsoft Corporation
O43 - CFD: 11/08/2010 - [] D -- C:\Program Files\Movie Maker =>.Microsoft Corporation
O43 - CFD: 23/02/2017 - [] D -- C:\Program Files\Mozilla Firefox =>.Mozilla
O43 - CFD: 22/02/2017 - [] D -- C:\Program Files\Mozilla Maintenance Service =>.Mozilla
O43 - CFD: 02/11/2006 - [] D -- C:\Program Files\MSBuild =>.Microsoft Corporation
O43 - CFD: 10/08/2010 - [] D -- C:\Program Files\MSECache =>.Microsoft Corporation
O43 - CFD: 09/08/2007 - [0] D -- C:\Program Files\MSXML 4.0 =>.Microsoft Corporation
O43 - CFD: 26/12/2016 - [] D -- C:\Program Files\Norton Save and Restore =>.Symantec Corporation
O43 - CFD: 27/03/2010 - [] D -- C:\Program Files\NOS =>.Adobe Systems Incorporated®
O43 - CFD: 12/04/2013 - [] D -- C:\Program Files\NVIDIA Corporation =>.nVidia Corporation
O43 - CFD: 29/05/2011 - [] D -- C:\Program Files\PIXELA =>.PIXELA
O43 - CFD: 02/11/2006 - [] D -- C:\Program Files\Reference Assemblies =>.Microsoft Corporation
O43 - CFD: 01/02/2017 - [] D -- C:\Program Files\Roblox {694E215B8DF6F177F50012FEBD09BDA6} =>.ROBLOX
O43 - CFD: 06/09/2011 - [] D -- C:\Program Files\SystemRequirementsLab =>.System Requirements Lab
O43 - CFD: 02/11/2006 - [0] D -- C:\Program Files\Uninstall Information =>.Microsoft Corporation
O43 - CFD: 05/09/2008 - [] D -- C:\Program Files\USB Sharing
O43 - CFD: 28/12/2016 - [] D -- C:\Program Files\VDOTool
O43 - CFD: 17/09/2009 - [] D -- C:\Program Files\Windows Calendar =>.Microsoft Corporation
O43 - CFD: 10/02/2016 - [] D -- C:\Program Files\Windows Collaboration =>.Microsoft Corporation
O43 - CFD: 17/09/2009 - [] D -- C:\Program Files\Windows Defender =>.Microsoft Corporation
O43 - CFD: 20/09/2016 - [] D -- C:\Program Files\Windows Journal =>.Microsoft Corporation
O43 - CFD: 09/03/2016 - [] D -- C:\Program Files\Windows Mail =>.Microsoft Corporation
O43 - CFD: 10/06/2015 - [] D -- C:\Program Files\Windows Media Player =>.Microsoft Corporation
O43 - CFD: 02/11/2006 - [] D -- C:\Program Files\Windows NT =>.Microsoft Corporation
O43 - CFD: 17/09/2009 - [] D -- C:\Program Files\Windows Photo Gallery =>.Microsoft Corporation
O43 - CFD: 17/11/2009 - [] D -- C:\Program Files\Windows Portable Devices =>.Microsoft Corporation
O43 - CFD: 02/03/2012 - [] D -- C:\Program Files\Windows Sidebar =>.Microsoft Corporation
O43 - CFD: 15/09/2008 - [] D -- C:\Program Files\WinRAR =>.WinRAR
O43 - CFD: 22/02/2017 - [] D -- C:\Program Files\Zemana AntiMalware =>.Zemana
O43 - CFD: 24/02/2011 - [] RD -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories =>.Microsoft Corporation
O43 - CFD: 02/01/2017 - [] RD -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools =>.Administrative Tools
O43 - CFD: 02/01/2017 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AviSynth 2.5 =>.AviSynth
O43 - CFD: 26/01/2017 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bitdefender 2015 =>.Bitdefender
O43 - CFD: 06/09/2008 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities =>.Canon Inc.
O43 - CFD: 02/01/2017 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink Advisor =>.CyberLink Corporation
O43 - CFD: 02/01/2017 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink Hi-Def Suite =>.CyberLink Corporation
O43 - CFD: 09/08/2007 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell =>.Dell
O43 - CFD: 21/11/2011 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell DataSafe =>.Dell Inc.
O43 - CFD: 02/01/2017 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVD Shrink =>.DVD Shrink
O43 - CFD: 13/02/2016 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON =>.EPSON
O43 - CFD: 02/01/2017 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON Software =>.Epson/Seico
O43 - CFD: 20/06/2008 - [] RD -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Extras and Upgrades =>.Legitimate
O43 - CFD: 25/01/2017 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fellowes NEATO MediaFACE II
O43 - CFD: 20/06/2008 - [] RD -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games =>.Microsoft Corporation
O43 - CFD: 02/01/2017 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Haali Media Splitter =>.Mike Matsnev
O43 - CFD: 09/08/2007 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel(R) Matrix Storage Manager
O43 - CFD: 02/01/2017 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes =>.Apple Inc.
O43 - CFD: 22/02/2017 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java =>.Oracle
O43 - CFD: 02/01/2017 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LG ODD Auto Firmware Update
O43 - CFD: 02/11/2006 - [] RD -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance =>.Microsoft Corporation
O43 - CFD: 14/07/2010 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office =>.Microsoft Corporation
O43 - CFD: 02/01/2017 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight =>.Microsoft Corporation
O43 - CFD: 08/12/2009 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Works =>.Microsoft Corporation
O43 - CFD: 19/11/2012 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation =>.nVidia Corporation
O43 - CFD: 29/05/2011 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PIXELA =>.PIXELA
O43 - CFD: 02/01/2017 - [] RD -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup =>.Microsoft Corporation
O43 - CFD: 02/11/2006 - [] RHD -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tablet PC =>.Wacom Technology
O43 - CFD: 09/10/2007 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR =>.WinRAR
O43 - CFD: 22/02/2017 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware =>.Zemana
O43 - CFD: 14/02/2016 - [] D -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1 =>.GEAR Software, Inc.
O43 - CFD: 27/04/2015 - [] D -- C:\ProgramData\Adobe =>.Adobe
O43 - CFD: 15/06/2011 - [] D -- C:\ProgramData\aJ01842PhEhB01842
O43 - CFD: 14/02/2016 - [] D -- C:\ProgramData\Apple =>.Apple Inc.
O43 - CFD: 15/03/2008 - [] D -- C:\ProgramData\Apple Computer =>.Apple Inc.
O43 - CFD: 11/08/2007 - [0] SHD -- C:\ProgramData\Application Data =>.Microsoft Corporation
O43 - CFD: 14/02/2016 - [] D -- C:\ProgramData\B0FFCDD9-5261-4e59-B29A-17A4FABDEBAB
O43 - CFD: 01/07/2015 - [] D -- C:\ProgramData\bdch =>.Softwin
O43 - CFD: 28/03/2015 - [] D -- C:\ProgramData\BDLogging =>.Bitdefender
O43 - CFD: 26/01/2017 - [] D -- C:\ProgramData\Bitdefender =>.Bitdefender
O43 - CFD: 09/04/2014 - [] D -- C:\ProgramData\CheckPoint =>.CheckPoint
O43 - CFD: 01/03/2012 - [] HD -- C:\ProgramData\Common Files =>.Microsoft Corporation
O43 - CFD: 16/05/2010 - [] D -- C:\ProgramData\CyberLink =>.CyberLink Corporation
O43 - CFD: 07/09/2010 - [] D -- C:\ProgramData\Dell =>.Dell
O43 - CFD: 11/08/2007 - [0] SHD -- C:\ProgramData\Desktop =>.Microsoft Corporation
O43 - CFD: 11/08/2007 - [0] SHD -- C:\ProgramData\Documents =>.Microsoft Corporation
O43 - CFD: 01/01/2017 - [0] D -- C:\ProgramData\Dumps
O43 - CFD: 06/10/2010 - [] D -- C:\ProgramData\DVD Shrink =>.DVD Shrink
O43 - CFD: 13/02/2016 - [] D -- C:\ProgramData\EPSON =>.EPSON
O43 - CFD: 11/08/2007 - [0] SHD -- C:\ProgramData\Favorites =>.Microsoft Corporation
O43 - CFD: 11/08/2007 - [] D -- C:\ProgramData\Google =>.Google
O43 - CFD: 12/02/2016 - [] D -- C:\ProgramData\HP =>.Hewlett-Packard
O43 - CFD: 09/08/2007 - [] D -- C:\ProgramData\InstallShield =>.InstallShield
O43 - CFD: 15/09/2008 - [] D -- C:\ProgramData\iolo =>.Iolo Technologies
O43 - CFD: 13/03/2010 - [] D -- C:\ProgramData\Kaspersky SDK =>.Kaspersky Labs
O43 - CFD: 03/02/2011 - [] D -- C:\ProgramData\Leapfrog =>.LeapFrog
O43 - CFD: 12/08/2007 - [] D -- C:\ProgramData\MailFrontier
O43 - CFD: 22/02/2017 - [] D -- C:\ProgramData\Malwarebytes =>.Malwarebytes
O43 - CFD: 22/02/2017 - [0] D -- C:\ProgramData\Malwarebytes' Anti-Malware (portable) =>.Malwarebytes
O43 - CFD: 18/03/2011 - [] D -- C:\ProgramData\McAfee =>.McAfee
O43 - CFD: 17/07/2015 - [] SD -- C:\ProgramData\Microsoft =>.Microsoft Corporation
O43 - CFD: 28/06/2014 - [] D -- C:\ProgramData\Mozilla =>.Mozilla Corporation
O43 - CFD: 03/05/2009 - [] D -- C:\ProgramData\MSScanAppDataDir
O43 - CFD: 02/10/2010 - [] D -- C:\ProgramData\Nero =>.Ahead Corporation
O43 - CFD: 24/02/2008 - [] D -- C:\ProgramData\NETGEAR XE102 Powerline Encryption Utility =>.Netgear Inc
O43 - CFD: 26/12/2016 - [] D -- C:\ProgramData\Norton =>.Symantec Corporation
O43 - CFD: 27/03/2010 - [] D -- C:\ProgramData\NOS
O43 - CFD: 23/02/2017 - [] D -- C:\ProgramData\NVIDIA =>.nVidia Corporation
O43 - CFD: 06/09/2011 - [] D -- C:\ProgramData\NVIDIA Corporation =>.nVidia Corporation
O43 - CFD: 03/10/2009 - [] D -- C:\ProgramData\Office Genuine Advantage =>.Microsoft Corporation
O43 - CFD: 21/01/2017 - [] D -- C:\ProgramData\Oracle =>.Oracle
O43 - CFD: 11/03/2010 - [] D -- C:\ProgramData\PIXELA =>.PIXELA
O43 - CFD: 01/02/2017 - [] D -- C:\ProgramData\Roblox =>.ROBLOX
O43 - CFD: 16/05/2010 - [] D -- C:\ProgramData\Roxio =>.Roxio
O43 - CFD: 22/02/2017 - [] D -- C:\ProgramData\Sling
O43 - CFD: 03/10/2010 - [] D -- C:\ProgramData\SlySoft =>.SlySoft
O43 - CFD: 09/08/2007 - [] D -- C:\ProgramData\Sonic =>.Sonic
O43 - CFD: 03/05/2009 - [] D -- C:\ProgramData\SSScanAppDataDir =>.Nuance Communications
O43 - CFD: 11/08/2007 - [0] SHD -- C:\ProgramData\Start Menu =>.Microsoft Corporation
O43 - CFD: 03/10/2010 - [] D -- C:\ProgramData\Sun =>.Oracle
O43 - CFD: 26/12/2016 - [0] AD -- C:\ProgramData\TEMP =>.Microsoft Corporation
O43 - CFD: 11/08/2007 - [0] SHD -- C:\ProgramData\Templates =>.Microsoft Corporation
O43 - CFD: 03/10/2010 - [] D -- C:\ProgramData\vsosdk =>.VSO Software
O43 - CFD: 04/03/2010 - [] D -- C:\ProgramData\WEBREG =>.Hewlett-Packard
O43 - CFD: 19/09/2008 - [] D -- C:\ProgramData\WindowsSearch =>.Microsoft Corporation
O43 - CFD: 29/04/2008 - [] D -- C:\ProgramData\WLInstaller =>.Microsoft Corporation
O43 - CFD: 16/05/2010 - [] D -- C:\ProgramData\Yahoo! =>.Yahoo!
O43 - CFD: 06/09/2008 - [0] D -- C:\ProgramData\ZoomBrowser =>.Canon Inc.
O43 - CFD: 13/03/2009 - [] D -- C:\ProgramData\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
O43 - CFD: 01/04/2010 - [] D -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521} =>.Apple Inc.
O43 - CFD: 12/09/2009 - [] D -- C:\ProgramData\{755AC846-7372-4AC8-8550-C52491DAA8BD}
O43 - CFD: 08/04/2009 - [] D -- C:\ProgramData\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
O43 - CFD: 16/10/2015 - [] D -- C:\Program Files\Common Files\Adobe =>.Adobe
O43 - CFD: 20/07/2015 - [] D -- C:\Program Files\Common Files\Adobe AIR =>.Adobe Inc.
O43 - CFD: 14/02/2016 - [] D -- C:\Program Files\Common Files\Apple =>.Apple Inc.
O43 - CFD: 26/01/2017 - [] D -- C:\Program Files\Common Files\Bitdefender =>.Bitdefender
O43 - CFD: 06/09/2008 - [] D -- C:\Program Files\Common Files\Canon =>.Canon
O43 - CFD: 21/12/2008 - [] D -- C:\Program Files\Common Files\DataViz
O43 - CFD: 11/08/2007 - [] D -- C:\Program Files\Common Files\DESIGNER =>.Designer
O43 - CFD: 12/02/2016 - [] D -- C:\Program Files\Common Files\EPSON =>.EPSON
O43 - CFD: 04/03/2010 - [] D -- C:\Program Files\Common Files\Hewlett-Packard =>.Hewlett-Packard
O43 - CFD: 16/02/2008 - [] D -- C:\Program Files\Common Files\InstallShield =>.InstallShield
O43 - CFD: 21/01/2017 - [] D -- C:\Program Files\Common Files\Java =>.Oracle
O43 - CFD: 16/07/2015 - [] D -- C:\Program Files\Common Files\microsoft shared =>.Microsoft Corporation
O43 - CFD: 16/05/2010 - [] D -- C:\Program Files\Common Files\Roxio Shared =>.Roxio
O43 - CFD: 02/11/2006 - [] D -- C:\Program Files\Common Files\Services =>.Microsoft Corporation
O43 - CFD: 02/11/2006 - [] D -- C:\Program Files\Common Files\SpeechEngines =>.Microsoft Corporation
