Resolved How to completely uninstall SpyHunter 4.

I go suckered in by SpyHunter4 and after, I proceeded to uninstall it through the Control Panel. But then I noticed that Enigma Software Group in still hanging around in my program files. I also found out that this program is a pain to uninstall!! Should I be concerned that Enigma S G is still on my computer? Is there a way that I can get rid of it fairly simply? I have found some methods that appear to do the uninstalling, but they go into areas of the computer that I'm not too familiar with. Any Suggestion? Thanks.

 

uninstal program

Sometimes I have a problem uninstalling a program. I log in as Administrator and then I t will uninstall ok

 

How to Uninstall Spyhunter 4

More...

 

I tried your suggestion and used WikiHow to uninstall SpyHunter. I think I removed most of it. I followed the directions as best as I could, but I couldn't find C:\bootsqm.bat to delete and C:\Program Files\Enigma Software Group could not be deleted because parts of it were being used elsewhere in the computer, so the message said. Microsoft Fixit Tool does not work in Windows 10...it appears. What can I do next?

 

uninstall program

I was just trying to help the Brother out. sometimes logging in as administrator works for me. This was a more complicated issue. Sorry to have butted in. cbumpkin

MERRY CRISTMAS TO ALL THE FORUM. THANKS FOR ALL YOUR HELP

 

No problems. I appreciate it!!
Merry Christmas to you too!!

 

AdwCleaner v5.026 - Logfile created 22/12/2015 at 12:50:35
# Updated 21/12/2015 by Xplode
# Database : 2015-12-21.3 [Server]
# Operating system : Windows 10 Home (x64)
# Username : bigalx58 - BIGALX58-PC
# Running from : C:\Users\bigalx58\Desktop\AdwCleaner.exe
# Option : Cleaning
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****


***** [ Files ] *****


***** [ DLLs ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****


***** [ Web browsers ] *****


*************************

:: "Tracing" keys removed
:: Winsock settings cleared

########## EOF - C:\AdwCleaner\AdwCleaner[C7].txt - [662 bytes] #########

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.1 (11.24.2015)
Operating System: Windows 10 Home x64
Ran by bigalx58 (Administrator) on 2015-12-22 at 12:54:17.38
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 0




Registry: 0





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 2015-12-22 at 12:56:19.66
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Deleted ->> File ->> C:\users\bigalx58\Documents\All Users\Favorites\Media\Fox News.url
Deleted ->> File ->> C:\users\bigalx58\Documents\apr1,2005 backup\C\My Documents\Favorites\Media\Fox News.url
Deleted ->> File ->> C:\users\bigalx58\Documents\Nov19,2005\C\My Documents\Favorites\Media\Fox News.url
Deleted ->> File ->> C:\users\bigalx58\Documents\Nov19,2005\C\WINDOWS\Favorites\Media\Fox News.url
Deleted ->> File ->> C:\users\bigalx58\Documents\My Documents\apr1,2005 backup\C\WINDOWS\Favorites\Media\Fox News.url
Deleted ->> File ->> C:\users\bigalx58\Documents\apr1,2005 backup\C\My Documents\apr1,2005 backup\C\My Documents\Favorites\Media\Fox News.url
Deleted ->> File ->> C:\users\bigalx58\Documents\apr1,2005 backup\C\My Documents\apr1,2005 backup\C\WINDOWS\Favorites\Media\Fox News.url
Deleted ->> File ->> C:\users\bigalx58\Documents\Nov19,2005\C\My Documents\apr1,2005 backup\C\My Documents\Favorites\Media\Fox News.url
Deleted ->> File ->> C:\users\bigalx58\Documents\Nov19,2005\C\My Documents\apr1,2005 backup\C\WINDOWS\Favorites\Media\Fox News.url
Deleted ->> File ->> C:\users\bigalx58\Documents\apr1,2005 backup\C\My Documents\My Documents\apr1,2005 backup\C\WINDOWS\Favorites\Media\Fox News.url
Deleted ->> File ->> C:\users\bigalx58\Documents\Nov19,2005\C\My Documents\My Documents\apr1,2005 backup\C\WINDOWS\Favorites\Media\Fox News.url
Deleted ->> File ->> C:\users\bigalx58\Documents\apr1,2005 backup\C\My Documents\apr1,2005 backup\C\My Documents\apr1,2005 backup\C\WINDOWS\Favorites\Media\Fox News.url
Deleted ->> File ->> C:\users\bigalx58\Documents\Nov19,2005\C\My Documents\apr1,2005 backup\C\My Documents\apr1,2005 backup\C\My Documents\Favorites\Media\Fox News.url
Deleted ->> File ->> C:\users\bigalx58\Documents\Nov19,2005\C\My Documents\apr1,2005 backup\C\My Documents\apr1,2005 backup\C\WINDOWS\Favorites\Media\Fox News.url
Deleted ->> File ->> C:\users\bigalx58\Documents\apr1,2005 backup\C\My Documents\apr1,2005 backup\C\My Documents\My Documents\apr1,2005 backup\C\WINDOWS\Favorites\Media\Fox News.url
Deleted ->> File ->> C:\users\bigalx58\Documents\Nov19,2005\C\My Documents\apr1,2005 backup\C\My Documents\My Documents\apr1,2005 backup\C\WINDOWS\Favorites\Media\Fox News.url
Deleted ->> File ->> C:\users\bigalx58\Documents\Nov19,2005\C\My Documents\apr1,2005 backup\C\My Documents\apr1,2005 backup\C\My Documents\apr1,2005 backup\C\WINDOWS\Favorites\Media\Fox News.url
Deleted ->> File ->> C:\users\bigalx58\Documents\Nov19,2005\C\My Documents\apr1,2005 backup\C\My Documents\apr1,2005 backup\C\My Documents\My Documents\apr1,2005 backup\C\WINDOWS\Favorites\Media\Fox News.u

~ ZHPCleaner v2015.12.22.404 by Nicolas Coolman (2015/12/22)
~ Run by bigalx58 (Administrator) (22/12/2015 13:38:05)
~ Site : http://www.nicolascoolman.fr
~ Facebook : https://www.facebook.com/nicolascoolman1
~ State version : Version OK
~ Type : Repair
~ Report : C:\Users\bigalx58\Desktop\ZHPCleaner.txt
~ Quarantine : C:\Users\bigalx58\AppData\Roaming\ZHP\ZHPCleaner_Quarantine.txt
~ UAC : Activate
~ Boot Mode : Normal (Normal boot)
Windows 10 Home, 64-bit (Build 10586)


---\\ Services (0)
~ No malicious or unnecessary items found.


---\\ Browser internet (0)
~ No malicious or unnecessary items found.


---\\ Hosts file (1)
~ The hosts file is legitimate (21)


---\\ Scheduled automatic tasks. (1)
DELETED task: [SpyHunter4Startup] [C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe (Not File) ] =>.Superfluous.SpyHunter


---\\ Explorer ( File, Folder) (1)
MOVED folder: C:\Users\bigalx58\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter =>.Superfluous.SpyHunter


---\\ Registry ( Key, Value, Data) (1)
DELETED key*: HKLM\SYSTEM\CurrentControlSet\Services\esgiguard [C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys (Not File)] =>.Superfluous.SpyHunter


---\\ Summary of the elements found (1)
http://www.nicolascoolman.fr/?p=4664 =>.Superfluous.SpyHunter


---\\ Other deletions. (11)
~ Registry Keys Tracing deleted (11)
~ Remove the old reports ZHPCleaner. (0)


---\\ Result of repair
~ Repair carried out successfully
~ Browser not found (Google Chrome)
~ Browser not found (Mozilla Firefox)
~ Browser not found (Opera Software)


---\\ Statistics
~ Items scanned : 235
~ Items found : 0
~ Items cancelled : 0
~ Items repaired : 3


~ End of clean in 00h00mn04s
===================
ZHPCleaner-[R]-22122015-13_38_09.txt
ZHPCleaner--22122015-13_36_56.txt

HitmanPro 3.7.12.253
www.hitmanpro.com

Computer name . . . . : BIGALX58-PC
Windows . . . . . . . : 10.0.0.10586.X64/4
User name . . . . . . : BIGALX58-PC\bigalx58
UAC . . . . . . . . . : Enabled
License . . . . . . . : Trial (30 days left)

Scan date . . . . . . : 2015-12-22 13:47:34
Scan mode . . . . . . : Normal
Scan duration . . . . : 7m 12s
Disk access mode . . : Direct disk access (SRB)
Cloud . . . . . . . . : Internet
Reboot . . . . . . . : No

Threats . . . . . . . : 0
Traces . . . . . . . : 136

Objects scanned . . . : 1,510,439
Files scanned . . . . : 58,087
Remnants scanned . . : 365,426 files / 1,086,926 keys

Suspicious files ____________________________________________________________

C:\Users\bigalx58\Documents\driverback\DECVW_32.DLL
Size . . . . . . . : 88,464 bytes
Age . . . . . . . : 3687.0 days (2005-11-17 13:04:20)
Entropy . . . . . : 6.7
SHA-256 . . . . . : 8C3C37B4AC846826CA8ABF48A7E44EC90CA886547925E614A1EE8292848650B8
Product . . . . . : Decvw_32.dll
Publisher . . . . : VDOnet Corp.
Description . . . : Decvw_32
Version . . . . . : 2.0.0.1
Copyright . . . . : Copyright © 1995 - 1996
RSA Key Size . . . : 512
LanguageID . . . . : 1033
Authenticode . . . : Invalid
Fuzzy . . . . . . : 41.0
Program is code signed with a weak certificate. This is common to malware.
Program is altered or corrupted since it was code signed by its author. This is typical for malware and pirated software.

C:\Users\bigalx58\Documents\Nov19,2005\C\My Documents\driverback\DECVW_32.DLL
Size . . . . . . . : 88,464 bytes
Age . . . . . . . : 3685.1 days (2005-11-19 12:28:36)
Entropy . . . . . : 6.7
SHA-256 . . . . . : 8C3C37B4AC846826CA8ABF48A7E44EC90CA886547925E614A1EE8292848650B8
Product . . . . . : Decvw_32.dll
Publisher . . . . : VDOnet Corp.
Description . . . : Decvw_32
Version . . . . . : 2.0.0.1
Copyright . . . . : Copyright © 1995 - 1996
RSA Key Size . . . : 512
LanguageID . . . . : 1033
Authenticode . . . : Invalid
Fuzzy . . . . . . : 41.0
Program is code signed with a weak certificate. This is common to malware.
Program is altered or corrupted since it was code signed by its author. This is typical for malware and pirated software.


Potential Unwanted Programs _________________________________________________

HKLM\SOFTWARE\WOW6432Node\Auslogics\Google Analytics Package\ (TweakBit) -> Deleted

Cookies _____________________________________________________________________

C:\Users\bigalx58\AppData\Local\Microsoft\Windows\INetCookies\Low\02XB4UI0.txt
C:\Users\bigalx58\AppData\Local\Microsoft\Windows\INetCookies\Low\094HQFSO.txt
C:\Users\bigalx58\AppData\Local\Microsoft\Windows\INetCookies\Low\0DTH8BO0.txt
C:\Users\bigalx58\AppData\Local\Microsoft\Windows\INetCookies\Low\0FQPGZ7V.txt
C:\Users\bigalx58\AppData\Local\Microsoft\Windows\INetCookies\Low\0SNWDATB.txt
C:\Users\bigalx58\AppData\Local\Microsoft\Windows\INetCookies\Low\1I9IYZX8.txt
C:\Users\bigalx58\AppData\Local\Microsoft\Windows\INetCookies\Low\1SGATX2A.txt
C:\Users\bigalx58\AppData\Local\Microsoft\Windows\INetCookies\Low\2AQ9B6HD.txt
C:\Users\bigalx58\AppData\Local\Microsoft\Windows\INetCookies\Low\2I0KG1W1.txt
C:\Users\bigalx58\AppData\Local\Microsoft\Windows\INetCookies\Low\2N02SJTE.txt
C:\Users\bigalx58\AppData\Local\Microsoft\Windows\INetCookies\Low\2S4JEOJP.txt
C:\Users\bigalx58\AppData\Local\Microsoft\Windows\INetCookies\Low\3ESLRJ3M.txt
C:\Users\bigalx58\AppData\Local\Microsoft\Windows\INetCookies\Low\3K3LX1D8.txt
C:\Users\bigalx58\AppData\Local\Microsoft\Windows\INetCookies\Low\3U82ZY4M.txt
C:\Users\bigalx58\AppData\Local\Microsoft\Windows\INetCookies\Low\4ICF7Y0I.txt
C:\Users\bigalx58\AppData\Local\Microsoft\Windows\INetCookies\Low\58E5F1I3.txt
C:\Users\bigalx58\AppData\Local\Microsoft\Windows\INetCookies\Low\5GWL36X7.txt
C:\Users\bigalx58\AppData\Local\Microsoft\Windows\INetCookies\Low\6E3VGYW8.txt
C:\Users\bigalx58\AppData\Local\Microsoft\Windows\INetCookies\Low\6VSJ2MSV.txt
C:\Users\bigalx58\AppData\Local\Microsoft\Windows\INetCookies\Low\6XYX4JOZ.txt
C:\Users\bigalx58\AppData\Local\Microsoft\Windows\INetCookies\Low\73XGI59Z.txt
C:\Users\bigalx58\AppData\Local\Microsoft\Windows\INetCookies\Low\75RUG1A1.txt
C:\Users\bigalx58\AppData\Local\Microsoft\Windows\INetCookies\Low\77ZDATWL.txt
C:\Users\bigalx58\AppData\Local\Microsoft\Windows\INetCookies\Low\96VE8Q5N.txt
C:\Users\bigalx58\AppData\Local\Microsoft\Windows\INetCookies\Low\980ZHY70.txt
C:\Users\bigalx58\AppData\Local\Microsoft\Windows\INetCookies\Low\9BH1BSM4.txt
C:\Users\bigalx58\AppData\Local\Microsoft\Windows\INetCookies\Low\ADVMIX4T.txt
C:\Users\bigalx58\AppData\Local\Microsoft\Windows\INetCookies\Low\AQEYQZN3.txt
C:\Users\bigalx58\AppData\Local\Microsoft\Windows\INetCookies\Low\BCE6P2NL.txt
C:\Users\bigalx58\AppData\Local\Microsoft\Windows\INetCookies\Low\BHFU7ZVZ.txt
C:\Users\bigalx58\AppData\Local\Microsoft\Windows\INetCookies\Low\BHSUMKTA.txt
C:\Users\bigalx58\AppData\Local\Microsoft\Windows\INetCookies\Low\C93MOYZQ.txt
C:\Users\bigalx58\AppData\Local\Microsoft\Windows\INetCookies\Low\CY2V7GZW.txt
C:\Users\bigalx58\AppData\Local\Microsoft\Windows\INetCookies\Low\DOMTWA80.txt
C:\Users\bigalx58\AppData\Local\Microsoft\Windows\INetCookies\Low\EYLTEAP1.txt
C:\Users\bigalx58\AppData\Local\Microsoft\Windows\INetCookies\Low\F1DCXGAD.txt
C:\Users\bigalx58\AppData\Local\Microsoft\Windows\INetCookies\Low\FDUK5XAZ.txt
C:\Users\bigalx58\AppData\Local\Microsoft\Windows\INetCookies\Low\FEU8WXJO.txt
C:\Users\bigalx58\AppData\Local\Microsoft\Windows\INetCookies\Low\GLXB0HWU.txt
C:\Users\bigalx58\AppData\Local\Microsoft\Windows\INetCookies\Low\GSFC1UZ4.txt
C:\Users\bigalx58\AppData\Local\Microsoft\Windows\INetCookies\Low\HM5ONALA.txt
C:\Users\bigalx58\AppData\Local\Microsoft\Windows\INetCookies\Low\HU9WXE8I.txt
C:\Users\bigalx58\AppData\Local\Microsoft\Windows\INetCookies\Low\I9MD8QT4.txt
C:\Users\bigalx58\AppData\Local\Microsoft\Windows\INetCookies\Low\IDSLLIES.txt
C:\Users\bigalx58\AppData\Local\Microsoft\Windows\INetCookies\Low\IWRFCIW1.txt
C:\Users\bigalx58\AppData\Local\Microsoft\Windows\INetCookies\Low\IXG0NKYS.txt
C:\Users\bigalx58\AppData\Local\Microsoft\Windows\INetCookies\Low\J65VV00R.txt
C:\Users\bigalx58\AppData\Local\Microsoft\Windows\INetCookies\Low\JOE8P3L1.txt
C:\Users\bigalx58\AppData\Local\Microsoft\Windows\INetCookies\Low\KF1VT0CS.txt
C:\Users\bigalx58\AppData\Local\Microsoft\Windows\INetCookies\Low\KWTX8I0I.txt
C:\Users\bigalx58\AppData\Local\Microsoft\Windows\INetCookies\Low\L36VL31A.txt
C:\Users\bigalx58\AppData\Local\Microsoft\Windows\INetCookies\Low\L8AIYKBW.txt
C:\Users\bigalx58\AppData\Local\Microsoft\Windows\INetCookies\Low\LPVJCLT8.txt
C:\Users\bigalx58\AppData\Local\Microsoft\Windows\INetCookies\Low\LVN7VINL.txt
C:\Users\bigalx58\AppData\Local\Microsoft\Windows\INetCookies\Low\LYWBWZAP.txt
C:\Users\bigalx58\AppData\Local\Microsoft\Windows\INetCookies\Low\MB00OFV6.txt
C:\Users\bigalx58\AppData\Local\Microsoft\Windows\INetCookies\Low\ME6PHUH8.txt
C:\Users\bigalx58\AppData\Local\Microsoft\Windows\INetCookies\Low\MZ8DYDN6.txt
C:\Users\bigalx58\AppData\Local\Microsoft\Windows\INetCookies\Low\N9FXBFCQ.txt
C:\Users\bigalx58\AppData\Local\Microsoft\Windows\INetCookies\Low\NCCB5XJ0.txt
C:\Users\bigalx58\AppData\Local\Microsoft\Windows\INetCookies\Low\O5YTFWNN.txt
C:\Users\bigalx58\AppData\Local\Microsoft\Windows\INetCookies\Low\O84UQ96D.txt
C:\Users\bigalx58\AppData\Local\Microsoft\Windows\INetCookies\Low\OU411N7I.txt
C:\Users\bigalx58\AppData\Local\Microsoft\Windows\INetCookies\Low\PKN08ZSX.txt
C:\Users\bigalx58\AppData\Local\Microsoft\Windows\INetCookies\Low\RPQGJ7SG.txt
C:\Users\bigalx58\AppData\Local\Microsoft\Windows\INetCookies\Low\S0Q250NL.txt
C:\Users\bigalx58\AppData\Local\Microsoft\Windows\INetCookies\Low\S4C5JN3J.txt
C:\Users\bigalx58\AppData\Local\Microsoft\Windows\INetCookies\Low\SRC3J7SK.txt
C:\Users\bigalx58\AppData\Local\Microsoft\Windows\INetCookies\Low\TRZG41T8.txt
C:\Users\bigalx58\AppData\Local\Microsoft\Windows\INetCookies\Low\TSRZ247R.txt
C:\Users\bigalx58\AppData\Local\Microsoft\Windows\INetCookies\Low\TUKERTEB.txt
C:\Users\bigalx58\AppData\Local\Microsoft\Windows\INetCookies\Low\UCH4AHWQ.txt
C:\Users\bigalx58\AppData\Local\Microsoft\Windows\INetCookies\Low\UGNP775S.txt
C:\Users\bigalx58\AppData\Local\Microsoft\Windows\INetCookies\Low\V6OYHF9C.txt
C:\Users\bigalx58\AppData\Local\Microsoft\Windows\INetCookies\Low\WIJWEC1X.txt
C:\Users\bigalx58\AppData\Local\Microsoft\Windows\INetCookies\Low\WMXBYZGQ.txt
C:\Users\bigalx58\AppData\Local\Microsoft\Windows\INetCookies\Low\XKBIYDT8.txt
C:\Users\bigalx58\AppData\Local\Microsoft\Windows\INetCookies\Low\XNO07L32.txt
C:\Users\bigalx58\AppData\Local\Microsoft\Windows\INetCookies\Low\Y2CQJQHV.txt
C:\Users\bigalx58\AppData\Local\Microsoft\Windows\INetCookies\Low\Y9JOVOF0.txt
C:\Users\bigalx58\AppData\Local\Microsoft\Windows\INetCookies\Low\Z6MKG9TA.txt
C:\Users\bigalx58\AppData\Local\Microsoft\Windows\INetCookies\Low\ZCTNFSHE.txt
C:\Users\bigalx58\AppData\Local\Microsoft\Windows\INetCookies\Low\ZIO1Q6IQ.txt
C:\Users\bigalx58\AppData\Local\Microsoft\Windows\INetCookies\Low\ZQAC5HKC.txt
C:\Users\bigalx58\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\339GPQBV.txt
C:\Users\bigalx58\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\3D2GJHXS.txt
C:\Users\bigalx58\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\3D4HMOJ7.txt
C:\Users\bigalx58\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\3OM6NW35.txt
C:\Users\bigalx58\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\4HGEC6VM.txt
C:\Users\bigalx58\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\5VPAJ9M9.txt
C:\Users\bigalx58\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\68ILDGQ4.txt
C:\Users\bigalx58\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\6VYIY939.txt
C:\Users\bigalx58\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\7VJTJ3A4.txt
C:\Users\bigalx58\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\8TKKE3H8.txt
C:\Users\bigalx58\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\94DLA20T.txt
C:\Users\bigalx58\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\9J2CPBVV.txt
C:\Users\bigalx58\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\A0T8FYG0.txt
C:\Users\bigalx58\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\BSOO2I2R.txt
C:\Users\bigalx58\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\CFIBT7M1.txt
C:\Users\bigalx58\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\CLQY5OGR.txt
C:\Users\bigalx58\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\CW02X2BK.txt
C:\Users\bigalx58\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\D93JHAML.txt
C:\Users\bigalx58\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\DV49TNJG.txt
C:\Users\bigalx58\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\ELFE4QYY.txt
C:\Users\bigalx58\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\FD8CRAW0.txt
C:\Users\bigalx58\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\FKGWDS1W.txt
C:\Users\bigalx58\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\FLIYSGI2.txt
C:\Users\bigalx58\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\FZTHHZIV.txt
C:\Users\bigalx58\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\G0S6A0PA.txt
C:\Users\bigalx58\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\G2AWXEX9.txt
C:\Users\bigalx58\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\I356HCIW.txt
C:\Users\bigalx58\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\IMD2IRND.txt
C:\Users\bigalx58\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\JAMKYIUE.txt
C:\Users\bigalx58\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\KF406BAF.txt
C:\Users\bigalx58\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\KLGFV1FY.txt
C:\Users\bigalx58\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\L13W2FLU.txt
C:\Users\bigalx58\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\NI3I2MYM.txt
C:\Users\bigalx58\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\NW87WVX9.txt
C:\Users\bigalx58\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\O96CZ08J.txt
C:\Users\bigalx58\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\PVQGPFJ7.txt
C:\Users\bigalx58\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\Q01XC5QX.txt
C:\Users\bigalx58\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\QNAEBFNT.txt
C:\Users\bigalx58\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\QZS0TJD6.txt
C:\Users\bigalx58\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\S333ELHL.txt
C:\Users\bigalx58\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\SV2EN0K2.txt
C:\Users\bigalx58\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\SYX84J80.txt
C:\Users\bigalx58\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\T8TSOQE2.txt
C:\Users\bigalx58\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\TOAEV6IE.txt
C:\Users\bigalx58\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\V74YBFND.txt
C:\Users\bigalx58\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\W04G0K6T.txt
C:\Users\bigalx58\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\YQ3Q8N42.txt
C:\Users\bigalx58\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\YW44FPC8.txt
C:\Users\bigalx58\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\Z2W8T94L.txt

