Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

finish off malware removal

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: finish off malware removal

Unread postby Blazinby » January 26th, 2016, 7:07 pm

Hi capnkrunch :) ,

managed to boot in safe mode using the method you described.

Once in safe mode msconfig directed me to use the task manager to enable startup items. I enabled all individualy and my PC now loads everything in normal startup.

Fix result of Farbar Recovery Scan Tool (x64) Version:25-01-2016
Ran by stephen (2016-01-26 20:49:45) Run:3
Running from C:\Users\stephen\Downloads
Loaded Profiles: stephen (Available Profiles: stephen & maggi_000 & cmcga_000)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
[-HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Google\Update\ClientState\{4DC8B4CA-1BDA-483e-B5FA-D3C12E15B62D}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}]
[-HKEY_USERS\S-1-5-18\Software\Google\Chrome]
[-HKEY_USERS\S-1-5-21-3488279127-63086370-3813774398-1001\SOFTWARE\Google\Chrome]
[-HKEY_USERS\.DEFAULT\Software\Google\Chrome]
[-HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Google\Chrome]

EmptyTemp:
CMD: ipconfig /flushdns
*****************

Restore point was successfully created.
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Google\Update\ClientState\{4DC8B4CA-1BDA-483e-B5FA-D3C12E15B62D} => key removed successfully
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96} => key removed successfully
HKEY_USERS\S-1-5-18\Software\Google\Chrome => could not remove at first attempt (ErrorCode: C0000121), see next line.
HKEY_USERS\S-1-5-18\Software\Google\Chrome => key removed successfully
HKEY_USERS\S-1-5-21-3488279127-63086370-3813774398-1001\SOFTWARE\Google\Chrome => could not remove at first attempt (ErrorCode: C0000121), see next line.
HKEY_USERS\S-1-5-21-3488279127-63086370-3813774398-1001\SOFTWARE\Google\Chrome => key removed successfully
HKEY_USERS\.DEFAULT\Software\Google\Chrome => key not found.
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Google\Chrome => could not remove at first attempt (ErrorCode: C0000121), see next line.
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Google\Chrome => key removed successfully

========= ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

EmptyTemp: => 239.3 MB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 20:50:06 ====
Blazinby
Regular Member
 
Posts: 18
Joined: January 11th, 2016, 7:46 pm
Advertisement
Register to Remove

Re: finish off malware removal

Unread postby Blazinby » January 26th, 2016, 7:08 pm

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:25-01-2016
Ran by stephen (administrator) on MAGGIE (26-01-2016 20:56:53)
Running from C:\Users\stephen\Downloads
Loaded Profiles: stephen (Available Profiles: stephen & maggi_000 & cmcga_000)
Platform: Windows 10 Home Version 1511 (X64) Language: English (United Kingdom)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(Autodesk Inc.) C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(DEVGURU Co., LTD.) C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(DTS, Inc) C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe
(Autodesk, Inc.) C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe
() C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.1\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.1\GoogleCrashHandler64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Pixart Imaging Inc) C:\Windows\System32\TiltWheelMouse.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Sony) C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe
() C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe
() C:\Program Files (x86)\NVIDIA Corporation\LED Visualizer\NvLedServiceHost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Adobe Systems, Inc.) C:\Program Files (x86)\Adobe\Adobe Bridge CS4\Bridge.exe
(Autodesk, Inc.) C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe
(Akamai Technologies, Inc.) C:\Users\stephen\AppData\Local\Akamai\netsession_win.exe
(Akamai Technologies, Inc.) C:\Users\stephen\AppData\Local\Akamai\netsession_win.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieCtrl.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
(Sapro Systems) C:\Program Files (x86)\WinCalendar V4\WinCalendarV4_SysTray.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
() C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\CCXProcess.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Joyent, Inc) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\CCLibrary.exe
(Joyent, Inc) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\libs\node.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [MouseDriver] => C:\windows\system32\TiltWheelMouse.exe [241152 2013-04-09] (Pixart Imaging Inc)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8492800 2015-06-24] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_DTS] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1402624 2015-06-24] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2757424 2015-11-12] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508104 2015-10-30] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2304688 2015-11-25] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [WinCalendar V4] => C:\Program Files (x86)\WinCalendar V4\WinCalendarV4_SysTray.exe [81944 2015-04-01] (Sapro Systems)
HKLM-x32\...\Run: [AdobeCS4ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [611712 2008-08-14] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596528 2015-11-09] (Oracle Corporation)
HKLM-x32\...\Run: [ADSKAppManager] => C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgr.exe [522784 2015-11-17] (Autodesk Inc.)
HKU\S-1-5-21-3488279127-63086370-3813774398-1001\...\Run: [Sony PC Companion] => C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe [457088 2015-09-23] (Sony)
HKU\S-1-5-21-3488279127-63086370-3813774398-1001\...\Run: [NvLedServiceHost] => C:\Program Files (x86)\NVIDIA Corporation\LED Visualizer\NvLedServiceHost.exe [87160 2015-11-12] ()
HKU\S-1-5-21-3488279127-63086370-3813774398-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [28917376 2015-05-14] (Skype Technologies S.A.)
HKU\S-1-5-21-3488279127-63086370-3813774398-1001\...\Run: [AdobeBridge] => C:\Program Files (x86)\Adobe\Adobe Bridge CS4\Bridge.exe [13145448 2008-08-28] (Adobe Systems, Inc.)
HKU\S-1-5-21-3488279127-63086370-3813774398-1001\...\Run: [Autodesk Sync] => C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [1310088 2015-01-27] (Autodesk, Inc.)
HKU\S-1-5-21-3488279127-63086370-3813774398-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8590760 2015-12-08] (Piriform Ltd)
HKU\S-1-5-21-3488279127-63086370-3813774398-1001\...\Run: [Akamai NetSession Interface] => C:\Users\stephen\AppData\Local\Akamai\netsession_win.exe [4691384 2015-09-10] (Akamai Technologies, Inc.)
HKU\S-1-5-21-3488279127-63086370-3813774398-1001\...\Run: [SandboxieControl] => C:\Program Files\Sandboxie\SbieCtrl.exe [787592 2015-10-22] (Sandboxie Holdings, LLC)
HKU\S-1-5-21-3488279127-63086370-3813774398-1001\...\RunOnce: [Uninstall C:\Users\stephen\AppData\Local\Microsoft\OneDrive\17.3.6201.1019_1\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\stephen\AppData\Local\Microsoft\OneDrive\17.3.6201.1019_1\amd64"
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-11-14] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-11-14] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-11-14] ()
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\windows\system32\AcSignIcon.dll [2015-02-06] (Autodesk, Inc.)
Startup: C:\Users\stephen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2016-01-21]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 194.168.4.100 194.168.8.100
Tcpip\..\Interfaces\{9aaae056-d5ce-4a6d-8bc3-858c059e961a}: [DhcpNameServer] 194.168.4.100 194.168.8.100

Internet Explorer:
==================
HKU\S-1-5-21-3488279127-63086370-3813774398-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/p/?LinkI ... id=UE01DHP
HKU\S-1-5-21-3488279127-63086370-3813774398-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/en-gb/?pc=UE01&ocid=UE01DHP
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3488279127-63086370-3813774398-1001 -> DefaultScope {C2415D81-242C-4BA6-B59A-8EDB5E7B07F7} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\S-1-5-21-3488279127-63086370-3813774398-1001 -> {C2415D81-242C-4BA6-B59A-8EDB5E7B07F7} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-12-16] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_66\bin\ssv.dll [2015-11-22] (Oracle Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2016-01-20] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_66\bin\jp2ssv.dll [2015-11-22] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\ssv.dll [2015-11-22] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\jp2ssv.dll [2015-11-22] (Oracle Corporation)
Handler: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files (x86)\Common Files\Microsoft Shared\Help\hxds.dll No File
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\stephen\AppData\Roaming\Mozilla\Firefox\Profiles\iqn7ummx.default-1449965770414
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_20_0_0_267.dll [2015-12-29] ()
FF Plugin: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2015-11-22] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2015-11-22] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2015-11-25] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_267.dll [No File]
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-20] (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-03-20] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-03-20] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2015-11-22] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2015-11-22] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-02-24] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-05-12] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-05-12] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-02] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.0 -> D:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> D:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2015-11-25] (Adobe Systems)
FF Plugin HKU\S-1-5-21-3488279127-63086370-3813774398-1001: sony.com/MediaGoDetector -> C:\Program Files (x86)\Sony\Media Go\npMediaGoDetector.dll [2015-11-20] (Sony Network Entertainment International LLC)