O43 - CFD: 22/02/2017 - [] D -- C:\Program Files\Common Files\Symantec Shared =>.Symantec Corporation
O43 - CFD: 09/03/2016 - [] D -- C:\Program Files\Common Files\System =>.Microsoft Corporation
O43 - CFD: 11/10/2014 - [] D -- C:\Program Files\Common Files\Wondershare =>.Wondershare
O43 - CFD: 28/03/2015 - [] D -- C:\Users\Glen\AppData\Roaming\Adobe =>.Adobe
O43 - CFD: 24/08/2007 - [0] D -- C:\Users\Glen\AppData\Roaming\AdobeUM =>.Adobe Inc.
O43 - CFD: 19/10/2011 - [] D -- C:\Users\Glen\AppData\Roaming\Apple Computer =>.Apple Inc.
O43 - CFD: 03/10/2010 - [] D -- C:\Users\Glen\AppData\Roaming\Arcsoft =>.ArcSoft
O43 - CFD: 26/01/2017 - [] D -- C:\Users\Glen\AppData\Roaming\Bitdefender =>.Bitdefender
O43 - CFD: 09/04/2014 - [] D -- C:\Users\Glen\AppData\Roaming\CheckPoint =>.CheckPoint
O43 - CFD: 20/07/2015 - [] D -- C:\Users\Glen\AppData\Roaming\com.radioio.ioDesktop
O43 - CFD: 01/02/2011 - [] D -- C:\Users\Glen\AppData\Roaming\com.radioio.ioDesktop.CB8A51FDBDF8B5F2BC25A3DD7F59CC4ED6D8CF65.1
O43 - CFD: 20/01/2009 - [] D -- C:\Users\Glen\AppData\Roaming\CyberLink =>.CyberLink Corporation
O43 - CFD: 15/06/2014 - [] D -- C:\Users\Glen\AppData\Roaming\DocumentsToGoDesktop
O43 - CFD: 13/02/2016 - [] D -- C:\Users\Glen\AppData\Roaming\Epson =>.EPSON
O43 - CFD: 05/11/2011 - [] D -- C:\Users\Glen\AppData\Roaming\Garmin =>.Garmin Ltd
O43 - CFD: 22/02/2017 - [] D -- C:\Users\Glen\AppData\Roaming\Geek Uninstaller =>.Geek Uninstaller
O43 - CFD: 11/08/2007 - [0] D -- C:\Users\Glen\AppData\Roaming\Google =>.Google
O43 - CFD: 21/12/2008 - [] D -- C:\Users\Glen\AppData\Roaming\HotSync
O43 - CFD: 16/07/2015 - [] D -- C:\Users\Glen\AppData\Roaming\HP =>.Hewlett-Packard
O43 - CFD: 30/08/2015 - [] D -- C:\Users\Glen\AppData\Roaming\HpUpdate =>.Hewlett-Packard
O43 - CFD: 11/10/2014 - [] D -- C:\Users\Glen\AppData\Roaming\HYXDevPsnList
O43 - CFD: 11/08/2007 - [] D -- C:\Users\Glen\AppData\Roaming\Identities =>.Microsoft Corporation
O43 - CFD: 12/02/2016 - [] D -- C:\Users\Glen\AppData\Roaming\InstallShield =>.InstallShield
O43 - CFD: 15/09/2008 - [] D -- C:\Users\Glen\AppData\Roaming\iolo =>.Iolo Technologies
O43 - CFD: 18/07/2008 - [] D -- C:\Users\Glen\AppData\Roaming\Leadertech =>.Leadertech Systems
O43 - CFD: 11/08/2007 - [] D -- C:\Users\Glen\AppData\Roaming\Macromedia =>.Macromedia
O43 - CFD: 27/06/2011 - [] D -- C:\Users\Glen\AppData\Roaming\MailFrontier
O43 - CFD: 02/11/2006 - [0] D -- C:\Users\Glen\AppData\Roaming\Media Center Programs =>.Microsoft Corporation
O43 - CFD: 31/12/2014 - [] SD -- C:\Users\Glen\AppData\Roaming\Microsoft =>.Microsoft Corporation
O43 - CFD: 28/06/2014 - [] D -- C:\Users\Glen\AppData\Roaming\Mozilla =>.Mozilla Corporation
O43 - CFD: 22/06/2011 - [] D -- C:\Users\Glen\AppData\Roaming\Nero =>.Ahead Corporation
O43 - CFD: 22/02/2017 - [] D -- C:\Users\Glen\AppData\Roaming\NVIDIA =>.nVidia Corporation
O43 - CFD: 28/03/2015 - [0] D -- C:\Users\Glen\AppData\Roaming\QuickScan =>.Bitdefender
O43 - CFD: 13/08/2007 - [] D -- C:\Users\Glen\AppData\Roaming\Roxio =>.Roxio
O43 - CFD: 22/02/2017 - [0] D -- C:\Users\Glen\AppData\Roaming\SecureMedia
O43 - CFD: 26/12/2016 - [] D -- C:\Users\Glen\AppData\Roaming\Sun =>.Oracle
O43 - CFD: 06/02/2008 - [] D -- C:\Users\Glen\AppData\Roaming\Template =>.Microsoft Corporation
O43 - CFD: 20/10/2010 - [0] D -- C:\Users\Glen\AppData\Roaming\Vso =>.VSO Software
O43 - CFD: 09/10/2007 - [0] D -- C:\Users\Glen\AppData\Roaming\WinRAR =>.WinRAR
O43 - CFD: 22/02/2017 - [0] D -- C:\Users\Glen\AppData\Roaming\Yahoo! =>.Yahoo!
O43 - CFD: 23/02/2017 - [] D -- C:\Users\Glen\AppData\Roaming\ZHP =>.Nicolas Coolman
O43 - CFD: 22/09/2008 - [0] D -- C:\Users\Glen\AppData\Roaming\ZoomBrowser EX =>.Canon Inc.
O43 - CFD: 09/01/2017 - [] D -- C:\Users\Glen\AppData\Local\0303933
O43 - CFD: 22/02/2017 - [] D -- C:\Users\Glen\AppData\Local\1e17e
O43 - CFD: 20/07/2015 - [] D -- C:\Users\Glen\AppData\Local\Adobe =>.Adobe
O43 - CFD: 24/01/2017 - [] D -- C:\Users\Glen\AppData\Local\Akamai =>.Superfluous.AkamaiHD
O43 - CFD: 31/08/2007 - [] D -- C:\Users\Glen\AppData\Local\Apple =>.Apple Inc.
O43 - CFD: 21/03/2010 - [] D -- C:\Users\Glen\AppData\Local\Apple Computer =>.Apple Inc.
O43 - CFD: 11/08/2007 - [0] SHD -- C:\Users\Glen\AppData\Local\Application Data =>.Microsoft Corporation
O43 - CFD: 21/01/2017 - [] D -- C:\Users\Glen\AppData\Local\CEF =>.CEF
O43 - CFD: 21/02/2017 - [] D -- C:\Users\Glen\AppData\Local\CrashDumps =>.Microsoft Corporation
O43 - CFD: 13/10/2016 - [] D -- C:\Users\Glen\AppData\Local\Google =>.Google
O43 - CFD: 11/08/2007 - [0] SHD -- C:\Users\Glen\AppData\Local\History =>.Microsoft Corporation
O43 - CFD: 04/03/2010 - [] D -- C:\Users\Glen\AppData\Local\HP =>.Hewlett-Packard
O43 - CFD: 28/06/2014 - [] D -- C:\Users\Glen\AppData\Local\Macromedia =>.Macromedia
O43 - CFD: 02/01/2017 - [] D -- C:\Users\Glen\AppData\Local\Microsoft =>.Microsoft Corporation
O43 - CFD: 26/12/2016 - [] D -- C:\Users\Glen\AppData\Local\Microsoft Corporation =>.Microsoft Corporation
O43 - CFD: 03/09/2007 - [] D -- C:\Users\Glen\AppData\Local\Microsoft Games =>.Microsoft Corporation
O43 - CFD: 09/10/2007 - [] D -- C:\Users\Glen\AppData\Local\MicroVision Applications =>.MicroVision
O43 - CFD: 11/08/2007 - [] D -- C:\Users\Glen\AppData\Local\MigWiz =>.MigWiz
O43 - CFD: 28/06/2014 - [] D -- C:\Users\Glen\AppData\Local\Mozilla =>.Mozilla Corporation
O43 - CFD: 21/06/2011 - [] D -- C:\Users\Glen\AppData\Local\Nero =>.Ahead Corporation
O43 - CFD: 21/06/2011 - [] D -- C:\Users\Glen\AppData\Local\Nero_AG =>.Ahead
O43 - CFD: 26/12/2016 - [] D -- C:\Users\Glen\AppData\Local\NPE =>.NPE
O43 - CFD: 02/02/2017 - [] D -- C:\Users\Glen\AppData\Local\Roblox =>.ROBLOX
O43 - CFD: 20/01/2009 - [] D -- C:\Users\Glen\AppData\Local\Roxio =>.Roxio
O43 - CFD: 22/02/2017 - [] D -- C:\Users\Glen\AppData\Local\Sling_cache
O43 - CFD: 22/09/2010 - [] D -- C:\Users\Glen\AppData\Local\Sunbelt Software =>.Sunbelt Software
O43 - CFD: 21/11/2011 - [0] D -- C:\Users\Glen\AppData\Local\SupportSoft =>.SupportSoft
O43 - CFD: 11/08/2007 - [] D -- C:\Users\Glen\AppData\Local\Symantec_Corporation =>.Symantec
O43 - CFD: 23/02/2017 - [] D -- C:\Users\Glen\AppData\Local\Temp =>.Microsoft Corporation
O43 - CFD: 11/08/2007 - [0] SHD -- C:\Users\Glen\AppData\Local\Temporary Internet Files =>.Microsoft Corporation
O43 - CFD: 12/08/2007 - [] D -- C:\Users\Glen\AppData\Local\The Weather Channel
O43 - CFD: 04/04/2010 - [] D -- C:\Users\Glen\AppData\Local\Threat Expert =>.Threat Expert
O43 - CFD: 18/07/2008 - [] D -- C:\Users\Glen\AppData\Local\VirtualStore =>.Microsoft Corporation
O43 - CFD: 11/08/2007 - [] D -- C:\Users\Glen\AppData\Local\WindowsUpdate =>.Microsoft Corporation
O43 - CFD: 11/10/2014 - [] D -- C:\Users\Glen\AppData\Local\Wondershare =>.Wondershare
O43 - CFD: 22/02/2017 - [] D -- C:\Users\Glen\AppData\Local\Zemana =>.Zemana
O43 - CFD: 02/11/2006 - [] RD -- C:\Users\Glen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories =>.Microsoft Corporation
O43 - CFD: 11/08/2007 - [] RD -- C:\Users\Glen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools =>.Administrative Tools
O43 - CFD: 03/10/2010 - [0] D -- C:\Users\Glen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AviSynth 2.5 =>.AviSynth
O43 - CFD: 02/11/2006 - [] RD -- C:\Users\Glen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance =>.Microsoft Corporation
O43 - CFD: 26/12/2016 - [] D -- C:\Users\Glen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Recover My Files v5 =>.GetData
O43 - CFD: 22/02/2017 - [] D -- C:\Users\Glen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sling
O43 - CFD: 12/10/2008 - [] RD -- C:\Users\Glen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup =>.Microsoft Corporation
O43 - CFD: 09/10/2007 - [] D -- C:\Users\Glen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR =>.WinRAR
O43 - CFD: 11/08/2007 - [0] SHD -- C:\Users\Default\AppData\Local\Application Data =>.Microsoft Corporation
O43 - CFD: 11/08/2007 - [0] SHD -- C:\Users\Default\AppData\Local\History =>.Microsoft Corporation
O43 - CFD: 02/11/2006 - [] D -- C:\Users\Default\AppData\Local\Microsoft =>.Microsoft Corporation
O43 - CFD: 02/11/2006 - [0] D -- C:\Users\Default\AppData\Local\Temp =>.Microsoft Corporation
O43 - CFD: 11/08/2007 - [0] SHD -- C:\Users\Default\AppData\Local\Temporary Internet Files =>.Microsoft Corporation
O43 - CFD: 11/08/2007 - [0] SHD -- C:\Users\Default User\AppData\Local\Application Data =>.Microsoft Corporation
O43 - CFD: 11/08/2007 - [0] SHD -- C:\Users\Default User\AppData\Local\History =>.Microsoft Corporation
O43 - CFD: 02/11/2006 - [] D -- C:\Users\Default User\AppData\Local\Microsoft =>.Microsoft Corporation
O43 - CFD: 02/11/2006 - [0] D -- C:\Users\Default User\AppData\Local\Temp =>.Microsoft Corporation
O43 - CFD: 11/08/2007 - [0] SHD -- C:\Users\Default User\AppData\Local\Temporary Internet Files =>.Microsoft Corporation
O43 - CFD: 18/07/2008 - [0] SHD -- C:\Windows\System32\Config\systemprofile\AppData\Local\Application Data =>.Microsoft Corporation
O43 - CFD: 27/01/2017 - [] D -- C:\Windows\System32\Config\systemprofile\AppData\Local\Avg =>.AVG Software
O43 - CFD: 27/01/2017 - [] D -- C:\Windows\System32\Config\systemprofile\AppData\Local\AvgSetupLog =>.AVG Software
O43 - CFD: 01/07/2015 - [] D -- C:\Windows\System32\Config\systemprofile\AppData\Local\bdch =>.Softwin
O43 - CFD: 20/01/2017 - [] D -- C:\Windows\System32\Config\systemprofile\AppData\Local\CrashDumps =>.Microsoft Corporation
O43 - CFD: 25/04/2011 - [] D -- C:\Windows\System32\Config\systemprofile\AppData\Local\Google =>.Google
O43 - CFD: 18/07/2008 - [0] SHD -- C:\Windows\System32\Config\systemprofile\AppData\Local\History =>.Microsoft Corporation
O43 - CFD: 16/05/2010 - [] D -- C:\Windows\System32\Config\systemprofile\AppData\Local\ICS =>.ICS
O43 - CFD: 16/07/2015 - [] D -- C:\Windows\System32\Config\systemprofile\AppData\Local\Microsoft =>.Microsoft Corporation
O43 - CFD: 15/05/2010 - [] D -- C:\Windows\System32\Config\systemprofile\AppData\Local\Sunbelt Software =>.Sunbelt Software
O43 - CFD: 27/12/2009 - [0] D -- C:\Windows\System32\Config\systemprofile\AppData\Local\Temp =>.Microsoft Corporation
O43 - CFD: 18/07/2008 - [0] SHD -- C:\Windows\System32\Config\systemprofile\AppData\Local\Temporary Internet Files =>.Microsoft Corporation
O43 - CFD: 22/02/2017 - [] D -- C:\Windows\System32\Config\systemprofile\AppData\Local\Zemana =>.Zemana
O43 - CFD: 05/07/2010 - [] D -- C:\Windows\System32\Config\systemprofile\AppData\Roaming\Apple Computer =>.Apple Inc.
O43 - CFD: 27/01/2017 - [] D -- C:\Windows\System32\Config\systemprofile\AppData\Roaming\Bitdefender =>.Bitdefender
O43 - CFD: 15/09/2008 - [0] D -- C:\Windows\System32\Config\systemprofile\AppData\Roaming\iolo =>.Iolo Technologies
O43 - CFD: 13/08/2012 - [] D -- C:\Windows\System32\Config\systemprofile\AppData\Roaming\McAfee =>.McAfee
O43 - CFD: 16/07/2015 - [] SD -- C:\Windows\System32\Config\systemprofile\AppData\Roaming\Microsoft =>.Microsoft Corporation
O43 - CFD: 28/03/2015 - [0] D -- C:\Windows\System32\Config\systemprofile\AppData\Roaming\QuickScan =>.Bitdefender
O43 - CFD: 09/10/2007 - [] D -- C:\Windows\System32\Config\systemprofile\AppData\Roaming\Roxio =>.Roxio
O43 - CFD: 18/07/2008 - [] RD -- C:\Windows\System32\Config\systemprofile\Start Menu\Programs\Administrative Tools =>.Administrative Tools
O43 - CFD: 18/07/2008 - [] RD -- C:\Windows\System32\Config\systemprofile\Start Menu\Programs\Startup =>.Microsoft Corporation