 

I'm afraid that when I got to the #21 Zoek.exe, I cannot turn off Windows Firewall. I follow the instructions, but it still stays on. I was able to turn off Windows Defender. Should run Zoek or go to the next step and run MBA?

 

Zoek.exe v5.0.0.1 Updated 21-December-2015
Tool run by bigalx58 on 2015-12-22 at 15:03:59.03.
Microsoft Windows 10 Home 10.0.10586 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\bigalx58\Desktop\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

2015-12-22 3:06:49 PM Zoek.exe System Restore Point Created Successfully.

==== Empty Folders Check ======================

C:\PROGRA~2\Lavasoft deleted successfully
C:\PROGRA~2\OpenOffice 4 deleted successfully
C:\PROGRA~3\Comms deleted successfully
C:\PROGRA~3\SoftwareDistribution deleted successfully
C:\Users\DefaultAppPool\AppData\LocalLow deleted successfully
C:\Users\Administrator\AppData\Local\ActiveSync deleted successfully
C:\Users\bigalx58\AppData\Local\ActiveSync deleted successfully
C:\Users\bigalx58\AppData\Local\CrashDumps deleted successfully
C:\Users\bigalx58\AppData\Local\NetworkTiles deleted successfully
C:\Users\bigalx58\AppData\Local\PackageStaging deleted successfully
C:\Users\bigalx58\AppData\Local\Secunia PSI deleted successfully
C:\Users\bigalx58\AppData\Local\Skype deleted successfully
C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\Maps deleted successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-2005715574-247312471-105162307-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8252A92D-4848-4FB9-A982-CA3535B481DC} deleted successfully

==== Deleting CLSID Registry Values ======================


==== Installed Programs ======================

Adobe Digital Editions 3.0
Adobe Shockwave Player 12.2
Auslogics BoostSpeed 8
Auslogics Registry Cleaner
Canon MP Navigator EX 2.1
CCleaner
D3DX10
FileHippo App Manager
Google Earth
Google Update Helper
Java 8 Update 66
Java Auto Updater
Kobo
LastPass (uninstall only)
LibreOffice 4.4.6.3
Malwarebytes Anti-Malware version 2.2.0.1024
Microsoft Application Error Reporting
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030
Movie Maker
MSVCRT
MSVCRT110
MSVCRT110_amd64
MyDriveConnect 4.0.7.2442
NetViewer 2.1.373.0
NVIDIA Control Panel 353.62
NVIDIA Install Application
Photo Common
Photo Gallery
RealDownloader
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealNetworks - Microsoft Visual C++ 2010 Runtime
Realtek High Definition Audio Driver
RealTimes (RealPlayer)
RealUpgrade 1.1
Revo Uninstaller 1.95
Samsung Kies3
Secunia PSI (3.0.0.11003)
Skype Click to Call
SkypeT 7.16
Smart Switch
Sophos Virus Removal Tool
SpywareBlaster 5.2
StudioTax 2012
StudioTax 2014
StudioTax Enterprise 2013
SUPERAntiSpyware
swMSM
UpdateService
Video Downloader
Visual Studio 2012 x64 Redistributables
Visual Studio 2012 x86 Redistributables
Visual Studio C++ 10.0 Runtime
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WOT for Internet Explorer

==== Running Processes ======================

C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe
C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
C:\Program Files\WindowsApps\Microsoft.Messaging_2.12.15004.0_x86__8wekyb3d8bbwe\SkypeHost.exe
C:\Program Files (x86)\Google\Update\1.3.29.1\GoogleCrashHandler.exe
C:\Users\bigalx58\AppData\Local\Microsoft\OneDrive\OneDrive.exe
C:\WINDOWS\sysWOW64\wbem\wmiprvse.exe
C:\Users\bigalx58\Desktop\zoek.exe
C:\WINDOWS\SysWOW64\cmd.exe
C:\WINDOWS\SysWOW64\cmd.exe
C:\WINDOWS\SysWOW64\cmd.exe

==== Deleting Services ======================


==== Batch Command(s) Run By Tool======================

Resetting Global, OK!
Resetting Interface, OK!
Resetting Unicast Address, OK!
Resetting Neighbor, OK!
Resetting Path, OK!
Resetting , failed.
Access is denied.

Resetting , OK!
Restart the computer to complete this action.


Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.


==== Deleting Files \ Folders ======================

C:\PROGRA~2\Lavasoft not found
C:\PROGRA~2\OpenOffice 4 not found
C:\Users\bigalx58\AppData\Local\Lavasoft deleted
C:\PROGRA~2\Yahoo! deleted
C:\FINDCD.EXE deleted
C:\install.exe deleted
C:\spopr.exe deleted
C:\PROGRA~3\Package Cache deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\lavasoft\WebCompanion deleted
C:\windows\SysNative\GroupPolicy\Machine deleted
C:\windows\SysNative\GroupPolicy\User deleted
C:\windows\SysNative\GroupPolicy\GPT.INI deleted
C:\WINDOWS\Syswow64\GroupPolicy\gpt.ini deleted

==== System Specs ======================

Windows: Windows Version 6.2 (Build 9200)
Memory (RAM): 6127 MB
CPU Info: Intel(R) Core(TM) i5-2300 CPU @ 2.80GHz
CPU Speed: 2850.0 MHz
Sound Card: Speakers (Realtek High Definiti |
Realtek HDMI Output (Realtek Hi |
Display Adapters: NVIDIA GeForce GT 420 | NVIDIA GeForce GT 420
Monitors: 1x; Generic PnP Monitor |
Screen Resolution: 1366 X 768 - 32 bit
Network: Network Present
Network Adapters: Microsoft Wi-Fi Direct Virtual Adapter | Intel(R) 82579V Gigabit Network Connection | 802.11n Wireless LAN Card
CD / DVD Drives: 1x (D: | ) D: ATAPI DVD A DH16ABSH
Ports: COM Ports NOT Present. LPT Port NOT Present.
Mouse: 3 Button Wheel Mouse Present
Hard Disks: C: 915.4GB
Hard Disks - Free: C: 852.1GB
Manufacturer *: American Megatrends Inc.
BIOS Info: AT/AT COMPATIBLE | 02/18/11 | ACRSYS - 1072009
Time Zone: Eastern Standard Time
Motherboard *: Gateway DX4850
Country: Canada
Language: ENC

==== System Specs (Software) ======================

Internet Explorer Version: 11.20.10586.0
Sun Java version: 1.8.0_66 (32-bit)
Sun Java version: 1.8.0_66 (64-bit)
Shockwave Player version: 12.2.2r172

==== Files Recently Created / Modified ======================

====== C:\WINDOWS ====
====== C:\Users\bigalx58\AppData\Local\Temp ====
====== Java Cache =====
====== C:\WINDOWS\SysWOW64 =====
2015-12-22 18:00:34 53CDBB093B0AEE9FD6CF1CBD25A95077 290304 ----a-w- C:\WINDOWS\SysWOW64\subinacl.exe
2015-12-18 15:29:59 083A4C6C21371B011771A350942DEB8F 19339264 ----a-w- C:\WINDOWS\SysWOW64\mshtml.dll
2015-12-18 15:29:46 9D97A95801784A94F3DC76E0E49B885C 13017600 ----a-w- C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2015-12-18 14:06:26 32BF0F999279961833888317C3FE45D9 2061824 ----a-w- C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2015-12-18 14:06:25 5E8F545EA2A3BE324D800FD926E5010A 2180136 ----a-w- C:\WINDOWS\SysWOW64\mfcore.dll
2015-12-18 14:06:23 674333934AEF201C56419742CD86782B 973664 ----a-w- C:\WINDOWS\SysWOW64\LicenseManager.dll
2015-12-18 14:06:22 D80737E0C4AFE5D4714D14F27A9E6CFB 1706496 ----a-w- C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll
2015-12-18 14:06:22 2029AAF923CE131E5157F6175DE66881 2919320 ----a-w- C:\WINDOWS\SysWOW64\iertutil.dll
2015-12-18 14:06:21 7E0CB4ADF324AD6552C36181EB0CBC4D 1118208 ----a-w- C:\WINDOWS\SysWOW64\mfnetsrc.dll
2015-12-18 14:06:20 D8E958F0E5929BFEC15238E0E1F94C64 983464 ----a-w- C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2015-12-18 14:06:19 600A12A37D8F0B98E3497C59505338D1 716928 ----a-w- C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2015-12-18 14:06:15 D262A3DA660F5312D059DADB9034392B 2796032 ----a-w- C:\WINDOWS\SysWOW64\Windows.Media.dll
2015-12-18 14:06:15 337E7D5B768ABDBEA9F17823F76D5F1B 381952 ----a-w- C:\WINDOWS\SysWOW64\mfmkvsrcsnk.dll
2015-12-18 14:06:14 F8C66D9D6AEC233715C8B32DB203EF6D 502112 ----a-w- C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2015-12-18 14:06:14 6D151B11358362786C45F1A4A21576FA 925064 ----a-w- C:\WINDOWS\SysWOW64\mfplat.dll
2015-12-18 14:06:13 8310F69B59EFA4EC47B6B3F535BFC3CB 898184 ----a-w- C:\WINDOWS\SysWOW64\mfsrcsnk.dll
2015-12-18 14:06:13 110A45F765495043CB8ED918FEFD8D90 572928 ----a-w- C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2015-12-18 14:06:12 FD6EE242ACD2E05AFE920139D12C3053 670928 ----a-w- C:\WINDOWS\SysWOW64\mfds.dll
2015-12-18 14:06:12 B934E18B1A20A26768F57EDBD6882A38 884256 ----a-w- C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2015-12-18 14:06:12 76B00BE575C4D8CF3D7334240C8DAF90 683008 ----a-w- C:\WINDOWS\SysWOW64\Windows.Networking.BackgroundTransfer.dll
2015-12-18 14:06:11 3A24E199AA5A30D6E7C30D01E2BF4C7E 161280 ----a-w- C:\WINDOWS\SysWOW64\InstallAgent.exe
2015-12-18 14:06:10 C85501FE7EFD33E06A877B8786F396B6 462760 ----a-w- C:\WINDOWS\SysWOW64\mfreadwrite.dll
2015-12-18 14:06:10 A9B375A65A92C45D9723B1BAD8F87D1E 1105920 ----a-w- C:\WINDOWS\SysWOW64\Windows.Media.Audio.dll
2015-12-18 14:06:10 775C32A6DE7E9702CB04B10C69D80457 450904 ----a-w- C:\WINDOWS\SysWOW64\MFCaptureEngine.dll
2015-12-18 14:06:09 0FA8D61A4D4F56063113F9DA4E18848B 289248 ----a-w- C:\WINDOWS\SysWOW64\MFPlay.dll
2015-12-18 14:06:08 D9EF9F5DA78CD085FD23C8EBB6108662 409088 ----a-w- C:\WINDOWS\SysWOW64\StoreAgent.dll
2015-12-18 14:06:07 4237413A7EDD61589081B9450D657036 116720 ----a-w- C:\WINDOWS\SysWOW64\mfps.dll
2015-12-18 14:06:07 1F48933EFAB68EDD3B456C78E17B89CE 871936 ----a-w- C:\WINDOWS\SysWOW64\MSMPEG2ENC.DLL
2015-12-18 14:06:07 184F89725539803B64E718BD0F779DC9 569856 ----a-w- C:\WINDOWS\SysWOW64\qdvd.dll
2015-12-18 14:06:06 F2061A1835E8844637168800292309BF 84832 ----a-w- C:\WINDOWS\SysWOW64\NetSetupApi.dll
2015-12-18 14:06:06 4CE9BF384DAAE2BF9E49C5B7E2F106F0 270848 ----a-w- C:\WINDOWS\SysWOW64\MSFlacDecoder.dll
2015-12-18 14:06:05 2DE2DAF437341AECB280DBFE88CBB581 346112 ----a-w- C:\WINDOWS\SysWOW64\MapConfiguration.dll
2015-12-18 14:06:02 FDEEA5397A0D079E1EF8F1B765BC7D04 6297088 ----a-w- C:\WINDOWS\SysWOW64\mos.dll
2015-12-18 14:06:01 F60E1993D8D8FD2E23516C1278B209C1 34304 ----a-w- C:\WINDOWS\SysWOW64\BackgroundTransferHost.exe
2015-12-08 20:55:22 819363A483BB829C443D94CC77119DC9 18678272 ----a-w- C:\WINDOWS\SysWOW64\edgehtml.dll
2015-12-08 20:55:19 EDC75B4FF6A66B0AC1A360476D9CBCC9 12125184 ----a-w- C:\WINDOWS\SysWOW64\ieframe.dll
2015-12-08 20:55:13 192B579E14C116D2B742FEBE85A4D3C1 2756096 ----a-w- C:\WINDOWS\SysWOW64\mshtml.tlb
2015-12-08 20:55:12 EB6BAC2C67F848F2C0EFE82AEAC5C67A 1540768 ----a-w- C:\WINDOWS\SysWOW64\ntdll.dll
2015-12-08 20:55:12 C4C80541BDE649F44EA1F81F7D4C510A 503296 ----a-w- C:\WINDOWS\SysWOW64\vbscript.dll
2015-12-08 20:55:11 B8C4EFAA6AAED98E6B5AB57CAFA489B9 1337240 ----a-w- C:\WINDOWS\SysWOW64\user32.dll
2015-12-08 20:55:11 5B64BFE61393D22D908BB5E2A17B6147 1328128 ----a-w- C:\WINDOWS\SysWOW64\comsvcs.dll
2015-12-08 20:55:10 532AC1D121972B17BE523A9988A3A0E5 2155008 ----a-w- C:\WINDOWS\SysWOW64\authui.dll
2015-12-08 20:55:10 302A0BE9FA2874A3E99C0E25C992E7C7 1467392 ----a-w- C:\WINDOWS\SysWOW64\GdiPlus.dll
2015-12-08 20:55:09 4C421E34FF4A836590401A3E9A5B5DE8 415744 ----a-w- C:\WINDOWS\SysWOW64\catsrvut.dll
====== C:\WINDOWS\SysWOW64\drivers =====
====== C:\WINDOWS\Sysnative =====
2015-12-18 15:29:50 E761095ADFC48739CA54A3B58242AF0D 24601600 ----a-w- C:\WINDOWS\Sysnative\mshtml.dll
2015-12-18 14:06:31 35A6E2624696F77A8660529E9C5B7B9A 16984064 ----a-w- C:\WINDOWS\Sysnative\Windows.UI.Xaml.dll
2015-12-18 14:06:26 FAD9326ED152667E57B5B2EDBD9973F8 2544256 ----a-w- C:\WINDOWS\Sysnative\mfcore.dll
2015-12-18 14:06:26 184F5C80753CD7F6400AAA4087288B97 2582016 ----a-w- C:\WINDOWS\Sysnative\MFMediaEngine.dll
2015-12-18 14:06:24 A44FB85192EE0DD3F7D6518B63044F4E 2598400 ----a-w- C:\WINDOWS\Sysnative\NetworkMobileSettings.dll
2015-12-18 14:06:24 45B88D0BBAB3EAA10883097C14C33678 1281376 ----a-w- C:\WINDOWS\Sysnative\LicenseManager.dll
2015-12-18 14:06:22 9DA2D5EB73F6F61BB32B63B59DF2BB0C 1299504 ----a-w- C:\WINDOWS\Sysnative\mfnetsrc.dll
2015-12-18 14:06:22 63976F057A5A9FD426DC84FB97CF3446 3671888 ----a-w- C:\WINDOWS\Sysnative\iertutil.dll
2015-12-18 14:06:22 43091BCAB6446E01AEB9DFFB2538B2F9 1995776 ----a-w- C:\WINDOWS\Sysnative\ActiveSyncProvider.dll
2015-12-18 14:06:20 95F53D812EF80A2819E9C1539A629B5F 823264 ----a-w- C:\WINDOWS\Sysnative\mfmpeg2srcsnk.dll
2015-12-18 14:06:20 8F6118120D9A11A1CFD8822850826064 1155944 ----a-w- C:\WINDOWS\Sysnative\mfasfsrcsnk.dll
2015-12-18 14:06:18 549A1696E594E6939C210972B4AD9747 824320 ----a-w- C:\WINDOWS\Sysnative\WpcWebFilter.dll
2015-12-18 14:06:17 C4DF460B84DB6A0D4C18375DE1117DD0 696160 ----a-w- C:\WINDOWS\Sysnative\NetSetupEngine.dll
2015-12-18 14:06:17 93D891995D253D4B6BCFABEE5C73454B 3428864 ----a-w- C:\WINDOWS\Sysnative\Windows.Media.dll
2015-12-18 14:06:17 686E73A0F24F56A25A78D8EFE8E4B937 1318912 ----a-w- C:\WINDOWS\Sysnative\wifinetworkmanager.dll
2015-12-18 14:06:17 32D57C79EA65D0D6A923BF1C26A0EC0A 558080 ----a-w- C:\WINDOWS\Sysnative\MBMediaManager.dll
2015-12-18 14:06:16 C8AEE94042CFDF6383C153AFD284AEF1 497152 ----a-w- C:\WINDOWS\Sysnative\mfmkvsrcsnk.dll
2015-12-18 14:06:15 9D9A25E3E658EAC6FA9BC1BC23168516 1092456 ----a-w- C:\WINDOWS\Sysnative\mfplat.dll
2015-12-18 14:06:15 4588022BF3C34392C0C2AFDC3634C0CF 1065080 ----a-w- C:\WINDOWS\Sysnative\mfmp4srcsnk.dll
2015-12-18 14:06:15 0F09B99EF80BB0D914538FC17A305A4F 1131520 ----a-w- C:\WINDOWS\Sysnative\Windows.Media.Audio.dll
2015-12-18 14:06:14 CCB125BB7072FEAFC68A56749FD2DFD7 1020096 ----a-w- C:\WINDOWS\Sysnative\mfsrcsnk.dll
2015-12-18 14:06:14 C08AA0383BCEE881C319F23A5189AB8D 794888 ----a-w- C:\WINDOWS\Sysnative\mfds.dll
2015-12-18 14:06:14 57C2033773055CEE5963EBCB999337F8 210432 ----a-w- C:\WINDOWS\Sysnative\wcmcsp.dll
2015-12-18 14:06:14 01AE64981A7C7AE4F84799931D8DAAD1 900608 ----a-w- C:\WINDOWS\Sysnative\Windows.Networking.BackgroundTransfer.dll
2015-12-18 14:06:13 BFFC187B1FFA022F59D652A6A4CA130F 199168 ----a-w- C:\WINDOWS\Sysnative\InstallAgent.exe
2015-12-18 14:06:12 7DD3B4B77A787E06A6B3DC9AE7B451E0 292352 ----a-w- C:\WINDOWS\Sysnative\provengine.dll
2015-12-18 14:06:12 7014B74B0F62698EC891A19A781689D5 337840 ----a-w- C:\WINDOWS\Sysnative\MFPlay.dll
2015-12-18 14:06:12 39E07EE74F50C39C1EB315152F03199C 607232 ----a-w- C:\WINDOWS\Sysnative\wcmsvc.dll
2015-12-18 14:06:12 18CE63A5B5EB84FF7F9F575C8FE53F44 931328 ----a-w- C:\WINDOWS\Sysnative\MSMPEG2ENC.DLL
2015-12-18 14:06:11 F3B1BFB19C6A47DE7706A9CF1A177028 526856 ----a-w- C:\WINDOWS\Sysnative\mfreadwrite.dll
2015-12-18 14:06:11 69E727F94BEA64E66C284F3C482F33E6 1035776 ----a-w- C:\WINDOWS\Sysnative\XboxNetApiSvc.dll
2015-12-18 14:06:11 2AE2C153D33AB0D2B89E0920EC2ACF69 498448 ----a-w- C:\WINDOWS\Sysnative\MFCaptureEngine.dll
2015-12-18 14:06:10 A2A0FD3DA492A903E6AEC6C2B946F26F 245848 ----a-w- C:\WINDOWS\Sysnative\mfps.dll
2015-12-18 14:06:10 63A71E0B8BEF5FC3A5C9669B5C771A1C 286208 ----a-w- C:\WINDOWS\Sysnative\provhandlers.dll
2015-12-18 14:06:09 6D0F04544716C90220B58008B4422B97 459776 ----a-w- C:\WINDOWS\Sysnative\MapConfiguration.dll
2015-12-18 14:06:09 6100515B0A4A9DE9EB83E632F873D1F7 323072 ----a-w- C:\WINDOWS\Sysnative\MSFlacDecoder.dll
2015-12-18 14:06:09 3B36AFC1B127B13A82752A3F02CE9D8C 543232 ----a-w- C:\WINDOWS\Sysnative\StoreAgent.dll
2015-12-18 14:06:09 0A9C90159378EAF0F45AF2275156EF0D 264544 ----a-w- C:\WINDOWS\Sysnative\ContentDeliveryManager.Utilities.dll
2015-12-18 14:06:07 95B9A9F4D41A54FD421CF6F7323B87FF 126464 ----a-w- C:\WINDOWS\Sysnative\dialserver.dll
2015-12-18 14:06:07 8F53FEB251B01D2582931B8AC642C28A 387072 ----a-w- C:\WINDOWS\Sysnative\qdvd.dll
2015-12-18 14:06:07 38F068BA3D5CE3C53A025E1F9381CC54 115040 ----a-w- C:\WINDOWS\Sysnative\NetSetupApi.dll
2015-12-18 14:06:06 D6B9D1A83BDDF6912309A9C7C4024E10 133120 ----a-w- C:\WINDOWS\Sysnative\flvprophandler.dll
2015-12-18 14:06:06 D1BB4122E41E04E2D8D57702396AE031 412512 ----a-w- C:\WINDOWS\Sysnative\wifitask.exe
2015-12-18 14:06:06 7A9FF15EF71DAC09420C4997D3FA7E48 850432 ----a-w- C:\WINDOWS\Sysnative\MapsStore.dll
2015-12-18 14:06:06 54051585F9E1A644C3ED024B639C0E32 231936 ----a-w- C:\WINDOWS\Sysnative\KnobsCore.dll
2015-12-18 14:06:06 14CE7BCE9C6A442BD4B93AB3CB8765BF 375296 ----a-w- C:\WINDOWS\Sysnative\MDEServer.exe
2015-12-18 14:06:05 67C1D042FA62E2294973FD0CD1F1BC36 192000 ----a-w- C:\WINDOWS\Sysnative\provisioningcsp.dll
2015-12-18 14:06:05 1C671129864880F66678D3B80316074E 56320 ----a-w- C:\WINDOWS\Sysnative\provtool.exe
2015-12-18 14:06:05 156963089DF9C18AF330E08BFE41884D 165376 ----a-w- C:\WINDOWS\Sysnative\provdatastore.dll
2015-12-18 14:06:05 01C759FD50DFD46E30CC56B2B672B1A7 203776 ----a-w- C:\WINDOWS\Sysnative\NetSetupSvc.dll
2015-12-18 14:06:04 E853D5823793FE6E5FB0351F256DC1F2 223232 ----a-w- C:\WINDOWS\Sysnative\fveapibase.dll
2015-12-18 14:06:04 B1305CDD98D5FC49863279D4B51DB510 618496 ----a-w- C:\WINDOWS\Sysnative\StorSvc.dll
2015-12-18 14:06:04 88B38A7435DFA9B7E8F94F5D5FE999D2 66560 ----a-w- C:\WINDOWS\Sysnative\moshost.dll
2015-12-18 14:06:04 78065D08A6D5886ACF9B6BA7E34A554C 3593216 ----a-w- C:\WINDOWS\Sysnative\win32kfull.sys
2015-12-18 14:06:04 55A629331D5EB924A1926C18E5028243 764928 ----a-w- C:\WINDOWS\Sysnative\fveapi.dll
2015-12-18 14:06:04 0053C878CDBA8F8D55339547EC2E99E8 269824 ----a-w- C:\WINDOWS\Sysnative\moshostcore.dll
2015-12-18 14:06:03 A0C330AAF06A36A13171A28FE4B582A2 92160 ----a-w- C:\WINDOWS\Sysnative\policymanagerprecheck.dll
2015-12-18 14:06:03 25DA92A03FFF1A620A950ED6209CDC8F 77312 ----a-w- C:\WINDOWS\Sysnative\ProvPluginEng.dll
2015-12-18 14:06:02 735C408ADE2017B8D2F6A8D2C2DB7016 7979008 ----a-w- C:\WINDOWS\Sysnative\mos.dll
2015-12-18 14:06:01 9E55D606C3CE9A37FB2FE5A419AE9CE6 30208 ----a-w- C:\WINDOWS\Sysnative\StorageUsage.dll
2015-12-18 14:06:01 9AEEB769F72EF13134BC21BA1465CCE3 134656 ----a-w- C:\WINDOWS\Sysnative\wificonnapi.dll
2015-12-18 14:06:01 8C86CB7C7725B196773451DE66602199 75776 ----a-w- C:\WINDOWS\Sysnative\Windows.Networking.XboxLive.ProxyStub.dll
2015-12-18 14:06:01 1CC123FE215B7FFBA4B7889FD13B32D5 36864 ----a-w- C:\WINDOWS\Sysnative\BackgroundTransferHost.exe
2015-12-08 20:55:18 EE5BD4F67199E1C5142F3C731035D18C 13381120 ----a-w- C:\WINDOWS\Sysnative\ieframe.dll
2015-12-08 20:55:18 5B7B6AF7E94E972DCE4BF892ABD466B6 115200 ----a-w- C:\WINDOWS\Sysnative\win32k.sys
2015-12-08 20:55:17 C6F9333F6C5F326B075CBC062E33793D 7680 ----a-w- C:\WINDOWS\Sysnative\readingviewresources.dll
2015-12-08 20:55:17 78CF1420E5E88B1664F92F07386D19A8 22393856 ----a-w- C:\WINDOWS\Sysnative\edgehtml.dll
2015-12-08 20:55:16 42B6285314851A693F68F7A7B79FD1B9 1393664 ----a-w- C:\WINDOWS\Sysnative\win32kbase.sys
2015-12-08 20:55:13 7950D23F5542F6F8A9D41F046C01067F 2756096 ----a-w- C:\WINDOWS\Sysnative\mshtml.tlb
2015-12-08 20:55:12 E81DF157F4F225928EAE2B1E82863BF6 1817160 ----a-w- C:\WINDOWS\Sysnative\ntdll.dll
2015-12-08 20:55:12 A2469A19FC330A400E2BED8003331BB8 604672 ----a-w- C:\WINDOWS\Sysnative\vbscript.dll
2015-12-08 20:55:11 DD97EF0AE9224B8C1161736E033C03F1 1399224 ----a-w- C:\WINDOWS\Sysnative\user32.dll
2015-12-08 20:55:11 CD2CC65DDF46F065BCC975C2BC89DD11 1648640 ----a-w- C:\WINDOWS\Sysnative\comsvcs.dll
2015-12-08 20:55:11 69B4974176206D7276B733B30BCE442E 1717248 ----a-w- C:\WINDOWS\Sysnative\GdiPlus.dll
2015-12-08 20:55:11 486C22DD70BE538B1C164AE38E130009 2352128 ----a-w- C:\WINDOWS\Sysnative\authui.dll
2015-12-08 20:55:10 FDB262D0B2C0790385B894AA4B2C0A6C 182784 ----a-w- C:\WINDOWS\Sysnative\shutdownux.dll
2015-12-08 20:55:10 2B91178DE30EF92DD383486485B0C97D 523776 ----a-w- C:\WINDOWS\Sysnative\catsrvut.dll
2015-12-08 20:55:09 EFA47480BEB0968E3A18479593B2E60C 18944 ----a-w- C:\WINDOWS\Sysnative\wshrm.dll
====== C:\WINDOWS\Sysnative\drivers =====
2015-12-22 18:47:42 C7AF2A9877C8C0019D303A78C62BE64E 41080 ----a-w- C:\WINDOWS\Sysnative\drivers\hitmanpro37.sys
2015-12-08 20:55:12 EFEFC245B884B1BE0401931398DCD707 2152800 ----a-w- C:\WINDOWS\Sysnative\drivers\ntfs.sys
2015-12-08 20:55:10 DBBACE77DDE8CCFD85B37B114965C385 147968 ----a-w- C:\WINDOWS\Sysnative\drivers\rmcast.sys
2015-12-02 22:15:41 80977779A19947939D680A4899E829EC 604928 ----a-w- C:\WINDOWS\Sysnative\drivers\cng.sys
2015-12-02 22:15:38 DE6D7DC78D956928F59F7415A0F41E13 95072 ----a-w- C:\WINDOWS\Sysnative\drivers\sdstor.sys
2015-12-02 22:15:36 7D8B9214692C4D0F1646215D9984E19A 161632 ----a-w- C:\WINDOWS\Sysnative\drivers\ksecpkg.sys
2015-12-02 22:15:35 C24C27FDF93B85A4EFCF25F830253AA2 117248 ----a-w- C:\WINDOWS\Sysnative\drivers\capimg.sys
2015-12-01 13:10:42 DD3FD48D69F5FBBB21D46D1514C1C2DB 18456 ----a-w- C:\WINDOWS\Sysnative\drivers\psi_mf_amd64.sys
====== C:\WINDOWS\Tasks ======

 

====== C:\WINDOWS\Temp ======
======= C:\Program Files =====
2015-12-15 15:45:54 -------- d-----w- C:\Program Files\Common Files\Lavasoft
2015-12-15 02:22:28 -------- d-----w- C:\Program Files\BHOK IT Consulting
======= C:\PROGRA~2 =====
2015-12-22 18:00:34 -------- d-----w- C:\PROGRA~2\Adware Removal Tool by TSA
2015-12-17 16:00:51 -------- d-----w- C:\PROGRA~2\Adobe
2015-12-15 01:57:01 -------- d-----w- C:\PROGRA~2\BHOK IT Consulting
2015-12-06 20:58:40 -------- d-----w- C:\PROGRA~2\FileHippo.com
2015-12-06 16:12:53 -------- d---a-w- C:\PROGRA~2\COMMON~1\Skype
2015-12-04 23:50:17 -------- d---a-w- C:\PROGRA~2\Kobo
2015-11-25 23:36:12 -------- d-----w- C:\PROGRA~2\VS Revo Group
2015-11-23 15:52:57 -------- d-----w- C:\PROGRA~2\COMMON~1\InstallShield
======= C: =====
====== C:\Users\bigalx58\AppData\Roaming ======
2015-12-21 23:00:42 -------- d-----w- C:\Users\Administrator\AppData\Local\Publishers
2015-12-21 22:59:48 -------- d-----w- C:\Users\Administrator\AppData\Local\Packages
2015-12-21 22:59:47 -------- d-----w- C:\Users\Administrator\AppData\Local\TileDataLayer
2015-12-15 01:58:01 -------- d-----w- C:\Users\bigalx58\AppData\Local\IsolatedStorage
2015-12-04 23:51:11 -------- d-----w- C:\Users\bigalx58\AppData\Local\Kobo
2015-11-25 23:36:12 -------- d-----w- C:\Users\bigalx58\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
2015-11-25 23:02:52 -------- d-----w- C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\AvgSetupLog
2015-11-25 23:02:52 -------- d-----w- C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Avg
2015-11-25 23:02:49 -------- d-----w- C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Avg
====== C:\Users\bigalx58 ======
2015-12-22 18:46:31 -------- d-----w- C:\ProgramData\HitmanPro
2015-12-22 18:46:08 ECF0FC7983D69593BC6FEAD81612BE42 11323704 ----a-w- C:\Users\bigalx58\Desktop\HitmanPro_x64.exe
2015-12-22 18:30:44 AD2ADC1A55B8E1268A6DB0360F7CDA46 1961984 ----a-w- C:\Users\bigalx58\Desktop\ZHPCleaner.exe
2015-12-22 18:27:44 AD2ADC1A55B8E1268A6DB0360F7CDA46 1961984 ----a-w- C:\Users\bigalx58\Downloads\ZHPCleaner.exe
2015-12-21 23:02:49 -------- d-----r- C:\Users\Administrator\OneDrive
2015-12-21 22:59:51 -------- d-----r- C:\Users\Administrator\Searches
2015-12-21 22:59:41 6FC234AD3752E1267B34FB12BCD6718B 20 --sha-w- C:\Users\Administrator\ntuser.ini
2015-12-21 14:42:09 2CE5036C2ED480773C05E10B5BDF40E4 6805328 ----a-w- C:\Users\bigalx58\Downloads\ccsetup513 (1).exe
2015-12-21 14:39:53 2CE5036C2ED480773C05E10B5BDF40E4 6805328 ----a-w- C:\Users\bigalx58\Downloads\ccsetup513.exe
2015-12-15 02:22:28 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StudioTax 2012
2015-12-15 02:03:58 -------- d-----w- C:\ProgramData\BHOK IT Consulting
2015-12-15 02:03:25 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StudioTax Enterprise 2013
2015-12-15 01:57:00 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StudioTax 2014
2015-12-14 00:32:17 E6E9C13F8D0A8FF7B542F99525047202 929872 ----a-w- C:\Users\bigalx58\Downloads\GoogleEarthSetup - Copy.exe
2015-12-10 18:30:33 -------- d-----w- C:\ProgramData\RegInOut
2015-12-06 21:02:57 -------- d-----w- C:\ProgramData\IsolatedStorage
2015-12-06 16:12:53 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-12-04 23:51:02 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kobo
2015-12-03 14:45:06 -------- d-----w- C:\WINDOWS\serviceprofiles\Localservice\winhttp

====== C: exe-files ==
2015-12-22 20:00:44 C7A1ED4A5AD4F858131EB273E93F599B 43464 ----a-w- C:\Users\bigalx58\AppData\Local\Temp\_Del_BoostSpeed\GASender.exe
2015-12-22 19:59:20 3F73C7295C273591BD6FFDA52A0D47F2 132 ----a-w- C:\$Recycle.Bin\S-1-5-21-2005715574-247312471-105162307-1001\$IC3URSP.exe
2015-12-22 19:38:59 49E3825ACB348F848D9B841E4D48FD3B 22908888 ----a-w- C:\$Recycle.Bin\S-1-5-21-2005715574-247312471-105162307-1001\$RC3URSP.exe
2015-12-22 18:56:48 684505AAA9D1F846E80DEEAE9CEE7FA2 2190552 ----a-r- C:\Users\bigalx58\AppData\Local\Microsoft\Windows\FileHistory\Data\687\C\Users\bigalx58\Desktop\ACCESSORIES\appmanagersetup_2.0_b4_292.exe
2015-12-22 18:56:45 DC8C7854D7BC13534405CB00E0F19E19 22492741 ----a-r- C:\Users\bigalx58\AppData\Local\Microsoft\Windows\FileHistory\Data\687\C\Users\bigalx58\Documents\My Filehippo Downloads\jre-8u66-windows-x64.exe
2015-12-22 18:56:44 38BE4E69AED17CFF7C001E56C4AC95A0 1801288 ----a-r- C:\Users\bigalx58\AppData\Local\Microsoft\Windows\FileHistory\Data\687\C\Users\bigalx58\Downloads\JRT.exe
2015-12-22 18:46:08 ECF0FC7983D69593BC6FEAD81612BE42 11323704 ----a-w- C:\Users\bigalx58\Desktop\HitmanPro_x64.exe
2015-12-22 18:31:02 AD2ADC1A55B8E1268A6DB0360F7CDA46 1961984 ----a-w- C:\Users\bigalx58\AppData\Roaming\ZHP\ZHPCleaner.exe
2015-12-22 18:30:44 AD2ADC1A55B8E1268A6DB0360F7CDA46 1961984 ----a-w- C:\Users\bigalx58\Desktop\ZHPCleaner.exe
2015-12-22 18:27:44 AD2ADC1A55B8E1268A6DB0360F7CDA46 1961984 ----a-w- C:\Users\bigalx58\Downloads\ZHPCleaner.exe
2015-12-22 18:00:34 53CDBB093B0AEE9FD6CF1CBD25A95077 290304 ----a-w- C:\Windows\SysWOW64\subinacl.exe
2015-12-21 23:03:20 AD60A39A820804E89BC2EAD599ED94E1 8067784 ----a-w- C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe
2015-12-21 23:03:20 AD60A39A820804E89BC2EAD599ED94E1 8067784 ----a-w- C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\OneDriveSetup.exe
2015-12-21 23:03:14 EB0965F7AE1394C0A3165A5E9A32C44D 164040 ----a-w- C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\FileSyncConfig.exe
2015-12-21 23:03:14 2DB7D5B28812523AAF17F71A8EB4832E 171712 ----a-w- C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\FileCoAuth.exe
2015-12-21 23:02:49 2010CA459E5EC8F9D5FC8B000D130294 551112 ----a-w- C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\OneDrive.exe
2015-12-21 14:42:09 2CE5036C2ED480773C05E10B5BDF40E4 6805328 ----a-w- C:\Users\bigalx58\Downloads\ccsetup513 (1).exe
2015-12-21 14:39:53 2CE5036C2ED480773C05E10B5BDF40E4 6805328 ----a-w- C:\Users\bigalx58\Downloads\ccsetup513.exe
2015-12-21 03:12:40 A752F420A0920E5D7A00F9BBF5D3BF51 3286400 ----a-w- C:\Users\bigalx58\AppData\Roaming\Enigma Software Group\sh_installer.exe
2015-12-20 14:53:55 07F32A101C2481DD249E5987748EBD49 534635 ----a-w- C:\Program Files (x86)\Secunia\PSI\Uninstall.exe
2015-12-18 15:29:55 9F4602D70BAAE3BC8F352428280EED1A 9371480 ----a-w- C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
2015-12-18 14:06:30 D0C33795F36FDA5E6ABA96534AE40682 7319408 ----a-w- C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
2015-12-18 14:06:13 BFFC187B1FFA022F59D652A6A4CA130F 199168 ----a-w- C:\Windows\System32\InstallAgent.exe
2015-12-18 14:06:11 3A24E199AA5A30D6E7C30D01E2BF4C7E 161280 ----a-w- C:\Windows\SysWOW64\InstallAgent.exe
2015-12-18 14:06:09 687A06910237E430194D677BDAA47E96 219136 ----a-w- C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
2015-12-18 14:06:06 D1BB4122E41E04E2D8D57702396AE031 412512 ----a-w- C:\Windows\System32\wifitask.exe
2015-12-18 14:06:06 14CE7BCE9C6A442BD4B93AB3CB8765BF 375296 ----a-w- C:\Windows\System32\MDEServer.exe
2015-12-18 14:06:05 791B8A108F9A7CC72E5DF83A9992557D 2095968 ----a-w- C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
2015-12-18 14:06:05 1C671129864880F66678D3B80316074E 56320 ----a-w- C:\Windows\System32\provtool.exe
2015-12-18 14:06:04 2E75E8FC1E833E2BB55D4272E3674B8D 104448 ----a-w- C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\ActionUriServer.exe
2015-12-18 14:06:02 A311E40B856ACCE11AD177AD40574385 356864 ----a-w- C:\Windows\SystemApps\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\XBox.TCUI.exe
2015-12-18 14:06:01 F60E1993D8D8FD2E23516C1278B209C1 34304 ----a-w- C:\Windows\SysWOW64\BackgroundTransferHost.exe
2015-12-18 14:06:01 1CC123FE215B7FFBA4B7889FD13B32D5 36864 ----a-w- C:\Windows\System32\BackgroundTransferHost.exe
2015-12-17 15:23:07 C15386596BAB3A7FD891584C24310269 57460536 ----a-w- C:\Users\bigalx58\AppData\Local\Kobo\Kobo Desktop Edition\KoboSetup.exe
=== C: other files ==
2015-12-22 18:47:42 C7AF2A9877C8C0019D303A78C62BE64E 41080 ----a-w- C:\Windows\System32\drivers\hitmanpro37.sys
2015-12-21 23:03:13 8CF4163521FDB8E53482003C7EFA7121 5850 ----a-w- C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\CollectOneDriveLogs.bat
2015-12-18 14:06:04 78065D08A6D5886ACF9B6BA7E34A554C 3593216 ----a-w- C:\Windows\System32\win32kfull.sys

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OneDriveSetup "= "C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup "

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OneDriveSetup "= "C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup "

[HKEY_USERS\S-1-5-21-2005715574-247312471-105162307-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OneDrive "= "C:\Users\bigalx58\AppData\Local\Microsoft\OneDrive\OneDrive.exe /background "
"CCleaner Monitoring "= "C:\Program Files\CCleaner\CCleaner64.exe /MONITOR "
"SUPERAntiSpyware "= "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe "
"MyDriveConnect.exe "= "C:\Program Files (x86)\MyDrive Connect\TomTom MyDrive Connect.exe "
"Skype "= "C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun "
"FileHippo.com "= "C:\Program Files (x86)\FileHippo.com\FileHippo.AppManager.exe /background "

[HKEY_USERS\S-1-5-21-2005715574-247312471-105162307-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Uninstall C:\Users\bigalx58\AppData\Local\Microsoft\OneDrive\17.3.6201.1019_1\amd64 "= "C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q C:\Users\bigalx58\AppData\Local\Microsoft\OneDrive\17.3.6201.1019_1\amd64 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe "= "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe -osboot "
"RealDownloader "= "C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe "
"SunJavaUpdateSched "= "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe "

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"OneDrive "= "C:\Users\bigalx58\AppData\Local\Microsoft\OneDrive\OneDrive.exe /background "
"CCleaner Monitoring "= "C:\Program Files\CCleaner\CCleaner64.exe /MONITOR "
"SUPERAntiSpyware "= "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe "
"MyDriveConnect.exe "= "C:\Program Files (x86)\MyDrive Connect\TomTom MyDrive Connect.exe "
"Skype "= "C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun "
"FileHippo.com "= "C:\Program Files (x86)\FileHippo.com\FileHippo.AppManager.exe /background "

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Uninstall C:\Users\bigalx58\AppData\Local\Microsoft\OneDrive\17.3.6201.1019_1\amd64 "= "C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q C:\Users\bigalx58\AppData\Local\Microsoft\OneDrive\17.3.6201.1019_1\amd64 "

==== Startup Registry Enabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL "= "C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s "

==== Task Scheduler Jobs ======================

C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job --a-------- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-10-19 03:27 PM]
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job --a-------- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-10-19 03:27 PM]

==== Other Scheduled Tasks ======================

"C:\WINDOWS\SysNative\tasks\CCleanerSkipUAC" [ "C:\Program Files\CCleaner\CCleaner.exe"]
"C:\WINDOWS\SysNative\tasks\CreateExplorerShellUnelevatedTask" [C:\WINDOWS\explorer.exe]
"C:\WINDOWS\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\WINDOWS\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\WINDOWS\SysNative\tasks\RealDownloader Update Check" [C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe]
"C:\WINDOWS\SysNative\tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-2005715574-247312471-105162307-1001" [C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe]
"C:\WINDOWS\SysNative\tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-2005715574-247312471-105162307-1001" [C:\Program Files (x86)\RealNetworks\RealDownloader\RealUpgrade.exe]
"C:\WINDOWS\SysNative\tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2005715574-247312471-105162307-1001" [C:\Program Files (x86)\RealNetworks\RealDownloader\RealUpgrade.exe]
"C:\WINDOWS\SysNative\tasks\User_Feed_Synchronization-{4817BCF8-46B0-4610-8FE7-434EF13F4E40}" [C:\WINDOWS\system32\msfeedssync.exe]
"C:\WINDOWS\SysNative\tasks\Auslogics\BoostSpeed\Scan and Repair" [rundll32.exe TaskSchedulerHelper.dll,RunTask "BoostSpeed.exe" "-UseTray -Schedule"]

==== Firefox Extensions ======================

ProfilePath: C:\Users\bigalx58\AppData\Roaming\TomTom\HOME\Profiles\zr6d8e3d.default
- Undetermined - C:\Program Files (x86)\TomTom HOME 2\xul\extensions\MapShare-status@tomtom.com
- Undetermined - C:\Program Files (x86)\TomTom HOME 2\xul\extensions\baseTheme@tomtom.com

==== Firefox Plugins ======================


==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page "= "http://ca.my.msn.com/?lang=en-ca "
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Search Bar "= "http://www.google.com "
"Start Page Redirect Cache "= "http://www.google.com "
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Search Bar "= "http://www.google.com "
"Start Page Redirect Cache "= "http://www.google.com "

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page "= "http://ca.my.msn.com/?lang=en-ca "
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Search Bar "= "http://go.microsoft.com/fwlink/?LinkId=54896 "
"Start Page Redirect Cache "= "http://go.microsoft.com/fwlink/?LinkId=69157 "
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Search Bar "= "http://go.microsoft.com/fwlink/?LinkId=54896 "
"Start Page Redirect Cache "= "http://go.microsoft.com/fwlink/?LinkId=69157 "

==== All HKLM and HKCU SearchScopes ======================

HKLM\SearchScopes "DefaultScope "= "{0633EE93-D776-472f-A0FF-E1416B8B2E3A} "
HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
HKLM\Wow6432Node\SearchScopes "DefaultScope "= "{0633EE93-D776-472f-A0FF-E1416B8B2E3A} "
HKLM\Wow6432Node\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
HKCU\SearchScopes "DefaultScope "= "{0633EE93-D776-472f-A0FF-E1416B8B2E3A} "
HKCU\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} - http://www.google.com/search?q={searchTerms}
HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02

==== Reset IE Proxy ======================

Value(s) before fix:
"ProxyEnable "=dword:00000000

Value(s) after fix:
"ProxyEnable "=dword:00000000

==== Uninstall List x64 ======================

Adobe Digital Editions 3.0 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Digital Editions 3.0]
Adobe Shockwave Player 12.2 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Shockwave Player]
Auslogics BoostSpeed 8 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{7216871F-869E-437C-B9BF-2A13F2DCE63F}_is1]
Auslogics Registry Cleaner [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{8D8024F1-2945-49A5-9B78-5AB7B11D7942}_is1]
Canon MP Navigator EX 2.1 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\MP Navigator EX 2.1]
CCleaner [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\CCleaner]
D3DX10 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{E09C4DB7-630C-4F06-A631-8EA7239923AF}]
FileHippo App Manager [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\FileHippo.com]
Google Earth [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{817750FA-EC6A-485D-9901-0683AE6FFDF1}]
Google Update Helper [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}]
Java 8 Update 66 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F83218066F0}]
Kobo [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Kobo]
LastPass (uninstall only) [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\LastPass]
LibreOffice 4.4.6.3 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1013DB12-EC2E-455E-B5ED-BFD056DC1A99}]
Malwarebytes Anti-Malware version 2.2.0.1024 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Malwarebytes Anti-Malware_is1]
Microsoft SQL Server 2005 Compact Edition [ENU] [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}]
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}]
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}]
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9BE518E6-ECC6-35A9-88E4-87755C07200F}]
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}]
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{B175520C-86A2-35A7-8619-86DC379688B9}]
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}]
Movie Maker [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{38F03569-A636-4CF3-BDDE-032C8C251304}]
Movie Maker [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{DD67BE4B-7E62-4215-AFA3-F123A800A389}]
MSVCRT [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}]
MSVCRT110 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}]
MSVCRT110_amd64 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{E9FA781F-3E80-4399-825A-AD3E11C28C77}]
MyDriveConnect 4.0.7.2442 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\MyDriveConnect]
NetViewer 2.1.373.0 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\NetViewer]
NVIDIA Control Panel 353.62 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel]
NVIDIA Install Application [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer]
Photo Common [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{CAA0F57A-BA8C-4AD8-AA03-F32B0E4F5623}]
Photo Gallery [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{07AAB66E-4718-422D-9218-4AFB3C922A71}]
Photo Gallery [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{C992FFE0-AC32-4FA9-BC9A-F1637B9E655D}]
RealDownloader [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{0415f03a-c9b1-4179-ad1c-b7511ae49c2a}]
RealDownloader [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{E60834D5-24DD-4C76-A9A6-5A6766FB4448}]
RealDownloader [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{FB20AA56-F683-463A-8812-90A3507E96F9}]
RealNetworks - Microsoft Visual C++ 2008 Runtime [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}]
RealNetworks - Microsoft Visual C++ 2010 Runtime [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{21E47F47-C9A7-4454-BA48-388327B0EA00}]
RealNetworks - Microsoft Visual C++ 2010 Runtime [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}]
Realtek High Definition Audio Driver [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}]
RealTimes (RealPlayer) [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\RealPlayer 18.1]
RealUpgrade 1.1 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}]
Revo Uninstaller 1.95 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Revo Uninstaller]
Samsung Kies3 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{88547073-C566-4895-9005-EBE98EA3F7C7}]
Samsung Kies3 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}]
Secunia PSI (3.0.0.11003) [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Secunia PSI]
Skype Click to Call [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}]
SkypeT 7.16 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{FC965A47-4839-40CA-B618-18F486F042C6}]
Smart Switch [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}]
Smart Switch [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}]
Sophos Virus Removal Tool [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{B829E117-D072-41EA-9606-9826A38D34C1}]
SpywareBlaster 5.2 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SpywareBlaster_is1]
StudioTax 2012 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{6142A6DA-6B63-4399-9F22-DFF494E23F70}]
StudioTax 2014 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{2EF6F96B-39E8-42AB-9338-25F801615CD8}]
StudioTax Enterprise 2013 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{C90A1582-17FA-4E34-AA3A-2B1B4CE11A3F}]
SUPERAntiSpyware [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}]
swMSM [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{612C34C7-5E90-47D8-9B5C-0F717DD82726}]
UpdateService [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{E3AE96D6-E196-45B4-AF62-2B41998B9E37}]
Video Downloader [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{E60AFF01-6087-47BD-8272-61FA3CFC309D}]
Visual Studio 2012 x64 Redistributables [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}]
Visual Studio 2012 x86 Redistributables [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}]
Visual Studio C++ 10.0 Runtime [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{4412F224-3849-4461-A3E9-DEEF8D252790}]
Windows Live Communications Platform [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{41C61308-6CFD-4D54-AB6A-7136ED08A18E}]
Windows Live Essentials [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{66B5819D-DE70-42BE-B40F-978FBA12452E}]
Windows Live Essentials [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WinLiveSuite]
Windows Live Installer [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{659CB81C-B54E-4DF1-B618-F35777393A54}]
Windows Live Photo Common [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1D6432B4-E24D-405E-A4AB-D7E6D088CBC9}]
Windows Live PIMT Platform [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{B2611F8A-EFE7-4E88-875D-19F0EFAE87E4}]
Windows Live SOXE [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{CDC1AB00-01FF-4FC7-816A-16C67F0923C0}]
Windows Live SOXE Definitions [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{D1893000-EA77-493C-8DDD-E262436E959B}]
Windows Live UX Platform [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{00F9DB8C-65D7-4D47-AB5F-F698EE38580D}]
Windows Live UX Platform Language Pack [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{6522F5F9-411B-4513-A75B-CEA00395F032}]
Windows Live Writer [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{04BE4035-3C8E-4B48-BFB8-1655849C0C8B}]
Windows Live Writer [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{714E162E-CD4F-4F1B-8302-7F5179409C25}]
Windows Live Writer [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A2DC527D-FA79-46E9-973F-920897CA55E9}]
Windows Live Writer Resources [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{0F974770-76EB-4C38-986E-E7BDD9C0DFC4}]
WOT for Internet Explorer [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{373B90E1-A28C-434C-92B6-7281AFA6115A}]

==== HijackThis Entries ======================

O2 - BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_66\bin\ssv.dll
O2 - BHO: LastPass Vault - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: WOT Helper - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files (x86)\WOT\WOT.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_66\bin\jp2ssv.dll
O3 - Toolbar: WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll
O3 - Toolbar: LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot
O4 - HKLM\..\Run: [RealDownloader] C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe "
O4 - HKCU\..\Run: [OneDrive] "C:\Users\bigalx58\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [MyDriveConnect.exe] "C:\Program Files (x86)\MyDrive Connect\TomTom MyDrive Connect.exe "
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [FileHippo.com] "C:\Program Files (x86)\FileHippo.com\FileHippo.AppManager.exe" /background
O4 - HKCU\..\RunOnce: [Uninstall C:\Users\bigalx58\AppData\Local\Microsoft\OneDrive\17.3.6201.1019_1\amd64] C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\bigalx58\AppData\Local\Microsoft\OneDrive\17.3.6201.1019_1\amd64 "
O4 - HKUS\S-1-5-19\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'NETWORK SERVICE')
O4 - Global Startup: Install LastPass IE RunOnce.lnk = C:\Program Files (x86)\Common Files\lpuninstall.exe
O4 - Global Startup: RealTimes.lnk = C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpsystray.exe
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: LastPass - file://C:\Users\bigalx58\AppData\LocalLow\LastPass\context.html?cmd=lastpass
O8 - Extra context menu item: LastPass Fill Forms - file://C:\Users\bigalx58\AppData\LocalLow\LastPass\context.html?cmd=fillforms
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPToolbar.dll
O9 - Extra 'Tools' menuitem: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPToolbar.dll
O9 - Extra button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: http://*.webcompanion.com
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - https://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
O18 - Protocol: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Protocol: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Protocol: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files (x86)\WOT\WOT.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: AvgAMPS - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\Av\avgamps.exe
O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\WINDOWS\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: MBAMService - Malwarebytes - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\WINDOWS\system32\nvvsvc.exe (file missing)
O23 - Service: RealPlayer Update Service (RealPlayerUpdateSvc) - Unknown owner - C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
O23 - Service: RealTimes Desktop Service - RealNetworks, Inc. - C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Secunia PSI Agent - Secunia - C:\Program Files (x86)\Secunia\PSI\PSIA.exe
O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\WINDOWS\System32\SensorDataService.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\WINDOWS\system32\TieringEngineService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

==== Empty IE Cache ======================

C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\bigalx58\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\bigalx58\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\bigalx58\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Users\bigalx58\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully

==== Empty FireFox Cache ======================

No FireFox Profiles found

==== Empty Chrome Cache ======================

No Chrome User Data found

==== Empty All Flash Cache ======================

No Flash Cache Found

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=22 folders=26 30032851 bytes)

==== Empty Temp Folders ======================

C:\Users\bigalx58\AppData\Temp emptied successfully
C:\WINDOWS\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\WINDOWS\Temp successfully emptied
C:\Users\bigalx58\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on 2015-12-22 at 15:24:33.97 ======================

 

I'm hoping I got it right.....BTW MAM showed no threats. Wow, this was a long day!! I'm eagerly awaiting your verdict!

 

Results of screen317's Security Check version 1.014 --- 12/23/15
x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Windows Defender
AVG AntiVirus Free Edition
Antivirus up to date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
SpywareBlaster 5.2
Secunia PSI (3.0.0.11003)
Auslogics Registry Cleaner
````````Process Check: objlist.exe by Laurent````````
Windows Defender MSMpEng.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````

DelFix v1.011 - Logfile created 22/12/2015 at 19:33:29
# Updated 18/08/2015 by Xplode
# Username : bigalx58 - BIGALX58-PC
# Operating System : Windows 10 Home (64 bits)

~ Removing disinfection tools ...

Deleted : C:\zoek_backup
Deleted : C:\AdwCleaner
Deleted : C:\zoek-results.log
Deleted : C:\Users\bigalx58\Desktop\JRT.txt
Deleted : C:\Users\bigalx58\Desktop\SecurityCheck.exe
Deleted : C:\Users\bigalx58\Desktop\ZHPCleaner.txt
Deleted : C:\Users\bigalx58\Downloads\JRT.exe
Deleted : C:\Users\bigalx58\Downloads\ZHPCleaner.exe
Deleted : HKLM\SOFTWARE\OldTimer Tools
Deleted : HKLM\SOFTWARE\AdwCleaner
Deleted : HKLM\SOFTWARE\TrendMicro\Hijackthis

~ Cleaning system restore ...

Deleted : RP #11 [Windows Update | 12/10/2015 14:12:46]
Deleted : RP #12 [Revo Uninstaller's restore point - Auslogics DiskDefrag | 12/13/2015 19:20:18]
Deleted : RP #13 [Installed StudioTax 2014 | 12/15/2015 01:56:36]
Deleted : RP #14 [Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 | 12/17/2015 15:24:50]
Deleted : RP #15 [JRT Pre-Junkware Removal | 12/21/2015 03:07:20]
Deleted : RP #16 [My restore | 12/21/2015 16:04:30]
Deleted : RP #17 [JRT Pre-Junkware Removal | 12/22/2015 02:20:39]
Deleted : RP #18 [JRT Pre-Junkware Removal | 12/22/2015 17:54:21]

New restore point created !

########## - EOF - ##########

 

BTW..I didn't uninstall Netviewer because my outdoor cameras are connected to it.

 

Uninstalled what you suggested. Can't find SpyHunter! Computer is running well!
Thanks so much for your assistance! I learned a lot! Enjoy the Holiday Season!