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdAppMgrSvc; C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe [1139744 2015-11-17] (Autodesk Inc.)
R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [683696 2015-11-16] (Adobe Systems Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2016448 2015-11-25] (Adobe Systems, Incorporated)
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe [936728 2014-01-28] ()
R2 Autodesk Content Service; C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe [31160 2015-02-05] (Autodesk, Inc.)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2787512 2015-12-22] (Microsoft Corporation)
R2 DTSAudioSvc; C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe [249328 2015-06-24] (DTS, Inc)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1156400 2015-11-12] (NVIDIA Corporation)
S4 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887232 2014-01-31] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [154584 2014-03-20] (Intel Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
S4 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1872688 2015-11-12] (NVIDIA Corporation)
S4 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [8133424 2015-11-12] (NVIDIA Corporation)
S4 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [5915440 2015-11-12] (NVIDIA Corporation)
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [177800 2015-10-22] (Sandboxie Holdings, LLC)
R2 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2015-05-21] (DEVGURU Co., LTD.)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)
S3 AdobeFlashPlayerUpdateSvc; C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [36608 2013-12-13] (Advanced Micro Devices, Inc.)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2014-01-28] ()
R3 ElcMouLFlt; C:\Windows\System32\drivers\ElcMouLFlt.sys [28648 2015-12-04] (ELECOM)
R3 ElcMouUFlt; C:\Windows\System32\drivers\ElcMouUFlt.sys [27624 2015-12-04] (ELECOM)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [129312 2014-09-30] (Intel Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [50472 2015-08-11] (NVIDIA Corporation)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [28416 2008-04-16] (Research In Motion Limited)
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [192648 2015-10-22] (Sandboxie Holdings, LLC)
R3 t_mouse.sys; C:\Windows\system32\DRIVERS\t_mouse.sys [6144 2013-04-09] ()
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-01-26 20:56 - 2016-01-26 20:57 - 00020216 _____ C:\Users\stephen\Downloads\FRST.txt
2016-01-26 20:49 - 2016-01-26 20:50 - 00002186 _____ C:\Users\stephen\Downloads\Fixlog.txt
2016-01-26 20:46 - 2016-01-26 20:46 - 02370560 _____ (Farbar) C:\Users\stephen\Downloads\FRST64.exe
2016-01-26 16:07 - 2016-01-26 16:07 - 00001221 _____ C:\Users\Public\Desktop\Adobe Creative Cloud.lnk
2016-01-26 16:03 - 2016-01-26 16:03 - 00002106 _____ C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk
2016-01-26 15:56 - 2016-01-26 15:57 - 00211928 _____ C:\WINDOWS\ntbtlog.txt
2016-01-26 15:56 - 2016-01-26 15:56 - 00000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2016-01-26 08:08 - 2016-01-26 08:08 - 02167119 _____ C:\Users\maggi_000\Downloads\Is Scotland Fair Report(1).pdf
2016-01-26 08:05 - 2016-01-26 08:05 - 02167119 _____ C:\Users\maggi_000\Downloads\Is Scotland Fair Report.pdf
2016-01-26 08:02 - 2016-01-26 08:02 - 00000000 ____D C:\Users\TEMP\AppData\Local\TileDataLayer
2016-01-26 08:02 - 2016-01-26 08:02 - 00000000 ____D C:\Users\TEMP
2016-01-25 21:55 - 2016-01-25 21:55 - 00275837 _____ C:\Users\stephen\Downloads\finish off malware removal _ Free Malware Removal Forum.htm
2016-01-25 21:55 - 2016-01-25 21:55 - 00000000 ____D C:\Users\stephen\Downloads\finish off malware removal _ Free Malware Removal Forum_files
2016-01-24 16:43 - 2016-01-24 16:43 - 00638003 _____ C:\Users\maggi_000\Downloads\Fairer_Scotland_Poster(1).pdf
2016-01-24 15:47 - 2016-01-24 15:47 - 00671447 _____ C:\Users\maggi_000\Downloads\PLP Annual Report_2014_15.pdf
2016-01-24 15:46 - 2016-01-24 15:46 - 00352777 _____ C:\Users\maggi_000\Downloads\PersonalPledges.pdf
2016-01-24 15:17 - 2016-01-24 15:17 - 00751616 _____ C:\Users\maggi_000\Downloads\CPAG-Scot-Cost-Of-School-Day-Summary(Oct15)_1.pdf
2016-01-24 12:32 - 2016-01-24 12:32 - 00640680 _____ C:\Users\maggi_000\Downloads\Stephanie_Plotnikoff_Presentation.pdf
2016-01-24 11:00 - 2016-01-24 11:00 - 01046993 _____ C:\Users\maggi_000\Downloads\Health and Homelessness Report 2015 (final)_0.pdf
2016-01-23 13:34 - 2016-01-23 13:34 - 00638003 _____ C:\Users\maggi_000\Downloads\Fairer_Scotland_Poster.pdf
2016-01-23 12:58 - 2016-01-23 12:58 - 00546934 _____ C:\Users\maggi_000\Downloads\creating-a-fairer-scotland-what-matters-to-you.pdf
2016-01-23 12:58 - 2016-01-23 12:58 - 00000000 ____D C:\Users\maggi_000\AppData\Local\CEF
2016-01-23 12:39 - 2016-01-23 12:39 - 00028597 _____ C:\Users\maggi_000\Downloads\FAQ-35.pdf
2016-01-23 12:10 - 2016-01-23 12:10 - 00635179 _____ C:\Users\maggi_000\Downloads\Report.pdf
2016-01-21 22:35 - 2016-01-21 22:35 - 00025715 _____ C:\Users\stephen\Desktop\Search.txt
2016-01-21 22:32 - 2016-01-21 22:32 - 00001409 _____ C:\Users\stephen\Desktop\mbam.txt
2016-01-21 22:22 - 2016-01-21 22:22 - 00003340 _____ C:\Users\stephen\Desktop\Fixlog.txt
2016-01-21 22:18 - 2016-01-21 22:18 - 02370560 _____ (Farbar) C:\Users\stephen\Desktop\FRST64.exe
2016-01-21 11:24 - 2016-01-21 11:24 - 00509583 _____ C:\Users\maggi_000\Downloads\NES - EbyE Tender Response ALLIN FINAL(1).pdf
2016-01-20 04:03 - 2016-01-16 11:03 - 00000030 _____ C:\AVScanner.ini
2016-01-18 08:27 - 2016-01-18 08:28 - 00686249 _____ C:\Users\maggi_000\Downloads\Poster(1).pdf
2016-01-17 19:11 - 2016-01-17 19:11 - 00000264 _____ C:\Users\stephen\Desktop\teamspeak.ini
2016-01-17 12:37 - 2016-01-17 12:37 - 03422072 _____ C:\Users\maggi_000\Downloads\APPX 4 Working it Out Report.PDF
2016-01-17 12:36 - 2016-01-17 12:36 - 00742236 _____ C:\Users\maggi_000\Downloads\APPX 6 GHN Annual ODM Monitoring Report 2014-15 FINAL.pdf
2016-01-17 12:36 - 2016-01-17 12:36 - 00323177 _____ C:\Users\maggi_000\Downloads\APPX 5 Money Talks Survey.pdf
2016-01-17 12:32 - 2016-01-17 12:32 - 02641949 _____ C:\Users\maggi_000\Downloads\APPX 2 Argyll & Bute Strategic Plan Consultation.pdf
2016-01-17 12:30 - 2016-01-17 12:30 - 00373864 _____ C:\Users\maggi_000\Downloads\APPX 3 GHN Homelessness 10 Year Audit.pdf
2016-01-17 12:28 - 2016-01-17 12:28 - 00509583 _____ C:\Users\maggi_000\Downloads\NES - EbyE Tender Response ALLIN FINAL.pdf
2016-01-17 12:26 - 2016-01-17 12:26 - 00497574 _____ C:\Users\maggi_000\Downloads\A&B ADP Tender Response (IE at GHN).pdf
2016-01-17 11:42 - 2016-01-17 11:42 - 00686249 _____ C:\Users\maggi_000\Downloads\Poster.pdf
2016-01-16 19:30 - 2016-01-16 19:30 - 00331357 _____ C:\Users\maggi_000\Downloads\Hostelworld_PDF_Guide_Glasgow.pdf
2016-01-16 18:25 - 2016-01-16 18:25 - 00820607 _____ C:\Users\maggi_000\Downloads\The-Golden-Lion-Chrismas-Brochure.pdf
2016-01-16 07:40 - 2016-01-16 07:40 - 01856929 _____ C:\Users\maggi_000\Downloads\HomelessnessMonitorScotland_FINAL.pdf
2016-01-14 22:53 - 2016-01-14 22:53 - 00002560 _____ C:\WINDOWS\_MSRSTRT.EXE
2016-01-14 01:12 - 2016-01-14 01:17 - 01754112 _____ C:\Users\stephen\Desktop\adwcleaner_5.029.exe
2016-01-14 01:02 - 2016-01-14 01:02 - 00000085 _____ C:\WINDOWS\wininit.ini
2016-01-13 07:48 - 2016-01-13 07:48 - 00433106 _____ C:\Users\maggi_000\Downloads\UKMail-Delivery-Card-0564321.pdf
2016-01-13 07:35 - 2016-01-13 07:35 - 00325087 _____ C:\Users\maggi_000\Downloads\Invitation to Tender - ASL Market Testing project - Jan 2016.pdf
2016-01-13 01:27 - 2016-01-13 01:27 - 00006098 _____ C:\Users\stephen\Desktop\report.txt
2016-01-13 01:23 - 2016-01-13 01:23 - 00000239 _____ C:\Users\stephen\Desktop\ckfiles.txt
2016-01-13 01:22 - 2016-01-13 01:23 - 00468480 _____ () C:\Users\stephen\Desktop\CKScanner.exe
2016-01-12 22:50 - 2016-01-05 02:51 - 07477600 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-01-12 22:50 - 2016-01-05 02:51 - 01317640 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2016-01-12 22:50 - 2016-01-05 02:51 - 01141496 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2016-01-12 22:50 - 2016-01-05 02:50 - 01173344 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2016-01-12 22:50 - 2016-01-05 02:50 - 00713568 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2016-01-12 22:50 - 2016-01-05 02:50 - 00671472 _____ (Microsoft Corporation) C:\WINDOWS\system32\advapi32.dll
2016-01-12 22:50 - 2016-01-05 02:49 - 00513888 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2016-01-12 22:50 - 2016-01-05 02:48 - 00499432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\advapi32.dll
2016-01-12 22:50 - 2016-01-05 02:45 - 02587696 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2016-01-12 22:50 - 2016-01-05 02:42 - 02026736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2016-01-12 22:50 - 2016-01-05 02:37 - 02544256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2016-01-12 22:50 - 2016-01-05 02:37 - 01299504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetsrc.dll
2016-01-12 22:50 - 2016-01-05 02:37 - 00858952 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetcore.dll
2016-01-12 22:50 - 2016-01-05 02:37 - 00848160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2016-01-12 22:50 - 2016-01-05 02:37 - 00785088 _____ (Microsoft Corporation) C:\WINDOWS\system32\evr.dll
2016-01-12 22:50 - 2016-01-05 02:37 - 00245840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2016-01-12 22:50 - 2016-01-05 02:37 - 00234504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mftranscode.dll
2016-01-12 22:50 - 2016-01-05 02:36 - 00808800 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2016-01-12 22:50 - 2016-01-05 02:33 - 02180128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2016-01-12 22:50 - 2016-01-05 02:33 - 01118208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetsrc.dll
2016-01-12 22:50 - 2016-01-05 02:33 - 00709688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2016-01-12 22:50 - 2016-01-05 02:33 - 00701384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetcore.dll
2016-01-12 22:50 - 2016-01-05 02:33 - 00652312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\evr.dll
2016-01-12 22:50 - 2016-01-05 02:33 - 00208176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mftranscode.dll
2016-01-12 22:50 - 2016-01-05 02:33 - 00116728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll
2016-01-12 22:50 - 2016-01-05 02:31 - 00703840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2016-01-12 22:50 - 2016-01-05 02:27 - 01594408 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2016-01-12 22:50 - 2016-01-05 02:24 - 00796352 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2016-01-12 22:50 - 2016-01-05 02:23 - 01804664 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMALFXGFXDSP.dll
2016-01-12 22:50 - 2016-01-05 02:23 - 01309376 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-01-12 22:50 - 2016-01-05 02:23 - 00786696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMADMOD.DLL
2016-01-12 22:50 - 2016-01-05 02:23 - 00119320 _____ (Microsoft Corporation) C:\WINDOWS\system32\MP3DMOD.DLL
2016-01-12 22:50 - 2016-01-05 02:21 - 01371792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2016-01-12 22:50 - 2016-01-05 02:17 - 00695752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMADMOD.DLL
2016-01-12 22:50 - 2016-01-05 02:16 - 00100160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MP3DMOD.DLL
2016-01-12 22:50 - 2016-01-05 01:59 - 22393856 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-01-12 22:50 - 2016-01-05 01:57 - 16986112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2016-01-12 22:50 - 2016-01-05 01:57 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\system32\RMSRoamingSecurity.dll
2016-01-12 22:50 - 2016-01-05 01:57 - 00043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgrcli.dll
2016-01-12 22:50 - 2016-01-05 01:56 - 00145920 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmclient.exe
2016-01-12 22:50 - 2016-01-05 01:54 - 00162816 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2016-01-12 22:50 - 2016-01-05 01:53 - 00148992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshom.ocx
2016-01-12 22:50 - 2016-01-05 01:52 - 00210432 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2016-01-12 22:50 - 2016-01-05 01:51 - 00472576 _____ (Microsoft Corporation) C:\WINDOWS\system32\DscCore.dll
2016-01-12 22:50 - 2016-01-05 01:51 - 00248832 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserMgrProxy.dll
2016-01-12 22:50 - 2016-01-05 01:50 - 00644096 _____ (Microsoft Corporation) C:\WINDOWS\system32\uReFS.dll
2016-01-12 22:50 - 2016-01-05 01:50 - 00638464 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2016-01-12 22:50 - 2016-01-05 01:50 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2016-01-12 22:50 - 2016-01-05 01:49 - 13018624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2016-01-12 22:50 - 2016-01-05 01:49 - 01582080 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2016-01-12 22:50 - 2016-01-05 01:49 - 01255936 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMSPDMOE.DLL
2016-01-12 22:50 - 2016-01-05 01:49 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-01-12 22:50 - 2016-01-05 01:49 - 00749056 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneService.dll
2016-01-12 22:50 - 2016-01-05 01:49 - 00167936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProximityCommon.dll
2016-01-12 22:50 - 2016-01-05 01:48 - 01009152 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMSPDMOD.DLL
2016-01-12 22:50 - 2016-01-05 01:48 - 00387072 _____ (Microsoft Corporation) C:\WINDOWS\system32\qdvd.dll
2016-01-12 22:50 - 2016-01-05 01:48 - 00034816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usermgrcli.dll
2016-01-12 22:50 - 2016-01-05 01:47 - 00628736 _____ (Microsoft Corporation) C:\WINDOWS\system32\MessagingDataModel2.dll
2016-01-12 22:50 - 2016-01-05 01:47 - 00479232 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2016-01-12 22:50 - 2016-01-05 01:47 - 00305664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ksproxy.ax
2016-01-12 22:50 - 2016-01-05 01:45 - 00678912 _____ (Microsoft Corporation) C:\WINDOWS\system32\qedit.dll
2016-01-12 22:50 - 2016-01-05 01:45 - 00275968 _____ (Microsoft Corporation) C:\WINDOWS\system32\facecredentialprovider.dll
2016-01-12 22:50 - 2016-01-05 01:44 - 00125440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wshom.ocx
2016-01-12 22:50 - 2016-01-05 01:43 - 00912384 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgr.dll
2016-01-12 22:50 - 2016-01-05 01:43 - 00604672 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2016-01-12 22:50 - 2016-01-05 01:43 - 00584704 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2016-01-12 22:50 - 2016-01-05 01:42 - 00166912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserMgrProxy.dll
2016-01-12 22:50 - 2016-01-05 01:41 - 18677760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-01-12 22:50 - 2016-01-05 01:41 - 01070080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMSPDMOE.DLL
2016-01-12 22:50 - 2016-01-05 01:41 - 00558592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\uReFS.dll
2016-01-12 22:50 - 2016-01-05 01:40 - 00890880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMSPDMOD.DLL
2016-01-12 22:50 - 2016-01-05 01:40 - 00123392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ProximityCommon.dll
2016-01-12 22:50 - 2016-01-05 01:39 - 03428864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2016-01-12 22:50 - 2016-01-05 01:39 - 00569856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qdvd.dll
2016-01-12 22:50 - 2016-01-05 01:39 - 00498176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MessagingDataModel2.dll
2016-01-12 22:50 - 2016-01-05 01:39 - 00235008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ksproxy.ax
2016-01-12 22:50 - 2016-01-05 01:38 - 00389120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2016-01-12 22:50 - 2016-01-05 01:36 - 00573440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qedit.dll
2016-01-12 22:50 - 2016-01-05 01:36 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2016-01-12 22:50 - 2016-01-05 01:33 - 01674240 _____ (Microsoft Corporation) C:\WINDOWS\system32\quartz.dll
2016-01-12 22:50 - 2016-01-05 01:30 - 02796032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2016-01-12 22:50 - 2016-01-05 01:30 - 02280448 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-01-12 22:50 - 2016-01-05 01:29 - 03667456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-01-12 22:50 - 2016-01-05 01:28 - 07826432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-01-12 22:50 - 2016-01-05 01:28 - 04894720 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-01-12 22:50 - 2016-01-05 01:28 - 01542656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\quartz.dll
2016-01-12 22:50 - 2016-01-05 01:25 - 05660160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-01-12 15:52 - 2016-01-12 15:52 - 00000000 ___RD C:\Sandbox
2016-01-12 15:51 - 2016-01-21 22:32 - 00001018 _____ C:\Users\stephen\Desktop\Sandboxed Web Browser.lnk
2016-01-12 15:50 - 2016-01-20 16:15 - 00001730 _____ C:\WINDOWS\Sandboxie.ini
2016-01-12 15:50 - 2016-01-12 15:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sandboxie
2016-01-12 15:50 - 2016-01-12 15:50 - 00000000 ____D C:\Program Files\Sandboxie
2016-01-12 13:42 - 2016-01-12 13:46 - 00000000 ____D C:\Users\stephen\AppData\Roaming\ImgBurn
2016-01-12 13:31 - 2016-01-21 22:32 - 00001953 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn.lnk
2016-01-12 13:31 - 2016-01-21 22:32 - 00001941 _____ C:\Users\Public\Desktop\ImgBurn.lnk
2016-01-12 13:31 - 2016-01-12 13:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn
2016-01-12 13:31 - 2016-01-12 13:31 - 00000000 ____D C:\Program Files (x86)\ImgBurn
2016-01-12 00:08 - 2016-01-12 00:09 - 00058014 _____ C:\Users\stephen\Documents\cc_20160112_000856.reg
2016-01-11 23:40 - 2016-01-26 20:56 - 00000000 ____D C:\FRST
2016-01-11 15:41 - 2016-01-11 15:41 - 00291534 _____ C:\Users\stephen\Documents\cc_20160111_154141.reg
2016-01-11 15:40 - 2016-01-21 22:32 - 00000914 _____ C:\Users\Public\Desktop\CCleaner.lnk
2016-01-11 15:37 - 2016-01-21 22:32 - 00001235 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-01-11 15:37 - 2016-01-21 22:32 - 00001223 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2016-01-11 15:37 - 2016-01-11 15:37 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-01-09 11:32 - 2016-01-09 11:32 - 00668602 _____ C:\Users\maggi_000\Downloads\Important information about charges_07012016.pdf
2016-01-08 20:15 - 2016-01-08 20:15 - 01592131 _____ C:\Users\maggi_000\Downloads\interim-ll2u-leaflet-july-2015-v1a.pdf
2016-01-08 18:35 - 2016-01-08 18:35 - 00235046 _____ C:\Users\maggi_000\Downloads\bef30f_316d48295b844ad8b4980721cfe3b9a5(2).pdf
2016-01-08 18:34 - 2016-01-08 18:34 - 00235046 _____ C:\Users\maggi_000\Downloads\bef30f_316d48295b844ad8b4980721cfe3b9a5(1).pdf
2016-01-08 08:47 - 2016-01-08 08:47 - 00046069 _____ C:\Users\maggi_000\Downloads\Invoice-24191791.pdf
2016-01-07 20:17 - 2016-01-07 20:17 - 00242118 _____ C:\Users\maggi_000\Downloads\Order-24191791-Docs-080130.pdf
2016-01-07 20:17 - 2016-01-07 20:17 - 00010982 _____ C:\Users\maggi_000\Downloads\footwear-declaration.pdf
2016-01-07 19:55 - 2016-01-07 19:55 - 00309039 _____ C:\Users\maggi_000\Downloads\20150731_ReturnForm.pdf
2016-01-07 19:33 - 2016-01-16 01:58 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-01-07 07:16 - 2016-01-07 07:16 - 00055367 _____ C:\Users\maggi_000\Downloads\Your account is still overdrawn_04012016.pdf
2016-01-07 07:16 - 2016-01-07 07:16 - 00054156 _____ C:\Users\maggi_000\Downloads\Information about your overdraft charges_06012016.pdf
2016-01-07 00:33 - 2016-01-21 22:32 - 00000744 _____ C:\Users\stephen\Desktop\College 2016 - Shortcut.lnk
2016-01-06 21:54 - 2016-01-21 22:32 - 00001178 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-01-06 21:54 - 2016-01-21 22:26 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-01-06 21:54 - 2016-01-06 21:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-01-06 21:54 - 2016-01-06 21:54 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-01-06 21:54 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-01-06 21:54 - 2015-10-05 09:50 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2016-01-06 21:54 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2016-01-06 21:42 - 2016-01-06 21:42 - 03399774 _____ C:\Users\stephen\Downloads\03 Track 3(1).wma
2016-01-06 21:42 - 2016-01-06 21:42 - 02975478 _____ C:\Users\stephen\Downloads\07 Track 7(1).wma
2016-01-06 21:41 - 2016-01-06 21:41 - 04720470 _____ C:\Users\stephen\Downloads\08 Track 8(1).wma
2016-01-06 21:41 - 2016-01-06 21:41 - 02975478 _____ C:\Users\stephen\Downloads\07 Track 7.wma
2016-01-06 21:40 - 2016-01-06 21:41 - 03399774 _____ C:\Users\stephen\Downloads\03 Track 3.wma
2016-01-06 18:45 - 2016-01-06 18:45 - 04720470 _____ C:\Users\stephen\Downloads\08 Track 8.wma
2016-01-06 12:42 - 2016-01-21 22:32 - 00002649 _____ C:\Users\stephen\Desktop\Microsoft Office Project 2007.lnk
2016-01-05 17:32 - 2016-01-05 17:32 - 00006548 _____ C:\Users\maggi_000\Downloads\Payslip for Tax Week_40, Tax Year_2015-2016.pdf
2016-01-05 17:32 - 2016-01-05 17:32 - 00006548 _____ C:\Users\maggi_000\Downloads\Payslip for Tax Week_40, Tax Year_2015-2016(1).pdf
2016-01-04 13:00 - 2016-01-04 13:00 - 00496846 _____ C:\Users\maggi_000\Downloads\S430-0415-web.pdf
2016-01-04 11:19 - 2016-01-04 11:19 - 01693393 _____ C:\Users\maggi_000\Downloads\The_Next_Piece_2015.pdf
2016-01-04 11:18 - 2016-01-04 11:18 - 01036107 _____ C:\Users\maggi_000\Downloads\What_piece_next_poster..pdf
2016-01-03 10:44 - 2016-01-03 10:44 - 00109494 _____ C:\Users\maggi_000\Downloads\TSB-VISA-DEBIT-T-and-Cs.pdf
2016-01-02 10:53 - 2016-01-02 10:53 - 00235046 _____ C:\Users\maggi_000\Downloads\bef30f_316d48295b844ad8b4980721cfe3b9a5.pdf
2016-01-01 11:20 - 2016-01-11 13:40 - 00002543 _____ C:\Users\maggi_000\Desktop\Kindle.lnk
2016-01-01 11:20 - 2016-01-01 14:42 - 00000000 ____D C:\Users\maggi_000\Documents\My Kindle Content
2016-01-01 11:20 - 2016-01-01 11:20 - 00000000 ____D C:\Users\maggi_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon
2016-01-01 11:20 - 2016-01-01 11:20 - 00000000 ____D C:\Users\maggi_000\AppData\Local\Amazon
2015-12-31 08:24 - 2015-12-31 08:24 - 00055874 _____ C:\Users\maggi_000\Downloads\Information about your overdraft charges_30122015.pdf
2015-12-29 14:54 - 2015-12-29 14:54 - 00313224 _____ C:\Users\maggi_000\Downloads\SCoDCon16 Invite V1.pdf
2015-12-27 23:33 - 2087-05-20 11:08 - 03407872 _____ C:\Users\stephen\Desktop\SPOT0000.avi
2015-12-27 12:22 - 2015-12-27 12:22 - 00838493 _____ C:\Users\maggi_000\Downloads\Calendar 1(1).pdf
2015-12-27 12:21 - 2015-12-27 12:21 - 00838493 _____ C:\Users\maggi_000\Downloads\Calendar 1.pdf
2015-12-27 12:21 - 2015-12-27 12:21 - 00054524 _____ C:\Users\maggi_000\Downloads\Street A-Z.pdf