---\\ ShellIconOverlayIdentifiers (SIOI) (1) - 0s
O106 - SIOI: Enhanced Storage Icon Overlay Handler Class [EnhancedStorageShell] - {D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D}. (.Microsoft Corporation - Windows Enhanced Storage Shell Extension.) -- C:\Windows\System32\EhStorShell.dll =>.Microsoft Corporation

---\\ System Drivers List (93) - 87s
O58 - SDL:2006/11/02 04:51:38 A . (.Adaptec, Inc. - Adaptec Windows SAS/SATA Storport Driver.) -- C:\Windows\System32\drivers\adp94xx.sys [420968] =>.Microsoft Windows®
O58 - SDL:2006/11/02 04:51:32 A . (.Adaptec, Inc. - Adaptec Windows SATA Storport Driver.) -- C:\Windows\System32\drivers\adpahci.sys [297576] =>.Microsoft Windows®
O58 - SDL:2006/11/02 04:50:35 A . (.Adaptec, Inc. - Adaptec LH Ultra160 Driver (x86).) -- C:\Windows\System32\drivers\adpu160m.sys [98408] =>.Microsoft Windows®
O58 - SDL:2006/11/02 04:51:00 A . (.Adaptec, Inc. - Adaptec StorPort Ultra320 SCSI Driver.) -- C:\Windows\System32\drivers\adpu320.sys [147048] =>.Microsoft Windows®
O58 - SDL:2007/08/09 23:49:14 N . (.Acer Laboratories Inc. - ALi mini IDE Driver.) -- C:\Windows\System32\drivers\aliide.sys [17592] =>.Microsoft Windows®
O58 - SDL:2006/11/02 04:50:09 A . (.Adaptec, Inc. - Adaptec RAID Storport Driver.) -- C:\Windows\System32\drivers\arc.sys [67688] =>.Microsoft Windows®
O58 - SDL:2006/11/02 04:50:10 A . (.Adaptec, Inc. - Adaptec SAS RAID WS03 Driver.) -- C:\Windows\System32\drivers\arcsas.sys [67688] =>.Microsoft Windows®
O58 - SDL:2006/11/02 02:36:43 A . (.ATI Technologies Inc. - ATI Radeon Kernel Mode Driver.) -- C:\Windows\System32\drivers\atikmdag.sys [2028032] =>.ATI Technologies Inc.
O58 - SDL:2017/01/26 09:47:55 A . (.BitDefender - Active Virus Control filter driver.) -- C:\Windows\System32\drivers\avc3.sys [1258376] =>.Bitdefender SRL®
O58 - SDL:2015/05/29 09:50:59 A . (.BitDefender - BitDefender AntiVirus Active Virus Control.) -- C:\Windows\System32\drivers\avchv.sys [252184] =>.Bitdefender SRL®
O58 - SDL:2017/01/26 09:47:54 A . (.BitDefender - Active Virus Control Kernel Filtering drive.) -- C:\Windows\System32\drivers\avckf.sys [696632] =>.Bitdefender SRL®
O58 - SDL:2014/12/15 17:56:44 A . (.BitDefender LLC - BitDefender Firewall NDIS6 Filter Driver.) -- C:\Windows\System32\drivers\BdfNdisf6.sys [77632] =>.Bitdefender SRL®
O58 - SDL:2015/01/09 11:58:54 A . (.BitDefender SRL - BitDefender SandBox Filter Driver.) -- C:\Windows\System32\drivers\bdsandbox.sys [66832] =>.Bitdefender SRL®
O58 - SDL:2012/04/17 14:40:22 A . (.BitDefender - FileVault Disk Driver.) -- C:\Windows\System32\drivers\bdvedisk.sys [72704] =>.BitDefender SRL®
O58 - SDL:2006/11/02 03:24:45 A . (.Brother Industries, Ltd. - Windows ME USB Mass-Storage Bulk-Only Lower.) -- C:\Windows\System32\drivers\BrFiltLo.sys [13568] =>.Brother Industries, Ltd.
O58 - SDL:2006/11/02 03:24:46 A . (.Brother Industries, Ltd. - Windows ME USB Mass-Storage Bulk-Only Upper.) -- C:\Windows\System32\drivers\BrFiltUp.sys [5248] =>.Brother Industries, Ltd.
O58 - SDL:2006/11/02 03:25:24 A . (.Brother Industries Ltd. - Brotehr Serial I/F Driver (WDM).) -- C:\Windows\System32\drivers\BrSerId.sys [71808] =>.Brother Industries Ltd.
O58 - SDL:2006/11/02 03:24:44 A . (.Brother Industries Ltd. - Brother Serial driver (WDM version).) -- C:\Windows\System32\drivers\BrSerWdm.sys [62336] =>.Brother Industries Ltd.
O58 - SDL:2006/11/02 03:24:44 A . (.Brother Industries Ltd. - Brother USB MDM Driver.) -- C:\Windows\System32\drivers\BrUsbMdm.sys [12160] =>.Brother Industries Ltd.
O58 - SDL:2006/11/02 03:24:47 A . (.Brother Industries Ltd. - Brother USB Serial Driver.) -- C:\Windows\System32\drivers\BrUsbSer.sys [11904] =>.Brother Industries Ltd.
O58 - SDL:2007/06/04 17:25:14 N . (.Cyberlink Co.,Ltd. - Cyberlink Storage Helper Driver (WindowsNT5.) -- C:\Windows\System32\drivers\CLBStor.sys [16048] =>.CyberLink®
O58 - SDL:2007/06/04 17:25:12 N . (.CyberLink Corporation. - UDF File System Driver.) -- C:\Windows\System32\drivers\CLBUDF.sys [162096] =>.CyberLink®
O58 - SDL:2007/08/09 23:49:14 N . (.CMD Technology, Inc. - CMD PCI IDE Bus Driver.) -- C:\Windows\System32\drivers\cmdide.sys [19128] =>.Microsoft Windows®
O58 - SDL:2006/11/02 04:50:11 A . (.Adaptec, Inc. - Adaptec Ultra SCSI miniport.) -- C:\Windows\System32\drivers\djsvs.sys [71272] =>.Microsoft Windows®
O58 - SDL:2007/04/29 03:42:24 A . (.Intel Corporation - Intel(R) PRO/1000 Adapter NDIS 6 deserializ.) -- C:\Windows\System32\drivers\e1e6032.sys [228224] =>.Intel Corporation®
O58 - SDL:2006/11/02 02:30:54 A . (.Intel Corporation - Intel(R) PRO/1000 Adapter NDIS 6 deserializ.) -- C:\Windows\System32\drivers\E1G60I32.sys [117760] =>.Intel Corporation
O58 - SDL:2007/09/20 13:12:34 A . (.EldoS Corporation - RawDisk Driver. Allows write-access to raw.) -- C:\Windows\System32\drivers\elrawdsk.sys [12800] =>.EldoS Corporation
O58 - SDL:2006/11/02 04:51:34 A . (.Emulex - Storport Miniport Driver for LightPulse HBA.) -- C:\Windows\System32\drivers\elxstor.sys [316520] =>.Microsoft Windows®
O58 - SDL:2008/04/01 13:33:16 A . (.LeapFrog - FLY Fusion USB Driver.) -- C:\Windows\System32\drivers\FlyUsb.sys [19456] =>.LeapFrog
O58 - SDL:2012/08/21 12:01:22 A . (.GEAR Software Inc. - CD DVD Filter.) -- C:\Windows\System32\drivers\GEARAspiWDM.sys [26840] =>.GEAR Software Inc.®
O58 - SDL:2009/04/17 14:48:14 A . (.GARMIN Corp. - Generic WDM Support Driver.) -- C:\Windows\System32\drivers\grmngen.sys [18304] =>.GARMIN Corp.
O58 - SDL:2009/04/17 14:48:14 A . (.GARMIN Corp. - grmnusb.sys.) -- C:\Windows\System32\drivers\grmnusb.sys [9344] =>.GARMIN Corp.
O58 - SDL:2015/04/29 13:31:46 A . (.BitDefender LLC - BitDefender Gonzales FileSystem Driver.) -- C:\Windows\System32\drivers\gzflt.sys [173832] =>.Bitdefender SRL®
O58 - SDL:2006/11/02 04:50:10 A . (.Hewlett-Packard Company - Smart Array Storport Driver.) -- C:\Windows\System32\drivers\HpCISSs.sys [37480] =>.Microsoft Windows®
O58 - SDL:2007/04/26 05:41:38 A . (.Intel Corporation - Intel Matrix Storage Manager driver - ia32.) -- C:\Windows\System32\drivers\iaStor.sys [304920] =>.Intel Corporation®
O58 - SDL:2006/11/02 04:51:25 A . (.Intel Corporation - Intel Matrix Storage Manager driver (base).) -- C:\Windows\System32\drivers\iaStorV.sys [232040] =>.Microsoft Windows®
O58 - SDL:2006/11/02 04:50:17 A . (.Intel Corp./ICP vortex GmbH - Intel/ICP Raid Storport Driver.) -- C:\Windows\System32\drivers\iirsp.sys [41576] =>.Microsoft Windows®
O58 - SDL:2007/03/09 16:04:42 A . (.Intel Corporation - Intel(R) Network Adapter Diagnostic Driver.) -- C:\Windows\System32\drivers\iqvw32.sys [31072] =>.Intel Corporation®
O58 - SDL:2006/11/02 04:50:07 A . (.Integrated Technology Express, Inc. - ITE IT8211 ATA/ATAPI SCSI miniport.) -- C:\Windows\System32\drivers\iteatapi.sys [35944] =>.Microsoft Windows®
O58 - SDL:2006/11/02 04:50:09 A . (.Integrated Technology Express, Inc. - ITE IT8212 ATA RAID SCSI miniport.) -- C:\Windows\System32\drivers\iteraid.sys [35944] =>.Microsoft Windows®
O58 - SDL:2013/10/08 05:47:52 A . (.Kaspersky Lab ZAO - Filter Core [fre_wlh_x86_sdk].) -- C:\Windows\System32\drivers\klflt.sys [74848] =>.Kaspersky Lab®
O58 - SDL:2006/11/02 04:50:04 A . (.LSI Logic - LSI Logic Fusion-MPT FC Driver (StorPort).) -- C:\Windows\System32\drivers\lsi_fc.sys [65640] =>.Microsoft Windows®
O58 - SDL:2006/11/02 04:50:05 A . (.LSI Logic - LSI Logic Fusion-MPT SAS Driver (StorPort).) -- C:\Windows\System32\drivers\lsi_sas.sys [65640] =>.Microsoft Windows®
O58 - SDL:2006/11/02 04:50:10 A . (.LSI Logic - LSI Logic Fusion-MPT SCSI Driver (StorPort).) -- C:\Windows\System32\drivers\lsi_scsi.sys [65640] =>.Microsoft Windows®
O58 - SDL:2017/02/22 21:26:50 A . (.Malwarebytes - Malwarebytes Chameleon Protection Driver.) -- C:\Windows\System32\drivers\mbamchameleon.sys [94936] =>.Malwarebytes Corporation®
O58 - SDL:2017/02/22 21:27:35 A . (.Malwarebytes - Malwarebytes Anti-Malware.) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys [170200] =>.Malwarebytes Corporation®
O58 - SDL:2006/11/02 04:49:53 A . (.LSI Logic Corporation - MEGASAS RAID Controller Driver for Windows.) -- C:\Windows\System32\drivers\megasas.sys [28776] =>.Microsoft Windows®
O58 - SDL:2006/11/02 04:49:59 A . (.LSI Logic Corporation - MegaRAID RAID Controller Driver for Windows.) -- C:\Windows\System32\drivers\Mraid35x.sys [33384] =>.Microsoft Windows®
O58 - SDL:2006/11/02 04:50:19 A . (.IBM Corporation - IBM ServeRAID Controller Driver.) -- C:\Windows\System32\drivers\nfrd960.sys [45160] =>.Microsoft Windows®
O58 - SDL:2006/11/02 02:36:50 A . (.N-trig Innovative Technologies - N-trig tablet digitizer in-box driver.) -- C:\Windows\System32\drivers\ntrigdigi.sys [20608] =>.N-trig Innovative Technologies
O58 - SDL:2013/02/25 23:22:06 A . (.NVIDIA Corporation - NVIDIA Windows Kernel Mode Driver, Version.) -- C:\Windows\System32\drivers\nvlddmkm.sys [8939296] =>.NVIDIA Corporation®
O58 - SDL:2006/11/02 04:50:24 A . (.NVIDIA Corporation - NVIDIA® nForce(TM) RAID Driver.) -- C:\Windows\System32\drivers\nvraid.sys [88680] =>.Microsoft Windows®
O58 - SDL:2006/11/02 04:50:13 A . (.NVIDIA Corporation - NVIDIA® nForce(TM) Sata Performance Driver.) -- C:\Windows\System32\drivers\nvstor.sys [40040] =>.Microsoft Windows®
O58 - SDL:2007/12/04 16:10:30 A . (.PalmSource, Inc. - USB Driver for Palm OS Handheld Devices.) -- C:\Windows\System32\drivers\PalmUSBD.sys [16640] =>.PalmSource, Inc.
O58 - SDL:2010/10/03 00:30:53 A . (.VSO Software - low level access layer for CD/DVD/BD device.) -- C:\Windows\System32\drivers\pcouffin.sys [47360] =>.VSO Software
O58 - SDL:2007/03/07 18:51:00 N . (.Sonic Solutions - Px Engine Device Driver for Windows 2000/XP.) -- C:\Windows\System32\drivers\pxhelp20.sys [43528] =>.Sonic Solutions®
O58 - SDL:2006/11/02 04:51:45 A . (.QLogic Corporation - QLogic Fibre Channel Stor Miniport Driver.) -- C:\Windows\System32\drivers\ql2300.sys [900712] =>.Microsoft Windows®
O58 - SDL:2006/11/02 04:50:35 A . (.QLogic Corporation - QLogic iSCSI Storport Miniport Driver.) -- C:\Windows\System32\drivers\ql40xx.sys [106088] =>.Microsoft Windows®
O58 - SDL:2008/01/24 10:06:40 A . (.Realtek Semiconductor Corp. - Realtek(r) High Definition Audio Function D.) -- C:\Windows\System32\drivers\RTKVHDA.sys [2054872] =>.Realtek Semiconductor Corp®
O58 - SDL:2011/06/30 10:59:47 A . (.Sunbelt Software - Anti-Rootkit Engine.) -- C:\Windows\System32\drivers\SBREDrv.sys [101720] =>.Sunbelt Software, Inc.®
O58 - SDL:2006/11/02 01:37:21 A . (.Macrovision Corporation, Macrovision Europe Limited, - Macrovision SECURITY Driver.) -- C:\Windows\System32\drivers\secdrv.sys [20480] =>.Macrovision Corporation, Macrovision Europe Limited,
O58 - SDL:2006/11/02 04:50:10 A . (.Silicon Integrated Systems Corp. - SiS RAID Stor Miniport Driver.) -- C:\Windows\System32\drivers\sisraid2.sys [38504] =>.Microsoft Windows®
O58 - SDL:2006/11/02 04:50:16 A . (.Silicon Integrated Systems - SiS AHCI Stor-Miniport Driver.) -- C:\Windows\System32\drivers\sisraid4.sys [71784] =>.Microsoft Windows®
O58 - SDL:2006/11/02 04:50:05 A . (.LSI Logic - LSI Logic 8XX SCSI Miniport Driver.) -- C:\Windows\System32\drivers\symc8xx.sys [35944] =>.Microsoft Windows®
O58 - SDL:2007/02/13 17:33:06 A . (.StorageCraft - StorageCraft Volume Snap-Shot.) -- C:\Windows\System32\drivers\symsnap.sys [131944] =>.Symantec Corporation®
O58 - SDL:2006/11/02 04:49:56 A . (.LSI Logic - LSI Logic Hi-Perf SCSI Miniport Driver.) -- C:\Windows\System32\drivers\sym_hi.sys [31848] =>.Microsoft Windows®
O58 - SDL:2006/11/02 04:50:03 A . (.LSI Logic - LSI Logic Ultra160 SCSI Miniport Driver.) -- C:\Windows\System32\drivers\sym_u3.sys [34920] =>.Microsoft Windows®
O58 - SDL:2017/02/18 21:20:24 A . (.BitDefender S.R.L. - Trufos Kernel Module.) -- C:\Windows\System32\drivers\trufos.sys [422664] =>.Bitdefender SRL®
O58 - SDL:2006/11/02 04:51:25 A . (.ULi Electronics Inc. - ULi SATA Controller Driver.) -- C:\Windows\System32\drivers\uliahci.sys [235112] =>.Microsoft Windows®
O58 - SDL:2006/11/02 04:50:35 A . (.Promise Technology, Inc. - Promise Ultra/Sata Series Driver for Win200.) -- C:\Windows\System32\drivers\ulsata.sys [98408] =>.Microsoft Windows®
O58 - SDL:2006/11/02 04:50:45 A . (.Promise Technology, Inc. - Promise SATAII150 Series Windows Drivers.) -- C:\Windows\System32\drivers\ulsata2.sys [115816] =>.Microsoft Windows®
O58 - SDL:2015/06/17 17:04:22 A . (.Apple, Inc. - Apple Mobile Device USB Driver.) -- C:\Windows\System32\drivers\usbaapl.sys [45056] =>.Apple, Inc.
O58 - SDL:2007/02/13 17:33:04 A . (.Symantec Corporation - V2iMount.sys - Image Mounting Device Driver.) -- C:\Windows\System32\drivers\v2imount.sys [37864] =>.Symantec Corporation®
O58 - SDL:2007/08/09 23:49:14 N . (.VIA Technologies, Inc. - VIA Generic PCI IDE Bus Driver.) -- C:\Windows\System32\drivers\viaide.sys [20152] =>.Microsoft Windows®
O58 - SDL:2007/06/27 17:31:26 A . (.Symantec Corporation - VProEventMonitor.Sys - Event Monitoring dri.) -- C:\Windows\System32\drivers\vproeventmonitor.sys [14072] =>.Symantec Corporation®
O58 - SDL:2006/11/02 04:50:41 A . (.VIA Technologies Inc.,Ltd - VIA RAID DRIVER FOR X86-32.) -- C:\Windows\System32\drivers\vsmraid.sys [112232] =>.Microsoft Windows®
O58 - SDL:2017/02/22 19:19:38 A . (.Zemana Ltd. - ZAM.) -- C:\Windows\System32\drivers\zam32.sys [181496] =>.Zemana Ltd.®
O58 - SDL:2017/02/22 19:19:37 A . (.Zemana Ltd. - ZAM.) -- C:\Windows\System32\drivers\zamguard32.sys [181496] =>.Zemana Ltd.®
O58 - SDL:2006/11/02 02:09:42 A . (...) -- C:\Windows\System32\ANSI.SYS [9029] =>.Microsoft Corporation
O58 - SDL:2006/11/02 02:09:45 A . (...) -- C:\Windows\System32\country.sys [27097] =>.Microsoft Corporation
O58 - SDL:2006/11/02 02:09:41 A . (...) -- C:\Windows\System32\HIMEM.SYS [4768] =>.Microsoft Corporation
O58 - SDL:2006/11/02 02:09:44 A . (...) -- C:\Windows\System32\KEY01.SYS [42809] =>.Microsoft Corporation
O58 - SDL:2006/11/02 02:09:44 A . (...) -- C:\Windows\System32\KEYBOARD.SYS [42537] =>.Microsoft Corporation
O58 - SDL:2006/11/02 02:09:29 A . (...) -- C:\Windows\System32\NTDOS.SYS [27866] =>.Microsoft Corporation
O58 - SDL:2006/11/02 02:09:35 A . (...) -- C:\Windows\System32\NTDOS404.SYS [29146] =>.Microsoft Corporation
O58 - SDL:2006/11/02 02:09:38 A . (...) -- C:\Windows\System32\NTDOS411.SYS [29370] =>.Microsoft Corporation
O58 - SDL:2006/11/02 02:09:40 A . (...) -- C:\Windows\System32\NTDOS412.SYS [29274] =>.Microsoft Corporation
O58 - SDL:2006/11/02 02:09:31 A . (...) -- C:\Windows\System32\NTDOS804.SYS [29146] =>.Microsoft Corporation
O58 - SDL:2006/11/02 02:09:20 A . (...) -- C:\Windows\System32\NTIO.SYS [33952] =>.Microsoft Corporation
O58 - SDL:2006/11/02 02:09:23 A . (...) -- C:\Windows\System32\NTIO404.SYS [34672] =>.Microsoft Corporation
O58 - SDL:2006/11/02 02:09:24 A . (...) -- C:\Windows\System32\NTIO411.SYS [35776] =>.Microsoft Corporation
O58 - SDL:2006/11/02 02:09:26 A . (...) -- C:\Windows\System32\NTIO412.SYS [35536] =>.Microsoft Corporation
O58 - SDL:2006/11/02 02:09:22 A . (...) -- C:\Windows\System32\NTIO804.SYS [34672] =>.Microsoft Corporation