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-01-26 20:53 - 2015-05-27 13:25 - 00000000 ____D C:\Users\stephen\AppData\Roaming\Skype
2016-01-26 20:51 - 2015-10-05 11:24 - 00000000 ___RD C:\Users\stephen\Creative Cloud Files
2016-01-26 20:51 - 2015-05-22 18:59 - 00000000 ____D C:\ProgramData\WinCalendarV4
2016-01-26 20:51 - 2014-07-19 10:51 - 00000000 ____D C:\Users\stephen\AppData\Local\Adobe
2016-01-26 20:51 - 2014-07-05 10:05 - 00000000 ____D C:\ProgramData\boost_interprocess
2016-01-26 20:50 - 2015-12-10 04:03 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-01-26 20:50 - 2015-12-10 03:57 - 00000000 ____D C:\Users\stephen
2016-01-26 20:50 - 2015-12-10 03:56 - 00000000 ____D C:\ProgramData\NVIDIA
2016-01-26 20:50 - 2015-10-30 06:28 - 01048576 ___SH C:\WINDOWS\system32\config\BBI
2016-01-26 20:50 - 2015-10-05 21:26 - 00000916 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-01-26 20:41 - 2014-06-07 14:06 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-01-26 20:36 - 2015-10-05 21:26 - 00000920 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-01-26 20:10 - 2015-10-30 07:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-01-26 20:10 - 2015-10-30 07:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-01-26 16:11 - 2014-06-10 16:43 - 00004150 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{B1A324D8-A069-4CDA-8F5D-86DAF40AA30B}
2016-01-26 16:09 - 2015-10-30 07:21 - 00000000 ____D C:\WINDOWS\INF
2016-01-26 16:09 - 2015-08-11 11:25 - 00879220 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-01-26 16:07 - 2014-07-19 10:53 - 00001233 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk
2016-01-26 16:07 - 2014-07-19 10:52 - 00000000 ____D C:\Program Files (x86)\Adobe
2016-01-26 16:07 - 2014-06-07 11:05 - 00000000 ____D C:\Users\stephen\AppData\Roaming\Adobe
2016-01-26 16:03 - 2015-10-30 06:28 - 00000000 ____D C:\Windows
2016-01-26 16:03 - 2015-08-11 17:41 - 00002413 _____ C:\Users\stephen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-01-26 16:03 - 2014-11-11 22:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony
2016-01-26 16:03 - 2014-06-28 08:47 - 00000000 ____D C:\Users\stephen\AppData\Local\Autodesk
2016-01-26 16:03 - 2014-06-07 14:25 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-01-26 16:03 - 2014-06-07 11:05 - 00000000 __RDO C:\Users\stephen\OneDrive
2016-01-26 15:45 - 2014-06-15 10:28 - 00000000 __RDO C:\Users\maggi_000\OneDrive
2016-01-26 14:07 - 2014-06-15 10:50 - 00004154 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{AF793571-E11C-48A3-B5C9-1D59E4B08831}
2016-01-26 08:02 - 2014-06-07 11:02 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-01-26 03:49 - 2015-02-21 14:00 - 00000000 ____D C:\Users\stephen\AppData\Roaming\TS3Client
2016-01-23 12:58 - 2014-07-19 10:50 - 00000000 ____D C:\Users\maggi_000\AppData\Local\Adobe
2016-01-23 05:41 - 2014-12-03 20:59 - 00000482 _____ C:\WINDOWS\Tasks\SDMsgUpdate (TE).job
2016-01-22 17:00 - 2015-10-28 19:50 - 00000000 ____D C:\Users\cmcga_000\Desktop\Diploma
2016-01-21 22:32 - 2015-12-20 16:23 - 00001978 _____ C:\Users\stephen\Desktop\Install Now Autodesk® AutoCAD® 2015.lnk
2016-01-21 22:32 - 2015-12-10 04:00 - 00001552 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2016-01-21 22:32 - 2015-10-05 21:26 - 00002240 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth.lnk
2016-01-21 22:32 - 2015-10-05 11:31 - 00001136 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CC 2015.lnk
2016-01-21 22:32 - 2015-09-29 18:26 - 00001205 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe InDesign CS4.lnk
2016-01-21 22:32 - 2015-09-29 18:25 - 00001524 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Drive CS4.lnk
2016-01-21 22:32 - 2015-09-29 18:25 - 00001179 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS4.lnk
2016-01-21 22:32 - 2015-09-29 18:22 - 00001491 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS4.lnk
2016-01-21 22:32 - 2015-09-29 18:22 - 00001363 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Extension Manager CS4.lnk
2016-01-21 22:32 - 2015-07-20 18:09 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-01-21 22:32 - 2015-05-27 13:33 - 00001127 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2016-01-21 22:32 - 2015-05-02 16:00 - 00000992 _____ C:\Users\stephen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start Tor Browser.lnk
2016-01-21 22:32 - 2015-04-16 17:14 - 00000690 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\leafDrums 2.lnk
2016-01-21 22:32 - 2014-09-10 16:56 - 00002619 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Open Office Document.lnk
2016-01-21 22:32 - 2014-09-10 16:56 - 00002609 _____ C:\ProgramData\Microsoft\Windows\Start Menu\New Office Document.lnk
2016-01-21 22:32 - 2014-07-28 11:48 - 00001062 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Download Assistant.lnk
2016-01-21 22:32 - 2014-07-22 09:45 - 00002302 _____ C:\ProgramData\Microsoft\Windows\Start Menu\WinZip.lnk
2016-01-21 01:15 - 2015-05-27 13:33 - 00003952 _____ C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1432733584
2016-01-21 01:15 - 2015-05-27 13:32 - 00000000 ____D C:\Program Files (x86)\Opera
2016-01-20 04:21 - 2015-10-30 07:24 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-01-20 04:21 - 2015-02-01 02:03 - 00000000 ____D C:\Program Files\Microsoft Office 15
2016-01-19 02:49 - 2015-03-23 22:26 - 00000000 ____D C:\Users\stephen\AppData\Roaming\vlc
2016-01-17 19:12 - 2015-07-20 18:09 - 00003972 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2016-01-16 01:58 - 2015-06-25 07:36 - 00000000 ____D C:\Program Files\Common Files\AV
2016-01-16 01:58 - 2015-05-09 15:06 - 00000000 ____D C:\Users\stephen\AppData\LocalLow\Temp
2016-01-16 01:46 - 2015-04-06 08:48 - 00000000 ____D C:\AdwCleaner
2016-01-14 22:52 - 2015-10-30 07:24 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2016-01-14 22:48 - 2014-09-05 20:51 - 00000000 ____D C:\ProgramData\MFAData
2016-01-14 22:45 - 2015-10-30 07:24 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2016-01-14 21:52 - 2014-08-18 09:13 - 00004154 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{3A0A23C3-EEE7-4D3A-958A-5A37272D507E}
2016-01-14 19:35 - 2015-10-30 06:28 - 00032768 ___SH C:\WINDOWS\system32\config\ELAM
2016-01-14 01:05 - 2015-10-30 07:24 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2016-01-13 12:40 - 2015-08-14 18:18 - 00000000 ____D C:\Users\cmcga_000\AppData\Local\Comms
2016-01-13 11:13 - 2014-08-17 17:11 - 00000000 ____D C:\Users\cmcga_000\AppData\Local\Packages
2016-01-13 00:41 - 2014-06-27 22:43 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2016-01-13 00:41 - 2014-06-27 22:43 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2016-01-13 00:40 - 2015-10-30 07:24 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-01-12 23:10 - 2015-11-26 19:23 - 00000000 ____D C:\ProgramData\Microsoft Help
2016-01-12 23:10 - 2015-02-01 02:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2016-01-12 23:10 - 2014-06-27 22:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-01-12 23:09 - 2015-10-30 07:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-01-12 23:08 - 2014-06-12 00:18 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-01-12 23:06 - 2014-06-12 00:18 - 143671360 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-01-12 06:58 - 2015-12-10 03:57 - 00000000 ____D C:\Users\maggi_000
2016-01-12 06:58 - 2015-12-10 03:57 - 00000000 ____D C:\Users\cmcga_000
2016-01-12 00:01 - 2015-11-26 19:23 - 00000000 ____D C:\Program Files\Microsoft Office
2016-01-12 00:01 - 2015-10-30 07:24 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2016-01-12 00:01 - 2014-09-10 16:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2016-01-12 00:01 - 2014-09-10 16:56 - 00000000 ____D C:\Program Files (x86)\Microsoft Works
2016-01-11 15:42 - 2014-06-07 11:05 - 00000000 ____D C:\Users\stephen\AppData\Local\Packages
2016-01-08 18:33 - 2014-09-14 11:10 - 00186016 _____ C:\Users\maggi_000\AppData\Local\GDIPFONTCACHEV1.DAT
2016-01-07 19:08 - 2014-06-16 08:13 - 00000551 _____ C:\Users\maggi_000\Desktop\our nos.txt
2016-01-06 22:02 - 2015-10-30 07:24 - 00000000 ____D C:\WINDOWS\PLA
2016-01-06 21:46 - 2015-12-10 03:55 - 00000000 ___DC C:\WINDOWS\Panther
2016-01-06 12:47 - 2015-12-19 15:57 - 00561682 _____ C:\Users\stephen\Desktop\CT_Ind_-_Com_Tutorial_LO1-_2015_B.pdf
2016-01-05 19:23 - 2014-09-15 12:11 - 00186016 _____ C:\Users\stephen\AppData\Local\GDIPFONTCACHEV1.DAT
2016-01-05 06:26 - 2015-12-10 03:55 - 03184824 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-01-05 06:24 - 2015-10-30 18:08 - 00000000 ____D C:\WINDOWS\ShellNew
2016-01-03 01:40 - 2015-10-30 07:26 - 00826872 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-01-03 01:40 - 2015-10-30 07:26 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-01-01 11:31 - 2014-06-15 10:26 - 00000000 ____D C:\Users\maggi_000\AppData\Roaming\Adobe
2015-12-30 03:19 - 2014-06-28 08:39 - 00000000 ____D C:\Users\stephen\AppData\Roaming\Autodesk
2015-12-30 03:19 - 2014-06-28 08:39 - 00000000 ____D C:\ProgramData\Autodesk
2015-12-30 03:18 - 2015-02-01 02:09 - 00000000 ____D C:\Users\stephen\AppData\Local\Microsoft Help
2015-12-29 05:41 - 2014-06-07 14:06 - 00003816 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater

==================== Files in the root of some directories =======

2015-11-09 12:48 - 2015-11-09 12:48 - 0219654 _____ () C:\Users\stephen\AppData\Local\ars.cache
2015-11-09 12:48 - 2015-11-09 12:48 - 0516250 _____ () C:\Users\stephen\AppData\Local\census.cache
2015-11-09 12:41 - 2015-11-09 12:41 - 0000036 _____ () C:\Users\stephen\AppData\Local\housecall.guid.cache
2014-06-08 11:28 - 2015-09-08 23:02 - 0007601 _____ () C:\Users\stephen\AppData\Local\Resmon.ResmonCfg
2015-11-09 12:46 - 2015-11-09 12:46 - 0000010 _____ () C:\Users\stephen\AppData\Local\sponge.last.runtime.cache
2015-12-10 03:56 - 2015-12-10 03:56 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2014-06-28 08:42 - 2014-06-28 08:42 - 0000153 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
2015-12-21 15:10 - 2015-12-21 15:10 - 0000133 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-01-24 10:26

==================== End of FRST.txt ============================
Blazinby
Regular Member
 
Posts: 18
Joined: January 11th, 2016, 7:46 pm

Re: finish off malware removal

Unread postby Blazinby » January 26th, 2016, 7:09 pm

Additional scan result of Farbar Recovery Scan Tool (x64) Version:25-01-2016
Ran by stephen (2016-01-26 20:57:17)
Running from C:\Users\stephen\Downloads
Windows 10 Home (X64) (2015-12-10 04:06:31)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3488279127-63086370-3813774398-500 - Administrator - Disabled)
cmcga_000 (S-1-5-21-3488279127-63086370-3813774398-1005 - Limited - Enabled) => C:\Users\cmcga_000
DefaultAccount (S-1-5-21-3488279127-63086370-3813774398-503 - Limited - Disabled)
Guest (S-1-5-21-3488279127-63086370-3813774398-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3488279127-63086370-3813774398-1003 - Limited - Enabled)
maggi_000 (S-1-5-21-3488279127-63086370-3813774398-1004 - Limited - Enabled) => C:\Users\maggi_000
stephen (S-1-5-21-3488279127-63086370-3813774398-1001 - Administrator - Enabled) => C:\Users\stephen