---\\ Last modified or created user files (2) - 37s
O61 - LFC: 2017/02/19 21:44:27 RA . (..) -- C:\Users\Glen\AppData\Roaming\Microsoft\Installer\{E0EB8881-0CFE-4375-8782-8807D258CD7C}\_18be6784.exe [25214]
O61 - LFC: 2017/02/19 21:44:27 RA . (..) -- C:\Users\Glen\AppData\Roaming\Microsoft\Installer\{E0EB8881-0CFE-4375-8782-8807D258CD7C}\_294823.exe [25214]

---\\ File Associations Shell Spawning (11) - 0s
O67 - Shell Spawning: <.bat> <batfile>[HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.cpl> <cplfile>[HKLM\..\cplopen\Command] (.Microsoft Corporation - Windows Control Panel.) -- C:\Windows\System32\control.exe =>.Microsoft Corporation
O67 - Shell Spawning: <.cmd> <cmdfile>[HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.com> <comfile>[HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.evt> <evtfile>[HKLM\..\open\Command] (.Microsoft Corporation - Event Viewer Snapin Launcher.) -- C:\Windows\System32\eventvwr.exe =>.Microsoft Corporation
O67 - Shell Spawning: <.exe> <exefile>[HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.html> <htmlfile>[HKLM\..\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe =>.Microsoft Corporation®
O67 - Shell Spawning: <.js> <JSFile>[HKLM\..\open\Command] (.Microsoft Corporation - Microsoft (R) Windows Based Script Host.) -- C:\Windows\System32\wscript.exe =>.Microsoft Corporation
O67 - Shell Spawning: <.reg> <regfile>[HKLM\..\open\Command] (.Microsoft Corporation - Registry Editor.) -- C:\Windows\regedit.exe =>.Microsoft Corporation
O67 - Shell Spawning: <.scr> <scrfile>[HKLM\..\open\Command] (...) -- "%1" /S
O67 - Shell Spawning: <.html> <FirefoxHTML>[HKCU\..\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe =>.Mozilla Corporation®

---\\ Start Menu Internet (8) - 1s
O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe =>.Mozilla Corporation®
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe =>.Microsoft Corporation®
O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\InstallInfo\ShowIconsCommand] (.Mozilla Corporation - Firefox Helper.) -- C:\Program Files\Mozilla Firefox\uninstall\helper.exe =>.Mozilla Corporation
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\InstallInfo\ShowIconsCommand] (.Microsoft Corporation - IE Per-User Initialization Utility.) -- C:\Windows\System32\ie4uinit.exe =>.Microsoft Corporation
O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\InstallInfo\ReinstallCommand] (.Mozilla Corporation - Firefox Helper.) -- C:\Program Files\Mozilla Firefox\uninstall\helper.exe =>.Mozilla Corporation
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\InstallInfo\ReinstallCommand] (.Microsoft Corporation - IE Per-User Initialization Utility.) -- C:\Windows\System32\ie4uinit.exe =>.Microsoft Corporation
O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\InstallInfo\HideIconsCommand] (.Mozilla Corporation - Firefox Helper.) -- C:\Program Files\Mozilla Firefox\uninstall\helper.exe =>.Mozilla Corporation
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\InstallInfo\HideIconsCommand] (.Microsoft Corporation - IE Per-User Initialization Utility.) -- C:\Windows\System32\ie4uinit.exe =>.Microsoft Corporation

---\\ Search Browser Infection (4) - 20s
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - http://www.bing.com/ =>.Bing.com
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (Google) - http://www.google.com/ =>.Google Inc.
O69 - SBI: SearchScopes [HKLM] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - (@ieframe.dll,-12512) - http://www.bing.com/ =>.Bing.com
O69 - SBI: SearchScopes [HKLM] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (Google) - http://www.google.com/ =>.Google Inc.

---\\ Search Svchost Services (31) - 1s
O83 - Search Svchost Services: AeLookupSvc (AeLookupSvc) . (.Microsoft Corporation - Application Experience Service.) -- C:\Windows\System32\aelupsvc.dll [24576] =>.Microsoft Corporation
O83 - Search Svchost Services: wercplsupport (wercplsupport) . (.Microsoft Corporation - Problem Reports and Solutions.) -- C:\Windows\System32\wercplsupport.dll [62976] =>.Microsoft Corporation
O83 - Search Svchost Services: Themes (Themes) . (.Microsoft Corporation - Windows Shell Services Dll.) -- C:\Windows\System32\shsvcs.dll [247808] =>.Microsoft Corporation
O83 - Search Svchost Services: CertPropSvc (CertPropSvc) . (.Microsoft Corporation - Microsoft Smartcard Certificate Propagation.) -- C:\Windows\System32\certprop.dll [40448] =>.Microsoft Corporation
O83 - Search Svchost Services: SCPolicySvc (SCPolicySvc) . (.Microsoft Corporation - Microsoft Smartcard Certificate Propagation.) -- C:\Windows\System32\certprop.dll [40448] =>.Microsoft Corporation
O83 - Search Svchost Services: lanmanserver (lanmanserver) . (.Microsoft Corporation - Server Service DLL.) -- C:\Windows\System32\srvsvc.dll [125952] =>.Microsoft Corporation
O83 - Search Svchost Services: gpsvc (gpsvc) . (.Microsoft Corporation - Group Policy Client.) -- C:\Windows\System32\gpsvc.dll [582144] =>.Microsoft Corporation
O83 - Search Svchost Services: IKEEXT (IKEEXT) . (.Microsoft Corporation - IKE extension.) -- C:\Windows\System32\IKEEXT.DLL [444928] =>.Microsoft Corporation
O83 - Search Svchost Services: AudioSrv (AudioSrv) . (.Microsoft Corporation - Windows Audio Service.) -- C:\Windows\System32\audiosrv.dll [316928] =>.Microsoft Corporation
O83 - Search Svchost Services: Rasauto (Rasauto) . (.Microsoft Corporation - Remote Access AutoDial Manager.) -- C:\Windows\System32\rasauto.dll [90624] =>.Microsoft Corporation
O83 - Search Svchost Services: Rasman (Rasman) . (.Microsoft Corporation - Remote Access Connection Manager.) -- C:\Windows\System32\rasmans.dll [262144] =>.Microsoft Corporation
O83 - Search Svchost Services: Remoteaccess (Remoteaccess) . (.Microsoft Corporation - Dynamic Interface Manager.) -- C:\Windows\System32\mprdim.dll [68608] =>.Microsoft Corporation
O83 - Search Svchost Services: SENS (SENS) . (.Microsoft Corporation - System Event Notification Service (SENS).) -- C:\Windows\System32\Sens.dll [47104] =>.Microsoft Corporation
O83 - Search Svchost Services: Sharedaccess (Sharedaccess) . (.Microsoft Corporation - Microsoft NAT Helper Components.) -- C:\Windows\System32\ipnathlp.dll [288256] =>.Microsoft Corporation
O83 - Search Svchost Services: Tapisrv (Tapisrv) . (.Microsoft Corporation - Microsoft® Windows(TM) Telephony Server.) -- C:\Windows\System32\tapisrv.dll [242688] =>.Microsoft Corporation
O83 - Search Svchost Services: TermService (TermService) . (.Microsoft Corporation - Terminal Server Remote Connections Manager.) -- C:\Windows\System32\termsrv.dll [449536] =>.Microsoft Corporation
O83 - Search Svchost Services: wuauserv (wuauserv) . (.Microsoft Corporation - Windows Update Agent.) -- C:\Windows\System32\wuaueng.dll [1933848] =>.Microsoft Windows Component Publisher®
O83 - Search Svchost Services: BITS (BITS) . (.Microsoft Corporation - Background Intelligent Transfer Service.) -- C:\Windows\System32\qmgr.dll [758784] =>.Microsoft Corporation
O83 - Search Svchost Services: ShellHWDetection (ShellHWDetection) . (.Microsoft Corporation - Windows Shell Services Dll.) -- C:\Windows\System32\shsvcs.dll [247808] =>.Microsoft Corporation
O83 - Search Svchost Services: iphlpsvc (iphlpsvc) . (.Microsoft Corporation - Service that offers IPv6 connectivity over.) -- C:\Windows\System32\iphlpsvc.dll [200704] =>.Microsoft Corporation
O83 - Search Svchost Services: seclogon (seclogon) . (.Microsoft Corporation - Secondary Logon Service DLL.) -- C:\Windows\System32\seclogon.dll [19968] =>.Microsoft Corporation
O83 - Search Svchost Services: AppInfo (AppInfo) . (.Microsoft Corporation - Application Information Service.) -- C:\Windows\System32\appinfo.dll [33280] =>.Microsoft Corporation
O83 - Search Svchost Services: msiscsi (msiscsi) . (.Microsoft Corporation - iSCSI Discovery service.) -- C:\Windows\System32\iscsiexe.dll [111616] =>.Microsoft Corporation
O83 - Search Svchost Services: MMCSS (MMCSS) . (.Microsoft Corporation - Multimedia Class Scheduler Service.) -- C:\Windows\System32\mmcss.dll [45056] =>.Microsoft Corporation
O83 - Search Svchost Services: ProfSvc (ProfSvc) . (.Microsoft Corporation - ProfSvc.) -- C:\Windows\System32\profsvc.dll [153600] =>.Microsoft Corporation
O83 - Search Svchost Services: EapHost (EapHost) . (.Microsoft Corporation - Microsoft EAPHost service.) -- C:\Windows\System32\eapsvc.dll [57344] =>.Microsoft Corporation
O83 - Search Svchost Services: winmgmt (winmgmt) . (.Microsoft Corporation - WMI.) -- C:\Windows\System32\wbem\WMIsvc.dll [162304] =>.Microsoft Corporation
O83 - Search Svchost Services: schedule (schedule) . (.Microsoft Corporation - Task Scheduler Service.) -- C:\Windows\System32\schedsvc.dll [602112] =>.Microsoft Corporation
O83 - Search Svchost Services: SessionEnv (SessionEnv) . (.Microsoft Corporation - Terminal Services Configuration service.) -- C:\Windows\System32\SessEnv.dll [84992] =>.Microsoft Corporation
O83 - Search Svchost Services: browser (browser) . (.Microsoft Corporation - Computer Browser Service DLL.) -- C:\Windows\System32\browser.dll [81920] =>.Microsoft Corporation
O83 - Search Svchost Services: hkmsvc (hkmsvc) . (.Microsoft Corporation - Key Management Service.) -- C:\Windows\System32\KMSVC.DLL [68096] =>.Microsoft Corporation

---\\ Additional Scan (O88) (2) - 0s
C:\Users\Glen\AppData\Local\Akamai =>.Superfluous.AkamaiHD
C:\Users\Glen\AppData\Roaming\inst.exe =>Heuristic.Suspect

---\\ Summary of the elements found (6) - 0s
https://www.nicolascoolman.com/fr/adware-mywebsearch/ =>PUP.Optional.MyWebSearch
https://nicolascoolman.eu/2017/01/20/logiciels-superflus/ =>.Superfluous.AkamaiHD
https://www.anti-malware.top/2016/04/22/adware-installcore/ =>Adware.InstallCore
https://www.nicolascoolman.com/fr/superfluous-virtualgirl =>.Superfluous.VirtualGirl
https://www.nicolascoolman.com/fr/pup-quickshare/ =>PUP.Optional.QuickShare
https://nicolascoolman.eu/2017/01/28/heuristic-suspect/ =>Heuristic.Suspect

~ Unselected Options: O82,
~ End of the scan, 25670 items in 11mn14s (1115)(0)

 

[Malnutrition]

Ok, here is the report.

Ok, while I look over this log; is the malware being detected in the FRST quarantine?
Are you having any other issues?

System drive C: has 10 GB () free of 171 GB : ATTENTION =>Warning Disk Space

I'd suggest that you clean the machine with Privazer, then defrag with SmartDefrag.

 

[clarkgriswold]

Nothing came up on the last Bitdefender scan. I am running one final scan because sometimes Bitdefender detects it and sometimes it doesn't.
Then I will run the Privazer and defrag.

What software would you recommend for a full security suite? I have lost some confidence in Bitdefener, although it's probably not it's fault that I contracted the trojan.
Or, would you recommend separate applications for virus and firewall control? I am trying to make sure this machine is clean before I transfer files to a new PC. I then want to have the best

One last question... is there any program that can run in the back round in addition to the above; that could prevent future malware and trojans like this in real time?

I will be transferring files from this machine (when deemed clean) to a brand new PC. I want to make sure that I have the best applications available going forward.

 

[Malnutrition]

Lets run one last FRST fix, I found some additional malware on your machine... As well as some trash.
Also, it seems system restore is disabled on your machine. ======> Click Here For Instructions to enable.
I will answer your questions after this fix...

FRST Fix.


Download attached fixlist.txt file and save it to the Desktop. NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work. NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system Run FRST/FRST64 and press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run. When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.


HijackThis.



1- Please click HERE to download HijackThis.
2- Unzip to your desktop -- Right Click Run as Admin.
3- Click on the Main Menu button if not already there.
4- Select Do a system scan and save a logfile.
5- Copy & Paste Log in your next reply.

 

[clarkgriswold]

I tried to run Privazer but it would not execute. "PrivaZer setup has stopped working"
I skipped the defrag for the time being (figuring this would take a while)
Below I have attached the logs from FRST and Hijack This.

Bitdefender seems to be showing clean for now.

Fix result of Farbar Recovery Scan Tool (x86) Version: 19-02-2017

Ran by Glen (23-02-2017 10:20:02) Run:2
Running from C:\Users\Glen\Desktop
Loaded Profiles: Glen (Available Profiles: Glen & UpdatusUser & Administrator)
Boot Mode: Normal

==============================================

fixlist content:
*****************
start
emptytemp:
CloseProcesses:
CreateRestorePoint:
DeleteKey: HKLM\SOFTWARE\AVG
DeleteKey: HKLM\SOFTWARE\AVG Web TuneUp
DeleteKey: HKLM\SOFTWARE\iolo
DeleteKey: HKLM\SOFTWARE\KasperskyLab
DeleteKey: HKLM\SOFTWARE\Lavasoft
DeleteKey: HKLM\SOFTWARE\Large Software
DeleteKey: HKLM\SOFTWARE\McAfee.com
DeleteKey: HKLM\SOFTWARE\mcafeeupdater
DeleteKey: HKLM\SOFTWARE\MyFunCards_5mEI
DeleteKey: HKLM\SOFTWARE\WholeSecurity
DeleteKey: HKLM\SOFTWARE\Symante
DeleteKey: HKLM\SOFTWARE\SymDebug
DeleteKey: HKLM\SOFTWARE\Yahoo
DeleteKey: HKCU\SOFTWARE\AVG
DeleteKey: HKCU\SOFTWARE\AVG Web TuneUp
DeleteKey: HKCU\SOFTWARE\IM
DeleteKey: HKCU\SOFTWARE\iolo
DeleteKey: HKCU\SOFTWARE\Lavasoft
DeleteKey: HKCU\SOFTWARE\Large Software
DeleteKey: HKCU\SOFTWARE\McAfee
DeleteKey: HKCU\SOFTWARE\Symantec
DeleteKey: HKCU\SOFTWARE\Totem
DeleteKey: HKCU\SOFTWARE\AppDataLow\Software\Yahoo
C:\Program Files\GUM9A6A.tmp
C:\Program Files\Norton Save and Restore
C:\ProgramData\aJ01842PhEhB01842
C:\ProgramData\B0FFCDD9-5261-4e59-B29A-17A4FABDEBAB
C:\ProgramData\McAfee
C:\ProgramData\Norton
C:\ProgramData\Yahoo!
C:\Program Files\Common Files\Symantec Shared
C:\Users\Glen\AppData\Roaming\HpUpdate
C:\Users\Glen\AppData\Roaming\iolo
C:\Users\Glen\AppData\Roaming\Yahoo!
C:\Users\Glen\AppData\Local\0303933
C:\Users\Glen\AppData\Local\1e17e
C:\Users\Glen\AppData\Roaming\inst.exe
C:\Users\Glen\AppData\Local\Sunbelt Software
C:\Users\Glen\AppData\Local\Symantec_Corporation
C:\Users\Glen\AppData\Local\The Weather Channel
C:\Users\Glen\AppData\Local\Threat Expert
C:\Windows\System32\Config\systemprofile\AppData\Local\Avg
C:\Windows\System32\Config\systemprofile\AppData\Local\AvgSetupLog
C:\Windows\System32\Config\systemprofile\AppData\Local\Sunbelt Software
C:\Windows\System32\Config\systemprofile\AppData\Roaming\iolo
C:\Windows\System32\Config\systemprofile\AppData\Roaming\McAfee
C:\Windows\System32\drivers\klflt.sys
C:\Windows\System32\drivers\SBREDrv.sys
C:\Windows\System32\drivers\v2imount.sys
C:\Windows\System32\drivers\vproeventmonitor.sys
RemoveProxy:
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state On
CMD: ipconfig /flushdns
C:\windows\system32\Drivers\etc\hosts
Hosts:
DeleteQuarantine:
reboot:
end