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.38 beta (HKLM-x32\...\7-Zip) (Version: - )
A360 Desktop (HKLM\...\{B209E611-5511-4AD6-B4B3-9D36F93DBCD4}) (Version: 6.0.3.1100 - Autodesk)
ACA & MEP 2016 Object Enabler (Version: 7.8.41.0 - Autodesk) Hidden
ACAD Private (Version: 20.1.49.0 - Autodesk) Hidden
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.010.20056 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 3.4.1.181 - Adobe Systems Incorporated)
Adobe CSI CS4 x64 (Version: 1 - Adobe Systems Incorporated) Hidden
Adobe Download Assistant (HKLM-x32\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.2.9 - Adobe Systems Incorporated)
Adobe Drive CS4 x64 (Version: 1 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.267 - Adobe Systems Incorporated)
Adobe InDesign CS4 (HKLM-x32\...\Adobe_1710d324011afc3e7658e969025f4ba) (Version: 6.0 - Adobe Systems Incorporated)
Adobe InDesign CS4 Icon Handler x64 (Version: 6.0 - Adobe Systems Incorporated) Hidden
Adobe Media Player (HKLM-x32\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1 - Adobe Systems Incorporated)
Adobe PDF iFilter 11 for 64-bit platforms (HKLM\...\{BA5C0CC3-421B-4AE5-9370-1650D1941F30}) (Version: 11.0.00 - Adobe)
Adobe Photoshop CC 2015 (HKLM-x32\...\{793C2BF7-A4FE-4608-91C9-9282C5801C21}) (Version: 16.0.1 - Adobe Systems Incorporated)
Akamai NetSession Interface (HKU\S-1-5-21-3488279127-63086370-3813774398-1001\...\Akamai) (Version: - Akamai Technologies, Inc)
Aslain's XVM WoT Modpack version 9.13.07 (HKLM-x32\...\ZRwTINhSZfduKONYrSCTiCiGPggQZdcLRvoAVxyCOXXpkHeC~1DC3968F_is1) (Version: 9.13.07 - Aslain)
AutoCAD 2014 - English (Version: 19.1.108.1 - Autodesk) Hidden
AutoCAD 2014 - English (Version: 19.1.42.0 - Autodesk) Hidden
AutoCAD 2014 Language Pack - English (Version: 19.1.42.0 - Autodesk) Hidden
AutoCAD 2016 - English (Version: 20.1.49.0 - Autodesk) Hidden
AutoCAD 2016 (Version: 20.1.107.0 - Autodesk) Hidden
AutoCAD 2016 Language Pack - English (Version: 20.1.49.0 - Autodesk) Hidden
Autodesk Advanced Material Library Image Library 2016 (HKLM-x32\...\{94AD53E7-493B-4291-8714-7A3B761D2783}) (Version: 6.3.0.15 - Autodesk)
Autodesk App Manager (HKLM-x32\...\{C070121A-C8C5-4D52-9A7D-D240631BD433}) (Version: 1.1.0 - Autodesk)
Autodesk App Manager 2016 (HKLM-x32\...\{4ECF9E00-2978-46AF-BD80-455EFEAB7A93}) (Version: 2.0.0 - Autodesk)
Autodesk Application Manager (HKLM-x32\...\Autodesk Application Manager) (Version: 5.0.142.9 - Autodesk)
Autodesk AutoCAD 2014 - English SP1 (HKLM\...\AutoCAD 2014 - English SP1) (Version: 1 - Autodesk)
Autodesk AutoCAD 2016 - English (HKLM\...\AutoCAD 2016 - English) (Version: 20.1.49.0 - Autodesk)
Autodesk AutoCAD 2016 SP 1 (HKLM\...\AutoCAD 2016 SP1) (Version: 20.1.107.0 - Autodesk)
Autodesk AutoCAD Performance Feedback Tool 1.2.4 (HKLM-x32\...\{4E20873D-BC20-495C-AFD9-B18877B7F9BB}) (Version: 1.2.4.0 - Autodesk)
Autodesk BIM 360 Glue AutoCAD 2016 Add-in 64 bit (HKLM\...\{4BEE127E-95C4-434D-ABAC-65155192BB24}) (Version: 4.35.1742 - Autodesk)
Autodesk Content Service (HKLM\...\Autodesk Content Service) (Version: 3.2.0.0 - Autodesk)
Autodesk Content Service (Version: 3.2.0.0 - Autodesk) Hidden
Autodesk Content Service Language Pack (Version: 3.2.0.0 - Autodesk) Hidden
Autodesk Featured Apps (HKLM-x32\...\{F732FEDA-7713-4428-934B-EF83B8DD65D0}) (Version: 1.1.0 - Autodesk)
Autodesk Featured Apps 2016 (HKLM-x32\...\{D42F37CD-9AF9-4435-A474-B387C5BB6B47}) (Version: 2.0.0 - Autodesk)
Autodesk Material Library 2016 (HKLM-x32\...\{29A7D6EC-63C2-42FD-8143-5812ABD2923F}) (Version: 6.3.0.15 - Autodesk)
Autodesk Material Library Base Resolution Image Library 2016 (HKLM-x32\...\{6B4CFC6E-ECB0-47FE-95D3-65C680ED0687}) (Version: 6.3.0.15 - Autodesk)
Autodesk ReCap (Version: 1.0.43.13 - Autodesk) Hidden
Autodesk ReCap 2016 (HKLM\...\Autodesk ReCap 2016) (Version: 1.5.0.33 - Autodesk)
Autodesk ReCap 2016 (Version: 1.5.0.33 - Autodesk) Hidden
Autodesk ReCap Language Pack-English (Version: 1.0.43.13 - Autodesk) Hidden
Call of Duty: Modern Warfare 2 (HKLM-x32\...\Steam App 10180) (Version: - Infinity Ward)
CCleaner (HKLM\...\CCleaner) (Version: 5.13 - Piriform)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Connect (x32 Version: 1.0.0.1 - Adobe Systems Incorporated) Hidden
Counter-Strike: Source (HKLM-x32\...\Steam App 240) (Version: - Valve)
eLicenser Control (HKLM-x32\...\eLicenser Control) (Version: 6.9.1.1175 - Steinberg Media Technologies GmbH)
Fallout 3 - Game of the Year Edition (HKLM-x32\...\Steam App 22370) (Version: - Bethesda Game Studios)
Fallout 3 (HKU\S-1-5-21-3488279127-63086370-3813774398-1001\...\{974C4B12-4D02-4879-85E0-61C95CC63E9E}) (Version: 1.00.0000 - Bethesda Softworks)
FARO LS 1.1.406.58 (HKLM-x32\...\{951B0F30-9F1A-4BF6-B3DA-99EB0E917B1C}) (Version: 4.6.58.2 - FARO Scanner Production)
FARO LS 1.1.501.0 (64bit) (HKLM-x32\...\{8A470330-70B2-49AD-86AF-79885EF9898A}) (Version: 5.1.0.30630 - FARO Scanner Production)
FARO LS 1.1.502.0 (64bit) (HKLM-x32\...\{66D83FE0-D798-4B38-86FE-FB48151E5AEF}) (Version: 5.2.0.35213 - FARO Scanner Production)
FARO LS 1.1.503.3 (64bit) (HKLM-x32\...\{1C05E654-FB81-4274-BF32-292E3707701D}) (Version: 5.3.3.38662 - FARO Scanner Production)
GanttProject (HKLM-x32\...\GanttProject) (Version: - )
Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
Google Update Helper (x32 Version: 1.3.29.1 - Google Inc.) Hidden
Half-Life 2 (HKLM-x32\...\Steam App 220) (Version: - Valve)
Homeworld Remastered Collection (HKLM-x32\...\Steam App 244160) (Version: - Gearbox Software)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 10.0.0.1204 - Intel Corporation)
Java 8 Update 66 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418066F0}) (Version: 8.0.660.18 - Oracle Corporation)
Java 8 Update 66 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218066F0}) (Version: 8.0.660.18 - Oracle Corporation)
kuler (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
leafdigital leafDrums 2.1 (HKLM-x32\...\leafDrums2) (Version: - )
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Media Go (HKLM-x32\...\{65256C0D-3FE7-4D2E-BB3E-53F1175481C8}) (Version: 3.0.403 - Sony)
Media Go Network Downloader (HKLM-x32\...\{C52148B9-19E0-433A-9422-3451B1BEE20F}) (Version: 1.6.01.0 - Sony)
Media Go Video Playback Engine 2.20.107.05220 (HKLM-x32\...\{7348D0F2-3DAC-0BE7-4E7C-64844D2E3CA9}) (Version: 2.20.107.05220 - Sony)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{67F42018-F647-4D3C-BE62-F8CB4FE2FCD5}) (Version: 3.5.67.0 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM-x32\...\{90110409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft OneNote 2013 - en-us (HKLM\...\OneNoteFreeRetail - en-us) (Version: 15.0.4787.1002 - Microsoft Corporation)
Microsoft Project Professional 2013 (HKLM-x32\...\Office15.PRJPRO) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Mozilla Firefox 43.0.4 (x86 en-GB) (HKLM-x32\...\Mozilla Firefox 43.0.4 (x86 en-GB)) (Version: 43.0.4 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 43.0.4 - Mozilla)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
NBS Create (HKLM-x32\...\{A0AF8432-76A3-4269-86A8-15E2CA9ACC5C}) (Version: 1.05.0003 - NBS)
NVIDIA 3D Vision Controller Driver 352.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 352.65 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 352.86 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 352.86 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.7.4.10 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.7.4.10 - NVIDIA Corporation)
NVIDIA Graphics Driver 352.86 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 352.86 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.3 - NVIDIA Corporation)
NVIDIA Miracast Virtual Audio 352.86 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Miracast.VirtualAudio) (Version: 352.86 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4787.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4787.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4787.1002 - Microsoft Corporation) Hidden
Opera Stable 34.0.2036.50 (HKLM-x32\...\Opera 34.0.2036.50) (Version: 34.0.2036.50 - Opera Software)
Outils de vérification linguistique 2013 de Microsoft Office - Français (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
PDF Settings CS4 (x32 Version: 9.0 - Adobe Systems Incorporated) Hidden
Photoshop Camera Raw (x32 Version: 5.0 - Adobe Systems Incorporated) Hidden
Portal (HKLM-x32\...\Steam App 400) (Version: - Valve)
Portal 2 (HKLM-x32\...\Steam App 620) (Version: - Valve)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7535 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.52 - Piriform)
Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.55.0 - Samsung Electronics Co., Ltd.)
Sandboxie 5.06 (64-bit) (HKLM\...\Sandboxie) (Version: 5.06 - Sandboxie Holdings, LLC)
SHIELD Streaming (Version: 4.1.0240 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.7.4.10 - NVIDIA Corporation) Hidden
Should I Remove It (HKU\S-1-5-21-3488279127-63086370-3813774398-1001\...\Should I Remove It 1.0.4) (Version: 1.0.4 - Reason Software Company Inc.)
Should I Remove It (x32 Version: 1.0.4 - Reason Software Company Inc.) Hidden
SketchUp 2015 (HKLM\...\{350488A4-1540-4103-8F01-B27503891EB0}) (Version: 15.3.331 - Trimble Navigation Limited)
SketchUp Import (HKLM-x32\...\{C403E867-FCF1-432B-BCC1-8FFD40A10A6E}) (Version: 1.2.0 - Autodesk)
SketchUp Import 2016 (HKLM-x32\...\{C769FB7C-1F55-4B31-9A2A-21CEC50F4F92}) (Version: 2.0.0 - Autodesk)
Skype™ 7.5 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.5.101 - Skype Technologies S.A.)
SmartDraw 2010 (HKU\S-1-5-21-3488279127-63086370-3813774398-1001\...\SmartDraw 2010) (Version: - )
Sony Mobile Update Engine (HKLM-x32\...\Update Engine) (Version: 2.15.16.201511171525 - Sony Mobile Communications Inc.)
Sony PC Companion 2.10.303 (HKLM-x32\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.303 - Sony)
Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation)
Steinberg Cubase LE AI Elements 6 64bit (HKLM\...\{8EEEB23E-A3EB-44A4-AEE9-D2FD6F96E4A0}) (Version: 6.0.3 - Steinberg Media Technologies GmbH)
Steinberg Drum Loop Expansion 01 (HKLM-x32\...\{490BF87E-1F75-4453-BF55-9F540543A3CA}) (Version: 2.0.0.0 - Steinberg Media Technologies GmbH)
Steinberg Groove Agent ONE Content (HKLM-x32\...\{BD86F1AC-B594-46E4-85DC-1258AC9E2232}) (Version: 1.0.0.003 - Steinberg Media Technologies GmbH)
Steinberg Groove Agent ONE Vintage Beatboxes (HKLM-x32\...\{DBF4BC99-53F1-4C97-84C3-7557D103E182}) (Version: 1.0.0.000 - Steinberg Media Technologies GmbH)
Steinberg HALion Sonic SE 64bit (HKLM\...\{B99C316B-C135-43B5-8E77-2BC5E241F964}) (Version: 1.5.2 - Steinberg Media Technologies GmbH)
Steinberg HALion Sonic SE Content for Cubase LE AI Elements (HKLM-x32\...\{CF45002F-2205-4116-BB51-2D015F436CAC}) (Version: 1.5.2.000 - Steinberg Media Technologies GmbH)
Suite Shared Configuration CS4 (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
TeamSpeak 3 Client (HKU\S-1-5-21-3488279127-63086370-3813774398-1001\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
Text-To-Speech-Runtime (HKLM-x32\...\{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}) (Version: 1.0.0.0 - Magix Development GmbH)
Thunder Master v2.4 (HKLM-x32\...\{EE04522C-0814-4B63-AE57-0B63E5A355BB}_is1) (Version: 2.4.0.0 - Palit Microsystems Ltd.)
Update for Skype for Business 2015 (KB3114502) 32-Bit Edition (HKLM-x32\...\{90150000-002A-0000-1000-0000000FF1CE}_Office15.PRJPRO_{B4DBD8FE-927A-4BAF-9158-D71D2EE4C00F}) (Version: - Microsoft)
Uplay (HKLM-x32\...\Uplay) (Version: 4.6 - Ubisoft)
Visual C++ 2008 - x64 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{6DA2B636-698A-3294-BF4A-B5E11B238CDD}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x64 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{8CCEA24C-51AE-3B71-9092-7D0C44DDA2DF}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x64 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{C3A57BB3-9AA6-3F6F-9395-6C062BDD5FC4}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x64 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{F6F09DD8-F39B-3A16-ADB9-C9E6B56903F9}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x86 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{04B34E21-5BEE-3D2B-8D3D-E3E80D253F64}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x86 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{14866AAD-1F23-39AC-A62B-7091ED1ADE64}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x86 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{4B90093A-5D9C-3956-8ABB-95848BE6EFAD}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x86 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{B42E259C-E4D4-37F1-A1B2-EB9C4FC5A04D}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Watch_Dogs (HKLM-x32\...\Uplay Install 274) (Version: - Ubisoft)
WinCalendar V4 (HKLM-x32\...\WinCalendar V4) (Version: 4.31 - Sapro Systems)
WinRAR 5.11 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.11.0 - win.rar GmbH)
WinZip 18.5 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240E3}) (Version: 18.5.11111 - WinZip Computing, S.L. )
World of Tanks (HKU\S-1-5-21-3488279127-63086370-3813774398-1001\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812EU}_is1) (Version: - Wargaming.net)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3488279127-63086370-3813774398-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-3E48168F0BF5}\InprocServer32 -> %%systemroot%%\system32\shell32.dll => No File
CustomCLSID: HKU\S-1-5-21-3488279127-63086370-3813774398-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\stephen\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\FileCoAuth.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3488279127-63086370-3813774398-1001_Classes\CLSID\{7DE1BE5C-CEBA-4F1D-ACBC-9CE11EE9A2A1}\localserver32 -> D:\Program Files\Autodesk\AutoCAD 2014\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-3488279127-63086370-3813774398-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0CFE2E40-6A97-48C5-9F38-DE82315CF1B0} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => config upnphost start= auto
Task: {0FBB4C60-A94D-48A5-BAD7-5625DDF2A7D0} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe
Task: {1663F876-BDF6-4166-B3B9-F3D0EFE29C82} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-12-22] (Microsoft Corporation)
Task: {18FCD4A7-8F8B-463C-93F0-201D321FE4D3} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-10-05] (Google Inc.)
Task: {2E599E7B-8934-48F7-BE8F-E50B24D2FBD1} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: {30DF0F10-D2C7-4F42-A8B6-1BE45573F78E} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-21] (Microsoft Corporation)
Task: {515957AE-8084-4613-AAB3-7CCAA5426F5D} - System32\Tasks\{3B00E05A-55A2-420D-AB18-BDBC1D5086E0} => pcalua.exe -a E:\Setup.now.exe -d E:\
Task: {61278F75-ACB1-49D1-9937-E27748F0BCB1} - System32\Tasks\{7BEE6A47-035C-4DE7-819A-FF8321383B81} => pcalua.exe -a "C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe" -c scenario=install baseurl="C:\Program Files\Microsoft Office 15" platform=x86 version=15.0.4641.1003 culture=en-us productstoremove=ProPlusRetail_en-us_x-none
Task: {72AF2AEC-1647-49B2-85BC-DBCF7E051389} - System32\Tasks\Opera scheduled Autoupdate 1432733584 => C:\Program Files (x86)\Opera\launcher.exe [2016-01-18] (Opera Software)
Task: {72B00A12-E3EE-4696-A4F6-9DB6769FDF68} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-12-22] (Microsoft Corporation)
Task: {732737F0-55DD-4740-AAC8-9A825BE999FC} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-01-12] (Microsoft Corporation)
Task: {8D469930-866F-4944-B9D7-40DEA54E9A91} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-21] (Microsoft Corporation)
Task: {8DFBE616-7074-45BE-ABA7-925981AC24F3} - System32\Tasks\ShouldIRemoveIt_Notifications => D:\Program Files (x86)\Reason\Should I Remove It\ShouldIRemoveIt.exe [2014-09-03] (Reason Software Company Inc.)
Task: {8E34CD63-AA22-4525-8DEC-5CB797FCAC93} - System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-stephenmcgarrell@msn.com => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2015-10-30] (Adobe Systems Incorporated)
Task: {908DF050-EC73-490D-A3CC-FABDA32F6478} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-12-08] (Piriform Ltd)
Task: {9A2CAD55-E9F0-4E2B-996D-9E5B38367C48} - System32\Tasks\Java Platform SE Auto Updater => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2015-11-09] (Oracle Corporation)
Task: {B11FD346-80A8-494A-B4D9-5D7D5E80E52B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-10-05] (Google Inc.)
Task: {B43A6A22-E00B-4A44-B733-CE686A2C6049} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-13] (Adobe Systems Incorporated)
Task: {CF3CF60B-F2E7-4DFE-9DAE-D666E7D3E908} - System32\Tasks\{F2FF3EB3-E05D-4702-BE9E-403B588482E6} => pcalua.exe -a D:\leafDrums233.exe -d D:\
Task: {D4F4507B-BAE8-438E-A3DD-E735401AC9E0} - System32\Tasks\SDMsgUpdate (TE) => C:\Program Files (x86)\SmartDraw 2010\Messages\SDNotify.exe [2009-07-08] ()

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\SDMsgUpdate (TE).job => C:\PROGRA~2\SMARTD~1\Messages\SDNotify.exeX-PTE -V1812 -SSDU.ini -A -Mhxxp:/www.smartdraw.com/msgs/messagecheck.asp