*****************

Processes closed successfully.
Restore point was successfully created.
HKLM\SOFTWARE\AVG => key removed successfully.
HKLM\SOFTWARE\AVG Web TuneUp => key removed successfully.
HKLM\SOFTWARE\iolo => key removed successfully.
HKLM\SOFTWARE\KasperskyLab => key removed successfully.
HKLM\SOFTWARE\Lavasoft => key removed successfully.
HKLM\SOFTWARE\Large Software => key removed successfully.
HKLM\SOFTWARE\McAfee.com => key removed successfully.
HKLM\SOFTWARE\mcafeeupdater => key removed successfully.
HKLM\SOFTWARE\MyFunCards_5mEI => key removed successfully.
HKLM\SOFTWARE\WholeSecurity => key removed successfully.
HKLM\SOFTWARE\Symante => key not found.
HKLM\SOFTWARE\SymDebug => key removed successfully.
HKLM\SOFTWARE\Yahoo => key removed successfully.
HKCU\SOFTWARE\AVG => key removed successfully.
HKCU\SOFTWARE\AVG Web TuneUp => key removed successfully.
HKCU\SOFTWARE\IM => key removed successfully.
HKCU\SOFTWARE\iolo => key removed successfully.
HKCU\SOFTWARE\Lavasoft => key removed successfully.
HKCU\SOFTWARE\Large Software => key removed successfully.
HKCU\SOFTWARE\McAfee => key removed successfully.
HKCU\SOFTWARE\Symantec => key removed successfully.
HKCU\SOFTWARE\Totem => key removed successfully.
HKCU\SOFTWARE\AppDataLow\Software\Yahoo => key removed successfully.
C:\Program Files\GUM9A6A.tmp => moved successfully
C:\Program Files\Norton Save and Restore => moved successfully
C:\ProgramData\aJ01842PhEhB01842 => moved successfully
C:\ProgramData\B0FFCDD9-5261-4e59-B29A-17A4FABDEBAB => moved successfully
C:\ProgramData\McAfee => moved successfully
C:\ProgramData\Norton => moved successfully
C:\ProgramData\Yahoo! => moved successfully
C:\Program Files\Common Files\Symantec Shared => moved successfully
C:\Users\Glen\AppData\Roaming\HpUpdate => moved successfully
C:\Users\Glen\AppData\Roaming\iolo => moved successfully
C:\Users\Glen\AppData\Roaming\Yahoo! => moved successfully
C:\Users\Glen\AppData\Local\0303933 => moved successfully
C:\Users\Glen\AppData\Local\1e17e => moved successfully
C:\Users\Glen\AppData\Roaming\inst.exe => moved successfully
C:\Users\Glen\AppData\Local\Sunbelt Software => moved successfully
C:\Users\Glen\AppData\Local\Symantec_Corporation => moved successfully
C:\Users\Glen\AppData\Local\The Weather Channel => moved successfully
C:\Users\Glen\AppData\Local\Threat Expert => moved successfully
C:\Windows\System32\Config\systemprofile\AppData\Local\Avg => moved successfully
C:\Windows\System32\Config\systemprofile\AppData\Local\AvgSetupLog => moved successfully
C:\Windows\System32\Config\systemprofile\AppData\Local\Sunbelt Software => moved successfully
C:\Windows\System32\Config\systemprofile\AppData\Roaming\iolo => moved successfully
C:\Windows\System32\Config\systemprofile\AppData\Roaming\McAfee => moved successfully
C:\Windows\System32\drivers\klflt.sys => moved successfully
C:\Windows\System32\drivers\SBREDrv.sys => moved successfully
C:\Windows\System32\drivers\v2imount.sys => moved successfully
C:\Windows\System32\drivers\vproeventmonitor.sys => moved successfully

========= RemoveProxy: =========

HKU\S-1-5-21-3490785829-169181324-3712256341-1000\SOFTWARE\Policies\Microsoft\Internet Explorer => key removed successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully.
HKU\S-1-5-21-3490785829-169181324-3712256341-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully.
HKU\S-1-5-21-3490785829-169181324-3712256341-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully.


========= End of RemoveProxy: =========


========= netsh advfirewall reset =========

Ok.


========= End of CMD: =========


========= netsh advfirewall set allprofiles state On =========

Ok.


========= End of CMD: =========


========= ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

C:\windows\system32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
"C:\FRST\Quarantine" => removed successfully..

=========== EmptyTemp: ==========

BITS transfer queue => 0 B
DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 4788593 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 2926592 B
Edge => 0 B
Chrome => 0 B
Firefox => 12719316 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 0 B
LocalService => 0 B
NetworkService => 0 B
Glen => 638737 B
UpdatusUser => 0 B
UpdatusUser => 0 B
Administrator => 0 B

RecycleBin => 0 B
EmptyTemp: => 20.1 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 10:28:41 ====

Logfile of Trend Micro HiJackThis 2.0.6 - Private Fork by Alex Dragokas ver. Alpha 4.3

Platform: x32 Windows Vista (Home Premium), 6.0.6002, Service Pack: 2
Time: 23.02.2017 - 10:33
Language: OS: English (0x409). Display: English (0x409). Non-Unicode: English (0x409)
Elevated: Yes
Ran by: Glen (group: Administrator) on DESKTOP

Chrome: 35.0.1916.153
Firefox: 51.0.1.6234
Internet Explorer: 9.0.8112.16834

Boot mode: Normal

Running processes:
Number | Path

1 C:\Program Files\Bitdefender\Bitdefender 2015\bdagent.exe
1 C:\Program Files\Bitdefender\Bitdefender 2015\bdwtxag.exe
1 C:\Program Files\Bitdefender\Bitdefender 2015\updatesrv.exe
1 C:\Program Files\Bitdefender\Bitdefender 2015\vsserv.exe
1 C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe
1 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
1 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
1 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
1 C:\Program Files\EPSON Software\Event Manager\EEventManager.exe
1 C:\Program Files\EPSON Software\FAX Utility\FUFAXRCV.exe
1 C:\Program Files\EPSON Software\FAX Utility\FUFAXSTM.exe
1 C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
1 C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
2 C:\Program Files\Mozilla Firefox\firefox.exe
1 C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
1 C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
1 C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
1 C:\Program Files\PIXELA\ImageMixer 3 SE Ver.3\CameraMonitor.exe
1 C:\Program Files\USB Sharing\usbshare.exe
2 C:\Program Files\Zemana AntiMalware\ZAM.exe
1 C:\Users\Glen\Desktop\HiJackThis.exe
1 C:\Windows\RtHDVCpl.exe
1 C:\Windows\System32\AERTSrv.exe
1 C:\Windows\System32\SLsvc.exe
1 C:\Windows\System32\SearchIndexer.exe
1 C:\Windows\System32\audiodg.exe
2 C:\Windows\System32\csrss.exe
1 C:\Windows\System32\dwm.exe
1 C:\Windows\System32\escsvc.exe
1 C:\Windows\System32\lsass.exe
1 C:\Windows\System32\lsm.exe
2 C:\Windows\System32\nvvsvc.exe
1 C:\Windows\System32\services.exe
1 C:\Windows\System32\smss.exe
1 C:\Windows\System32\spoolsv.exe
15 C:\Windows\System32\svchost.exe
2 C:\Windows\System32\taskeng.exe
1 C:\Windows\System32\wbem\WmiPrvSE.exe
1 C:\Windows\System32\wininit.exe
1 C:\Windows\System32\winlogon.exe
1 C:\Windows\ehome\ehmsas.exe
1 C:\Windows\ehome\ehtray.exe
1 C:\Windows\explorer.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.yahoo.com/?fr=hp-avastc&type=756
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.yahoo.com/?fr=hp-avastc&type=756
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
O4 - Global User Startup: APC UPS Status.lnk -> C:\Program Files\APC\APC PowerChute Personal Edition\Display.exe
O4 - Global User Startup: DataViz Inc Messenger.lnk -> C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
O4 - Global User Startup: HotSync Manager.lnk -> C:\Program Files\palmOne\Hotsync.exe
O4 - Global User Startup: ImageMixer 3 SE Camera Monitor Ver.3.lnk -> C:\Program Files\PIXELA\ImageMixer 3 SE Ver.3\CameraMonitor.exe
O4 - Global User Startup: USB Sharing.lnk -> C:\Program Files\USB Sharing\usbshare.exe
O4 - HKCU\..\: [Cancel_PIP] 1
O4 - HKCU\..\: [Resume] 0
O4 - HKCU\..\Run: [Bitdefender Wallet Agent] "C:\Program Files\Bitdefender\Bitdefender 2015\bdwtxag.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Bdagent] "C:\Program Files\Bitdefender\Bitdefender 2015\bdagent.exe"
O4 - HKLM\..\Run: [EEventManager] "C:\Program Files\Epson Software\Event Manager\EEventManager.exe"
O4 - HKLM\..\Run: [FUFAXRCV] "C:\Program Files\Epson Software\FAX Utility\FUFAXRCV.exe"
O4 - HKLM\..\Run: [FUFAXSTM] "C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe"
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [ZAM] "C:\Program Files\Zemana AntiMalware\ZAM.exe" /minimized
O4 - HKU\S-1-5-19\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\Sidebar.exe /detectMem
O4 - HKU\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKU\S-1-5-20\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\Sidebar.exe /detectMem
O4 - HKU\S-1-5-20\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - MSConfig\startupreg: [Ad-Watch] (2010/03/09) (no file)
O4 - MSConfig\startupreg: [Adobe Reader Speed Launcher] (2010/03/09) (no file)
O4 - MSConfig\startupreg: [BDRegion] (2010/03/09) (no file)
O4 - MSConfig\startupreg: [Dell PC TuneUp Startup] (2010/03/09) (no file)
O4 - MSConfig\startupreg: [EPLTarget] (2017/01/02) (no file)
O4 - MSConfig\startupreg: [LanguageShortcut] (2010/03/09) (no file)
O4 - MSConfig\startupreg: [Monitor] (2015/09/04) (no file)
O4 - MSConfig\startupreg: [QuickTime Task] (2011/08/11) (no file)
O4 - MSConfig\startupreg: [RemoteControl] (2010/03/09) (no file)
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file) (HKLM)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file) (HKLM)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL (HKLM)
O17 - DHCP DNS - 1: 10.110.4.175
O22 - ScheduledTask: (Ready) ManualDefrag - \Microsoft\Windows\Defrag - C:\Windows\system32\defrag.exe \\?\Volume{92cc5bc4-46ba-11dc-9fe6-806e6f6e6963}\ \\?\Volume{92cc5bc5-46ba-11dc-9fe6-806e6f6e6963}\ \\?\Volume{92cc5bc6-46ba-11dc-9fe6-806e6f6e6963}\
O22 - ScheduledTask: (Ready) ScheduledDefrag - \Microsoft\Windows\Defrag - C:\Windows\system32\defrag.exe -c -i -g
O23 - Service R2: Bitdefender Desktop Update Service - (UPDATESRV) - Bitdefender - C:\Program Files\Bitdefender\Bitdefender 2015\updatesrv.exe
O23 - Service R2: Bitdefender Virus Shield - (VSSERV) - Bitdefender - C:\Program Files\Bitdefender\Bitdefender 2015\vsserv.exe
O23 - Service R2: CodeMeter Runtime Server - (CodeMeter.exe) - WIBU-SYSTEMS AG - C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe
O23 - Service R2: Epson Scanner Service - (EpsonScanSvc) - Seiko Epson Corporation - C:\Windows\system32\EscSvc.exe
O23 - Service R2: Intel(R) Matrix Storage Event Monitor - (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service R2: NVIDIA Display Driver Service - (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service R2: NVIDIA Stereoscopic 3D Driver Service - (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service R2: ZAM Controller Service - (ZAMSvc) - Copyright 2017. - C:\Program Files\Zemana AntiMalware\ZAM.exe
O23 - Service S2: NVIDIA Update Service Daemon - (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service S3: Adobe Acrobat Update Service - (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service S3: Adobe Flash Player Update Service - (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service S3: Bitdefender Desktop Parental Control - (BdDesktopParental) - Bitdefender - C:\Program Files\Bitdefender\Bitdefender 2015\bdparentalservice.exe
O23 - Service S3: InstallDriver Table Manager - (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service S3: Windows Installer - (msiserver) - Microsoft Corporation - C:\Windows\system32\msiexec /V.exe (file missing)

--
End of file - Time spent: 12 sec. - 17364 bytes, CRC32: FFFFFFFF. Sign:

ﰟ

 

[Malnutrition]

HijackThis Fix.

Locate the HijackThis file, Right Click Run as Admin.
Close all other open programs prior to running this tool!!
Click System Scan Only.
Then check mark the items listed below.


O4 - Global User Startup: DataViz Inc Messenger.lnk -> C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
O4 - Global User Startup: HotSync Manager.lnk -> C:\Program Files\palmOne\Hotsync.exe
O4 - Global User Startup: ImageMixer 3 SE Camera Monitor Ver.3.lnk -> C:\Program Files\PIXELA\ImageMixer 3 SE Ver.3\CameraMonitor.exe
O4 - Global User Startup: USB Sharing.lnk -> C:\Program Files\USB Sharing\usbshare.exe
O4 - HKCU\..\: [Cancel_PIP] 1
O4 - HKCU\..\: [Resume] 0
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [EEventManager] "C:\Program Files\Epson Software\Event Manager\EEventManager.exe"
O4 - HKLM\..\Run: [FUFAXRCV] "C:\Program Files\Epson Software\FAX Utility\FUFAXRCV.exe"
O4 - HKLM\..\Run: [FUFAXSTM] "C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe"
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKU\S-1-5-19\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\Sidebar.exe /detectMem
O4 - HKU\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKU\S-1-5-20\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\Sidebar.exe /detectMem
O4 - HKU\S-1-5-20\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - MSConfig\startupreg: [Ad-Watch] (2010/03/09) (no file)
O4 - MSConfig\startupreg: [Adobe Reader Speed Launcher] (2010/03/09) (no file)
O4 - MSConfig\startupreg: [BDRegion] (2010/03/09) (no file)
O4 - MSConfig\startupreg: [Dell PC TuneUp Startup] (2010/03/09) (no file)
O4 - MSConfig\startupreg: [EPLTarget] (2017/01/02) (no file)
O4 - MSConfig\startupreg: [LanguageShortcut] (2010/03/09) (no file)
O4 - MSConfig\startupreg: [Monitor] (2015/09/04) (no file)
O4 - MSConfig\startupreg: [QuickTime Task] (2011/08/11) (no file)
O4 - MSConfig\startupreg: [RemoteControl] (2010/03/09) (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file) (HKLM)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file) (HKLM)
O22 - ScheduledTask: (Ready) ManualDefrag - \Microsoft\Windows\Defrag - C:\Windows\system32\defrag.exe \\?\Volume{92cc5bc4-46ba-11dc-9fe6-806e6f6e6963}\ \\?\Volume{92cc5bc5-46ba-11dc-9fe6-806e6f6e6963}\ \\?\Volume{92cc5bc6-46ba-11dc-9fe6-806e6f6e6963}\
O22 - ScheduledTask: (Ready) ScheduledDefrag - \Microsoft\Windows\Defrag - C:\Windows\system32\defrag.exe -c -i -g
O23 - Service S3: Adobe Acrobat Update Service - (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service S3: Adobe Flash Player Update Service - (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe


Now click on fix checked.
After the fix is complete, then reboot your machine.



Something regenerated a file, we removed it twice already. No evidence it is back now... I want to make sure the last fix got it!!

Lets see if it is back.

C:\Users\Glen\AppData\Local\1e17e => moved successfully
C:\Users\Glen\AppData\Local\1e17e => moved successfully


Download and install the Everything Search Engine
Right Click Run As Admin. Type or Copy Paste 1e17e into search window.
Then Click Edit. >>>Select all.
Right Click highlighted items>>>>>>>> Copy full name to clipboard.
Paste content of clipboard, here in your next reply.


Rogue Killer Scan.

Download RogueKiller -- (Portable) -- from one of the following links and save it to your Desktop:

Link 1
Link 2

• Close all other the running programs
• Disable ALL Antivirus -- Antimalware -- Applications.
• Right Click Rogue Killer and Run as Administrator.
• Click the Start Scan button.
• Allow the scan to run -- it can take ten minutes or more.
• Once the scan is complete check All items for removal.
• 
  
  
• After All items are checked then press Remove Selected.
  
• Wait until the Status box shows Deleting Finished.
• Click on open report -- then open txt
  
• Copy the content of the report and paste it here in your next reply.

 

[clarkgriswold]

Procedures followed and scans were run... This is the latest:

Everything search engine results:
C:\Program Files\Bitdefender\Bitdefender 2015\mitm_cache\cache\92a81516bf62e1fcfb1e44e51e17ef0a6ede50e9t

RogueKiller V12.9.8.0 [Feb 21 2017] (Free) by Adlice Software

mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User : Glen [Administrator]
Started from : C:\Users\Glen\Desktop\RogueKiller.exe
Mode : Delete -- Date : 02/23/2017 23:55:59 (Duration : 00:57:08)

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 5 ¤¤¤
[PUP.Gen0] HKEY_CLASSES_ROOT\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96} (C:\PROGRA~1\COMMON~1\WONDER~1\WONDER~1\WSHelper.exe) -> Deleted
[Hj.RegVal] HKEY_LOCAL_MACHINE\RK_Software_ON_E_4E25\Microsoft\Windows NT\CurrentVersion\Winlogon | Shell : cmd.exe /k start cmd.exe -> Replaced (explorer.exe)
[PUM.Proxy] HKEY_LOCAL_MACHINE\RK_System_ON_E_2A9C\ControlSet001\Services\NlaSvc\Parameters\Internet\ManualProxies | (default) : -> Deleted
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 10.110.4.175 ([]) -> Replaced ()
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{98C63B37-7ECC-43D4-AA4D-322215D7E7A2} | DhcpNameServer : 10.110.4.175 ([]) -> Not selected

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 1 ¤¤¤
[PUM.HomePage][Firefox:Config] pooixovy.default-1413691062373 : user_pref("browser.startup.homepage", "https://duckduckgo.com/"); -> Replaced (about:home)

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: +++++
--- User ---
[MBR] 511052c2894b04abe8c83e7afcf212ea
[BSP] 12363dafc8b1110c9583683a9ba0f769 : HP MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 54 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 112640 | Size: 10240 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 21084160 | Size: 171264 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
3 - [XXXXXX] EXTEN-LBA (0xf) [VISIBLE] Offset (sectors): 371832832 | Size: 56856 MB
User = LL1 ... OK
Error reading LL2 MBR! ([57] The parameter is incorrect. )

+++++ PhysicalDrive1: +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive2: +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive3: +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive4: +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

 

[Malnutrition]

Looks like the last fix removed the malware for good! :thumbsup:

One final check for malware, then I will feel confident to send you on your way with a clean machine.



Zoek Scan

Disable your antivirus prior to this scan.
Download Zoek
Save the file to your desktop.
Right click Zoek.exe and run as administrator. (Xp Users double click)
Copy the items in red below, and paste them into Zoek.


createsrpoint;
emptyfolderscheck;delete
emptyclsid;
emptyalltemp;
ipconfig /flushdns;b
ResetHosts;
autoclean;


Now hit the run script button.
The log will appear after a reboot, also you can find it on the C: drive.
Post the log in your next reply.



Security Check Scan.

• 
  
  • Download Security Check to your desktop.
  • Right click it run as administrator.
  • When the program completes, the tool will automatically open a log file.
  • Please post that log here in your next post.

 

[clarkgriswold]

Unfortunately, I could not run either application.

I have attached my screen shot errors below.

 

[Malnutrition]

Unfortunately, I could not run either application.

No problem sometimes these programs do not work on some machines...

Instead, lets do a final check with Eset Online Scanner.

ESET Online Scanner

Important note: This scan may take an extended amount of time, make certain your machine does not go to sleep.

• Click here to download the installer for ESET Online Scanner and save it to your Desktop.
• Disable all your antivirus and antimalware software
  
• Right click on esetsmartinstaller_enu.exe and select Run as Administrator.
• Place a checkmark in YES, I accept the Terms of Use, then click Start. Wait for ESET Online Scanner to load its components.
• Select Enable detection of potentially unwanted applications.
• Click Advanced Settings, then place a checkmark in the following:
  • Remove found threats
  • Scan archives
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth technology
• Click Start to begin scanning.
• ESET Online Scanner will start downloading signatures and scan. Please be patient, as this scan can take quite some time.
• When the scan is done, click List threats (only available if ESET Online Scanner found something).
• Click Export, then save the file to your desktop.
• Click Back, then Finish to exit ESET Online Scanner.

 

[clarkgriswold]

ESET picked up a few items, file attached...

 

[Malnutrition]

Ok, things are running smooth now?
No more issues?
Do you consider this matter solved?

Here are couple of free antivirus that are really good. In order of my personal preference...

SecureAplus -- Free for a year.
Panda Cloud Free.
Sophos Home -- Good but a little heavy on resources.
360 Total Security

Add these to the above for solid protection...

VooDooShield. -- Slightly annoying while it learns your machine, but after that a solid piece of software to have on your machine.
Ublock origin.
Anti Ad block Killer.
Ad Blocking DNS -- Set this on your router to block most ads on all your devices.