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2015-10-30 07:17 - 2015-10-30 07:17 - 00028672 _____ () C:\WINDOWS\SYSTEM32\efsext.dll
2015-10-30 07:18 - 2015-10-30 07:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2015-12-10 03:56 - 2015-08-07 00:24 - 00116344 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-02-01 02:03 - 2015-10-13 04:34 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2015-12-10 03:56 - 2014-01-28 03:16 - 00936728 _____ () C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe
2015-12-10 03:53 - 2015-12-10 03:53 - 02653816 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2015-12-10 03:53 - 2015-12-10 03:53 - 02653816 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2015-11-14 04:23 - 2015-11-14 04:23 - 00553120 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
2015-10-28 10:09 - 2015-09-01 16:04 - 08901184 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2016-01-12 22:50 - 2016-01-05 01:23 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2015-12-18 10:50 - 2015-12-07 04:14 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2015-12-18 10:50 - 2015-12-07 04:00 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-01-12 22:50 - 2016-01-05 01:29 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-01-12 22:50 - 2016-01-05 01:24 - 00936960 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2016-01-12 22:50 - 2016-01-05 01:24 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-01-12 22:50 - 2016-01-05 01:26 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2014-11-11 22:46 - 2015-06-10 10:13 - 00113024 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe
2014-06-07 12:00 - 2015-11-12 18:37 - 00087160 _____ () C:\Program Files (x86)\NVIDIA Corporation\LED Visualizer\NvLedServiceHost.exe
2015-01-27 21:23 - 2015-01-27 21:23 - 00232328 _____ () C:\Program Files\Autodesk\Autodesk Sync\qjson_Ad_0.dll
2015-01-27 21:23 - 2015-01-27 21:23 - 00048520 _____ () C:\Program Files\Autodesk\Autodesk Sync\QtSolutions_MFCMigrationFramework_Ad_2.dll
2015-01-27 21:23 - 2015-01-27 21:23 - 00059784 _____ () C:\Program Files\Autodesk\Autodesk Sync\qoauth_Ad_1.dll
2015-01-27 21:23 - 2015-01-27 21:23 - 00922504 _____ () C:\Program Files\Autodesk\Autodesk Sync\qca_Ad_2.dll
2015-11-14 04:22 - 2015-11-14 04:22 - 31401120 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
2015-12-21 15:12 - 2015-11-17 02:33 - 00103968 _____ () C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\qjson0.dll
2015-12-21 15:12 - 2015-11-17 02:33 - 00055328 _____ () C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\QtSolutions_Service-head.dll
2015-12-10 03:56 - 2016-01-26 20:50 - 00032768 _____ () C:\Program Files (x86)\ASUS\AXSP\1.02.00\PEbiosinterface32.dll
2015-12-10 03:56 - 2014-01-28 03:16 - 00104448 _____ () C:\Program Files (x86)\ASUS\AXSP\1.02.00\ATKEX.dll
2015-02-25 15:02 - 2015-11-12 18:39 - 00012080 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2014-11-11 22:46 - 2012-04-30 10:57 - 00039936 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\TMonitorAPI.dll
2014-11-11 22:46 - 2015-10-20 17:44 - 00242176 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\MExplorer.dll
2014-11-11 22:46 - 2015-04-21 12:22 - 00053248 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\VObject.dll
2015-11-06 11:46 - 2015-11-06 11:46 - 02385280 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\libxt.dll
2015-09-07 15:59 - 2015-09-07 15:59 - 00237440 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\Report.dll
2015-10-22 12:13 - 2015-10-22 12:13 - 00823168 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\PhoneUpdate.dll
2014-06-07 12:00 - 2015-11-12 18:37 - 00621360 _____ () C:\Program Files (x86)\NVIDIA Corporation\LED Visualizer\NvGpuInterface.dll
2008-08-28 15:53 - 2008-08-28 15:53 - 00073728 _____ () C:\Program Files (x86)\Adobe\Adobe Bridge CS4\Symlib.dll
2008-08-28 15:54 - 2008-08-28 15:54 - 00502272 _____ () C:\Program Files (x86)\Adobe\Adobe Bridge CS4\AdobeXMPFiles.dll
2008-08-28 15:47 - 2008-08-28 15:47 - 02748416 _____ () C:\Program Files (x86)\Adobe\Adobe Bridge CS4\LIBMYSQLD.dll
2008-08-28 15:54 - 2008-08-28 15:54 - 00424960 _____ () C:\Program Files (x86)\Adobe\Adobe Bridge CS4\AdobeXMP.dll
2008-08-28 15:54 - 2008-08-28 15:54 - 00891904 _____ () C:\Program Files (x86)\Adobe\Adobe Bridge CS4\FileInfo.dll
2015-02-01 02:03 - 2015-02-01 02:03 - 00316576 _____ () C:\Program Files\Microsoft Office 15\root\office15\AppVIsvStream32.dll
2015-11-16 17:43 - 2015-11-16 17:43 - 40523440 _____ () C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\CEF\libcef.dll
2015-11-16 17:43 - 2015-11-16 17:43 - 01365680 _____ () C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\CEF\libglesv2.dll
2015-11-16 17:43 - 2015-11-16 17:43 - 00219312 _____ () C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\CEF\libegl.dll
2015-11-25 19:35 - 2015-11-25 19:35 - 00124416 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\fs-ext\build\Release\fs-ext.node
2015-11-25 19:35 - 2015-11-25 19:35 - 00188416 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\node-vulcanjs\build\Release\VulcanJS.node
2015-11-25 19:35 - 2015-11-25 19:35 - 00121344 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\ref\build\Release\binding.node
2015-11-25 19:35 - 2015-11-25 19:35 - 00129536 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\ffi\build\Release\ffi_bindings.node
2015-11-25 13:22 - 2015-11-25 13:22 - 00158384 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\node-ProxyResolver\native\ProxyResolverWin.dll
2015-11-25 19:35 - 2015-11-25 19:35 - 00081408 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\idle-gc\build\Release\idle-gc.node
2015-11-25 19:48 - 2015-11-25 19:48 - 00124416 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\fs-ext\build\Release\fs-ext.node
2015-11-25 19:48 - 2015-11-25 19:48 - 00121344 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\ref\build\Release\binding.node
2015-11-25 19:48 - 2015-11-25 19:48 - 00129536 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\ffi\build\Release\ffi_bindings.node
2015-11-25 19:48 - 2015-11-25 19:48 - 00188416 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\node-vulcanjs\build\Release\VulcanJS.node
2015-11-25 13:15 - 2015-11-25 13:15 - 00158384 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\node-ProxyResolver\native\ProxyResolverWin.dll
2015-11-25 19:48 - 2015-11-25 19:48 - 00085504 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\ws\build\Release\bufferutil.node
2015-11-25 19:48 - 2015-11-25 19:48 - 00086016 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\ws\build\Release\validation.node
2015-11-25 19:48 - 2015-11-25 19:48 - 00081408 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\idle-gc\build\Release\idle-gc.node
2014-03-20 10:43 - 2014-03-20 10:43 - 01241560 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-3488279127-63086370-3813774398-1001\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-3488279127-63086370-3813774398-1001\...\webcompanion.com -> hxxp://webcompanion.com

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 13:25 - 2016-01-20 04:03 - 00000027 ____A C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1 localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3488279127-63086370-3813774398-1001\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 194.168.4.100 - 194.168.8.100
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\StartupFolder: => "McAfee Security Scan Plus.lnk"
HKLM\...\StartupApproved\Run: => "Autodesk Sync"
HKLM\...\StartupApproved\Run: => "XMouseButtonControl"
HKLM\...\StartupApproved\Run32: => "KiesTrayAgent"
HKLM\...\StartupApproved\Run32: => "vProt"
HKLM\...\StartupApproved\Run32: => "AdVPN"
HKLM\...\StartupApproved\Run32: => "AdobeAAMUpdater-1.0"
HKU\S-1-5-21-3488279127-63086370-3813774398-1001\...\StartupApproved\StartupFolder: => "OpenOffice.org 3.1.lnk"
HKU\S-1-5-21-3488279127-63086370-3813774398-1001\...\StartupApproved\Run: => "KiesAirMessage"
HKU\S-1-5-21-3488279127-63086370-3813774398-1001\...\StartupApproved\Run: => "Browser Extensions"
HKU\S-1-5-21-3488279127-63086370-3813774398-1001\...\StartupApproved\Run: => "Search Protection"
HKU\S-1-5-21-3488279127-63086370-3813774398-1001\...\StartupApproved\Run: => "WinCalendar V4"
HKU\S-1-5-21-3488279127-63086370-3813774398-1001\...\StartupApproved\Run: => "Web Companion"
HKU\S-1-5-21-3488279127-63086370-3813774398-1001\...\StartupApproved\Run: => "uTorrent"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{7CBC7956-1BA8-43BB-A74E-EB6172252448}] => (Allow) C:\Users\stephen\Desktop\Microsoft Toolkit.exe
FirewallRules: [{E553DA61-5AD2-4E9F-B418-F72D4E4B83D4}] => (Allow) C:\Users\stephen\Desktop\Microsoft Toolkit.exe
FirewallRules: [{6F4B3880-2897-4AEA-A358-46E07766FA8E}] => (Allow) C:\Program Files (x86)\Sony Mobile\Update Engine\Sony Mobile Update Engine.exe
FirewallRules: [{B38FB37B-D48E-40AA-AA53-48B4041F7265}] => (Allow) C:\Program Files (x86)\Sony Mobile\Update Engine\Sony Mobile Update Engine.exe
FirewallRules: [{2EF60B3C-ACC3-404A-A9EC-E7989FC61FFE}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [{1CB05E20-B104-4166-B71C-AC6B936C1D08}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [{9374BA96-BE7D-4883-AFBF-8C441F8D79D5}] => (Allow) C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe
FirewallRules: [{91DD439C-6FA0-4000-8DA5-59D42FCCAC3F}] => (Allow) C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe
FirewallRules: [{24125DD9-AA1F-49BE-A6A0-FFBF6CC28DD2}] => (Allow) LPort=5353
FirewallRules: [{9AC77051-544D-4777-BE1E-98353290DB15}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{E001E44F-22D6-47DF-A714-A062EB080BE0}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{068EF7EC-734F-4A69-9BBD-15CC692D546B}] => (Allow) D:\SteamLibrary\SteamApps\common\Counter-Strike Source\hl2.exe
FirewallRules: [{EF024DDE-6383-4686-B215-85076290742A}] => (Allow) D:\SteamLibrary\SteamApps\common\Counter-Strike Source\hl2.exe
FirewallRules: [{BA69AFF2-69F8-46E5-9BE5-F03AF5825338}] => (Allow) D:\SteamLibrary\SteamApps\common\Call of Duty Modern Warfare 2\iw4sp.exe
FirewallRules: [{557B27C5-7826-46B4-95FE-8BD57B9EE0EE}] => (Allow) D:\SteamLibrary\SteamApps\common\Call of Duty Modern Warfare 2\iw4sp.exe
FirewallRules: [{6394831C-02BF-4287-930B-FC4D275A7934}] => (Allow) D:\Steam\SteamApps\common\Counter-Strike Source\hl2.exe
FirewallRules: [{098645C1-557F-44BB-B643-751CCFCAFD17}] => (Allow) D:\Steam\SteamApps\common\Counter-Strike Source\hl2.exe
FirewallRules: [TCP Query User{C2FC2D3A-4262-4D1E-BA2E-DC1B429550B0}C:\users\maggi_000\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\maggi_000\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{8FB2C83A-E066-43BA-8787-362A7378B086}C:\users\maggi_000\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\maggi_000\appdata\local\akamai\netsession_win.exe
FirewallRules: [TCP Query User{4D9CD4CE-45CD-46B5-B923-44C8157241BB}C:\users\maggi_000\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\maggi_000\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{B9A97A59-FD91-4C84-80AD-ED932079DE84}C:\users\maggi_000\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\maggi_000\appdata\local\akamai\netsession_win.exe
FirewallRules: [TCP Query User{2255D6C3-EE6E-437E-82AD-A6D7ABCD5EAB}D:\games\world_of_tanks\worldoftanks.exe] => (Allow) D:\games\world_of_tanks\worldoftanks.exe
FirewallRules: [UDP Query User{890ADF07-6BCD-414F-89AA-63D1A3008C4C}D:\games\world_of_tanks\worldoftanks.exe] => (Allow) D:\games\world_of_tanks\worldoftanks.exe
FirewallRules: [TCP Query User{E2230686-AB58-4AA0-B085-9DC67919B8DD}D:\program files (x86)\ubisoft\ubisoft game launcher\games\watch_dogs\bin\watch_dogs.exe] => (Allow) D:\program files (x86)\ubisoft\ubisoft game launcher\games\watch_dogs\bin\watch_dogs.exe
FirewallRules: [UDP Query User{E1E613BE-AE79-4F84-BC01-56C5CE0F67CF}D:\program files (x86)\ubisoft\ubisoft game launcher\games\watch_dogs\bin\watch_dogs.exe] => (Allow) D:\program files (x86)\ubisoft\ubisoft game launcher\games\watch_dogs\bin\watch_dogs.exe
FirewallRules: [TCP Query User{93384D67-8F48-4BFB-A704-A16D6EC6F66C}D:\games\world_of_tanks\wotlauncher.exe] => (Allow) D:\games\world_of_tanks\wotlauncher.exe
FirewallRules: [UDP Query User{8D9A6708-CA59-4240-9954-1CC8F326C7D6}D:\games\world_of_tanks\wotlauncher.exe] => (Allow) D:\games\world_of_tanks\wotlauncher.exe
FirewallRules: [{5315D542-B684-40BC-9455-D99A1B928CA6}] => (Allow) D:\Steam\Steam.exe
FirewallRules: [{5031D340-6BB7-4737-B461-6C2244AB1B17}] => (Allow) D:\Steam\Steam.exe
FirewallRules: [{A076CE23-C7DB-42B6-9F7B-5A7173877963}] => (Allow) D:\Steam\bin\steamwebhelper.exe
FirewallRules: [{DBE3E056-EADD-488D-BB1D-1779A7F628AE}] => (Allow) D:\Steam\bin\steamwebhelper.exe
FirewallRules: [{3F21404F-EC71-4D57-AD52-299FDEA0EA71}] => (Allow) D:\Steam\SteamApps\common\Call of Duty Modern Warfare 2\iw4sp.exe
FirewallRules: [{7486BC65-D078-4038-AFBE-402256FBEE28}] => (Allow) D:\Steam\SteamApps\common\Call of Duty Modern Warfare 2\iw4sp.exe
FirewallRules: [{632DC639-2249-4DD6-B372-490DF9B3E189}] => (Allow) D:\Steam\SteamApps\common\Portal\hl2.exe
FirewallRules: [{43B37AC3-22C7-475D-9053-7605FA86C0E0}] => (Allow) D:\Steam\SteamApps\common\Portal\hl2.exe
FirewallRules: [{CC41A8E8-3954-403D-B394-4C5F427EEDAF}] => (Allow) D:\Steam\SteamApps\common\Portal 2\portal2.exe
FirewallRules: [{A84A0001-59E7-4CA7-AC90-096ED32B26EB}] => (Allow) D:\Steam\SteamApps\common\Portal 2\portal2.exe
FirewallRules: [TCP Query User{639B8B9F-5FAB-4E9B-9A1C-0A1CFA28042C}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{209E4CB4-1A55-46F0-8424-408605D10BEF}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{F2321D11-B5D4-47DE-BAD4-216E489A1267}] => (Allow) D:\Steam\SteamApps\common\Homeworld\HWLauncher\Launcher.exe
FirewallRules: [{FC0A709D-5515-4E38-B0E8-969E75B285A4}] => (Allow) D:\Steam\SteamApps\common\Homeworld\HWLauncher\Launcher.exe
FirewallRules: [{A361AE83-6FDB-4802-98B9-7CE0AD3F71F2}] => (Allow) D:\Steam\SteamApps\common\Half-Life 2\hl2.exe
FirewallRules: [{DE470DEB-2C15-4ABE-A21C-105595FC022E}] => (Allow) D:\Steam\SteamApps\common\Half-Life 2\hl2.exe
FirewallRules: [{2A71F814-A5F1-430C-8D2B-AA8597A0366D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{F764B9C8-2AD1-464C-8493-59B009595829}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{99FD8412-B44E-4C94-A701-01D404AFE09B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{7210F895-BB87-4A53-BBB4-8C64AA5EA79B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{8DC7D9E8-38AC-4A62-A46B-1E522DE7B3AB}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{C2CE4B41-79A2-4B83-A8A0-BBD76D892A90}] => (Allow) D:\Steam\SteamApps\common\Fallout 3 goty\FalloutLauncher.exe
FirewallRules: [{6387A010-1852-4255-8AC7-353FA14720C1}] => (Allow) D:\Steam\SteamApps\common\Fallout 3 goty\FalloutLauncher.exe
FirewallRules: [TCP Query User{FCB16392-02A0-4C5E-893D-DE942B3B38F6}C:\users\stephen\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\stephen\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{1BC21281-8C6D-467E-91EA-6399F4687AA3}C:\users\stephen\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\stephen\appdata\local\akamai\netsession_win.exe
FirewallRules: [{5C259770-F980-4729-AC51-D6F946DBA4F7}] => (Allow) LPort=50248
FirewallRules: [{B978696B-8CD5-4D29-B5C9-0F471F7397AF}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{209C0677-1645-49D1-A58C-329A60652A50}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Restore Points =========================

18-01-2016 08:41:10 Scheduled Checkpoint
20-01-2016 03:57:16 precleanup
21-01-2016 22:22:38 Restore Point Created by FRST
26-01-2016 20:49:47 Restore Point Created by FRST

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (01/26/2016 08:49:48 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (01/26/2016 08:49:47 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {57144a36-17d1-44d6-8c54-5cf08d98eef2}

Error: (01/26/2016 03:56:48 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: MAGGIE)
Description: Activation of application Microsoft.Getstarted_2.6.12.0_x64__8wekyb3d8bbwe:App.AppX7mv0s3r0wanj0n66dy6vax24ps6avzvz.mca failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (01/26/2016 08:02:37 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1533) (User: NT AUTHORITY)
Description: Windows cannot delete the profile directory C:\Users\TEMP. This error may be caused by files in this directory being used by another program.

DETAIL - The directory is not empty.

Error: (01/26/2016 08:02:08 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1511) (User: Maggie)
Description: Windows cannot find the local profile and is logging you on with a temporary profile. Changes you make to this profile will be lost when you log off.

Error: (01/26/2016 08:02:08 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1515) (User: Maggie)
Description: Windows has backed up this user profile. Windows will automatically try to use the backup profile the next time this user logs on.

Error: (01/26/2016 08:02:08 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1502) (User: Maggie)
Description: Windows cannot load the locally stored profile. Possible causes of this error include insufficient security rights or a corrupt local profile.

DETAIL - The process cannot access the file because it is being used by another process.

Error: (01/26/2016 08:02:08 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1508) (User: NT AUTHORITY)
Description: Windows was unable to load the registry. This problem is often caused by insufficient memory or insufficient security rights.

DETAIL - The process cannot access the file because it is being used by another process.
for C:\Users\maggi_000\ntuser.dat

Error: (01/25/2016 03:16:47 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: MAGGIE)
Description: Activation of application Microsoft.Windows.Photos_8wekyb3d8bbwe!App failed with error: -2147024891 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (01/25/2016 02:31:47 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: MAGGIE)
Description: Activation of application Microsoft.Windows.Photos_8wekyb3d8bbwe!App failed with error: -2147024891 See the Microsoft-Windows-TWinUI/Operational log for additional information.


System errors:
=============
Error: (01/26/2016 08:53:48 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: {784E29F4-5EBE-4279-9948-1E8FE941646D}

Error: (01/26/2016 08:50:14 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Access_99293 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (01/26/2016 08:50:14 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Storage_99293 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (01/26/2016 08:50:14 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Contact Data_99293 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (01/26/2016 08:50:14 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sync Host_99293 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (01/26/2016 08:50:14 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

Error: (01/26/2016 04:06:06 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: {784E29F4-5EBE-4279-9948-1E8FE941646D}

Error: (01/26/2016 04:02:38 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

Error: (01/26/2016 04:00:16 PM) (Source: DCOM) (EventID: 10005) (User: MAGGIE)
Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (01/26/2016 04:00:16 PM) (Source: DCOM) (EventID: 10005) (User: MAGGIE)
Description: 1084dpsUnavailable{DDCFD26B-FEED-44CD-B71D-79487D2E5E5A}


CodeIntegrity:
===================================
Date: 2016-01-26 09:10:01.504
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-01-26 08:49:05.248
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-01-26 08:49:05.243
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-01-26 08:49:05.237
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-01-26 08:49:04.883
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-01-26 08:49:04.828
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-01-26 08:49:04.704
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-01-26 08:49:04.648
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-01-26 08:49:04.522
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-01-26 08:49:04.467
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7-4790 CPU @ 3.60GHz
Percentage of memory in use: 14%
Total physical RAM: 16326.05 MB
Available physical RAM: 13938.66 MB
Total Virtual: 18758.05 MB
Available Virtual: 16249.81 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:104.33 GB) (Free:16.88 GB) NTFS
Drive d: () (Fixed) (Total:931.39 GB) (Free:749.54 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 111.8 GB) (Disk ID: 4BFB80C9)

Partition: GPT.

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt ============================
Blazinby
Regular Member
 
Posts: 18
Joined: January 11th, 2016, 7:46 pm

Re: finish off malware removal

Unread postby Blazinby » January 26th, 2016, 7:11 pm

C:\AdwCleaner\Quarantine\C\Users\maggi_000\AppData\Roaming\Mozilla\Firefox\Profiles\kv1218vg.default\Extensions\b@D.co.uk\content\bg.js.vir JS/Adware.MultiPlug.I application
C:\AdwCleaner\Quarantine\C\Users\maggi_000\AppData\Roaming\Mozilla\Firefox\Profiles\kv1218vg.default\Extensions\ERM@x.edu\content\bg.js.vir JS/Adware.MultiPlug.I application
C:\AdwCleaner\Quarantine\C\Users\stephen\AppData\Roaming\Mozilla\Firefox\Profiles\77d5llbx.default-1419873810480\Extensions\b@D.co.uk\content\bg.js.vir JS/Adware.MultiPlug.I application
C:\AdwCleaner\Quarantine\C\Users\stephen\AppData\Roaming\Mozilla\Firefox\Profiles\77d5llbx.default-1419873810480\Extensions\ERM@x.edu\content\bg.js.vir JS/Adware.MultiPlug.I application
C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSS.exe a variant of Win32/Systweak.L potentially unwanted application
C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSHelper.dll a variant of Win32/Systweak.N potentially unwanted application
C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSPrivacyProtector.exe a variant of Win32/Systweak.L potentially unwanted application
C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSRegClean.exe a variant of Win32/Systweak potentially unwanted application
C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSRegistryOptimizer.exe a variant of Win32/Systweak.L potentially unwanted application
C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSSystemCleaner.exe a variant of Win32/Systweak.L potentially unwanted application
C:\Users\maggi_000\Downloads\winzip18.exe a variant of Win32/InstallCore.AEO.gen potentially unwanted application
C:\Users\stephen\Desktop\Microsoft Toolkit.exe a variant of MSIL/HackKMS.G potentially unsafe application
C:\Windows\Installer\20cd10a2.msi a variant of Win32/Systweak.L potentially unwanted application
D:\Windows.old\Users\stephen\AppData\Local\Temp\ICReinstall_nsh2212.tmp a variant of Win32/InstallCore.ADV.gen potentially unwanted application
D:\Windows.old\Users\stephen\AppData\Local\Temp\nsa127A.tmp Win32/Adware.ConvertAd.ADO application
D:\Windows.old\Users\stephen\AppData\Local\Temp\nsd3368.tmp a variant of Win32/InstallCore.ADV.gen potentially unwanted application
D:\Windows.old\Users\stephen\AppData\Local\Temp\nse6251.tmp Win32/TrojanClicker.Agent.NXU trojan
D:\Windows.old\Users\stephen\AppData\Local\Temp\nsf2236.tmp a variant of Win32/Adware.ConvertAd.AER.gen application
D:\Windows.old\Users\stephen\AppData\Local\Temp\nsg134D.tmp Win32/AnyProtect.G potentially unwanted application
D:\Windows.old\Users\stephen\AppData\Local\Temp\nsgC947.tmp a variant of Win32/Adware.ConvertAd.ADZ.gen application
D:\Windows.old\Users\stephen\AppData\Local\Temp\nsgD12A.tmp a variant of Win32/Adware.ConvertAd.ADZ.gen application
D:\Windows.old\Users\stephen\AppData\Local\Temp\nsh2212.tmp a variant of Win32/InstallCore.ADV.gen potentially unwanted application
D:\Windows.old\Users\stephen\AppData\Local\Temp\nsj8C64.tmp a variant of Win32/Adware.ConvertAd.ADZ.gen application
D:\Windows.old\Users\stephen\AppData\Local\Temp\nsrA6B.tmp a variant of Win32/Adware.ConvertAd.ADZ.gen application
D:\Windows.old\Users\stephen\AppData\Local\Temp\nswC901.tmp Win32/Adware.ConvertAd.ADO application
D:\Windows.old\Users\stephen\AppData\Local\Temp\nsx4BD6.tmp a variant of Win32/Adware.ConvertAd.ADW application
D:\Windows.old\Users\stephen\AppData\Local\Temp\nsy891B.tmp a variant of Win32/Adware.EoRezo.BD application
D:\Windows.old\Users\stephen\AppData\Local\Temp\SppExtComObjHook.dll Win64/HackKMS.A potentially unsafe application
Blazinby
Regular Member
 
Posts: 18
Joined: January 11th, 2016, 7:46 pm

Re: finish off malware removal

Unread postby capnkrunch » January 28th, 2016, 5:13 pm

Hello Blazinby :)

ESET found a couple things that we need to address. Please complete these steps, then give me an update on how the computer is running.

Step one...

ESET flagged WinZip as a Potentially Unwanted Program (PUP). WinZip itself is not malicious but it comes bundled with third-party software that may be. Since you already have 7zip installed, which is clean and does the same thing, I would recommend you uninstall WinZip. 7zip is outdated so let's uninstall it and install the current version as well.

Uninstall Programs
  • Press the Windows Key + R.
  • Enter appwiz.cpl into the text box and click OK.
  • Locate the following programs:
    7-Zip 9.38 beta
    WinZip 18.5
  • Press the Uninstall or Uninstall/Change button and carefully follow any prompts to uninstall the program.
    • Take care to read through any prompts completely! Some uninstallers may attempt to trick you into keeping the program.
    • Do this for every program listed.
    • Don't worry if you can't find one of the programs. Just be sure to let me know in your reply.
  • Once finished reboot your computer.

The current version of 7zip can be downloaded HERE. You want the 64-bit x64 .exe file (it should be the second one listed). Double-click the downloaded file to run it and follow the prompts to install.

Step two...

FRST Fix
  • You should still have FRST64.exe on your Desktop. If not please download it HERE.
  • Press the Windows Key + R.
  • Type notepad.exe into the text box and click OK.
  • A blank Notepad page should open.
    • Copy and Paste the following script into Notepad, Do not include the words Code: Select all.
    • (Click the Select all button next to Code: to select the entire script).
    Code: Select all
    CreateRestorePoint:
    2016-01-21 22:32 - 2014-07-22 09:45 - 00002302 _____ C:\ProgramData\Microsoft\Windows\Start Menu\WinZip.lnk
    WinZip 18.5 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240E3}) (Version: 18.5.11111 - WinZip Computing, S.L. )
    FirewallRules: [{7CBC7956-1BA8-43BB-A74E-EB6172252448}] => (Allow) C:\Users\stephen\Desktop\Microsoft Toolkit.exe
    FirewallRules: [{E553DA61-5AD2-4E9F-B418-F72D4E4B83D4}] => (Allow) C:\Users\stephen\Desktop\Microsoft Toolkit.exe
    Reg: reg delete "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\StartupFolder" /v "McAfee Security Scan Plus.lnk" /f
    Reg: reg delete "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32" /v "vProt" /f
    Reg: reg delete "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32" /v "AdVPN" /f
    Reg: reg delete "HKU\S-1-5-21-3488279127-63086370-3813774398-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run" /v "uTorrent" /f
    
    C:\Program Files\WinZip
    C:\Users\maggi_000\Downloads\winzip18.exe
    C:\Users\stephen\Desktop\Microsoft Toolkit.exe
    C:\Windows\Installer\20cd10a2.msi
    D:\Windows.old\Users\stephen\AppData\Local\Temp\*.*
    
    EmptyTemp:
    CMD: ipconfig /flushdns
  • Save it next to FRST64.exe as fixlist.txt.
    Important! fixlist.txt must be saved in the same directory as FRST64.exe to work.
  • Right click on FRST64.exe and select Run as administrator.
  • Press the Fix button one time only and wait.
  • When FRST finishes you will be prompted to reboot your computer. Click OK.
  • Your computer should now restart. On reboot navigate to your Desktop where you should find Fixlog.txt. Copy and paste the contents in your reply.

Please post each log separately to prevent it being cut off by the forum post size limiter.
Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections...

In your next reply please include:
  • Did you have any problems with the instructions?
  • Fixlog.txt
  • Are there any changes in computer behavior?
User avatar
capnkrunch
MRU Graduate
MRU Graduate
 
Posts: 664
Joined: March 20th, 2015, 6:41 pm
Location: Chicago

Re: finish off malware removal

Unread postby Blazinby » January 29th, 2016, 7:28 pm

Hi capnkrunch :P

as always your instructions are thorough and easy to follow

I have included my log at the end of this post

computer seems to be ok now (just loads of crap starting everytime I reboot the PC but I will work through these after we have finished)

thank you for your continued help :cheers:

Fix result of Farbar Recovery Scan Tool (x64) Version:25-01-2016
Ran by stephen (2016-01-29 23:18:09) Run:4
Running from C:\Users\stephen\Downloads
Loaded Profiles: stephen (Available Profiles: stephen & maggi_000 & cmcga_000)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
2016-01-21 22:32 - 2014-07-22 09:45 - 00002302 _____ C:\ProgramData\Microsoft\Windows\Start Menu\WinZip.lnk
WinZip 18.5 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240E3}) (Version: 18.5.11111 - WinZip Computing, S.L. )
FirewallRules: [{7CBC7956-1BA8-43BB-A74E-EB6172252448}] => (Allow) C:\Users\stephen\Desktop\Microsoft Toolkit.exe
FirewallRules: [{E553DA61-5AD2-4E9F-B418-F72D4E4B83D4}] => (Allow) C:\Users\stephen\Desktop\Microsoft Toolkit.exe
Reg: reg delete "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\StartupFolder" /v "McAfee Security Scan Plus.lnk" /f
Reg: reg delete "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32" /v "vProt" /f
Reg: reg delete "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32" /v "AdVPN" /f
Reg: reg delete "HKU\S-1-5-21-3488279127-63086370-3813774398-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run" /v "uTorrent" /f

C:\Program Files\WinZip
C:\Users\maggi_000\Downloads\winzip18.exe
C:\Users\stephen\Desktop\Microsoft Toolkit.exe
C:\Windows\Installer\20cd10a2.msi
D:\Windows.old\Users\stephen\AppData\Local\Temp\*.*

EmptyTemp:
CMD: ipconfig /flushdns
*****************

Restore point was successfully created.
"C:\ProgramData\Microsoft\Windows\Start Menu\WinZip.lnk" => not found.
WinZip 18.5 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240E3}) (Version: 18.5.11111 - WinZip Computing, S.L. ) => Error: No automatic fix found for this entry.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{7CBC7956-1BA8-43BB-A74E-EB6172252448} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{E553DA61-5AD2-4E9F-B418-F72D4E4B83D4} => value removed successfully

========= reg delete "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\StartupFolder" /v "McAfee Security Scan Plus.lnk" /f =========

The operation completed successfully.



========= End of Reg: =========


========= reg delete "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32" /v "vProt" /f =========

The operation completed successfully.



========= End of Reg: =========


========= reg delete "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32" /v "AdVPN" /f =========

The operation completed successfully.



========= End of Reg: =========


========= reg delete "HKU\S-1-5-21-3488279127-63086370-3813774398-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run" /v "uTorrent" /f =========

The operation completed successfully.



========= End of Reg: =========

"C:\Program Files\WinZip" => not found.
C:\Users\maggi_000\Downloads\winzip18.exe => moved successfully
C:\Users\stephen\Desktop\Microsoft Toolkit.exe => moved successfully
"C:\Windows\Installer\20cd10a2.msi" => not found.

=========== "D:\Windows.old\Users\stephen\AppData\Local\Temp\*.*" ==========

D:\Windows.old\Users\stephen\AppData\Local\Temp\13AB.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\187002781.cvr => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\187287750.cvr => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\187408984.cvr => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\187449203.cvr => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\187496734.cvr => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\187582609.cvr => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\187723250.cvr => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\2D63.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\333E.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\3514.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\3D East.JPG => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\3D North.JPG => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\52E.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\6441.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\8AFB.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\ACA & MEP 2016 Object Enabler.log => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\ACAD Private.log => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\ACADExtApps_AppManager_Install.log => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\ACADExtApps_FeaturedApps_Install.log => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\ACADExtApps_SketchUpImport_Install.log => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\ACC.log => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\AcDeltree.exe => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\AcFusionInstall.log => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\acminidump.dmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\acminidump_big.dmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\ad17E6.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\ad316A.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\ad351D.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\ad3538.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\adA4C4.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\AdApplicationManager-uninstall.log => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\adC325.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\adDC93.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\adF06F.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\AdobeARM.log => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\AdobeARM_NotLocked.log => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\adobegc.log => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\AdobeIPCBroker.log => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\AdobeIPCBrokerCustomHook.log => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\ads3BE7.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\ads5A50.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\adsA184.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\adsC29F.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\adsF30F.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\AdvancedImageLibrary2016.log => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\AdvancedMaterialLibrary2016CM.log => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\aec356.xml => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\aec357.xml => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\aec927.xml => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\aec928.xml => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\aecCE9A.xml => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\aecCEAB.xml => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\afl.log => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\alm.log => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\amt.log => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\amt3.log => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\appIndex.log => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\application.sif => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\au-descriptor-1.8.0_60-b27.xml => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\au-descriptor-1.8.0_65-b17.xml => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\au-descriptor-1.8.0_66-b18.xml => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\AutoCAD 2015 - English.log => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\AutoCAD 2015 Language Pack - English.log => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\AutoCAD 2016 Language Pack - English.log => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\AutoCAD 2016.log => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\Autodesk AutoCAD 2015 Install.log => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\Autodesk AutoCAD 2015 Setup.log => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\Autodesk AutoCAD 2016 Core Install.log => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\Autodesk AutoCAD 2016 LangPack Install.log => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\Autodesk AutoCAD 2016 OEPack Install.log => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\Autodesk AutoCAD 2016 PrivatePack Install.log => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\Autodesk AutoCAD 2016 PSPack Install.log => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\Autodesk AutoCAD 2016 Setup.log => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\Autodesk BIM 360 Add-in for AutoCAD 2015 Install.log => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\Autodesk BIM 360 Add-in for AutoCAD 2016 Install.log => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\Autodesk BIM 360 Add-in for Revit 2015 Install.log => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\Autodesk BIM 360 Add-in for Revit 2016 Install.log => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\Autodesk Building Design Ultimate 2016 Setup.log => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\Autodesk Content Explorer Test Installer.log => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\Autodesk Content Service Language Pack.log => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\Autodesk Inventor Fusion 2013 Installer.log => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\Autodesk Inventor Fusion plug-in language pack for AutoCAD 2013.log => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\Autodesk Navisworks 2016 (64bit Exporters) Install (en-us).log => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\Autodesk Navisworks 2016 (64bit Exporters) Install.log => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\Autodesk Navisworks 2016 64 Bit Exporters Setup.log => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\Autodesk Navisworks 2016 Exporters - 64 bit - English Language Pack.log => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\Autodesk Navisworks Manage 2016 - 2010 DWG File Reader.log => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\Autodesk Navisworks Manage 2016 - 2011 DWG File Reader.log => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\Autodesk Navisworks Manage 2016 - 2012 DWG File Reader.log => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\Autodesk Navisworks Manage 2016 - 2013 DWG File Reader.log => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\Autodesk Navisworks Manage 2016 - 2014 DWG File Reader.log => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\Autodesk Navisworks Manage 2016 - 2015 DWG File Reader.log => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\Autodesk Navisworks Manage 2016 - 2016 DWG File Reader.log => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\Autodesk Navisworks Manage 2016 - English Language Pack.log => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\Autodesk Navisworks Manage 2016 2010 DWG File Reader Install.log => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\Autodesk Navisworks Manage 2016 2011 DWG File Reader Install.log => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\Autodesk Navisworks Manage 2016 2012 DWG File Reader Install.log => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\Autodesk Navisworks Manage 2016 2013 DWG File Reader Install.log => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\Autodesk Navisworks Manage 2016 2014 DWG File Reader Install.log => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\Autodesk Navisworks Manage 2016 2015 DWG File Reader Install.log => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\Autodesk Navisworks Manage 2016 2016 DWG File Reader Install.log => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\Autodesk Navisworks Manage 2016 Install (en-us).log => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\Autodesk Navisworks Manage 2016 Install.log => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\Autodesk Navisworks Manage 2016 Setup.log => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\Autodesk Revit 2015 Install (en-us).log => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\Autodesk Revit 2015 Install.log => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\Autodesk Revit 2015 Setup.log => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\Autodesk Revit 2016 Install.log => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\Autodesk Revit 2016 Setup.log => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\Autodesk Revit Content Libraries 2015 Install.log => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\Autodesk Revit Content Libraries 2016 Install.log => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\Autodesk Revit Interoperability for Navisworks Manage 2016.log => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\Autodesk Revit Navisworks Manage.log => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\Autodesk-WebInstall3StubGUI-execution.log => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\Autodesk360_x64_Release_x64_5.2.3.1000.msp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\AutodeskReCap.log => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\AutodeskReCapStandardInstall.log => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\AutodeskReCap_TransformsCleanUp.log => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\avginfo.id => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\BE8B.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\BgInstallAssist.txt => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\bitrock_installer.log => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\BullGuard Internet Security Setup.exe => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\bwtD6C0.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\bwtD6C1.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\bwtD793.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\bwtD794.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\bwtD8FF.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\bwtD9D9.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\bwtD9DA.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\bwtDA17.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\cef_debug.log => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\CEPHtmlEngine5-PHXS-16.0.1-com.adobe.preview.loader.log => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\CFG101F.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\CFG1108.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\CFG137F.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\CFG142E.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\CFG14A5.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\CFG157E.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\CFG166E.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\CFG172.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\CFG180B.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\CFG1861.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\CFG187D.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\CFG1B88.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\CFG1C10.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\CFG1E9A.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\CFG1FD7.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\CFG21F5.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\CFG25CE.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\CFG25F5.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\CFG2713.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\CFG273A.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\CFG28E2.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\CFG28ED.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\CFG293F.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\CFG294.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\CFG2CEE.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\CFG2CF8.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\CFG2D8E.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\CFG2DD0.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\CFG31A1.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\CFG31E0.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\CFG31FF.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\CFG329C.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\CFG3301.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\CFG3328.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\CFG33E0.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\CFG35E9.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\CFG3623.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\CFG3636.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\CFG36E7.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\CFG37B1.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\CFG3823.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\CFG385A.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\CFG386E.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\CFG39A0.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\CFG3A0C.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\CFG3A42.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\CFG3AB3.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\CFG3AC9.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\CFG3BD2.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\CFG3BE5.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\CFG3CC0.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\CFG3F93.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\CFG40E3.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\CFG4294.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\CFG439.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\CFG4460.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\CFG45AA.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\CFG4A04.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\CFG4AB.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\CFG4B19.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\CFG4C61.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\CFG4D39.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\CFG4FA5.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\CFG5040.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\CFG520F.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\CFG5342.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\CFG534E.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\CFG5400.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\CFG566C.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\CFG5674.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\CFG598C.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\CFG5C2F.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\CFG5E3E.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\CFG6075.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\CFG60F3.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\CFG617F.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\CFG6185.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\CFG628.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\CFG6364.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\CFG6538.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\CFG6A58.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\CFG6A83.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\CFG6A97.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\CFG6D1.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\CFG6D18.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\CFG6D49.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\CFG6DF4.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\CFG6E0.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\CFG6E76.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\CFG70FD.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\CFG7165.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\CFG7182.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\CFG7226.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\CFG73C2.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\CFG742B.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\CFG7515.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\CFG7749.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\CFG7810.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\CFG788A.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\CFG78BD.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\CFG78E4.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\CFG78FB.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\CFG7BC2.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\CFG7CC.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\CFG7D17.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\CFG7DFB.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\CFG7E5B.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\CFG809B.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\CFG80B3.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\CFG8109.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\CFG8136.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\CFG81A8.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\CFG8393.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\CFG83BB.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\CFG8409.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\CFG841D.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\CFG8426.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\CFG84DC.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\CFG8619.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\CFG872C.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\CFG87C0.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\CFG8893.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\CFG88E8.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\CFG8D88.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\CFG8E2C.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\CFG8F6F.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\CFG8F91.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\CFG9019.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\CFG912B.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\CFG917.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\CFG9186.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\CFG91D6.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\CFG91E9.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\CFG930B.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\CFG9407.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\CFG95E1.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\CFG977A.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\CFG97B5.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\CFG9818.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\CFG9898.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\CFG9A6D.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\CFG9A79.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\CFG9A9E.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\CFG9B5.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\CFG9C0D.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\CFG9CB1.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\CFG9F3D.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\CFGA13F.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\CFGA157.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\CFGA85C.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\CFGA9C3.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\CFGA9F1.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\CFGAA37.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\CFGAAD8.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\CFGAB59.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\CFGAB7F.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\CFGAC32.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\CFGB3E8.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\CFGB3F6.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\CFGB481.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\CFGB639.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\CFGB6EF.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\CFGB88A.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\CFGB8AE.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\CFGB908.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\CFGBA7F.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\CFGBC1F.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\CFGBD4A.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\CFGBDD1.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\CFGBDD2.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\CFGBE2D.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\CFGBE3C.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\CFGBEA0.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\CFGBEE1.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\CFGBEFF.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\CFGBF38.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\CFGBF6B.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\CFGBFB5.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\CFGC03D.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\CFGC2BF.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\CFGC41C.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\CFGC520.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\CFGC56E.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\CFGC7EE.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\CFGC870.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\CFGC8B4.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\CFGC8C3.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\CFGCAA7.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\CFGCAEC.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\CFGCD04.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\CFGCE45.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\CFGCE78.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\CFGCEE3.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\CFGCEFF.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\CFGCFFE.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\CFGD0BE.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\CFGD14E.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\CFGD181.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\CFGD182.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\CFGD320.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\CFGD407.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\CFGD487.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\CFGD49C.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\CFGD600.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\CFGD63A.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\CFGD749.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\CFGD81E.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\CFGD820.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\CFGD8F2.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\CFGDA35.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\CFGDAC3.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\CFGDBAE.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\CFGDCA4.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\CFGDD84.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\CFGDEF8.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\CFGDF07.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\CFGDF29.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\CFGE10.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\CFGE159.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\CFGE20B.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\CFGE2D8.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\CFGE2EA.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\CFGE559.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\CFGE640.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\CFGE641.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\CFGE6D.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\CFGE780.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\CFGE7DD.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\CFGE8FF.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\CFGE946.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\CFGEB8B.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\CFGEC67.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\CFGECF8.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\CFGEDF3.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\CFGEF08.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\CFGF086.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\CFGF117.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\CFGF128.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\CFGF14.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\CFGF178.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\CFGF22.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\CFGF353.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\CFGF394.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\CFGF478.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\CFGF68.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\CFGF776.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\CFGF7C2.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\CFGF87.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\CFGF932.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\CFGF9DC.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\CFGFD74.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\CFGFDA3.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\CFGFE41.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\CFGFEE9.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\cfinstall.log => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\chrome_installer.log => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\CloudsyncInstall.log => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\ContentPackUI.log => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\ContentService Install.log => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\cp_Install.log => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\csxs-IDSN.log => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\csxs6-PHXS.log => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\CVT2EEC.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\CVT65F8.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\CVTC033.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\dd_vcredist_amd64_20151002145834.log => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\dd_vcredist_amd64_20151005122419.log => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\dd_vcredist_amd64_20151005122419_0_vcRuntimeMinimum_x64.log => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\dd_vcredist_amd64_20151005122419_1_vcRuntimeAdditional_x64.log => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\dd_vcredist_amd64_20151005123025.log => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\dd_vcredist_amd64_20151005123028.log => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\dd_vcredist_x86_20151002145831.log => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\dd_vcredist_x86_20151002145832.log => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\dd_vcredist_x86_20151005122418.log => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\dd_vcredist_x86_20151005122419.log => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\dd_vcredist_x86_20151005123026.log => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\dd_vcredist_x86_20151005123030.log => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\dd_vcredist_x86_20151206170942.log => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\design adapt plan_1_1_2292.bak => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\design adapt plan_1_1_8043.bak => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\E9033C823AF799C851CFF468E73A540A.ini => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\F16C.tmp.dic => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\FaroSDK.log => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\FNP_ACT_InstallerCA.dll => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\HCLauncher.log => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\heu39T.nss => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\HitmanPro.exe => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\ICReinstall_nsh2212.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\Install_SoftwareRestrictionPolicies.log => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\JavaDeployReg.log => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\java_install_sp.log => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\java_ydata.log => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\jre-8u60-windows-au.exe => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\jre-8u65-windows-au.exe => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\jre-8u66-windows-au.exe => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\jusched.log => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\Kies2Install.log => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\KiesInstall.Log => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\kl-setup-2015-11-09-12-40-06.log.enc1 => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\KSS_cleaner.dat => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\LavasoftLSPInstaller.ini.log => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\LavasoftTcpServicer.log => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\location plan copy.jpg => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\MAGGIE-20150813-2242.log => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\MAGGIE-20150909-0016.log => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\MAGGIE-20150909-0022.log => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\MAGGIE-20150909-0046.log => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\MAGGIE-20150909-0056.log => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\MAGGIE-20150909-0116.log => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\MAGGIE-20150909-0126.log => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\MAGGIE-20150909-0156.log => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\MAGGIE-20150909-1839.log => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\MAGGIE-20150909-1846.log => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\MAGGIE-20150909-1909.log => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\MAGGIE-20150909-1916.log => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\MAGGIE-20150909-1930.log => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\MAGGIE-20150909-1939.log => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\MAGGIE-20150909-1946.log => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\MAGGIE-20150909-2000.log => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\MAGGIE-20150909-2030.log => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\MAGGIE-20151103-1449.log => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\MAGGIE-20151103-1601.log => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\MAGGIE-20151103-1631.log => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\MAGGIE-20151103-1701.log => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\MAGGIE-20151209-0018.log => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\MAGGIE-20151209-0048.log => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\MAGGIE-20151209-0118.log => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\MaterialLibrary2014CM.log => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\MaterialLibrary2015CMILL.log => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\MaterialLibrary2016CM.log => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\MaterialLibrary2016CMILB.log => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\MaterialLibrary2016CMILL.log => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\MaterialLibrary2016CMILM.log => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\Media.idt => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\MG_Util_9B712ADE-597B-4013-BB3F-347C9EC6AEBE.log => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\MG_Util_9B712ADE-597B-4013-BB3F-347C9EC6AEBE.log.20150828223155699 => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\MG_Util_9B712ADE-597B-4013-BB3F-347C9EC6AEBE.log.20150829211954885 => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\MG_Util_9B712ADE-597B-4013-BB3F-347C9EC6AEBE.log.20150830003138889 => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\MG_Util_9B712ADE-597B-4013-BB3F-347C9EC6AEBE.log.20150830004108098 => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\MG_Util_9B712ADE-597B-4013-BB3F-347C9EC6AEBE.log.20150904014359045 => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\MG_Util_9B712ADE-597B-4013-BB3F-347C9EC6AEBE.log.20150911214442472 => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\MG_Util_9B712ADE-597B-4013-BB3F-347C9EC6AEBE.log.20150925015421054 => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\MG_Util_9B712ADE-597B-4013-BB3F-347C9EC6AEBE.log.20150929163304989 => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\MG_Util_9B712ADE-597B-4013-BB3F-347C9EC6AEBE.log.20151206170150690 => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\MG_Util_9B712ADE-597B-4013-BB3F-347C9EC6AEBE.log.20151206171014479 => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\Microsoft Edge.lnk => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\Microsoft Visual C++ 2010 x64 Redistributable Setup_20151005_123017482-Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219-MSP0.txt => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\Microsoft Visual C++ 2010 x64 Redistributable Setup_20151005_123017482-MSI_vc_red.msi.txt => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\Microsoft Visual C++ 2010 x64 Redistributable Setup_20151005_123017482.html => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_20151005_123022100-Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219-MSP0.txt => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_20151005_123022100-MSI_vc_red.msi.txt => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_20151005_123022100.html => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\Microsoft.Explorer.Notification.{012BF4EE-7FE8-EEC9-A421-4F12046B2BBB}.png => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\Microsoft.Explorer.Notification.{1B2FC22D-55C9-E6C0-F949-73A09E480066}.png => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\Microsoft.Explorer.Notification.{5E481941-CEDE-A776-DDAA-02890B26C153}.png => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\Microsoft.Explorer.Notification.{5FD706BA-5FE2-1B2B-965F-FFB7E42D3476}.png => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\Microsoft.Explorer.Notification.{748B6648-9832-F49E-F1BA-48D5F9068067}.png => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\Microsoft.Explorer.Notification.{80FC1ED3-0B71-3F50-F939-26C631BBF23E}.png => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\Microsoft.Explorer.Notification.{8D626F28-F684-F8D1-F260-F68FD923F0B6}.png => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\Microsoft.Explorer.Notification.{94EF30AC-1D0F-B902-9128-27B0C308B31F}.png => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\Microsoft.Explorer.Notification.{978FB944-00C2-BB67-3D00-A389DE63249D}.png => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\Microsoft.Explorer.Notification.{9FE5FB1D-D9CC-518F-00CC-BDC245691A9E}.png => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\Microsoft.Explorer.Notification.{A137E124-24B0-E4B8-1C9B-70319DF8FBF2}.png => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\Microsoft.Explorer.Notification.{AABF353F-2D88-82CE-F443-0129B5DE9064}.png => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\Microsoft.Explorer.Notification.{AC379F1D-0C11-36F3-4CE7-FE6CB8ED20E6}.png => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\Microsoft.Explorer.Notification.{B2E2D052-B051-D751-3E74-F8D4290BD1BC}.png => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\Microsoft.Explorer.Notification.{CD1FEFD7-C605-3300-FE23-BA8981FA6E7B}.png => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\Microsoft.Explorer.Notification.{D159DE65-8E1E-6ED6-4DA3-65EA5ED41C20}.png => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\Microsoft.Explorer.Notification.{F3021280-8B71-AE51-7BF9-DAA692344272}.png => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\MIMB7C5.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\moz-update-new-backup-update.log => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\moz-update-new-last-update.log => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\MpCmdRun.log => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\MSI1007e.LOG => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\MSI10a8a.LOG => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\MSI112f7.LOG => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\MSI1182a.LOG => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\MSI11b3f.LOG => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\MSI1376.LOG => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\MSI13f2b.LOG => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\MSI1404.LOG => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\MSI1532c.LOG => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\MSI15f74.LOG => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\MSI16b05.LOG => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\MSI179f6.LOG => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\MSI180d.LOG => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\MSI1b1b2.LOG => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\MSI1c027.LOG => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\MSI1d3d6.LOG => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\MSI1d79c.LOG => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\MSI1d945.LOG => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\MSI1ffa7.LOG => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\MSI206da.LOG => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\MSI20768.LOG => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\MSI21a83.LOG => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\MSI21dcd.LOG => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\MSI21fa5.LOG => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\MSI246d2.LOG => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\MSI24bef.LOG => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\MSI24d79.LOG => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\MSI24ed2.LOG => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\MSI2792d.LOG => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\MSI28f0c.LOG => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\MSI292db.LOG => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\MSI2b410.LOG => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\MSI2c394.LOG => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\MSI2c919.LOG => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\MSI2d5f8.LOG => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\MSI2dc8d.LOG => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\MSI2e138.LOG => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\MSI2fa50.LOG => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\MSI30fa8.LOG => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\MSI32379.LOG => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\MSI3290f.LOG => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\MSI33de.LOG => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\MSI33fff.LOG => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\MSI35e5a.LOG => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\MSI36b6.LOG => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\MSI381a8.LOG => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\MSI3863f.LOG => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\MSI39276.LOG => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\MSI3a575.LOG => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\MSI3bd3.LOG => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\MSI3c2bb.LOG => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\MSI3c875.LOG => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\MSI3da1e.LOG => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\MSI3eae5.LOG => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\MSI3f592.LOG => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\MSI3f6a.LOG => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\MSI409d6.LOG => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\MSI4133.LOG => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\MSI427c1.LOG => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\MSI42fed.LOG => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\MSI43ad8.LOG => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\MSI43cad.LOG => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\MSI45c5a.LOG => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\MSI46e60.LOG => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\MSI48157.LOG => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\MSI4a185.LOG => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\MSI4a1df.LOG => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\MSI4a385.LOG => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\MSI4c7dd.LOG => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\MSI4d62b.LOG => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\MSI4ddd3.LOG => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\MSI4e83f.LOG => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\MSI4e880.LOG => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\MSI50fa4.LOG => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\MSI51d46.LOG => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\MSI524de.LOG => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\MSI56ba0.LOG => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\MSI57ac6.LOG => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\MSI57c02.LOG => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\MSI58acf.LOG => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\MSI593fc.LOG => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\MSI5b73f.LOG => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\MSI5c136.LOG => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\MSI5c174.LOG => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\MSI5c3d9.LOG => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\MSI5c8dd.LOG => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\MSI5d1fa.LOG => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\MSI5da9b.LOG => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\MSI5ea5e.LOG => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\MSI5fb82.LOG => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\MSI6053d.LOG => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\MSI60871.LOG => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\MSI60ff8.LOG => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\MSI633ea.LOG => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\MSI642ad.LOG => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\MSI64bac.LOG => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\MSI65b1f.LOG => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\MSI66eb4.LOG => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\MSI6a382.LOG => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\MSI6b552.LOG => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\MSI6e37c.LOG => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\MSI6edcc.LOG => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\MSI71187.LOG => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\MSI72f15.LOG => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\MSI7347a.LOG => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\MSI736ad.LOG => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\MSI73ae9.LOG => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\MSI75835.LOG => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\MSI77640.LOG => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\MSI78204.LOG => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\MSI79aad.LOG => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\MSI7a545.LOG => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\MSI7b33.LOG => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\MSI7dfe2.LOG => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\MSI7e245.LOG => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\MSI7ec02.LOG => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\MSI8081.LOG => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\MSI821b2.LOG => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\MSI8223.LOG => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\MSI823d.LOG => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\MSI8271c.LOG => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\MSI8693b.LOG => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\MSI87cda.LOG => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\MSI883f9.LOG => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\MSI88c90.LOG => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\MSI88d11.LOG => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\MSI8950d.LOG => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\MSI8a028.LOG => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\MSI8a230.LOG => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\MSI8aa2e.LOG => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\MSI8aa76.LOG => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\MSI8c3d6.LOG => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\MSI8ca3a.LOG => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\MSI8d3bb.LOG => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\MSI8d3de.LOG => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\MSI8db9b.LOG => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\MSI8e7b0.LOG => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\MSI8ea06.LOG => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\MSI8f0f5.LOG => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\MSI8f71b.LOG => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\MSI8fcdb.LOG => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\MSI8ff24.LOG => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\MSI91d6d.LOG => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\MSI935a2.LOG => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\MSI93f5f.LOG => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\MSI94363.LOG => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\MSI94389.LOG => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\MSI944ac.LOG => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\MSI94694.LOG => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\MSI9485c.LOG => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\MSI9496f.LOG => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\MSI96498.LOG => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\MSI97cad.LOG => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\MSI989e2.LOG => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\MSI98c06.LOG => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\MSI98f38.LOG => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\MSI99165.LOG => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\MSI99744.LOG => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\MSI997bf.LOG => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\MSI99a88.LOG => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\MSI9a68a.LOG => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\MSI9cd67.LOG => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\MSI9def9.LOG => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\MSI9e165.LOG => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\MSI9e872.LOG => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\MSI9ee03.LOG => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\MSIa14c1.LOG => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\MSIa2d21.LOG => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\MSIa3d1a.LOG => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\MSIa5df3.LOG => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\MSIa7361.LOG => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\MSIa9382.LOG => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\MSIaa5e8.LOG => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\MSIadb78.LOG => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\MSIae22.LOG => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\MSIafa4e.LOG => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\MSIb4189.LOG => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\MSIb48da.LOG => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\MSIb6519.LOG => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\MSIb73aa.LOG => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\MSIb821b.LOG => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\MSIb8732.LOG => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\MSIb9af2.LOG => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\MSIb9b25.LOG => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\MSIb9c56.LOG => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\MSIb9f09.LOG => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\MSIbaa5f.LOG => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\MSIbb18.LOG => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\MSIbc956.LOG => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\MSIbcd44.LOG => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\MSIbd0a9.LOG => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\MSIbd836.LOG => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\MSIbe31b.LOG => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\MSIbe3fe.LOG => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\MSIbee71.LOG => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\MSIbf0a7.LOG => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\MSIc0b12.LOG => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\MSIc1812.LOG => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\MSIc1b4f.LOG => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\MSIc1ea6.LOG => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\MSIc36e8.LOG => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\MSIc5635.LOG => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\MSIc5c9.LOG => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\MSIc6817.LOG => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\MSIc939.LOG => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\MSIc975f.LOG => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\MSIcb8e.LOG => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\MSIcbb84.LOG => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\MSIcbcc5.LOG => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\MSIccaa2.LOG => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\MSIcde0d.LOG => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\MSIcf14c.LOG => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\MSId02de.LOG => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\MSId044e.LOG => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\MSId11ec.LOG => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\MSId2736.LOG => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\MSId32a.LOG => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\MSId37cb.LOG => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\MSId59a6.LOG => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\MSId6c3e.LOG => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\MSId81d1.LOG => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\MSId82df.LOG => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\MSId8bdf.LOG => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\MSId9ee3.LOG => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\MSIda0a2.LOG => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\MSIdc85f.LOG => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\MSIdca49.LOG => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\MSIdd30a.LOG => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\MSIdda75.LOG => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\MSIde5b0.LOG => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\MSIdea73.LOG => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\MSIe2133.LOG => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\MSIe30f2.LOG => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\MSIe47db.LOG => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\MSIe8ef6.LOG => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\MSIefda0.LOG => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\MSIf2542.LOG => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\MSIf403f.LOG => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\MSIf424.LOG => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\MSIf44ea.LOG => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\MSIf5579.LOG => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\MSIf6be0.LOG => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\MSIf773.LOG => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\MSIf86ae.LOG => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\MSIf9b2c.LOG => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\MSIfc798.LOG => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\MSIfcd18.LOG => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\MSIfd1dc.LOG => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\MSIfecd3.LOG => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\MSIff830.LOG => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\MSIffa37.LOG => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\NELog.log => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\netlog.txt => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\nsa127A.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\nsa8336.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\nsa8337.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\nscF319.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\nsd3368.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\nse6251.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\nsf2236.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\nsg134D.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\nsgC947.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\nsgD12A.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\nsh2212.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\nsj7F7E.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\nsj8C64.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\nsk8325.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\nsrA6B.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\nsrE73F.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\nssE29F.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\nst7F6C.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\nst7F6D.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\nswC901.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\nsx4BD6.tmp => moved successfully
Could not move "D:\Windows.old\Users\stephen\AppData\Local\Temp\nsy891B.tmp" => Scheduled to move on reboot.
D:\Windows.old\Users\stephen\AppData\Local\Temp\officec2rclient.exe_c2ruidll(2015120900181527A4).log => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\oobelib.log => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\Outcome 2 Role and Responsibilities-2.pdf => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\PDApp 11-10-2015 02-00-01.log => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\PDApp 11-9-2015 02-00-01.log => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\PDApp.log => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\Performance_Tool_Install.log => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\productInfo.xml => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\ProductInformation.pit => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\repair00512_01.txt => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\repair04512_01.txt => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\repair09404_01.txt => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\repair10936_01.txt => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\RevB31B.tmp.adsklib => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\RevD361.tmp.adsklib => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\Revit 2015 Language Pack - English.log => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\RevitCustom.log => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\Ricky Raccoon's Revit Renderings backup.rvt => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\Ricky Raccoon's Revit Renderings.0001.rvt => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\Ricky Raccoon's Revit Renderings.0002.rvt => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\Ricky Raccoon's Revit Renderings.0003.rvt => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\Ricky Raccoon's Revit Renderings.rvt => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\Rickys backup.0001.rte => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\Rickys backup.rte => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\Setup Log 2015-09-13 #001.txt => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\Setup Log 2015-09-13 #002.txt => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\Setup Log 2015-11-09 #001.txt => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\Setup Log 2015-11-09 #002.txt => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\Setup Log 2015-11-20 #001.txt => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\Setup Log 2015-11-20 #002.txt => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\Setup Log 2015-11-23 #001.txt => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\Setup Log 2015-11-23 #002.txt => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\Setup Log 2015-11-24 #001.txt => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\Setup Log 2015-11-24 #002.txt => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\Setup Log 2015-11-27 #001.txt => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\Setup Log 2015-11-27 #002.txt => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\SetupExe(201511261923083FE4).log => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\SetupExe(201511261927301AAC).log => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\SetupExe(20151126193118EF8).log => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\SetupExe(201511261931481650).log => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\SetupExe(2015112619380535EC).log => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\SetupExe(201512081437082240).log => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\SetupExe(2015120814453318F0).log => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\SetupExe(201512081447021DBC).log => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\SetupExe(2015120815023216C4).log => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\SetupExe(20151208150241E08).log => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\SetupExe(20151208150323814).log => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\SppExtComObjHook.dll => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\StructuredQuery.log => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\swatchrender.log => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\swtag.log => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\teamspeak_banner.jpg => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\teamspeak_banner.txt => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\toolbar_log.txt => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\vcredist_x64_2005.log => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\vcredist_x64_2012_UPD4.log => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\vcredist_x86_2012_UPD4.log => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\wct1304.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\wct2002.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\wct2600.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\wct2BCC.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\wct35BA.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\wct3E18.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\wct48FB.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\wct4CEA.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\wct531B.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\wct5FA8.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\wct61AD.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\wct709B.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\wct773.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\wct8309.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\wct8954.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\wct9BA0.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\wct9D36.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\wctA749.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\wctA8B2.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\wctC2D8.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\wctC8F5.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\wctCE84.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\wctCE8D.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\wctD015.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\wctE081.tmp => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\wmsetup.log => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\Workflows 2015 Install.log => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\Workflows 2016 Install.log => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\WSE30_setupLog.log => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\ws_Crypto_20151025_0.log => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\ws_Crypto_20151028_0.log => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\ws_Crypto_20151102_0.log => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\ws_Crypto_20151103_0.log => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\ws_Crypto_20151104_0.log => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\ws_Crypto_20151109_0.log => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\ws_Crypto_20151110_0.log => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\ws_Crypto_20151111_0.log => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\ws_Crypto_20151122_0.log => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\ws_Crypto_20151123_0.log => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\__rzi_0.723 => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\{9474AEBC-8F8E-41FD-BE67-2A73092320E2}.png => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\~DF00B6D62DEE17E830.TMP => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\~DF1F841C8A384628BA.TMP => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\~DF2A294E38CEA55E40.TMP => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\~DF2F06780F97C83224.TMP => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\~DF5B98C399D413AD04.TMP => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\~DF7E8B72B04C5BA71A.TMP => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\~DF9B0FAF47FA33E2C1.TMP => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\~DFB8189DA06501FABF.TMP => moved successfully
D:\Windows.old\Users\stephen\AppData\Local\Temp\~DFD1DAB05856FA9F24.TMP => moved successfully

========= End -> "D:\Windows.old\Users\stephen\AppData\Local\Temp\*.*" ========


========= ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

EmptyTemp: => 136.2 MB temporary data Removed.

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 2016-01-29 23:19:27)

==> ATTENTION: System is not rebooted.
D:\Windows.old\Users\stephen\AppData\Local\Temp\nsy891B.tmp => Is moved successfully

==== End of Fixlog 23:19:27 ====
Blazinby
Regular Member
 
Posts: 18
Joined: January 11th, 2016, 7:46 pm

Re: finish off malware removal

Unread postby capnkrunch » January 30th, 2016, 5:22 pm

Hello Blazinby :)

Good news. Your last set of logs looks All Clean! We have a bit of clean up to do and I have some tips to help reduce your chance of getting reinfected.

Blazinby wrote:computer seems to be ok now (just loads of crap starting everytime I reboot the PC but I will work through these after we have finished)

Once you have completed the steps in the rest of this post you may be interested in this section of our What to do if your Computer is running slowly tutorial. If you choose use WinPatrol as a solution (remember, do not use MSConfig) the following programs can be safely disabled: AdobeAAMUpdater-1.0 and Skype and the following programs should not be disabled: SunJavaUpdateSched and ADSKAppManager. The rest are classified as 'user's choice' so you will need to experiment to find which ones you are OK with not running on startup.

But before you do that, let's clean the tools we used and tighten the security on some commonly exploited programs.

Step one...

DelFix
  • Please download DelFix by Xplode and save it to your Desktop.
  • Right click on delfix_*version*.exe and select Run as administrator.
  • Check the following boxes and then click Run:
    • Activate UAC
    • Remove disinfection tools
    • Purge system restore
    • Reset system settings
  • If any logs or programs remain, you may delete them now.
Note: the one exception is Malwarebytes Anti-Malware which I strongly recommend you keep.

Step two...

Java - Recommended Security Settings
  • Click Start.
  • Type Configure Java into the search box and select it from the results.
  • Recommended settings:
    • Update - ensure Check for Updates Automatically is checked.
    • Security - Uncheck Enable Java content in browser (see Note below).
  • Click OK to apply the settings and close the window.
Note: most websites no longer require Java to work. However, if you find that you do require Java for some sites, I recommend disabling it in your main browser and using a secondary browser solely for visiting the sites that require Java. See HERE for how to disable Java in specific browsers.

Step three...

Adobe Flash Player - Recommended Security Settings
  • Please go to the Flash Player Settings Manager in your browser.
  • Recommended settings:
    • Global Privacy Settings (the first tab) - click Always Deny and then Confirm to prevent sites from accessing your camera or microphone.
    • Global Storage Settings (the second tab) - Uncheck Allow third-party Flash content to store data on your computer.
    • Global Security Settings (the third tab) - Check Always deny.
  • This will change the settings for Flash in all browsers so it is only necessary to do it once.

Step four...

Adobe Acrobat Reader DC - Recommended Security Settings
  • Click Start.
  • Type Acrobat Reader DC into the search box and select it from the results.
  • Click Edit and then Preferences.
  • Recommended settings:
    • Javascript - Uncheck Enable Acrobat JavaScript.
    • Security (Enhanced) - Uncheck Automatically trust sites from my Win OS security zones.
    • Trust Manager - Uncheck Allow opening of non-PDF file attachments with external applications.
  • Click OK to save the settings.

In addition to these security settings, it is a good idea to prevent plugins from running automatically by enabling click-to-play in all your browsers. Please see How to Enable Click-to-Play Plugins in Every Web Browser for instructions how to do this.

With all that completed, please take the time to read through this general security advice.

Security programs
  • Antivirus - Windows Defender is a good solution and there is really no need to use a third-party antivirus. However, if you would like to install a different one my recommendation for a free antivirus is Avast! Free Antivirus (see Note below). Whatever you choose, keep it enabled and updated and schedule a scan for every 1-3 days.
  • Antimalware - You already had Malwarebytes Anti-Malware installed which is great. It is the gold standard for anti-malware and the one tool we used that I would recommend keeping. Keep it updated and run a scan every week or so. The paid version also offers realtime protection.
  • Firewall - The Windows Firewall is enabled by default. Don't turn it off and you are good to go as far as firewall software is concerned.
Note: Avast now comes bundled with Google Chrome pre-checked for install, we recommend you to uncheck the option if you decide to install Avast.

Update, update, update
Keep your Antivirus and other software up to date. Consider using a program to assist you.
Secunia Personal Software Inspector - Copyright © Secunia.
FileHippo.com Update Checker - Copyright © FileHippo.com

Keep your operating system fully patched with Windows Update.
Windows Update: Frequently Asked Questions

Avoid P2P and cracked programs
As I mentioned before these are surefire ways to become reinfected.

Additional reference on the risks from KrebsOnSecurity: Software Cracks: A Great Way to Infect Your PC

Watch out for bundled software
I noticed that since your last thread McAfee Security Scan got reinstalled. This program usually comes bundled as a pre-checked "offer" with free software. At best bundled software is useless (like this program) and at worst it can be full-on malware. The best defense is choosing Custom or Advanced installation as opposed to Express or Automatic when given the option and carefully reading all installer prompts.

As an extra layer of security you may want to try installing Unchecky. Unchecky runs in the background and can automatically uncheck many third-party offers. Be aware that Unchecky is a complement to, not a replacement for using caution when installing programs.

Additional reading
To help minimize the chances of becoming re-infected, please read.
Computer Security - a short guide to staying safer online

If your computer is running slowly after your clean up, please read.
What to do if your Computer is running slowly

It might be a good idea to bookmark these guides for future reference as well.

Please reply to let me know that you have completed the cleanup steps and read the rest of this post. If there's anything else I can help you with please don't hesitate to ask any additional questions.

Stay safe! ;)
capnkrunch
User avatar
capnkrunch
MRU Graduate
MRU Graduate
 
Posts: 664
Joined: March 20th, 2015, 6:41 pm
Location: Chicago

Re: finish off malware removal

Unread postby Cypher » January 31st, 2016, 3:03 pm

As your problems appear to have been resolved, this topic is now closed.

We are pleased we could help you resolve your computer's issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns
Advertisement
Register to Remove

Previous

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 54 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware