TechSpot

Continue live installation removal

By stratagem72
Mar 28, 2015
  1. Hi there,

    I last visited this site some years ago and have had a few problems solved (thankyou). I haven't had the need to revisit until now. I've obtained something that puts a shortcut on my desktop that says 'continue live installation' every reboot and pops up with some installer screen. Eveything I know how to do has thus far failed so here I am again. Logs pasted below as requested.


    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
    Ran by Cam Laptop (administrator) on CAMLAPTOP-PC on 28-03-2015 20:44:39
    Running from C:\Users\Cam Laptop\Desktop
    Loaded Profiles: UpdatusUser & Cam Laptop (Available profiles: UpdatusUser & Cam Laptop)
    Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
    Internet Explorer Version 9 (Default browser: Chrome)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    (ASUSTeK Computer Inc.) C:\Windows\System32\FBAgent.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    (Microsoft Corporation) C:\Windows\System32\wlanext.exe
    (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
    (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
    (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
    (Nero AG) C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe
    () C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
    (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
    (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    (Sunbelt Software) C:\Program Files (x86)\Sunbelt Software\VIPRE\SBAMSvc.exe
    (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
    (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
    (ASUS) C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
    (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
    (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
    (ASUS) C:\Program Files\P4G\BatteryLife.exe
    (ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
    (Sunbelt Software) C:\Program Files (x86)\Sunbelt Software\VIPRE\SBPIMSvc.exe
    () C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe
    (Intel(R) Corporation) C:\Program Files\Intel\TurboBoost\TurboBoost.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    () C:\Users\Cam Laptop\AppData\Roaming\66DE6100-1427144633-81E1-3E9E-5404A639C413\jnslBAB6.tmp
    (Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
    (Intel Corporation) C:\Windows\System32\igfxtray.exe
    (Intel Corporation) C:\Windows\System32\hkcmd.exe
    (Intel Corporation) C:\Windows\System32\igfxpers.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
    (Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
    (Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
    (Angus Johnson) C:\Program Files (x86)\Internode\mum.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
    (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
    () C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
    (Sunbelt Software) C:\Program Files (x86)\Sunbelt Software\VIPRE\SBAMTray.exe
    (SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\FAX Utility\FUFAXRCV.exe
    (SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\FAX Utility\FUFAXSTM.exe
    (SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
    (Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
    (ASUS) C:\Windows\AsScrPro.exe
    (CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    (Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
    (Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
    (TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (BitTorrent Inc.) C:\Users\Cam Laptop\AppData\Roaming\uTorrent\uTorrent.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.101\nacl64.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.101\nacl64.exe


    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1387376 2014-05-13] (Realtek Semiconductor)
    HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2589992 2011-04-13] (ELAN Microelectronics Corp.)
    HKLM\...\Run: [IntelTBRunOnce] => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
    HKLM\...\Run: [Setwallpaper] => c:\programdata\SetWallpaper.cmd
    HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3100440 2014-05-20] (Logitech, Inc.)
    HKLM\...\Run: [SBRegRebootCleaner] => C:\Program Files (x86)\Sunbelt Software\VIPRE\SBRC.exe [197968 2011-05-11] (Sunbelt Software)
    HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [2018032 2011-04-02] (ASUSTek Computer Inc.)
    HKLM-x32\...\Run: [ATKOSD2] => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [5732992 2010-08-18] (ASUS)
    HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2010-10-08] (ASUS)
    HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-20] (ASUS)
    HKLM-x32\...\Run: [Wireless Console 3] => C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [1601536 2010-09-24] ()
    HKLM-x32\...\Run: [McDiags AutoLaunch] => [X]
    HKLM-x32\...\Run: [SBAMTray] => C:\Program Files (x86)\Sunbelt Software\VIPRE\SBAMTray.exe [1353040 2011-05-11] (Sunbelt Software)
    HKLM-x32\...\Run: [FUFAXRCV] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe [502952 2012-07-09] (SEIKO EPSON CORPORATION)
    HKLM-x32\...\Run: [FUFAXSTM] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [863400 2012-07-09] (SEIKO EPSON CORPORATION)
    HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1058912 2012-04-02] (SEIKO EPSON CORPORATION)
    Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
    Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
    HKU\S-1-5-21-1043452877-789864633-615203981-1000\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler
    HKU\S-1-5-21-1043452877-789864633-615203981-1000\...\Run: [InternodeUsage] => C:\Program Files (x86)\Internode\mum.exe [2242560 2014-12-05] (Angus Johnson)
    HKU\S-1-5-21-1043452877-789864633-615203981-1000\...\Run: [GoogleChromeAutoLaunch_48E3BD7109F03F0636B1DE020A82339F] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [809288 2015-03-14] (Google Inc.)
    HKU\S-1-5-21-1043452877-789864633-615203981-1000\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIJJE.EXE [283232 2012-02-28] (SEIKO EPSON CORPORATION)
    HKU\S-1-5-21-1043452877-789864633-615203981-1001\...\Run: [InternodeUsage] => C:\Program Files (x86)\Internode\mum.exe [2242560 2014-12-05] (Angus Johnson)
    HKU\S-1-5-21-1043452877-789864633-615203981-1001\...\Run: [GoogleChromeAutoLaunch_48E3BD7109F03F0636B1DE020A82339F] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [809288 2015-03-14] (Google Inc.)
    HKU\S-1-5-21-1043452877-789864633-615203981-1001\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIJJE.EXE [283232 2012-02-28] (SEIKO EPSON CORPORATION)
    HKU\S-1-5-21-1043452877-789864633-615203981-1001\...\Run: [TomTomHOME.exe] => C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe [248176 2014-12-19] (TomTom)
    AppInit_DLLs-x32: c:\windows\syswow64\nvinit.dll => c:\windows\syswow64\nvinit.dll [193128 2011-05-11] (NVIDIA Corporation)
    ShellIconOverlayIdentifiers: [AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\ASUSWSShellExt64.dll (eCareme Technologies, Inc.)
    ShellIconOverlayIdentifiers: [AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\ASUSWSShellExt64.dll (eCareme Technologies, Inc.)

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
    HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
    HKU\S-1-5-21-1043452877-789864633-615203981-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://asus.msn.com
    HKU\S-1-5-21-1043452877-789864633-615203981-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus.msn.com
    HKU\S-1-5-21-1043452877-789864633-615203981-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox
    SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox
    SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox
    SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox
    SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?source...nputEncoding}&oe={outputEncoding}&rlz=1I7ASUT
    SearchScopes: HKU\S-1-5-21-1043452877-789864633-615203981-1000 -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?source...nputEncoding}&oe={outputEncoding}&rlz=1I7ASUT
    SearchScopes: HKU\S-1-5-21-1043452877-789864633-615203981-1000 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?source...nputEncoding}&oe={outputEncoding}&rlz=1I7ASUT
    SearchScopes: HKU\S-1-5-21-1043452877-789864633-615203981-1000 -> {6BCDCE8D-9CAC-4AF5-9DB9-F7E57288A891} URL = https://www.google.com/search?q={searchTerms}
    SearchScopes: HKU\S-1-5-21-1043452877-789864633-615203981-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-1043452877-789864633-615203981-1001 -> {6BCDCE8D-9CAC-4AF5-9DB9-F7E57288A891} URL = https://www.google.com/search?q={searchTerms}
    BHO: Search App by Ask -> {41564952-412D-5350-00A7-7A786E7484D7} -> "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-SP\Passport_x64.dll" No File
    BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-22] (Microsoft Corp.)
    BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll [2014-05-20] (Logitech, Inc.)
    BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
    BHO-x32: Search App by Ask -> {41564952-412D-5350-00A7-7A786E7484D7} -> "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-SP\Passport.dll" No File
    BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-01-21] (Oracle Corporation)
    BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-22] (Microsoft Corp.)
    BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2014-05-20] (Logitech, Inc.)
    BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
    BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation)
    BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-21] (Oracle Corporation)
    Toolbar: HKLM - Search App by Ask - {41564952-412D-5350-00A7-7A786E7484D7} - "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-SP\Passport_x64.dll" No File
    Toolbar: HKLM-x32 - Search App by Ask - {41564952-412D-5350-00A7-7A786E7484D7} - "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-SP\Passport.dll" No File
    Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2012-10-01] (Microsoft Corporation)
    Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

    FireFox:
    ========
    FF ProfilePath: C:\Users\Cam Laptop\AppData\Roaming\Mozilla\Firefox\Profiles\wcmgAloW.default
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-05] ()
    FF Plugin: @microsoft.com/GENUINE -> disabled No File
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
    FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~3\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-05] ()
    FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-21] (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-21] (Oracle Corporation)
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
    FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
    FF user.js: detected! => C:\Users\Cam Laptop\AppData\Roaming\Mozilla\Firefox\Profiles\wcmgAloW.default\user.js [2015-03-24]
    FF Extension: Avira Browser Safety - C:\Users\Cam Laptop\AppData\Roaming\Mozilla\Firefox\Profiles\wcmgAloW.default\Extensions\abs@avira.com [2014-08-13]
    FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
    FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2014-08-18]

    Chrome:
    =======
    CHR HomePage: Default ->
    CHR StartupUrls: Default -> "", "hxxp://google.com.au/", "hxxp://www.mystartsearch.com/?type=hp&ts=1427144569&from=slbnew&uid=HitachiXHTS547575A9E384_J2540054HULR3EHULR3EX"
    CHR Profile: C:\Users\Cam Laptop\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Google Docs) - C:\Users\Cam Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-08-13]
    CHR Extension: (Google Drive) - C:\Users\Cam Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-08-13]
    CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Cam Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-03-05]
    CHR Extension: (YouTube) - C:\Users\Cam Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-08-13]
    CHR Extension: (Google Search) - C:\Users\Cam Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-08-13]
    CHR Extension: (Gmail™ Notifier) - C:\Users\Cam Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcjichoefijpinlfnjghokpkojhlhkgl [2014-08-18]
    CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Cam Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-27]
    CHR Extension: (Google Mail Checker) - C:\Users\Cam Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff [2014-08-13]
    CHR Extension: (Google Wallet) - C:\Users\Cam Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-08-13]
    CHR Extension: (Gmail) - C:\Users\Cam Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-08-13]
    CHR HKLM\...\Chrome\Extension: [aaaaafhgaihilbkellglkpeiegabpjem] - C:\ProgramData\AskPartnerNetwork\Toolbar\Shared\CRX\aaaaafhgaihilbkellglkpeiegabpjem.crx [2014-09-11]
    CHR HKLM-x32\...\Chrome\Extension: [aaaaafhgaihilbkellglkpeiegabpjem] - C:\ProgramData\AskPartnerNetwork\Toolbar\Shared\CRX\aaaaafhgaihilbkellglkpeiegabpjem.crx [2014-09-11]
    CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
     
  2. stratagem72

    stratagem72 TS Rookie Topic Starter Posts: 26

    ==================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    S2 CLKMSVC10_38F51D56; C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [241648 2010-11-13] (CyberLink)
    R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [135824 2011-12-12] (Seiko Epson Corporation)
    R2 HTCMonitorService; C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [87368 2014-08-04] (Nero AG)
    S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [284912 2014-01-08] ()
    R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [166912 2013-10-17] () [File not signed]
    R2 SBAMSvc; C:\Program Files (x86)\Sunbelt Software\VIPRE\SBAMSvc.exe [2804280 2011-05-11] (Sunbelt Software)
    R2 SBPIMSvc; C:\Program Files (x86)\Sunbelt Software\VIPRE\SBPIMSvc.exe [181584 2011-05-11] (Sunbelt Software)
    S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
    R2 xuhejygu; C:\Users\Cam Laptop\AppData\Roaming\66DE6100-1427144633-81E1-3E9E-5404A639C413\jnslBAB6.tmp [131584 2015-03-24] () [File not signed]
    R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3674864 2014-01-08] (Intel® Corporation)
    S2 APNMCP; "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe" [X]

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    S3 HtcVCom32; C:\Windows\System32\DRIVERS\HtcVComV64.sys [121800 2010-03-08] (QUALCOMM Incorporated)
    R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
    S3 RDID1149; C:\Windows\System32\Drivers\rdwm1149.sys [234112 2013-12-18] (Roland Corporation)
    R2 sbapifs; C:\Windows\System32\DRIVERS\sbapifs.sys [72280 2011-05-11] (Sunbelt Software)
    R1 SbFw; C:\Windows\System32\drivers\SbFw.sys [253528 2011-04-05] (Sunbelt Software, Inc.)
    S3 SBFWIMCL; C:\Windows\System32\DRIVERS\sbfwim.sys [84568 2011-02-08] (Sunbelt Software, Inc.)
    R3 SBFWIMCLMP; C:\Windows\System32\DRIVERS\SBFWIM.sys [84568 2011-02-08] (Sunbelt Software, Inc.)
    S3 sbhips; C:\Windows\System32\drivers\sbhips.sys [60504 2011-04-05] (Sunbelt Software, Inc.)
    R1 SBRE; C:\Windows\system32\drivers\SBREdrv.sys [55384 2011-04-29] (Sunbelt Software)
    R1 SBRE; C:\Windows\SysWOW64\drivers\SBREdrv.sys [101720 2011-04-29] (Sunbelt Software)
    R1 SbTis; C:\Windows\System32\drivers\sbtis.sys [94296 2011-04-05] (Sunbelt Software, Inc.)
    R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13832 2010-04-17] ()
    S1 cherimoya; system32\drivers\cherimoya.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


    ==================== One Month Created Files and Folders ========

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-03-28 20:44 - 2015-03-28 20:45 - 00023371 _____ () C:\Users\Cam Laptop\Desktop\FRST.txt
    2015-03-28 20:14 - 2015-03-28 20:14 - 00001062 _____ () C:\Users\Cam Laptop\Desktop\Continue Live Installation.lnk
    2015-03-28 20:13 - 2015-03-28 20:13 - 00008370 _____ () C:\Users\Cam Laptop\Downloads\[kickass.to]kidnapping.mr.heineken.2015.720p.brrip.x264.yify.torrent
    2015-03-28 20:10 - 2015-03-28 20:10 - 00008111 _____ () C:\Users\Cam Laptop\Downloads\[kickass.to]let.us.prey.2014.720p.brrip.x264.yify.torrent
    2015-03-28 20:09 - 2015-03-28 20:44 - 00000000 ____D () C:\FRST
    2015-03-28 19:36 - 2015-03-28 19:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TomTom
    2015-03-28 19:32 - 2015-03-28 19:32 - 00000000 ____D () C:\Users\Cam Laptop\Documents\TomTom
    2015-03-28 19:32 - 2015-03-28 19:32 - 00000000 ____D () C:\ProgramData\TomTom
    2015-03-28 19:31 - 2015-03-28 19:36 - 00000000 ____D () C:\Program Files (x86)\TomTom HOME 2
    2015-03-28 19:31 - 2015-03-28 19:31 - 00000000 ____D () C:\Users\Cam Laptop\AppData\Roaming\TomTom
    2015-03-28 19:31 - 2015-03-28 19:31 - 00000000 ____D () C:\Users\Cam Laptop\AppData\Local\TomTom
    2015-03-28 19:31 - 2015-03-28 19:31 - 00000000 ____D () C:\Program Files (x86)\TomTom International B.V
    2015-03-28 19:30 - 2015-03-28 19:30 - 00000000 ____D () C:\Program Files (x86)\TomTom DesktopSuite
    2015-03-27 22:40 - 2015-03-27 22:40 - 02095616 _____ (Farbar) C:\Users\Cam Laptop\Desktop\FRST64.exe
    2015-03-27 18:28 - 2015-03-27 18:28 - 00057410 _____ () C:\Users\Cam Laptop\Downloads\[kickass.to]kill.me.three.times.2014.hdrip.xvid.etrg.torrent
    2015-03-27 18:27 - 2015-03-27 18:27 - 00107546 _____ () C:\Users\Cam Laptop\Downloads\[kickass.to]robot.overlords.2014.hdrip.xvid.ac3.evo.torrent
    2015-03-27 18:26 - 2015-03-27 18:26 - 00019704 _____ () C:\Users\Cam Laptop\Downloads\[kickass.to]greys.anatomy.s11e17.hdtv.x264.killers.ettv.torrent
    2015-03-27 18:25 - 2015-03-27 18:25 - 00028280 _____ () C:\Users\Cam Laptop\Downloads\[kickass.to]vikings.s03e06.hdtv.x264.killers.ettv.torrent
    2015-03-24 22:56 - 2015-03-24 22:56 - 00340816 _____ () C:\Users\Cam Laptop\Downloads\394365_intl_x64_zip.exe
    2015-03-24 21:08 - 2015-03-24 21:10 - 00874664 _____ () C:\Windows\Minidump\032415-91432-01.dmp
    2015-03-24 14:39 - 2015-03-24 14:39 - 00020217 _____ () C:\Users\Cam Laptop\Downloads\[kickass.to]better.call.saul.s01e08.hdtv.x264.lol.ettv.torrent
    2015-03-24 10:06 - 2015-03-24 10:06 - 00012464 _____ () C:\Users\Cam Laptop\Downloads\[kickass.to]moone.boy.s03e04.hdtv.x264.failed.ettv.torrent
    2015-03-24 08:09 - 2015-03-24 08:09 - 00000000 ____D () C:\ProgramData\2c26551400000e3f
    2015-03-24 08:08 - 2015-03-24 08:08 - 00000000 ____D () C:\Users\Cam Laptop\AppData\Local\66DE6100-1427184519-81E1-3E9E-5404A639C413
    2015-03-24 08:04 - 2015-03-24 14:09 - 00000000 ____D () C:\Program Files (x86)\globalUpdate
    2015-03-24 08:04 - 2015-03-24 08:04 - 00000000 ____D () C:\Users\Cam Laptop\AppData\Local\globalUpdate
    2015-03-24 08:03 - 2015-03-25 14:36 - 00000000 ____D () C:\Users\Cam Laptop\AppData\Roaming\66DE6100-1427144633-81E1-3E9E-5404A639C413
    2015-03-24 08:02 - 2015-03-24 08:22 - 00000000 ____D () C:\Program Files\shopperz
    2015-03-24 08:02 - 2015-03-24 08:02 - 00000000 ____D () C:\Program Files (x86)\gmsd_au_109
    2015-03-23 22:06 - 2015-03-23 22:06 - 00000000 ____H () C:\ProgramData\DP45977C.lfl
    2015-03-23 22:03 - 2014-05-14 18:37 - 03962840 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHD64.sys
    2015-03-23 22:03 - 2014-05-14 16:00 - 01099203 _____ () C:\Windows\system32\Drivers\RTAIODAT.DAT
    2015-03-23 22:03 - 2014-05-12 20:11 - 60636160 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoRes64.dat
    2015-03-23 22:03 - 2014-05-09 11:17 - 00628952 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtDataProc64.dll
    2015-03-23 22:03 - 2014-05-02 11:19 - 00033592 _____ () C:\Windows\system32\audioLibVc.dll
    2015-03-23 22:03 - 2014-04-30 11:34 - 00948952 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoInstII64.dll
    2015-03-23 22:03 - 2014-04-28 15:48 - 02800344 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RltkAPO64.dll
    2015-03-23 22:03 - 2014-04-25 13:51 - 02834648 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtPgEx64.dll
    2015-03-23 22:03 - 2014-04-25 13:23 - 01022168 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkApi64.dll
    2015-03-23 22:03 - 2014-04-23 17:51 - 02117424 _____ () C:\Windows\system32\SStudio.dll
    2015-03-23 22:03 - 2014-04-17 17:42 - 01317976 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO6064.dll
    2015-03-23 22:03 - 2014-04-17 17:42 - 01168472 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO5064.dll
    2015-03-23 22:03 - 2014-04-17 17:42 - 01136728 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO4064.dll
    2015-03-23 22:03 - 2014-04-10 12:20 - 12894808 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxVoiceAPO3064.dll
    2015-03-23 22:03 - 2014-04-10 12:20 - 01934424 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioRealtek264.dll
    2015-03-23 22:03 - 2014-04-10 12:19 - 28343384 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioVnA64.dll
    2015-03-23 22:03 - 2014-04-10 12:19 - 14863448 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioRealtek64.dll
    2015-03-23 22:03 - 2014-04-10 12:19 - 03959384 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioVnN64.dll
    2015-03-23 22:03 - 2014-04-10 12:19 - 02101848 _____ (Waves Audio Ltd.) C:\Windows\system32\WavesGUILib64.dll
    2015-03-23 22:03 - 2014-04-10 12:19 - 02041432 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioEQ64.dll
    2015-03-23 22:03 - 2014-04-10 12:19 - 01063512 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPOShell64.dll
    2015-03-23 22:03 - 2014-04-10 12:19 - 00900696 _____ (Waves Audio Ltd.) C:\Windows\SysWOW64\MaxxAudioAPOShell.dll
    2015-03-23 22:03 - 2014-04-09 16:39 - 00942384 _____ (Nahimic Inc) C:\Windows\system32\NAHIMICAPOSettingsIPC.dll
    2015-03-23 22:03 - 2014-04-09 16:38 - 05751048 _____ (Nahimic Inc) C:\Windows\system32\NAHIMICAPOlfx.dll
    2015-03-23 22:03 - 2014-04-07 16:03 - 06218072 _____ (Dolby Laboratories) C:\Windows\system32\DDPP64A.dll
    2015-03-23 22:03 - 2014-04-07 16:03 - 01939800 _____ (Dolby Laboratories) C:\Windows\system32\DDPD64A.dll
    2015-03-23 22:03 - 2014-04-07 16:03 - 00315736 _____ (Dolby Laboratories) C:\Windows\system32\DDPO64A.dll
    2015-03-23 22:03 - 2014-04-07 16:03 - 00261464 _____ (Dolby Laboratories) C:\Windows\system32\DDPA64.dll
    2015-03-23 22:03 - 2014-03-21 14:17 - 00291488 _____ (ICEpower a/s) C:\Windows\system32\ICEsoundAPO64.dll
    2015-03-23 22:03 - 2014-03-19 19:19 - 00956504 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxVoiceAPO2064.dll
    2015-03-23 22:03 - 2014-03-06 16:35 - 01959128 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTSnMg64.cpl
    2015-03-23 22:03 - 2014-03-05 05:11 - 01048824 _____ (SRS Labs, Inc.) C:\Windows\system32\slcnt64.dll
    2015-03-23 22:03 - 2014-03-05 05:11 - 00889592 _____ (DTS, Inc.) C:\Windows\system32\sl3apo64.dll
    2015-03-23 22:03 - 2014-03-05 05:11 - 00724728 _____ (DTS, Inc.) C:\Windows\system32\sltech64.dll
    2015-03-23 22:03 - 2014-03-05 05:11 - 00246008 _____ (TODO: <Company name>) C:\Windows\system32\slprp64.dll
    2015-03-23 22:03 - 2014-02-27 20:02 - 02162992 _____ (Yamaha Corporation) C:\Windows\system32\YamahaAE.dll
    2015-03-23 22:03 - 2014-02-18 17:04 - 02770976 _____ (Fortemedia Corporation) C:\Windows\system32\FMAPO64.dll
    2015-03-23 22:03 - 2014-02-06 11:28 - 05804772 _____ () C:\Windows\system32\Drivers\rtvienna.dat
    2015-03-23 22:03 - 2014-01-31 17:27 - 01313904 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxSpeechAPO64.dll
    2015-03-23 22:03 - 2014-01-28 11:48 - 01286872 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTCOM64.dll
    2015-03-23 22:03 - 2013-10-16 03:43 - 00209096 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAC64.dll
    2015-03-23 22:03 - 2013-10-11 12:47 - 00113576 _____ (Real Sound Lab SIA) C:\Windows\system32\CONEQMSAPOGUILibrary.dll
    2015-03-23 22:03 - 2013-10-11 11:31 - 00947760 _____ (Sony Corporation) C:\Windows\system32\SFSS_APO.dll
    2015-03-23 22:03 - 2013-10-07 00:26 - 00501184 _____ (DTS) C:\Windows\system32\DTSU2PLFX64.dll
    2015-03-23 22:03 - 2013-10-07 00:26 - 00487360 _____ (DTS) C:\Windows\system32\DTSU2PGFX64.dll
    2015-03-23 22:03 - 2013-10-07 00:26 - 00415680 _____ (DTS) C:\Windows\system32\DTSU2PREC64.dll
    2015-03-23 22:03 - 2013-08-14 15:36 - 00662784 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxVolumeSDAPO.dll
    2015-03-23 22:03 - 2013-08-14 15:35 - 00663296 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO30.dll
    2015-03-23 22:03 - 2013-06-25 12:47 - 00871856 _____ (TOSHIBA Corporation) C:\Windows\system32\tossaeapo64.dll
    2015-03-23 22:03 - 2013-06-25 12:47 - 00162224 _____ (TOSHIBA Corporation) C:\Windows\system32\toseaeapo64.dll
    2015-03-23 22:03 - 2013-06-25 12:46 - 00582056 _____ (TOSHIBA Corporation) C:\Windows\system32\tosasfapo64.dll
    2015-03-23 22:03 - 2013-06-21 11:01 - 00109848 _____ () C:\Windows\system32\AcpiServiceVnA64.dll
    2015-03-23 22:03 - 2013-04-03 14:13 - 00906800 _____ (Sony Corporation) C:\Windows\system32\MISS_APO.dll
    2015-03-23 22:03 - 2012-08-31 19:18 - 07164176 _____ (Dolby Laboratories) C:\Windows\system32\R4EEP64A.dll
    2015-03-23 22:03 - 2012-08-31 19:17 - 00434960 _____ (Dolby Laboratories) C:\Windows\system32\R4EED64A.dll
    2015-03-23 22:03 - 2012-08-31 19:17 - 00141584 _____ (Dolby Laboratories) C:\Windows\system32\R4EEL64A.dll
    2015-03-23 22:03 - 2012-08-31 19:17 - 00124176 _____ (Dolby Laboratories) C:\Windows\system32\R4EEA64A.dll
    2015-03-23 22:03 - 2012-08-31 19:17 - 00075024 _____ (Dolby Laboratories) C:\Windows\system32\R4EEG64A.dll
    2015-03-23 22:03 - 2012-03-08 11:47 - 00108640 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAR64.dll
    2015-03-23 22:03 - 2012-01-30 11:43 - 00836544 _____ (TOSHIBA Corporation) C:\Windows\system32\tadefxapo264.dll
    2015-03-23 22:03 - 2012-01-10 10:20 - 00065944 _____ (TOSHIBA CORPORATION.) C:\Windows\system32\tepeqapo64.dll
    2015-03-23 22:03 - 2011-12-20 15:32 - 00331880 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtlCPAPI64.dll
    2015-03-23 22:03 - 2011-11-22 16:28 - 00014952 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCoLDR64.dll
    2015-03-23 22:03 - 2011-09-02 14:21 - 00221024 _____ (Synopsys, Inc.) C:\Windows\system32\SFNHK64.dll
    2015-03-23 22:03 - 2011-09-02 14:21 - 00081248 _____ (Synopsys, Inc.) C:\Windows\system32\SFCOM64.dll
    2015-03-23 22:03 - 2011-09-02 14:21 - 00078688 _____ (Synopsys, Inc.) C:\Windows\system32\SFAPO64.dll
    2015-03-23 22:03 - 2011-08-23 17:00 - 00603984 _____ (Knowles Acoustics ) C:\Windows\system32\KAAPORT64.dll
    2015-03-23 22:03 - 2011-05-31 09:42 - 01756264 _____ (DTS) C:\Windows\system32\DTSS2SpeakerDLL64.dll
    2015-03-23 22:03 - 2011-05-31 09:42 - 01568360 _____ (DTS) C:\Windows\system32\DTSS2HeadphoneDLL64.dll
    2015-03-23 22:03 - 2011-05-31 09:42 - 01486952 _____ (DTS) C:\Windows\system32\DTSBoostDLL64.dll
    2015-03-23 22:03 - 2011-05-31 09:42 - 00728680 _____ (DTS) C:\Windows\system32\DTSBassEnhancementDLL64.dll
    2015-03-23 22:03 - 2011-05-31 09:42 - 00712296 _____ (DTS) C:\Windows\system32\DTSSymmetryDLL64.dll
    2015-03-23 22:03 - 2011-05-31 09:42 - 00693352 _____ (DTS) C:\Windows\system32\DTSVoiceClarityDLL64.dll
    2015-03-23 22:03 - 2011-05-31 09:42 - 00491112 _____ (DTS) C:\Windows\system32\DTSNeoPCDLL64.dll
    2015-03-23 22:03 - 2011-05-31 09:42 - 00432744 _____ (DTS) C:\Windows\system32\DTSLimiterDLL64.dll
    2015-03-23 22:03 - 2011-05-31 09:42 - 00428648 _____ (DTS) C:\Windows\system32\DTSGainCompensatorDLL64.dll
    2015-03-23 22:03 - 2011-05-31 09:42 - 00242792 _____ (DTS) C:\Windows\system32\DTSLFXAPO64.dll
    2015-03-23 22:03 - 2011-05-31 09:42 - 00242792 _____ (DTS) C:\Windows\system32\DTSGFXAPO64.dll
    2015-03-23 22:03 - 2011-05-31 09:42 - 00241768 _____ (DTS) C:\Windows\system32\DTSGFXAPONS64.dll
    2015-03-23 22:03 - 2011-03-17 12:17 - 01361336 _____ (TOSHIBA Corporation) C:\Windows\system32\tosade.dll
    2015-03-23 22:03 - 2011-03-07 17:11 - 00148416 _____ (TOSHIBA Corporation) C:\Windows\system32\tadefxapo.dll
    2015-03-23 20:11 - 2015-03-23 20:22 - 00000000 ____D () C:\Users\Cam Laptop\Documents\MiniDisc clips
    2015-03-23 16:55 - 2015-03-23 17:02 - 00073592 _____ () C:\Users\Cam Laptop\Desktop\04 - Be Good Johnny.mp3.sfk
    2015-03-23 16:49 - 2015-03-23 16:49 - 00093464 _____ () C:\Users\Cam Laptop\Desktop\03 - It's a Mistake.mp3.sfk
    2015-03-23 15:42 - 2015-03-23 15:42 - 00034171 _____ () C:\Users\Cam Laptop\Downloads\[kickass.to]the.walking.dead.s05e15.proper.hdtv.x264.batv.ettv.torrent
    2015-03-23 15:41 - 2015-03-23 15:41 - 00115623 _____ () C:\Users\Cam Laptop\Downloads\[kickass.to]seventh.son.2015.cropped.hdrip.xvid.j****.etrg.torrent
    2015-03-22 15:50 - 2015-03-28 19:17 - 00004994 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for CamLaptop-PC-Cam Laptop CamLaptop-PC
    2015-03-22 13:43 - 2015-03-22 13:43 - 00000000 ____D () C:\Users\Cam Laptop\AppData\Roaming\Publish Providers
    2015-03-22 13:27 - 2015-03-22 13:37 - 00000000 ____D () C:\Users\Cam Laptop\AppData\Local\Sony
    2015-03-22 13:27 - 2015-03-22 13:27 - 00000000 ____D () C:\ProgramData\Sony
    2015-03-22 13:27 - 2015-03-22 13:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony
    2015-03-22 13:27 - 2015-03-22 13:27 - 00000000 ____D () C:\Program Files (x86)\Sony
    2015-03-22 13:26 - 2015-03-22 13:43 - 00000000 ____D () C:\Users\Cam Laptop\AppData\Roaming\Sony
    2015-03-22 13:16 - 2015-03-22 13:16 - 00015594 _____ () C:\Users\Cam Laptop\Downloads\[kickass.to]sony.sound.forge.pro.11.0.build.234.patch.keygen.di.chingliu.torrent
    2015-03-21 16:04 - 2015-03-21 16:04 - 00008304 _____ () C:\Users\Cam Laptop\Downloads\[kickass.to]paddington.2014.720p.brrip.x264.yify.torrent
    2015-03-21 16:03 - 2015-03-28 19:08 - 00003758 _____ () C:\Windows\System32\Tasks\AutoKMS
    2015-03-20 17:45 - 2015-03-20 17:45 - 00028781 _____ () C:\Users\Cam Laptop\Downloads\[kickass.to]greys.anatomy.s11e16.hdtv.xvid.fum.ettv.torrent
    2015-03-20 17:40 - 2015-03-20 17:40 - 00016546 _____ () C:\Users\Cam Laptop\Downloads\[kickass.to]the.vampire.diaries.s06e17.hdtv.x264.lol.ettv.torrent
    2015-03-20 17:39 - 2015-03-20 17:39 - 00029160 _____ () C:\Users\Cam Laptop\Downloads\[kickass.to]vikings.s03e05.hdtv.x264.killers.ettv.torrent
    2015-03-20 12:30 - 2015-03-20 12:30 - 00002037 _____ () C:\Users\Cam Laptop\Downloads\[kickass.to]james.e.l.fifty.shades.trilogy.bundle.fifty.shades.of.grey.fifty.shades.darker.fifty.shades.freed.epub.torrent
    2015-03-20 12:29 - 2015-03-20 12:29 - 00002156 _____ () C:\Users\Cam Laptop\Downloads\[kickass.to]fifty.shades.trilogy.02.darker.fifty.e.l.james.mobi.torrent
    2015-03-19 19:42 - 2015-03-19 19:42 - 00121993 _____ () C:\Users\Cam Laptop\Downloads\[kickass.to]the.water.diviner.2014.brrip.xvid.ac3.evo.torrent
    2015-03-17 19:04 - 2015-03-17 19:04 - 00017795 _____ () C:\Users\Cam Laptop\Downloads\[kickass.to]better.call.saul.s01e07.hdtv.x264.lol.ettv.torrent
    2015-03-17 10:58 - 2015-03-17 10:58 - 00012656 _____ () C:\Users\Cam Laptop\Downloads\MONOVA.ORG Johnny_Diesel_&_The_Injectors.torrent
    2015-03-17 10:55 - 2015-03-17 10:55 - 00012521 _____ () C:\Users\Cam Laptop\Downloads\Johnny_Diesel_&amp;_The_Injectors.torrent
    2015-03-17 10:54 - 2015-03-17 10:54 - 00012654 _____ () C:\Users\Cam Laptop\Downloads\[kickass.to]johnny.diesel.the.injectors.torrent
    2015-03-17 09:56 - 2015-03-17 09:56 - 00013548 _____ () C:\Users\Cam Laptop\Downloads\406377AFA17CE3F58C00FF1703204DCA5B569A65.torrent
    2015-03-17 09:54 - 2015-03-17 09:54 - 00020104 _____ () C:\Users\Cam Laptop\Downloads\Hunters_and_Collectors_-_Natural_Selection_2003_EAC_FLAC (1).torrent
    2015-03-17 09:53 - 2015-03-17 09:53 - 00020021 _____ () C:\Users\Cam Laptop\Downloads\Hunters.and.Collectors.-.Natural.Selection.2003.EAC.FLAC.torrent
    2015-03-17 09:52 - 2015-03-17 09:52 - 00020104 _____ () C:\Users\Cam Laptop\Downloads\Hunters_and_Collectors_-_Natural_Selection_2003_EAC_FLAC.torrent
    2015-03-17 09:51 - 2015-03-17 09:51 - 00020021 _____ () C:\Users\Cam Laptop\Downloads\Hunters+and+Collectors+-+Natural+Selection+2003+EAC+FLAC.torrent
    2015-03-17 09:31 - 2015-03-17 09:31 - 00020104 _____ () C:\Users\Cam Laptop\Downloads\[katproxy.com]hunters.and.collectors.natural.selection.2003.eac.flac.torrent
    2015-03-17 09:31 - 2015-03-17 09:31 - 00013521 _____ () C:\Users\Cam Laptop\Downloads\[katproxy.com]hunters.and.collectors.greatest.hits.live.2011.torrent
    2015-03-16 19:45 - 2015-03-16 19:45 - 00019256 _____ () C:\Users\Cam Laptop\Downloads\[kickass.to]the.wolf.of.wall.street.2013.480p.brrip.x264.stylishsalh.stylish.release.torrent
    2015-03-16 15:51 - 2015-03-16 15:51 - 00028254 _____ () C:\Users\Cam Laptop\Downloads\download.htm
    2015-03-16 14:19 - 2015-03-16 14:19 - 00177547 _____ () C:\Users\Cam Laptop\Downloads\[kickass.to]of.horses.and.men.2013.bdrip.720p.hc.eng.sub.aac.mp4.legi0n.torrent
    2015-03-16 13:36 - 2015-03-16 13:36 - 00033146 _____ () C:\Users\Cam Laptop\Downloads\[kickass.to]the.walking.dead.s05e14.hdtv.x264.killers.ettv.torrent
    2015-03-15 18:58 - 2015-03-15 18:58 - 00115079 _____ () C:\Users\Cam Laptop\Downloads\[kickass.to]focus.2015.hc.hdrip.xvid.ac3.j****.etrg.torrent
    2015-03-15 18:50 - 2015-03-15 18:50 - 00006261 _____ () C:\Users\Cam Laptop\Downloads\[kickass.to]e.l.james.01.fifty.shades.of.grey.pdf.mobi.epub.torrent
    2015-03-15 11:09 - 2015-03-15 11:09 - 00011262 _____ () C:\Users\Cam Laptop\Downloads\[kickass.to]monsters.dark.continent.2014.web.dl.x264.rarbg.torrent
    2015-03-15 11:08 - 2015-03-15 11:08 - 00042029 _____ () C:\Users\Cam Laptop\Downloads\[kickass.to]monsters.dark.continent.2014.1080p.web.dl.dd5.1.h264.fgt.torrent
    2015-03-15 11:06 - 2015-03-15 11:06 - 00012290 _____ () C:\Users\Cam Laptop\Downloads\[kickass.to]monsters.2010.720p.brrip.xvid.ac3.akademik.torrent
    2015-03-14 16:41 - 2015-03-14 16:41 - 00057864 _____ () C:\Users\Cam Laptop\Downloads\[kickass.to]cymbeline.2014.hdrip.xvid.j****.etrg.torrent
    2015-03-13 18:41 - 2015-03-13 18:41 - 00025381 _____ () C:\Users\Cam Laptop\Downloads\[kickass.to]vikings.s03e04.hdtv.x264.killers.ettv.torrent
    2015-03-13 18:41 - 2015-03-13 18:41 - 00020687 _____ () C:\Users\Cam Laptop\Downloads\[kickass.to]greys.anatomy.s11e15.hdtv.x264.lol.ettv.torrent
    2015-03-13 18:41 - 2015-03-13 18:41 - 00019586 _____ () C:\Users\Cam Laptop\Downloads\[kickass.to]the.vampire.diaries.s06e16.hdtv.x264.lol.ettv.torrent
    2015-03-13 18:40 - 2015-03-13 18:40 - 00111749 _____ () C:\Users\Cam Laptop\Downloads\[kickass.to]monster.high.haunted.2015.hdrip.xvid.ac3.evo.torrent
    2015-03-12 17:36 - 2015-03-12 17:36 - 00008900 _____ () C:\Users\Cam Laptop\Downloads\[kickass.to]top.five.2014.720p.brrip.x264.yify.torrent
    2015-03-12 17:35 - 2015-03-12 17:35 - 00122202 _____ () C:\Users\Cam Laptop\Downloads\[kickass.to]fifty.shades.of.grey.2015.uncut.hc.hdrip.x264.ac3.titan.torrent
    2015-03-11 17:16 - 2015-03-11 17:16 - 00013961 _____ () C:\Users\Cam Laptop\Downloads\[kickass.to]moone.boy.s03e01.hdtv.x264.failed.ettv.torrent
    2015-03-11 17:15 - 2015-03-11 17:15 - 00006255 _____ () C:\Users\Cam Laptop\Downloads\563C4679A75AD2A963644B3A153F81D61FA92CBD.torrent
    2015-03-10 19:45 - 2015-03-10 19:45 - 00010728 _____ () C:\Users\Cam Laptop\Downloads\[kickass.to]exodus.gods.and.kings.2014.720p.brrip.x264.yify.torrent
    2015-03-10 19:43 - 2015-03-10 19:43 - 00016178 _____ () C:\Users\Cam Laptop\Downloads\[kickass.to]better.call.saul.s01e06.hdtv.x264.lol.ettv.torrent
    2015-03-09 18:43 - 2015-03-09 18:43 - 00007780 _____ () C:\Users\Cam Laptop\Downloads\[kickass.to]barefoot.2014.720p.brrip.x264.yify.torrent
    2015-03-09 18:41 - 2015-03-09 18:41 - 00036187 _____ () C:\Users\Cam Laptop\Downloads\[kickass.to]the.walking.dead.s05e13.hdtv.x264.killers.ettv.torrent
    2015-03-08 19:36 - 2015-03-08 19:36 - 00020518 _____ () C:\Users\Cam Laptop\Downloads\Steel.Magnolias.1989.1080p.BluRay.x264.anoXmous.torrent
    2015-03-08 19:36 - 2015-03-08 19:36 - 00020518 _____ () C:\Users\Cam Laptop\Downloads\Steel.Magnolias.1989.1080p.BluRay.x264.anoXmous (1).torrent
    2015-03-08 19:28 - 2015-03-08 19:29 - 00874064 _____ () C:\Windows\Minidump\030815-27752-01.dmp
    2015-03-07 19:35 - 2015-03-07 19:36 - 00057435 _____ () C:\Users\Cam Laptop\Downloads\[kickass.to]steel.magnolias.2012.dvdrip.xvid.vh.prod.torrent
    2015-03-07 19:35 - 2015-03-07 19:35 - 00095405 _____ () C:\Users\Cam Laptop\Downloads\[kickass.to]steel.magnolias.2012.dvdrip.ac3.xvid.cm8.torrent
    2015-03-07 19:35 - 2015-03-07 19:35 - 00011347 _____ () C:\Users\Cam Laptop\Downloads\[kickass.to]beaches.1988.720p.brrip.1gb.mkvcage.torrent
    2015-03-06 20:00 - 2015-03-06 20:00 - 00027800 _____ () C:\Users\Cam Laptop\Downloads\[kickass.to]vikings.s03e02.hdtv.x264.killers.ettv.torrent
    2015-03-06 16:53 - 2015-03-06 16:53 - 00008813 _____ () C:\Users\Cam Laptop\Downloads\[kickass.to]greys.anatomy.s11e14.hdtv.x264.lol.eztv.torrent
    2015-03-06 16:52 - 2015-03-06 16:52 - 00027483 _____ () C:\Users\Cam Laptop\Downloads\[kickass.to]vikings.s03e03.hdtv.x264.2hd.ettv.torrent
    2015-03-06 09:20 - 2015-03-06 09:20 - 00008329 _____ () C:\Users\Cam Laptop\Downloads\[kickass.to]71.2014.720p.brrip.x264.yify.torrent
    2015-03-05 18:15 - 2015-03-05 18:15 - 00058103 _____ () C:\Users\Cam Laptop\Downloads\[kickass.to]the.pyramid.2014.hdrip.xvid.j****.etrg.torrent
    2015-03-05 12:54 - 2015-03-05 12:54 - 00020525 _____ () C:\Users\Cam Laptop\Downloads\[kickass.to]bear.grylls.escape.from.hell.series.1.4of6.canyons.720p.x264.hdtv.mvgroup.org.torrent
    2015-03-05 12:54 - 2015-03-05 12:54 - 00020157 _____ () C:\Users\Cam Laptop\Downloads\[kickass.to]bear.grylls.escape.from.hell.series.1.5of6.mountains.720p.x264.hdtv.mvgroup.org.torrent
    2015-03-05 12:53 - 2015-03-05 12:53 - 00020309 _____ () C:\Users\Cam Laptop\Downloads\[kickass.to]bear.grylls.escape.from.hell.series.1.3of6.desert.720p.x264.hdtv.mvgroup.org.torrent
    2015-03-05 12:13 - 2015-03-05 12:13 - 00020467 _____ () C:\Users\Cam Laptop\Downloads\[kickass.to]bear.grylls.escape.from.hell.series.1.2of6.snow.720p.x264.hdtv.mvgroup.org.torrent
    2015-03-05 07:54 - 2015-03-05 07:54 - 00053566 _____ () C:\Users\Cam Laptop\Downloads\[kickass.to]exodus.gods.and.kings.2014.1080p.web.dl.dd5.1.h264.rarbg.torrent
    2015-03-03 17:58 - 2015-03-03 17:58 - 00010196 _____ () C:\Users\Cam Laptop\Downloads\0ACC69C38CCF186E55CDE118BE422F3BF7C0290C.torrent
    2015-03-03 17:55 - 2015-03-03 17:55 - 00017857 _____ () C:\Users\Cam Laptop\Downloads\[kickass.to]better.call.saul.s01e05.hdtv.x264.lol.ettv.torrent
    2015-03-03 17:55 - 2015-03-03 17:55 - 00017857 _____ () C:\Users\Cam Laptop\Downloads\[kickass.to]better.call.saul.s01e05.hdtv.x264.lol.ettv (1).torrent
    2015-03-02 17:55 - 2015-03-02 17:55 - 00037333 _____ () C:\Users\Cam Laptop\Downloads\[kickass.to]the.walking.dead.s05e12.hdtv.x264.killers.ettv.torrent

    ==================== One Month Modified Files and Folders =======

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-03-28 20:45 - 2014-09-05 18:43 - 00000000 ____D () C:\Users\Cam Laptop\AppData\Roaming\uTorrent
    2015-03-28 20:41 - 2014-08-29 15:46 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
    2015-03-28 20:14 - 2014-08-13 19:45 - 00000000 ____D () C:\Users\Cam Laptop\Documents\BitLord
    2015-03-28 19:47 - 2014-08-13 18:36 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2015-03-28 19:33 - 2014-08-21 12:01 - 00000000 ____D () C:\Users\Cam Laptop\AppData\Local\Downloaded Installations
    2015-03-28 19:31 - 2014-08-13 19:53 - 00000000 ____D () C:\Users\Cam Laptop\AppData\Roaming\Mozilla
    2015-03-28 19:13 - 2009-07-14 15:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2015-03-28 19:13 - 2009-07-14 15:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2015-03-28 19:10 - 2009-07-14 16:13 - 00796678 _____ () C:\Windows\system32\PerfStringBackup.INI
    2015-03-28 19:09 - 2009-07-14 15:51 - 00110399 _____ () C:\Windows\setupact.log
    2015-03-28 19:08 - 2014-07-11 16:58 - 01550767 _____ () C:\Windows\WindowsUpdate.log
    2015-03-28 19:06 - 2014-08-21 12:04 - 00000000 ____D () C:\Users\Cam Laptop\AppData\Local\HTC MediaHub
    2015-03-28 19:06 - 2014-08-13 18:36 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2015-03-28 19:04 - 2009-07-14 16:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
    2015-03-27 18:21 - 2009-07-14 15:45 - 00371576 _____ () C:\Windows\system32\FNTCACHE.DAT
    2015-03-24 22:57 - 2014-08-13 17:43 - 00000000 ____D () C:\Users\Cam Laptop\AppData\Local\VirtualStore
    2015-03-24 21:08 - 2014-08-25 21:59 - 00000000 ____D () C:\Windows\Minidump
    2015-03-24 21:07 - 2014-08-25 21:59 - 660541737 _____ () C:\Windows\MEMORY.DMP
    2015-03-24 08:26 - 2011-04-02 15:17 - 00446396 _____ () C:\Windows\PFRO.log
    2015-03-24 08:21 - 2014-08-13 18:37 - 00002185 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
    2015-03-24 08:17 - 2014-07-11 17:20 - 00002508 _____ () C:\Windows\system32\AutoRunFilter.ini
    2015-03-24 08:17 - 2014-07-11 17:20 - 00001602 _____ () C:\Windows\system32\ServiceFilter.ini
    2015-03-24 08:11 - 2015-02-23 16:35 - 00000000 ____D () C:\Program Files (x86)\ASIO4ALL v2
    2015-03-23 22:06 - 2014-07-11 17:08 - 00000000 ___HD () C:\Program Files (x86)\Temp
    2015-03-23 22:05 - 2014-07-11 17:08 - 00000000 ____D () C:\Windows\SysWOW64\RTCOM
    2015-03-22 14:43 - 2009-07-14 14:20 - 00000000 ____D () C:\Windows\system32\NDF
    2015-03-22 13:20 - 2014-08-13 18:34 - 00000000 ____D () C:\Users\Cam Laptop\AppData\Roaming\Adobe
    2015-03-21 21:53 - 2014-08-13 21:17 - 00000000 ____D () C:\Users\Cam Laptop\AppData\Roaming\vlc
    2015-03-08 11:24 - 2014-08-13 19:45 - 00000000 ____D () C:\Users\Cam Laptop\AppData\Roaming\BitLord

    ==================== Files in the root of some directories =======

    2015-02-21 16:20 - 2015-02-21 16:20 - 0002349 _____ () C:\Program Files (x86)\unins000.dat
    2002-12-17 03:00 - 2002-12-17 03:00 - 0082253 _____ (Jordan Russell) C:\Program Files (x86)\unins000.exe
    2014-08-13 19:45 - 2015-03-08 11:24 - 0000000 _____ () C:\Users\Cam Laptop\AppData\Roaming\bitlord_log.txt
    2014-08-13 20:32 - 2014-08-13 20:32 - 0004608 _____ () C:\Users\Cam Laptop\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2014-09-04 21:59 - 2014-09-04 21:59 - 0000218 _____ () C:\Users\Cam Laptop\AppData\Local\recently-used.xbel
    2015-01-10 22:53 - 2015-01-10 22:53 - 0000000 _____ () C:\Users\Cam Laptop\AppData\Local\{F3F17653-322B-4B59-8ADC-327A0EFC1C5A}
    2015-03-23 22:06 - 2015-03-23 22:06 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
    2014-07-11 17:25 - 2014-07-11 17:26 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
    2014-07-11 17:25 - 2014-07-11 17:25 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log

    Some content of TEMP:
    ====================
    C:\Users\Cam Laptop\AppData\Local\Temp\629A4F05-835E-235A-61A3-45CEAAF08F73.dll
    C:\Users\Cam Laptop\AppData\Local\Temp\avgnt.exe
    C:\Users\Cam Laptop\AppData\Local\Temp\COMAP.EXE
    C:\Users\Cam Laptop\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
    C:\Users\Cam Laptop\AppData\Local\Temp\jre-8u31-windows-au.exe
    C:\Users\Cam Laptop\AppData\Local\Temp\LMkRstPt.exe
    C:\Users\Cam Laptop\AppData\Local\Temp\Offercast_AVIRAV7_.exe
    C:\Users\Cam Laptop\AppData\Local\Temp\optsetup.exe


    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\System32\winlogon.exe => File is digitally signed
    C:\Windows\System32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\System32\services.exe => File is digitally signed
    C:\Windows\System32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\System32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed
    C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2015-03-25 12:49

    ==================== End Of Log ============================
     
  3. stratagem72

    stratagem72 TS Rookie Topic Starter Posts: 26

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015
    Ran by Cam Laptop at 2015-03-28 20:46:58
    Running from C:\Users\Cam Laptop\Desktop
    Boot Mode: Normal
    ==========================================================


    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Sunbelt VIPRE (Enabled - Up to date) {BE5DD172-7F42-7948-1A60-E6A720288F81}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Sunbelt VIPRE (Enabled - Up to date) {053C3096-5978-76C6-20D0-DDD55BAFC53C}
    FW: Sunbelt VIPRE (Enabled) {86665057-352D-7810-313F-4F92DEFBC8FA}

    ==================== Installed Programs ======================

    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    µTorrent (HKU\S-1-5-21-1043452877-789864633-615203981-1000\...\uTorrent) (Version: 3.4.2.38758 - BitTorrent Inc.)
    µTorrent (HKU\S-1-5-21-1043452877-789864633-615203981-1001\...\uTorrent) (Version: 3.4.2.39710 - BitTorrent Inc.)
    Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 16.0.0.245 - Adobe Systems Incorporated)
    Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
    Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
    Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
    ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.12 - Michael Tippach)
    Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.12.5.0 - Asmedia Technology)
    ASUS AI Recovery (HKLM-x32\...\{38253529-D97D-4901-AE53-5CC9736D3A2E}) (Version: 1.0.13 - ASUS)
    ASUS FancyStart (HKLM-x32\...\{2B81872B-A054-48DA-BE3B-FA5C164C303A}) (Version: 1.0.8 - ASUSTeK Computer Inc.)
    ASUS K3 Series ScreenSaver (HKLM-x32\...\ASUS K3 Series ScreenSaver) (Version: 1.0.0002 - ASUS)
    ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.0.20 - ASUS)
    ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.0.6 - ASUS)
    ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 1.1.43 - ASUS)
    ASUS SmartLogon (HKLM-x32\...\{64452561-169F-4A36-A2FF-B5E118EC65F5}) (Version: 1.0.0011 - ASUS)
    ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 1.02.0030 - ASUS)
    ASUS Virtual Camera (HKLM-x32\...\{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}) (Version: 1.0.21 - asus)
    ASUS WebStorage (HKLM-x32\...\ASUS WebStorage) (Version: 3.0.84.161 - eCareme Technologies, Inc.)
    AsusVibe2.0 (HKLM-x32\...\Asus Vibe2.0) (Version: 2.0.4.617 - ASUSTEK)
    ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0010 - ASUS)
    BitLord 2.3 (HKLM-x32\...\BitLord) (Version: 2.3.2-255 - House of Life)
    BOSS TONE STUDIO for GT (HKLM-x32\...\BOSS-TONE-STUDIO-for-GT) (Version: 1.0.3 - Roland Corporation)
    BOSS TONE STUDIO for GT (x32 Version: 1.0.3 - Roland Corporation) Hidden
    Control ActiveX de Windows Live Mesh para conexiones remotas (HKLM-x32\...\{04668DF2-D32F-4555-9C7E-35523DCD6544}) (Version: 15.4.5722.2 - Microsoft Corporation)
    Contrôle ActiveX Windows Live Mesh pour connexions à distance (HKLM-x32\...\{55D003F4-9599-44BF-BA9E-95D060730DD3}) (Version: 15.4.5722.2 - Microsoft Corporation)
    Controlo ActiveX do Windows Live Mesh para Ligações Remotas (HKLM-x32\...\{E54EEB5D-41ED-40FE-B4A8-8565DB81469B}) (Version: 15.4.5722.2 - Microsoft Corporation)
    CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1908 - CyberLink Corp.)
    CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.3602c - CyberLink Corp.)
    CyberLink PowerDVD 10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.2312.52 - CyberLink Corp.)
    D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
    Epson Connect Guide (HKLM-x32\...\Epson Connect Guide) (Version: - )
    Epson Event Manager (HKLM-x32\...\{C9AC7ED6-FD1C-4E83-8553-ECF8BCA111E8}) (Version: 3.01.0007 - Seiko Epson Corporation)
    Epson FAX Utility (HKLM-x32\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 1.31.00 - SEIKO EPSON CORPORATION)
    Epson Network Guide WF-3520 Series (HKLM-x32\...\WF-3520 Series Netg) (Version: - )
    Epson PC-FAX Driver (HKLM-x32\...\EPSON PC-FAX Driver 2) (Version: - )
    EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation)
    Epson User's Guide WF-3520 Series (HKLM-x32\...\WF-3520 Series Useg) (Version: - )
    EPSON WF-3520 Series Printer Uninstall (HKLM\...\EPSON WF-3520 Series) (Version: - SEIKO EPSON Corporation)
    EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.6.0 - SEIKO EPSON CORPORATION)
    ETDWare PS/2-X64 8.0.5.3_WHQL (HKLM\...\Elantech) (Version: 8.0.5.3 - ELAN Microelectronic Corp.)
    Fast Boot (HKLM\...\{13F4A7F3-EABC-4261-AF6B-1317777F0755}) (Version: 1.0.10 - ASUS)
    Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 41.0.2272.101 - Google Inc.)
    Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
    GT-100 Librarian (HKLM-x32\...\InstallShield_{03F9C50A-C775-4793-B332-4B68374F706C}) (Version: 1.01.1010 - BOSS Corporation)
    GT-100 Librarian (x32 Version: 1.01.1010 - BOSS Corporation) Hidden
    GT-100 Ver2 Driver (HKLM\...\RolandRDID0149) (Version: - Roland Corporation)
    Hands-free Subscript (HKLM-x32\...\SoftwareUpdater) (Version: 1.0.0.0 - Hands-free Subscript)
    HTC Driver Installer (HKLM-x32\...\{4CEEE5D0-F905-4688-B9F9-ECC710507796}) (Version: 4.13.0.003 - HTC Corporation)
    HTC Sync Manager (HKLM-x32\...\{231D0C79-98A6-4693-A366-36DE7D7346EC}) (Version: 3.1.24.5 - HTC)
    Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
    Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2291 - Intel Corporation)
    Intel(R) Turbo Boost Technology Monitor (HKLM\...\{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}) (Version: 1.0.400.4 - Intel)
    Intel® PROSet/Wireless Software (HKLM-x32\...\{eddf4201-b72e-4e94-9e7b-ac1ba97c029f}) (Version: 16.11.0 - Intel Corporation)
    Internode Monthly Usage Meter 8.5.2 (HKLM-x32\...\Internode Monthly Usage Meter_is1) (Version: - )
    IPTInstaller (HKLM-x32\...\{08208143-777D-4A06-BB54-71BF0AD1BB70}) (Version: 4.0.9 - HTC)
    Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
    Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Logitech SetPoint 6.65 (HKLM\...\sp6) (Version: 6.65.62 - Logitech)
    Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
    Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
    Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4420.1017 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{402ED4A1-8F5B-387A-8688-997ABF58B8F2}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
    Noise Reduction Plug-In 2.0 (HKLM-x32\...\{847C6940-D852-11E2-81D2-F04DA23A5C58}) (Version: 2.0.596 - Sony)
    NVIDIA Graphics Driver 268.56 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 268.56 - NVIDIA Corporation)
    Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
    Process Hacker 2.33 (r5590) (HKLM\...\Process_Hacker2_is1) (Version: 2.33.0.5590 - wj32)
    Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.38.113.2011 - Realtek)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7246 - Realtek Semiconductor Corp.)
    Realtek USB 2.0 Reader Driver (HKLM-x32\...\{62BBB2F0-E220-4821-A564-730807D2C34D}) (Version: 6.1.7600.10001 - Realtek Semiconductor Corp.)
    rgc:audio Triangle II (HKLM-x32\...\rgc:audio Triangle II Monophonic Synthesizer_is1) (Version: - )
    Search App by Ask (HKLM-x32\...\{41564952-412D-5350-00A7-A758B70C1002}) (Version: 12.16.2.2021 - APN, LLC) <==== ATTENTION
    Software Updater (HKLM-x32\...\{FA7EE274-7370-43B7-9A45-A39B17CCCDC5}) (Version: 4.3.3 - SEIKO EPSON CORPORATION)
    Sonic Focus (HKLM-x32\...\{09BCB9CE-964B-4BDA-AE46-B5A0ABEF1D3F}) (Version: 1.0.0.4 - Synopsys )
    Sound Forge Pro 11.0 (HKLM-x32\...\{A376BDE2-EE3D-11E2-AA13-F04DA23A5C58}) (Version: 11.0.234 - Sony)
    Speccy (HKLM\...\Speccy) (Version: 1.25 - Piriform)
    syncables desktop SE (HKLM-x32\...\{341697D8-9923-445E-B42A-529E5A99CB7A}) (Version: 5.5.746.11492 - syncables)
    System Requirements Lab for Intel (HKLM-x32\...\{04C4B49D-45D9-4A28-9ED1-B45CBD99B8C7}) (Version: 4.5.24.0 - Husdawg, LLC)
    TeraCopy 2.3 (HKLM\...\TeraCopy_is1) (Version: - Code Sector)
    TomTom HOME (HKLM-x32\...\{BB05590A-6602-43F3-A400-77EA0976BC0A}) (Version: 2.9.8 - TomTom)
    TomTom HOME Visual Studio Merge Modules (HKLM-x32\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)
    VIPRE Antivirus Premium (HKLM-x32\...\{C1D1FC57-3EB9-4B21-BCA3-F1C927508200}) (Version: 4.0.4194 - Sunbelt Software)
    VIPRE Antivirus Premium (x32 Version: 4.0.4194 - Sunbelt Software) Hidden
    VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
    Windows 7 USB/DVD Download Tool (HKLM-x32\...\{CCF298AF-9CE1-4B26-B251-486E98A34789}) (Version: 1.0.30 - Microsoft Corporation)
    Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
    Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
    WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.31.0 - ASUS)
    WinZip 15.0 (HKLM-x32\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240BE}) (Version: 15.0.9302 - WinZip Computing, S.L. )
    Wireless Console 3 (HKLM-x32\...\{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}) (Version: 3.0.19 - ASUS)
    用于远程连接的 Windows Live Mesh ActiveX 控件(简体中文) (HKLM-x32\...\{F992409C-9D10-4AE2-BAEB-B5409AD3785E}) (Version: 15.4.5722.2 - Microsoft Corporation)
    適用遠端連線的 Windows Live Mesh ActiveX 控制項 (HKLM-x32\...\{622DE1BE-9EDE-49D3-B349-29D64760342A}) (Version: 15.4.5722.2 - Microsoft Corporation)

    ==================== Custom CLSID (selected items): ==========================

    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


    ==================== Restore Points =========================

    23-03-2015 21:35:32 Scheduled Checkpoint
    28-03-2015 19:34:19 Installed TomTom HOME.

    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2009-07-14 13:34 - 2009-06-11 08:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

    ==================== Scheduled Tasks (whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

    Task: {0A493A09-8F16-4A0C-AD5C-BCB26334A4E8} - System32\Tasks\Microsoft Office 15 Sync Maintenance for CamLaptop-PC-Cam Laptop CamLaptop-PC => C:\Program Files\Microsoft Office\Office15\MsoSync.exe [2012-10-01] (Microsoft Corporation)
    Task: {60444620-6C26-4C13-BFC2-3B33B258416B} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
    Task: {633F46F6-D09F-4915-8AE7-4C60E0ADD0C9} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
    Task: {63F961EE-38D5-4569-ABC7-3DCAE4545279} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-05] (Adobe Systems Incorporated)
    Task: {659744FE-CFED-4F9C-A328-0E4B8CF849B3} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-08-13] (Google Inc.)
    Task: {79EA60F2-6168-4B57-9363-34DCAC7655C2} - System32\Tasks\ASUS SmartLogon Console Sensor => C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe [2010-11-16] (ASUS)
    Task: {8D899A07-9A1F-46E1-BE38-925C6911E2EB} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
    Task: {A234A5E0-7DBD-4D20-BC35-751FB076E4FA} - System32\Tasks\ATKOSD2 => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [2010-08-18] (ASUS)
    Task: {C4C74FD5-02E6-4AC4-B612-F3DE7FDA3AA8} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [2014-08-31] ()
    Task: {D98DE736-A3B9-4DC6-A1B1-BB60A15CE812} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2012-10-01] (Microsoft Corporation)
    Task: {E7956F4C-9E78-4A4E-90CE-61859E64FAF3} - System32\Tasks\ASUS Live Update => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2011-08-31] (ASUSTeK Computer Inc.)
    Task: {EA453F75-C6CB-48B7-8857-70FD857006BA} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-08-13] (Google Inc.)
    Task: {EF03BCAE-EF92-4E75-BBCE-61377A0CE07E} - System32\Tasks\ASUS P4G => C:\Program Files\P4G\BatteryLife.exe [2010-12-02] (ASUS)
    Task: {F6EB24F2-2F5A-4DF2-8BD6-4409B3A3E788} - System32\Tasks\ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2010-08-03] (ASUS)
    Task: {FEA63454-D28B-4B0F-B33F-0C126C3822E7} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

    ==================== Loaded Modules (whitelisted) ==============

    2014-10-06 21:51 - 2012-01-20 14:55 - 00678400 _____ () C:\Program Files\TeraCopy\TeraCopyExt64.dll
    2013-10-17 16:27 - 2013-10-17 16:27 - 00166912 _____ () C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
    2010-07-15 10:11 - 2010-07-15 10:11 - 00031360 _____ () C:\Program Files\P4G\DevMng.dll
    2010-04-03 13:21 - 2008-10-01 17:08 - 00011264 _____ () C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll
    2014-08-06 14:42 - 2014-08-06 14:42 - 00821600 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe
    2015-03-24 08:05 - 2015-03-24 08:05 - 00131584 _____ () C:\Users\Cam Laptop\AppData\Roaming\66DE6100-1427144633-81E1-3E9E-5404A639C413\jnslBAB6.tmp
    2011-07-07 17:12 - 2011-01-27 11:11 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
    2010-09-24 10:53 - 2010-09-24 10:53 - 01601536 _____ () C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
    2014-08-06 14:40 - 2014-08-06 14:40 - 00031080 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\DbAccess.dll
    2014-08-06 14:41 - 2014-08-06 14:41 - 00607376 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\sqlite3.dll
    2014-08-06 14:41 - 2014-08-06 14:41 - 00059752 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\NAdvLog.dll
    2014-08-06 14:41 - 2014-08-06 14:41 - 00036216 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\NFileCacheDBAccess.dll
    2014-08-06 14:42 - 2014-08-06 14:42 - 00080248 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\ninstallerhelper.dll
    2014-08-06 14:44 - 2014-08-06 14:44 - 00129376 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\zlib1.dll
    2014-08-06 14:46 - 2014-08-06 14:46 - 00223592 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\DevConnMon.dll
    2011-01-19 12:20 - 2011-01-19 12:20 - 00308560 _____ () C:\Program Files (x86)\Sunbelt Software\VIPRE\Vipre.dll
    2014-08-21 10:38 - 2015-02-27 18:05 - 00192376 _____ () C:\Program Files (x86)\Sunbelt Software\VIPRE\Definitions\libBase64.dll
    2014-08-21 10:38 - 2015-02-27 18:05 - 00180088 _____ () C:\Program Files (x86)\Sunbelt Software\VIPRE\Definitions\libMachoUniv.dll
    2011-08-31 16:33 - 2011-08-31 16:33 - 00208384 _____ () C:\Program Files (x86)\ASUS\ASUS Live Update\alvupdt.dll
    2005-12-22 18:28 - 2005-12-22 18:28 - 00160768 _____ () C:\Program Files (x86)\Sunbelt Software\VIPRE\unrar.dll
    2014-08-19 18:46 - 2001-07-26 15:17 - 00692224 _____ () C:\Program Files (x86)\Internode\libeay32.dll
    2014-08-19 18:46 - 2001-07-26 15:18 - 00151552 _____ () C:\Program Files (x86)\Internode\ssleay32.dll
    2011-01-19 07:21 - 2011-01-19 07:21 - 00204800 _____ () C:\Program Files (x86)\asus\VirtualCamera\virtualCamera.ax
    2012-10-01 21:37 - 2012-10-01 21:37 - 06522480 _____ () C:\Program Files (x86)\Microsoft Office\Office15\1033\GrooveIntlResource.dll
    2015-03-21 21:50 - 2015-03-14 21:12 - 01174856 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.101\libglesv2.dll
    2015-03-21 21:50 - 2015-03-14 21:12 - 00080200 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.101\libegl.dll
    2015-03-21 21:50 - 2015-03-14 21:12 - 09278792 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.101\pdf.dll
    2009-11-03 08:20 - 2009-11-03 08:20 - 00619816 ____N () C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
    2009-11-03 08:23 - 2009-11-03 08:23 - 00013096 ____N () C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
    2015-03-21 21:50 - 2015-03-14 21:12 - 14974280 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.101\PepperFlash\pepflashplayer.dll

    ==================== Alternate Data Streams (whitelisted) =========

    (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


    ==================== Safe Mode (whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBPIMSvc => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SBAMSvc => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SBPIMSvc => ""="Service"

    ==================== EXE Association (whitelisted) ===============

    (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-1043452877-789864633-615203981-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Cam Laptop\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
    DNS Servers: 192.168.0.1

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (Currently there is no automatic fix for this section.)

    MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^AsusVibeLauncher.lnk => C:\Windows\pss\AsusVibeLauncher.lnk.CommonStartup
    MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^FancyStart daemon.lnk => C:\Windows\pss\FancyStart daemon.lnk.CommonStartup
    MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    MSCONFIG\startupreg: ApnTBMon => "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe"
    MSCONFIG\startupreg: ASUS Screen Saver Protector => C:\Windows\AsScrPro.exe
    MSCONFIG\startupreg: ASUSWebStorage => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe /S
    MSCONFIG\startupreg: BDRegion => C:\Program Files (x86)\Cyberlink\Shared files\brs.exe
    MSCONFIG\startupreg: CLMLServer => "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
    MSCONFIG\startupreg: GoogleChromeAutoLaunch_48E3BD7109F03F0636B1DE020A82339F => "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
    MSCONFIG\startupreg: Logitech Download Assistant => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
    MSCONFIG\startupreg: RemoteControl10 => "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
    MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
    MSCONFIG\startupreg: SonicMasterTray => C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe
    MSCONFIG\startupreg: UpdateLBPShortCut => "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
    MSCONFIG\startupreg: UpdateP2GoShortCut => "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"

    ==================== Accounts: =============================

    Administrator (S-1-5-21-1043452877-789864633-615203981-500 - Administrator - Disabled)
    Cam Laptop (S-1-5-21-1043452877-789864633-615203981-1001 - Administrator - Enabled) => C:\Users\Cam Laptop
    Guest (S-1-5-21-1043452877-789864633-615203981-501 - Limited - Disabled)
    UpdatusUser (S-1-5-21-1043452877-789864633-615203981-1000 - Limited - Enabled) => C:\Users\UpdatusUser

    ==================== Faulty Device Manager Devices =============

    Name: cherimoya
    Description: cherimoya
    Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Manufacturer:
    Service: cherimoya
    Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
    Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
    Devices stay in this state if they have been prepared for removal.
    After you remove the device, this error disappears.Remove the device, and this error should be resolved.


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (03/28/2015 07:31:35 PM) (Source: TomTomHOMEService) (EventID: 10000) (User: )
    Description: TomTomHOMEServiceOpenService failed with 0

    Error: (03/27/2015 06:59:09 PM) (Source: MsiInstaller) (EventID: 10005) (User: CamLaptop-PC)
    Description: Product: Search App by Ask -- Error 25001. The following applications must be closed before continuing the uninstall:

    Google Chrome

    Error: (03/24/2015 09:10:48 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: ZeroConfigService.exe, version: 16.10.0.0, time stamp: 0x52cda7eb
    Faulting module name: MurocApi.dll, version: 16.10.0.0, time stamp: 0x52cda6c5
    Exception code: 0xc0000005
    Fault offset: 0x000000000002bcd8
    Faulting process id: 0xc28
    Faulting application start time: 0xZeroConfigService.exe0
    Faulting application path: ZeroConfigService.exe1
    Faulting module path: ZeroConfigService.exe2
    Report Id: ZeroConfigService.exe3

    Error: (03/24/2015 08:04:29 AM) (Source: MsiInstaller) (EventID: 11309) (User: CamLaptop-PC)
    Description: Product: Google Update Helper -- Error 1309. Error reading from file: C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\Google\Update\RequiredFile.txt. System error 3. Verify that the file exists and that you can access it.

    Error: (03/23/2015 07:16:58 PM) (Source: VSS) (EventID: 12289) (User: )
    Description: Volume Shadow Copy Service error: Unexpected error DeviceIoControl(\\?\Volume{9bc98323-08bf-11e4-8d97-806e6f6e6963} - 000000000000014C,0x0053c008,00000000003DCE30,0,00000000003DDE40,4096,[0]). hr = 0x80070079, The semaphore timeout period has expired.
    .


    Operation:
    Processing EndPrepareSnapshots

    Context:
    Execution Context: System Provider

    Error: (03/23/2015 07:06:39 PM) (Source: System Restore) (EventID: 8211) (User: )
    Description: The scheduled restore point could not be created. Additional information: (0x81000101).

    Error: (03/23/2015 07:06:39 PM) (Source: System Restore) (EventID: 8193) (User: )
    Description: Failed to create restore point (Process = C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation; Description = Scheduled Checkpoint; Error = 0x81000101).

    Error: (03/23/2015 06:05:01 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: The program Forge110.exe version 11.0.0.234 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

    Process ID: 17c8

    Start Time: 01d065376284d210

    Termination Time: 15

    Application Path: C:\Program Files (x86)\Sony\Sound Forge Pro 11.0\Forge110.exe

    Report Id: e7781595-d12a-11e4-9984-5404a639c413

    Error: (03/23/2015 05:44:59 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: The program Forge110.exe version 11.0.0.234 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

    Process ID: a24

    Start Time: 01d065304b4d9830

    Termination Time: 12

    Application Path: C:\Program Files (x86)\Sony\Sound Forge Pro 11.0\Forge110.exe

    Report Id: 12887c09-d128-11e4-9984-5404a639c413

    Error: (03/22/2015 03:47:34 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: WLANExt.exe, version: 6.1.7600.16385, time stamp: 0x4a5bcc33
    Faulting module name: IWMSSvc.dll, version: 16.10.0.0, time stamp: 0x52cda706
    Exception code: 0xc0000005
    Fault offset: 0x000000000014c2a2
    Faulting process id: 0x578
    Faulting application start time: 0xWLANExt.exe0
    Faulting application path: WLANExt.exe1
    Faulting module path: WLANExt.exe2
    Report Id: WLANExt.exe3


    System errors:
    =============
    Error: (03/28/2015 07:36:47 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
    Description: The TomTomHOMEService service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

    Error: (03/28/2015 07:36:30 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The TomTomHOMEService service terminated unexpectedly. It has done this 1 time(s).

    Error: (03/28/2015 07:09:31 PM) (Source: Disk) (EventID: 11) (User: )
    Description: The driver detected a controller error on \Device\Harddisk1\DR1.

    Error: (03/28/2015 07:09:30 PM) (Source: Disk) (EventID: 11) (User: )
    Description: The driver detected a controller error on \Device\Harddisk1\DR1.

    Error: (03/28/2015 07:09:29 PM) (Source: Disk) (EventID: 11) (User: )
    Description: The driver detected a controller error on \Device\Harddisk1\DR1.

    Error: (03/28/2015 07:05:34 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
    Description: The following boot-start or system-start driver(s) failed to load:
    cherimoya

    Error: (03/27/2015 06:21:16 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
    Description: The following boot-start or system-start driver(s) failed to load:
    cherimoya

    Error: (03/27/2015 06:20:41 PM) (Source: NetBT) (EventID: 4311) (User: )
    Description: Initialization failed because the driver device could not be created.
    Use the string "78929C52E787" to identify the interface for which initialization
    failed. It represents the MAC address of the failed interface or the
    Globally Unique Interface Identifier (GUID) if NetBT was unable to
    map from GUID to MAC address. If neither the MAC address nor the GUID were
    available, the string represents a cluster device name.

    Error: (03/27/2015 06:20:41 PM) (Source: NetBT) (EventID: 4311) (User: )
    Description: Initialization failed because the driver device could not be created.
    Use the string "78929C52E787" to identify the interface for which initialization
    failed. It represents the MAC address of the failed interface or the
    Globally Unique Interface Identifier (GUID) if NetBT was unable to
    map from GUID to MAC address. If neither the MAC address nor the GUID were
    available, the string represents a cluster device name.

    Error: (03/25/2015 02:38:10 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
    Description: The following boot-start or system-start driver(s) failed to load:
    cherimoya


    Microsoft Office Sessions:
    =========================
    Error: (03/28/2015 07:31:35 PM) (Source: TomTomHOMEService) (EventID: 10000) (User: )
    Description: TomTomHOMEServiceOpenService failed with 0

    Error: (03/27/2015 06:59:09 PM) (Source: MsiInstaller) (EventID: 10005) (User: CamLaptop-PC)
    Description: Product: Search App by Ask -- Error 25001. The following applications must be closed before continuing the uninstall:

    Google Chrome (NULL)(NULL)(NULL)(NULL)(NULL)

    Error: (03/24/2015 09:10:48 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: ZeroConfigService.exe16.10.0.052cda7ebMurocApi.dll16.10.0.052cda6c5c0000005000000000002bcd8c2801d0661aaeb09266C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exeC:\Program Files\Intel\WiFi\bin\MurocApi.dll0a3f8ce6-d20e-11e4-a955-5404a639c413

    Error: (03/24/2015 08:04:29 AM) (Source: MsiInstaller) (EventID: 11309) (User: CamLaptop-PC)
    Description: Product: Google Update Helper -- Error 1309. Error reading from file: C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\Google\Update\RequiredFile.txt. System error 3. Verify that the file exists and that you can access it.(NULL)(NULL)(NULL)(NULL)(NULL)

    Error: (03/23/2015 07:16:58 PM) (Source: VSS) (EventID: 12289) (User: )
    Description: DeviceIoControl(\\?\Volume{9bc98323-08bf-11e4-8d97-806e6f6e6963} - 000000000000014C,0x0053c008,00000000003DCE30,0,00000000003DDE40,4096,[0])0x80070079, The semaphore timeout period has expired.


    Operation:
    Processing EndPrepareSnapshots

    Context:
    Execution Context: System Provider

    Error: (03/23/2015 07:06:39 PM) (Source: System Restore) (EventID: 8211) (User: )
    Description: 0x81000101

    Error: (03/23/2015 07:06:39 PM) (Source: System Restore) (EventID: 8193) (User: )
    Description: C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreationScheduled Checkpoint0x81000101

    Error: (03/23/2015 06:05:01 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: Forge110.exe11.0.0.23417c801d065376284d21015C:\Program Files (x86)\Sony\Sound Forge Pro 11.0\Forge110.exee7781595-d12a-11e4-9984-5404a639c413

    Error: (03/23/2015 05:44:59 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: Forge110.exe11.0.0.234a2401d065304b4d983012C:\Program Files (x86)\Sony\Sound Forge Pro 11.0\Forge110.exe12887c09-d128-11e4-9984-5404a639c413

    Error: (03/22/2015 03:47:34 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: WLANExt.exe6.1.7600.163854a5bcc33IWMSSvc.dll16.10.0.052cda706c0000005000000000014c2a257801d064457c471c92C:\Windows\system32\WLANExt.exeC:\Windows\System32\IWMSSvc.dll8da74339-d04e-11e4-ac58-5404a639c413


    ==================== Memory info ===========================

    Processor: Intel(R) Core(TM) i7-2670QM CPU @ 2.20GHz
    Percentage of memory in use: 28%
    Total physical RAM: 8102.7 MB
    Available physical RAM: 5792.21 MB
    Total Pagefile: 16205.39 MB
    Available Pagefile: 13195.74 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.85 MB

    ==================== Drives ================================

    Drive c: (OS) (Fixed) (Total:673.63 GB) (Free:477.88 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: 496B9619)
    Partition 1: (Not Active) - (Size=25 GB) - (Type=1C)
    Partition 2: (Active) - (Size=673.6 GB) - (Type=07 NTFS)

    ==================== End Of Log ============================
     
  4. Broni

    Broni Malware Annihilator Posts: 52,884   +344

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ===================================

    [​IMG] Uninstall Search App by Ask.

    Next...

    [​IMG] Download RogueKiller from one of the following links and save it to your Desktop:

    Link 1
    Link 2

    • Close all the running programs
    • Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    [​IMG] Please download Malwarebytes Anti-Malware (MBAM) to your desktop.
    NOTE. If you already have MBAM 2.0 installed scroll down.

    • Double-click mbam-setup-2.0.0.1000.exe and follow the prompts to install the program.
    • At the end, be sure a checkmark is placed next to the following:
      • Launch Malwarebytes Anti-Malware
      • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
    • Click Finish.
    • On the Dashboard, click the 'Update Now >>' link
    • After the update completes, click the 'Scan Now >>' button.
    • Or, on the Dashboard, click the Scan Now >> button.
    • If an update is available, click the Update Now button.
    • A Threat Scan will begin.
    • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
    • In most cases, a restart will be required.
    • Wait for the prompt to restart the computer to appear, then click on Yes.


    If you already have MBAM 2.0 installed:

    • On the Dashboard, click the 'Update Now >>' link
    • After the update completes, click the 'Scan Now >>' button.
    • Or, on the Dashboard, click the Scan Now >> button.
    • If an update is available, click the Update Now button.
    • A Threat Scan will begin.
    • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
    • In most cases, a restart will be required.
    • Wait for the prompt to restart the computer to appear, then click on Yes.

    How to get logs:
    (Export log to save as txt)


    • After the restart once you are back at your desktop, open MBAM once more.
    • Click on the History tab > Application Logs.
    • Double click on the Scan Log which shows the Date and time of the scan just performed.
    • Click 'Export'.
    • Click 'Text file (*.txt)'
    • In the Save File dialog box which appears, click on Desktop.
    • In the File name: box type a name for your scan log.
    • A message box named 'File Saved' should appear stating "Your file has been successfully exported".
    • Click Ok
    • Attach that saved log to your next reply.


    (Copy to clipboard for pasting into forum replies or tickets)

    • After the restart once you are back at your desktop, open MBAM once more.
    • Click on the History tab > Application Logs.
    • Double click on the Scan Log which shows the Date and time of the scan just performed.
    • Click 'Copy to Clipboard'
    • Paste the contents of the clipboard into your reply.

    [​IMG] Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Scan button.
    • When the scan has finished click on Clean button.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the contents of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.

    [​IMG] Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.
     
  5. stratagem72

    stratagem72 TS Rookie Topic Starter Posts: 26

    Thankyou for your reply. I will attend to all that when time permits. I did try to log in using my old username (cam975) but was unable as it was registered with an old email address so I had to create a new one. I'll post again when I can (y)
     
  6. Broni

    Broni Malware Annihilator Posts: 52,884   +344

  7. stratagem72

    stratagem72 TS Rookie Topic Starter Posts: 26

    Rouge Killer Log as requested:

    RogueKiller V10.5.7.0 [Mar 22 2015] by Adlice Software
    mail : http://www.adlice.com/contact/
    Feedback : http://forum.adlice.com
    Website : http://www.adlice.com/softwares/roguekiller/
    Blog : http://www.adlice.com

    Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User : Cam Laptop [Administrator]
    Started from : C:\Users\Cam Laptop\Desktop\RogueKiller.exe
    Mode : Delete -- Date : 03/30/2015 08:41:20

    ¤¤¤ Processes : 2 ¤¤¤
    [ZeroAccess] SBAMSvc.exe(2152) -- C:\Program Files (x86)\Sunbelt Software\VIPRE\SBAMSvc.exe[7] -> Killed [TermProc]
    [Suspicious.Path] jnslBAB6.tmp(2680) -- C:\Users\Cam Laptop\AppData\Roaming\66DE6100-1427144633-81E1-3E9E-5404A639C413\jnslBAB6.tmp[-] -> Killed [TermProc]

    ¤¤¤ Registry : 11 ¤¤¤
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | Setwallpaper : c:\programdata\SetWallpaper.cmd [x] -> Deleted
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\xuhejygu (C:\Users\Cam Laptop\AppData\Roaming\66DE6100-1427144633-81E1-3E9E-5404A639C413\jnslBAB6.tmp) -> Not selected
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\xuhejygu (C:\Users\Cam Laptop\AppData\Roaming\66DE6100-1427144633-81E1-3E9E-5404A639C413\jnslBAB6.tmp) -> Not selected
    [PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\APNMCP ("C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe") -> Not selected
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\xuhejygu (C:\Users\Cam Laptop\AppData\Roaming\66DE6100-1427144633-81E1-3E9E-5404A639C413\jnslBAB6.tmp) -> Not selected
    [PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-1043452877-789864633-615203981-1000\Software\Microsoft\Internet Explorer\Main | Start Page : http://asus.msn.com -> Not selected
    [PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-1043452877-789864633-615203981-1000\Software\Microsoft\Internet Explorer\Main | Start Page : http://asus.msn.com -> Not selected
    [PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Not selected
    [PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Not selected
    [PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Not selected
    [PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Not selected

    ¤¤¤ Tasks : 0 ¤¤¤

    ¤¤¤ Files : 0 ¤¤¤

    ¤¤¤ Hosts File : 0 ¤¤¤

    ¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤

    ¤¤¤ Web browsers : 0 ¤¤¤

    ¤¤¤ MBR Check : ¤¤¤
    +++++ PhysicalDrive0: Hitachi HTS547575A9E384 +++++
    --- User ---
    [MBR] 324ea55ae99fa2db8a70a06ec5985f09
    [BSP] baa58400c4105655dd5a43eaed9ccc63 : Windows Vista/7/8 MBR Code
    Partition table:
    User = LL1 ... OK
    User = LL2 ... OK


    ============================================
    RKreport_SCN_03302015_084038.log
     
  8. stratagem72

    stratagem72 TS Rookie Topic Starter Posts: 26

    MBAM log as requested:

    Malwarebytes Anti-Malware
    www.malwarebytes.org

    Scan Date: 30/03/2015
    Scan Time: 8:48:02 AM
    Logfile:
    Administrator: Yes

    Version: 2.01.4.1018
    Malware Database: v2015.03.29.07
    Rootkit Database: v2015.03.26.01
    License: Free
    Malware Protection: Disabled
    Malicious Website Protection: Disabled
    Self-protection: Disabled

    OS: Windows 7 Service Pack 1
    CPU: x64
    File System: NTFS
    User: Cam Laptop

    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 399734
    Time Elapsed: 43 min, 7 sec

    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Enabled
    PUM: Enabled

    Processes: 0
    (No malicious items detected)

    Modules: 0
    (No malicious items detected)

    Registry Keys: 12
    PUP.Optional.MultiPlug.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\xuhejygu, Quarantined, [5fec89c26d1d95a120ceb19cb154b64a],
    PUP.Optional.MyStartSearch.A, HKLM\SOFTWARE\WOW6432NODE\mystartsearchSoftware, Quarantined, [98b3fc4f2a606bcba5e3fbd29073ac54],
    PUP.Optional.cherimoya.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\cherimoya, Quarantined, [e5663516503ae25483a4368e11f2916f],
    PUP.Optional.Shopperz.A, HKU\S-1-5-18\SOFTWARE\{4E7638A1-6962-4e44-A6B9-F40E84FD6D09}, Quarantined, [69e2c6852961e452441405b53ac941bf],
    PUP.Optional.Shopperz.A, HKU\S-1-5-19\SOFTWARE\{4E7638A1-6962-4e44-A6B9-F40E84FD6D09}, Quarantined, [de6dd37898f2cb6b7ddbceec26ddfb05],
    PUP.Optional.Shopperz.A, HKU\S-1-5-20\SOFTWARE\{4E7638A1-6962-4e44-A6B9-F40E84FD6D09}, Quarantined, [89c269e2672334020b4dc4f623e0de22],
    PUP.Optional.Shopperz.A, HKU\S-1-5-21-1043452877-789864633-615203981-1000\SOFTWARE\{4E7638A1-6962-4e44-A6B9-F40E84FD6D09}, Quarantined, [12399ead5931a98dc1975169a36035cb],
    PUP.Optional.Cinema.A, HKU\S-1-5-21-1043452877-789864633-615203981-1001\SOFTWARE\CinemaP-1.9cV22.03-nv-ie, Quarantined, [13388ac198f2cd69de7ab32733d06e92],
    PUP.Optional.Shopperz.A, HKU\S-1-5-21-1043452877-789864633-615203981-1001\SOFTWARE\{4E7638A1-6962-4e44-A6B9-F40E84FD6D09}, Quarantined, [52f972d98a00cc6a83d5febcc24126da],
    PUP.Optional.CrossRider.A, HKU\S-1-5-21-1043452877-789864633-615203981-1001\SOFTWARE\APPDATALOW\SOFTWARE\Crossrider, Quarantined, [63e8eb60afdbec4a0a37949f8580649c],
    PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\GOOGLEUPDATE.EXE, Quarantined, [0a4181cab6d4072ffbaf0191d72c23dd],
    PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\GOOGLEUPDATE.EXE, Quarantined, [0a4181cab6d4072ffbaf0191d72c23dd],

    Registry Values: 1
    PUP.Optional.MultiPlug.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\xuhejygu|ImagePath, C:\Users\Cam Laptop\AppData\Roaming\66DE6100-1427144633-81E1-3E9E-5404A639C413\jnslBAB6.tmp, Quarantined, [3d0eb4976624c76f4dab6de053b2ea16]

    Registry Data: 0
    (No malicious items detected)

    Folders: 5
    PUP.Optional.MultiPlug.A, C:\Users\Cam Laptop\AppData\Roaming\66DE6100-1427144633-81E1-3E9E-5404A639C413, Quarantined, [5fec89c26d1d95a120ceb19cb154b64a],
    PUP.Optional.MultiPlug.A, C:\Users\Cam Laptop\AppData\Local\66DE6100-1427184519-81E1-3E9E-5404A639C413, Quarantined, [3e0da1aa52380e28737f51fccc3919e7],
    PUP.Optional.GlobalUpdate.A, C:\Users\Cam Laptop\AppData\Local\Temp\comh.265776, Quarantined, [0a4181cab6d4072ffbaf0191d72c23dd],
    PUP.Optional.GamesDesktop.A, C:\Program Files (x86)\gmsd_au_109, Quarantined, [b2997dcef496be78c1da258317ecf60a],
    PUP.Optional.Shopperz.A, C:\Program Files\shopperz, Quarantined, [67e493b8385266d0aad1555758ab7888],

    Files: 23
    PUP.Optional.SelectNGo.A, C:\Users\Cam Laptop\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.selectgo00.selectgo.net_0.localstorage, Quarantined, [ed5e3f0c315973c3fba2f1d104ffc937],
    PUP.Optional.SelectNGo.A, C:\Users\Cam Laptop\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.selectgo00.selectgo.net_0.localstorage-journal, Quarantined, [73d8212ab9d11224b1ec40820df6bd43],
    PUP.Optional.AZLyrics.A, C:\Users\Cam Laptop\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.azlyrics.com_0.localstorage, Quarantined, [a9a2e863cfbbf145865e57734eb5f10f],
    PUP.Optional.AZLyrics.A, C:\Users\Cam Laptop\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.azlyrics.com_0.localstorage-journal, Quarantined, [79d252f9cfbbba7c6381a228dc27a060],
    PUP.Optional.SelectNGo.A, C:\Users\Cam Laptop\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.select-n-go00.select-n-go.com_0.localstorage, Quarantined, [7ad1d3788406e1553d690ee0748f718f],
    PUP.Optional.SelectNGo.A, C:\Users\Cam Laptop\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.select-n-go00.select-n-go.com_0.localstorage-journal, Quarantined, [9cafa6a597f3c86eeabc29c514ef09f7],
    PUP.Optional.MultiPlug.A, C:\Users\Cam Laptop\AppData\Roaming\66DE6100-1427144633-81E1-3E9E-5404A639C413\jnslBAB6.tmp, Quarantined, [5fec89c26d1d95a120ceb19cb154b64a],
    PUP.Optional.MultiPlug.A, C:\Users\Cam Laptop\AppData\Roaming\66DE6100-1427144633-81E1-3E9E-5404A639C413\rnsqB027.exe, Quarantined, [5fec89c26d1d95a120ceb19cb154b64a],
    PUP.Optional.MultiPlug.A, C:\Users\Cam Laptop\AppData\Roaming\66DE6100-1427144633-81E1-3E9E-5404A639C413\Uninstall.exe, Quarantined, [5fec89c26d1d95a120ceb19cb154b64a],
    PUP.Optional.MultiPlug.A, C:\Users\Cam Laptop\AppData\Roaming\66DE6100-1427144633-81E1-3E9E-5404A639C413\vnsvCAEE.tmp, Quarantined, [5fec89c26d1d95a120ceb19cb154b64a],
    PUP.Optional.MultiPlug.A, C:\Users\Cam Laptop\AppData\Local\66DE6100-1427184519-81E1-3E9E-5404A639C413\nsm2212.tmp, Quarantined, [3e0da1aa52380e28737f51fccc3919e7],
    PUP.Optional.MultiPlug.A, C:\Users\Cam Laptop\AppData\Local\66DE6100-1427184519-81E1-3E9E-5404A639C413\pnss2E65.exe, Quarantined, [3e0da1aa52380e28737f51fccc3919e7],
    PUP.Optional.GlobalUpdate.A, C:\Users\Cam Laptop\AppData\Local\Temp\comh.265776\GoogleCrashHandler.exe, Quarantined, [0a4181cab6d4072ffbaf0191d72c23dd],
    PUP.Optional.GlobalUpdate.A, C:\Users\Cam Laptop\AppData\Local\Temp\comh.265776\GoogleUpdate.exe, Quarantined, [0a4181cab6d4072ffbaf0191d72c23dd],
    PUP.Optional.GlobalUpdate.A, C:\Users\Cam Laptop\AppData\Local\Temp\comh.265776\GoogleUpdateBroker.exe, Quarantined, [0a4181cab6d4072ffbaf0191d72c23dd],
    PUP.Optional.GlobalUpdate.A, C:\Users\Cam Laptop\AppData\Local\Temp\comh.265776\GoogleUpdateHelper.msi, Quarantined, [0a4181cab6d4072ffbaf0191d72c23dd],
    PUP.Optional.GlobalUpdate.A, C:\Users\Cam Laptop\AppData\Local\Temp\comh.265776\GoogleUpdateOnDemand.exe, Quarantined, [0a4181cab6d4072ffbaf0191d72c23dd],
    PUP.Optional.GlobalUpdate.A, C:\Users\Cam Laptop\AppData\Local\Temp\comh.265776\goopdate.dll, Quarantined, [0a4181cab6d4072ffbaf0191d72c23dd],
    PUP.Optional.GlobalUpdate.A, C:\Users\Cam Laptop\AppData\Local\Temp\comh.265776\goopdateres_en.dll, Quarantined, [0a4181cab6d4072ffbaf0191d72c23dd],
    PUP.Optional.GlobalUpdate.A, C:\Users\Cam Laptop\AppData\Local\Temp\comh.265776\npGoogleUpdate4.dll, Quarantined, [0a4181cab6d4072ffbaf0191d72c23dd],
    PUP.Optional.GlobalUpdate.A, C:\Users\Cam Laptop\AppData\Local\Temp\comh.265776\psmachine.dll, Quarantined, [0a4181cab6d4072ffbaf0191d72c23dd],
    PUP.Optional.GlobalUpdate.A, C:\Users\Cam Laptop\AppData\Local\Temp\comh.265776\psuser.dll, Quarantined, [0a4181cab6d4072ffbaf0191d72c23dd],
    PUP.Optional.Shopperz.A, C:\Program Files\shopperz\krios64.dll, Quarantined, [67e493b8385266d0aad1555758ab7888],

    Physical Sectors: 0
    (No malicious items detected)


    (end)
     
  9. stratagem72

    stratagem72 TS Rookie Topic Starter Posts: 26

    AdwCleaner log as requested:

    # AdwCleaner v4.200 - Logfile created 30/03/2015 at 10:01:11
    # Updated 29/03/2015 by Xplode
    # Database : 2015-03-29.1 [Server]
    # Operating system : Windows 7 Home Premium Service Pack 1 (x64)
    # Username : Cam Laptop - CAMLAPTOP-PC
    # Running from : C:\Users\Cam Laptop\Desktop\adwcleaner_4.200.exe
    # Option : Cleaning

    ***** [ Services ] *****


    ***** [ Files / Folders ] *****

    Folder Deleted : C:\ProgramData\apn
    Folder Deleted : C:\ProgramData\Partner
    Folder Deleted : C:\ProgramData\2c26551400000e3f
    Folder Deleted : C:\Program Files (x86)\globalUpdate
    Folder Deleted : C:\Users\CAMLAP~1\AppData\Local\Temp\apn
    Folder Deleted : C:\Users\Cam Laptop\AppData\Local\globalUpdate
    File Deleted : C:\Users\Cam Laptop\Desktop\Continue Live Installation.lnk
    File Deleted : C:\Users\Cam Laptop\AppData\Roaming\Mozilla\Firefox\Profiles\wcmgAloW.default\user.js

    ***** [ Scheduled tasks ] *****


    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****

    Key Deleted : HKLM\SOFTWARE\4c6214ad-b193-187e-c79e-9caca1115cd6
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{41564952-412D-5350-00A7-7A786E7484D7}
    Key Deleted : HKCU\Software\GlobalUpdate
    Key Deleted : HKCU\Software\Optimizer Pro
    Key Deleted : HKCU\Software\Softonic
    Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
    Key Deleted : HKCU\Software\AppDataLow\Software\TheBestDeals
    Key Deleted : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
    Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
    Key Deleted : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
    Key Deleted : HKLM\SOFTWARE\GlobalUpdate
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdater
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VOPackage
    Key Deleted : [x64] HKLM\SOFTWARE\WebBar

    ***** [ Web browsers ] *****

    -\\ Internet Explorer v0.0.0.0


    -\\ Mozilla Firefox v


    -\\ Google Chrome v41.0.2272.101

    [C:\Users\Cam Laptop\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Startup_URLs] : ", "hxxp://google.com.au/", "hxxp://www.mystartsearch.com/?type=hp&ts=1427144569&from=slbnew&uid=HitachiXHTS547575A9E384_J2540054HULR3EHULR3EX

    *************************

    AdwCleaner[R0].txt - [2516 bytes] - [30/03/2015 09:47:30]
    AdwCleaner[R1].txt - [2575 bytes] - [30/03/2015 09:56:09]
    AdwCleaner[S0].txt - [2407 bytes] - [30/03/2015 10:01:11]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2466 bytes] ##########
     
  10. stratagem72

    stratagem72 TS Rookie Topic Starter Posts: 26

    Junkware Removal Tool log as requested:

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 6.4.7 (03.28.2015:1)
    OS: Windows 7 Home Premium x64
    Ran by Cam Laptop on Mon 30/03/2015 at 10:08:57.34
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    ~~~ Services



    ~~~ Registry Values



    ~~~ Registry Keys



    ~~~ Files

    Successfully deleted: [File] "C:\Users\Cam Laptop\appdata\local\google\chrome\user data\default\local storage\http_lyrics.wikia.com_0.localstorage"
    Successfully deleted: [File] "C:\Users\Cam Laptop\appdata\local\google\chrome\user data\default\local storage\http_lyrics.wikia.com_0.localstorage-journal"
    Successfully deleted: [File] "C:\Users\Cam Laptop\appdata\local\google\chrome\user data\default\local storage\http_www.lyricsmode.com_0.localstorage"
    Successfully deleted: [File] "C:\Users\Cam Laptop\appdata\local\google\chrome\user data\default\local storage\http_www.lyricsmode.com_0.localstorage-journal"



    ~~~ Folders

    Successfully deleted: [Folder] "C:\ProgramData\flexnet"
    Successfully deleted: [Folder] "C:\Users\Cam Laptop\AppData\Roaming\flexnet"
    Successfully deleted: [Empty Folder] C:\Users\Cam Laptop\appdata\local\{0F48FA97-171A-4A7A-AB05-2F4CDD8127B5}
    Successfully deleted: [Empty Folder] C:\Users\Cam Laptop\appdata\local\{168EF36D-E4BD-4858-8E3B-C53215D484C3}
    Successfully deleted: [Empty Folder] C:\Users\Cam Laptop\appdata\local\{2951A56B-8FF1-4FE5-8D68-DBA587C6783C}
    Successfully deleted: [Empty Folder] C:\Users\Cam Laptop\appdata\local\{5AD3BC16-AF01-4CB8-9AF3-D4CD4DF784A5}
    Successfully deleted: [Empty Folder] C:\Users\Cam Laptop\appdata\local\{68A1C6C1-9B6C-4980-A3E3-905EFF5758B3}
    Successfully deleted: [Empty Folder] C:\Users\Cam Laptop\appdata\local\{C1DE1DD2-9357-46A4-8121-366F8D48E797}
    Successfully deleted: [Empty Folder] C:\Users\Cam Laptop\appdata\local\{E607A796-99CD-44DD-89FE-60AAC4F79947}
    Successfully deleted: [Empty Folder] C:\Users\Cam Laptop\appdata\local\{F4D08E75-84E4-4F33-B4ED-1F6F7D0F7BAF}



    ~~~ Event Viewer Logs were cleared





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Mon 30/03/2015 at 10:15:30.44
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     
  11. Broni

    Broni Malware Annihilator Posts: 52,884   +344

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Very Important! Temporarily disable your anti-virus and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
      If the connection is not there use restore point you created prior to running Combofix.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error Illegal operation attempted on a registery key that has been marked for deletion, restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try the following...

    Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Download Rkill (courtesy of BleepingComputer.com) to your desktop.
    There are 2 different versions. If one of them won't run then download and try to run the other one.
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
    iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

    Restart computer in safe mode

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Windows Vista, 7 or 8 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    When the scan is done Notepad will open with rKill.txt log.
    NOTE. rKill.txt log will also be present on your desktop.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
     
  12. stratagem72

    stratagem72 TS Rookie Topic Starter Posts: 26

    Combo Fix log as requested:

    ComboFix 15-03-29.01 - Cam Laptop 30/03/2015 12:09:52.1.8 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.61.1033.18.8103.6373 [GMT 11:00]
    Running from: c:\users\Cam Laptop\Desktop\ComboFix.exe
    AV: Sunbelt VIPRE *Disabled/Outdated* {BE5DD172-7F42-7948-1A60-E6A720288F81}
    FW: Sunbelt VIPRE *Disabled* {86665057-352D-7810-313F-4F92DEFBC8FA}
    SP: Sunbelt VIPRE *Disabled/Outdated* {053C3096-5978-76C6-20D0-DDD55BAFC53C}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    C:\install.exe
    c:\programdata\Roaming
    .
    .
    ((((((((((((((((((((((((( Files Created from 2015-02-28 to 2015-03-30 )))))))))))))))))))))))))))))))
    .
    .
    2015-03-30 01:21 . 2015-03-30 01:21 -------- d-----w- c:\users\Default\AppData\Local\temp
    2015-03-30 01:21 . 2015-03-30 01:21 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
    2015-03-29 22:47 . 2015-03-29 23:01 -------- d-----w- C:\AdwCleaner
    2015-03-29 21:47 . 2015-03-29 22:44 136408 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
    2015-03-29 21:46 . 2015-03-29 21:46 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
    2015-03-29 21:46 . 2015-03-29 21:46 -------- d-----w- c:\programdata\Malwarebytes
    2015-03-29 21:46 . 2015-03-16 19:15 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
    2015-03-29 21:46 . 2015-03-16 19:15 107736 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
    2015-03-29 21:46 . 2015-03-16 19:15 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
    2015-03-29 21:31 . 2015-03-29 21:31 35064 ----a-w- c:\windows\system32\drivers\TrueSight.sys
    2015-03-29 21:31 . 2015-03-29 21:52 -------- d-----w- c:\programdata\RogueKiller
    2015-03-28 09:09 . 2015-03-28 09:49 -------- d-----w- C:\FRST
    2015-03-28 08:32 . 2015-03-28 08:32 -------- d-----w- c:\programdata\TomTom
    2015-03-28 08:31 . 2015-03-28 08:31 -------- d-----w- c:\users\Cam Laptop\AppData\Roaming\TomTom
    2015-03-28 08:31 . 2015-03-28 08:31 -------- d-----w- c:\users\Cam Laptop\AppData\Local\TomTom
    2015-03-28 08:31 . 2015-03-28 08:31 -------- d-----w- c:\program files (x86)\TomTom International B.V
    2015-03-28 08:31 . 2015-03-28 08:36 -------- d-----w- c:\program files (x86)\TomTom HOME 2
    2015-03-28 08:30 . 2015-03-28 08:30 -------- d-----w- c:\program files (x86)\TomTom DesktopSuite
    2015-03-22 02:43 . 2015-03-22 02:43 -------- d-----w- c:\users\Cam Laptop\AppData\Roaming\Publish Providers
    2015-03-22 02:27 . 2015-03-22 02:37 -------- d-----w- c:\users\Cam Laptop\AppData\Local\Sony
    2015-03-22 02:27 . 2015-03-22 02:27 -------- d-----w- c:\programdata\Sony
    2015-03-22 02:27 . 2015-03-22 02:27 -------- d-----w- c:\program files (x86)\Sony
    2015-03-22 02:26 . 2015-03-22 02:43 -------- d-----w- c:\users\Cam Laptop\AppData\Roaming\Sony
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2015-02-05 04:41 . 2014-08-29 04:46 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2015-02-05 04:41 . 2014-08-29 04:46 701616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2015-01-21 01:27 . 2014-10-14 22:22 98216 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
    2015-01-11 04:46 . 2014-08-13 06:43 45056 ----a-w- c:\windows\system32\acovcnt.exe
    2002-12-16 16:00 . 2002-12-16 16:00 82253 ----a-w- c:\program files (x86)\unins000.exe
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
    @="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
    [HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
    2012-10-01 10:38 1720976 ----a-w- c:\progra~2\MICROS~1\Office15\GROOVEEX.DLL
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
    @="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
    [HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
    2012-10-01 10:38 1720976 ----a-w- c:\progra~2\MICROS~1\Office15\GROOVEEX.DLL
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
    @="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
    [HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
    2012-10-01 10:38 1720976 ----a-w- c:\progra~2\MICROS~1\Office15\GROOVEEX.DLL
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "InternodeUsage"="c:\progra~2\INTERN~2\mum.exe" [2014-12-05 2242560]
    "GoogleChromeAutoLaunch_48E3BD7109F03F0636B1DE020A82339F"="c:\program files (x86)\Google\Chrome\Application\chrome.exe" [2015-03-14 809288]
    "EPLTarget\P0000000000000000"="c:\windows\system32\spool\DRIVERS\x64\3\E_YATIJJE.EXE" [2012-02-27 283232]
    "TomTomHOME.exe"="c:\program files (x86)\TomTom HOME 2\TomTomHOMERunner.exe" [2014-12-18 248176]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "ASUSPRP"="c:\program files (x86)\ASUS\APRP\APRP.EXE" [2011-04-02 2018032]
    "ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2010-08-17 5732992]
    "ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-10-07 170624]
    "HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
    "Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2010-09-23 1601536]
    "SBAMTray"="c:\program files (x86)\Sunbelt Software\VIPRE\SBAMTray.exe" [2011-05-11 1353040]
    "FUFAXRCV"="c:\program files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe" [2012-07-09 502952]
    "FUFAXSTM"="c:\program files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe" [2012-07-09 863400]
    "EEventManager"="c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe" [2012-04-02 1058912]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
    "LoadAppInit_DLLs"=1 (0x1)
    "AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBPIMSvc]
    @="Service"
    .
    R1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys;c:\windows\SYSNATIVE\drivers\SBREdrv.sys [x]
    R2 CLKMSVC10_38F51D56;CyberLink Product - 2014/07/10 23:25;c:\program files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe;c:\program files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [x]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
    R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
    R2 SBAMSvc;VIPRE Antivirus Premium;c:\program files (x86)\Sunbelt Software\VIPRE\SBAMSvc.exe;c:\program files (x86)\Sunbelt Software\VIPRE\SBAMSvc.exe [x]
    R3 AMPPALP;Intel(r) Centrino(r) Wireless Bluetooth(r) + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys;c:\windows\SYSNATIVE\DRIVERS\amppal.sys [x]
    R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys;c:\windows\SYSNATIVE\DRIVERS\htcnprot.sys [x]
    R3 HtcVCom32;HTC Diagnostic Port;c:\windows\system32\DRIVERS\HtcVComV64.sys;c:\windows\SYSNATIVE\DRIVERS\HtcVComV64.sys [x]
    R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
    R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
    R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]
    R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
    R3 RDID1149;GT-100 Ver2;c:\windows\system32\Drivers\rdwm1149.sys;c:\windows\SYSNATIVE\Drivers\rdwm1149.sys [x]
    R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUVStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUVStor.sys [x]
    R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Service;c:\windows\system32\DRIVERS\sbfwim.sys;c:\windows\SYSNATIVE\DRIVERS\sbfwim.sys [x]
    R3 sbhips;sbhips;c:\windows\system32\drivers\sbhips.sys;c:\windows\SYSNATIVE\drivers\sbhips.sys [x]
    R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys;c:\windows\SYSNATIVE\DRIVERS\SiSG664.sys [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
    R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
    S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
    S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [x]
    S1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys;c:\windows\SYSNATIVE\drivers\SbFw.sys [x]
    S1 SbTis;SbTis;c:\windows\system32\drivers\sbtis.sys;c:\windows\SYSNATIVE\drivers\sbtis.sys [x]
    S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe;c:\windows\SYSNATIVE\FBAgent.exe [x]
    S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [x]
    S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [x]
    S2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [x]
    S2 EpsonScanSvc;Epson Scanner Service;c:\windows\system32\EscSvc64.exe;c:\windows\SYSNATIVE\EscSvc64.exe [x]
    S2 HTCMonitorService;HTCMonitorService;c:\program files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe;c:\program files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [x]
    S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [x]
    S2 sbapifs;sbapifs;c:\windows\system32\DRIVERS\sbapifs.sys;c:\windows\SYSNATIVE\DRIVERS\sbapifs.sys [x]
    S2 SBPIMSvc;SB Recovery Service;c:\program files (x86)\Sunbelt Software\VIPRE\SBPIMSvc.exe;c:\program files (x86)\Sunbelt Software\VIPRE\SBPIMSvc.exe [x]
    S2 TomTomHOMEService;TomTomHOMEService;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [x]
    S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys;c:\windows\SYSNATIVE\DRIVERS\TurboB.sys [x]
    S2 TurboBoost;Intel(R) Turbo Boost Technology Monitor;c:\program files\Intel\TurboBoost\TurboBoost.exe;c:\program files\Intel\TurboBoost\TurboBoost.exe [x]
    S2 ZeroConfigService;Intel(R) PROSet/Wireless Zero Configuration Service;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe [x]
    S3 AMPPAL;Intel(r) Centrino(r) Wireless Bluetooth(r) + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys;c:\windows\SYSNATIVE\DRIVERS\AMPPAL.sys [x]
    S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys;c:\windows\SYSNATIVE\DRIVERS\asmthub3.sys [x]
    S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys;c:\windows\SYSNATIVE\DRIVERS\asmtxhci.sys [x]
    S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x]
    S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
    S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\DRIVERS\LEqdUsb.Sys;c:\windows\SYSNATIVE\DRIVERS\LEqdUsb.Sys [x]
    S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\DRIVERS\LHidEqd.Sys;c:\windows\SYSNATIVE\DRIVERS\LHidEqd.Sys [x]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
    S3 SBFWIMCLMP;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\DRIVERS\SBFWIM.sys;c:\windows\SYSNATIVE\DRIVERS\SBFWIM.sys [x]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *Deregistered* - CLKMDRV10_38F51D56
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
    2015-03-21 10:50 1061704 ----a-w- c:\program files (x86)\Google\Chrome\Application\41.0.2272.101\Installer\chrmstp.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2015-03-30 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-08-29 04:41]
    .
    2015-03-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-08-13 07:36]
    .
    2015-03-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-08-13 07:36]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
    @="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
    [HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
    2010-09-02 08:41 220160 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSShellExt64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
    @="{64174815-8D98-4CE6-8646-4C039977D808}"
    [HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
    2010-09-02 08:41 220160 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSShellExt64.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-10 167960]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-10 391704]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-10 418328]
    "RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2014-05-13 1387376]
    "IntelTBRunOnce"="wscript.exe" [2013-10-12 168960]
    "EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2014-05-19 3100440]
    "SBRegRebootCleaner"="c:\program files (x86)\Sunbelt Software\VIPRE\SBRC.exe" [2011-05-11 197968]
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = about:blank
    mStart Page = about:blank
    mDefault_Page_URL = about:blank
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office15\EXCEL.EXE/3000
    IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office15\ONBttnIE.dll/105
    TCP: DhcpNameServer = 192.168.0.1
    Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - c:\program files (x86)\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-Locked - (no file)
    Wow6432Node-HKLM-Run-McDiags AutoLaunch - (no file)
    Toolbar-Locked - (no file)
    HKLM-Run-ETDCtrl - c:\program files (x86)\Elantech\ETDCtrl.exe
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_305_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_305_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker6"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_305_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_305_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.16"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker6"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2015-03-30 12:24:15
    ComboFix-quarantined-files.txt 2015-03-30 01:24
    .
    Pre-Run: 509,037,694,976 bytes free
    Post-Run: 512,250,650,624 bytes free
    .
    - - End Of File - - D612BCDA6756524A841CD260396773DB
     
  13. Broni

    Broni Malware Annihilator Posts: 52,884   +344

    Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.

    • Double-click to run it. When the tool opens click Yes to disclaimer.
    • Make sure you checkmark Addition.txt box.
    • Press Scan button.
    • Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.
     
  14. stratagem72

    stratagem72 TS Rookie Topic Starter Posts: 26

    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
    Ran by Cam Laptop (administrator) on CAMLAPTOP-PC on 31-03-2015 06:25:12
    Running from C:\Users\Cam Laptop\Desktop
    Loaded Profiles: UpdatusUser & Cam Laptop (Available profiles: UpdatusUser & Cam Laptop)
    Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
    Internet Explorer Version 9 (Default browser: IE)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    (ASUSTeK Computer Inc.) C:\Windows\System32\FBAgent.exe
    (Microsoft Corporation) C:\Windows\System32\wlanext.exe
    (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
    (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
    (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
    (Nero AG) C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe
    (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
    (ASUS) C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
    (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
    (ASUS) C:\Program Files\P4G\BatteryLife.exe
    (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
    (ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
    (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
    (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
    () C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe
    (Intel Corporation) C:\Windows\System32\igfxtray.exe
    (Intel Corporation) C:\Windows\System32\hkcmd.exe
    (Intel Corporation) C:\Windows\System32\igfxpers.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
    (Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
    (Angus Johnson) C:\Program Files (x86)\Internode\mum.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
    (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
    (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
    () C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
    (Sunbelt Software) C:\Program Files (x86)\Sunbelt Software\VIPRE\SBAMTray.exe
    (SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\FAX Utility\FUFAXRCV.exe
    (SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\FAX Utility\FUFAXSTM.exe
    (SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
    (Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe
    () C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
    (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    (Sunbelt Software) C:\Program Files (x86)\Sunbelt Software\VIPRE\SBAMSvc.exe
    (Sunbelt Software) C:\Program Files (x86)\Sunbelt Software\VIPRE\SBPIMSvc.exe
    (TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
    (Intel(R) Corporation) C:\Program Files\Intel\TurboBoost\TurboBoost.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    (Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
    (ASUS) C:\Windows\AsScrPro.exe
    (Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
    (CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
    (Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
    (Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
    (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe


    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1387376 2014-05-13] (Realtek Semiconductor)
    HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2589992 2011-04-13] (ELAN Microelectronics Corp.)
    HKLM\...\Run: [IntelTBRunOnce] => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
    HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3100440 2014-05-20] (Logitech, Inc.)
    HKLM\...\Run: [SBRegRebootCleaner] => C:\Program Files (x86)\Sunbelt Software\VIPRE\SBRC.exe [197968 2011-05-11] (Sunbelt Software)
    HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [2018032 2011-04-02] (ASUSTek Computer Inc.)
    HKLM-x32\...\Run: [ATKOSD2] => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [5732992 2010-08-18] (ASUS)
    HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2010-10-08] (ASUS)
    HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-20] (ASUS)
    HKLM-x32\...\Run: [Wireless Console 3] => C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [1601536 2010-09-24] ()
    HKLM-x32\...\Run: [SBAMTray] => C:\Program Files (x86)\Sunbelt Software\VIPRE\SBAMTray.exe [1353040 2011-05-11] (Sunbelt Software)
    HKLM-x32\...\Run: [FUFAXRCV] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe [502952 2012-07-09] (SEIKO EPSON CORPORATION)
    HKLM-x32\...\Run: [FUFAXSTM] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [863400 2012-07-09] (SEIKO EPSON CORPORATION)
    HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1058912 2012-04-02] (SEIKO EPSON CORPORATION)
    Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
    Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
    HKU\S-1-5-21-1043452877-789864633-615203981-1000\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler
    HKU\S-1-5-21-1043452877-789864633-615203981-1000\...\Run: [InternodeUsage] => C:\Program Files (x86)\Internode\mum.exe [2242560 2014-12-05] (Angus Johnson)
    HKU\S-1-5-21-1043452877-789864633-615203981-1000\...\Run: [GoogleChromeAutoLaunch_48E3BD7109F03F0636B1DE020A82339F] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [809288 2015-03-14] (Google Inc.)
    HKU\S-1-5-21-1043452877-789864633-615203981-1000\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIJJE.EXE [283232 2012-02-28] (SEIKO EPSON CORPORATION)
    HKU\S-1-5-21-1043452877-789864633-615203981-1001\...\Run: [InternodeUsage] => C:\Program Files (x86)\Internode\mum.exe [2242560 2014-12-05] (Angus Johnson)
    HKU\S-1-5-21-1043452877-789864633-615203981-1001\...\Run: [GoogleChromeAutoLaunch_48E3BD7109F03F0636B1DE020A82339F] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [809288 2015-03-14] (Google Inc.)
    HKU\S-1-5-21-1043452877-789864633-615203981-1001\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIJJE.EXE [283232 2012-02-28] (SEIKO EPSON CORPORATION)
    HKU\S-1-5-21-1043452877-789864633-615203981-1001\...\Run: [TomTomHOME.exe] => C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe [248176 2014-12-19] (TomTom)
    AppInit_DLLs-x32: c:\Windows\SysWOW64\nvinit.dll => c:\Windows\SysWOW64\nvinit.dll [193128 2011-05-11] (NVIDIA Corporation)
    ShellIconOverlayIdentifiers: [AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\ASUSWSShellExt64.dll (eCareme Technologies, Inc.)
    ShellIconOverlayIdentifiers: [AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\ASUSWSShellExt64.dll (eCareme Technologies, Inc.)

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKU\S-1-5-21-1043452877-789864633-615203981-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
    HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
    HKU\S-1-5-21-1043452877-789864633-615203981-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://asus.msn.com
    HKU\S-1-5-21-1043452877-789864633-615203981-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus.msn.com
    HKU\S-1-5-21-1043452877-789864633-615203981-1001\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKU\S-1-5-21-1043452877-789864633-615203981-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?source...nputEncoding}&oe={outputEncoding}&rlz=1I7ASUT
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-1043452877-789864633-615203981-1000 -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?source...nputEncoding}&oe={outputEncoding}&rlz=1I7ASUT
    SearchScopes: HKU\S-1-5-21-1043452877-789864633-615203981-1000 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?source...nputEncoding}&oe={outputEncoding}&rlz=1I7ASUT
    SearchScopes: HKU\S-1-5-21-1043452877-789864633-615203981-1000 -> {6BCDCE8D-9CAC-4AF5-9DB9-F7E57288A891} URL = https://www.google.com/search?q={searchTerms}
    SearchScopes: HKU\S-1-5-21-1043452877-789864633-615203981-1001 -> {6BCDCE8D-9CAC-4AF5-9DB9-F7E57288A891} URL = https://www.google.com/search?q={searchTerms}
    BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-22] (Microsoft Corp.)
    BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll [2014-05-20] (Logitech, Inc.)
    BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
    BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-01-21] (Oracle Corporation)
    BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-22] (Microsoft Corp.)
    BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2014-05-20] (Logitech, Inc.)
    BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
    BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation)
    BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-21] (Oracle Corporation)
    Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2012-10-01] (Microsoft Corporation)
    Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

    FireFox:
    ========
    FF ProfilePath: C:\Users\Cam Laptop\AppData\Roaming\Mozilla\Firefox\Profiles\wcmgAloW.default
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-05] ()
    FF Plugin: @microsoft.com/GENUINE -> disabled No File
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
    FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~3\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-05] ()
    FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-21] (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-21] (Oracle Corporation)
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
    FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
    FF Extension: Avira Browser Safety - C:\Users\Cam Laptop\AppData\Roaming\Mozilla\Firefox\Profiles\wcmgAloW.default\Extensions\abs@avira.com [2014-08-13]
    FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
    FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2014-08-18]
     
  15. stratagem72

    stratagem72 TS Rookie Topic Starter Posts: 26

    Chrome:
    =======
    CHR HomePage: Default ->
    CHR StartupUrls: Default -> "", "hxxp://google.com.au/", "hxxp://www.mystartsearch.com/?type=hp&ts=1427144569&from=slbnew&uid=HitachiXHTS547575A9E384_J2540054HULR3EHULR3EX"
    CHR Profile: C:\Users\Cam Laptop\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Google Docs) - C:\Users\Cam Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-08-13]
    CHR Extension: (Google Drive) - C:\Users\Cam Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-08-13]
    CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Cam Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-03-05]
    CHR Extension: (YouTube) - C:\Users\Cam Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-08-13]
    CHR Extension: (Google Search) - C:\Users\Cam Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-08-13]
    CHR Extension: (Gmail™ Notifier) - C:\Users\Cam Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcjichoefijpinlfnjghokpkojhlhkgl [2014-08-18]
    CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Cam Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-27]
    CHR Extension: (Google Mail Checker) - C:\Users\Cam Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff [2014-08-13]
    CHR Extension: (Google Wallet) - C:\Users\Cam Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-08-13]
    CHR Extension: (Gmail) - C:\Users\Cam Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-08-13]
    CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx

    ==================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    S2 CLKMSVC10_38F51D56; C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [241648 2010-11-13] (CyberLink)
    R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [135824 2011-12-12] (Seiko Epson Corporation)
    R2 HTCMonitorService; C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [87368 2014-08-04] (Nero AG)
    S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)
    S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [284912 2014-01-08] ()
    R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [166912 2013-10-17] () [File not signed]
    R2 SBAMSvc; C:\Program Files (x86)\Sunbelt Software\VIPRE\SBAMSvc.exe [2804280 2011-05-11] (Sunbelt Software)
    R2 SBPIMSvc; C:\Program Files (x86)\Sunbelt Software\VIPRE\SBPIMSvc.exe [181584 2011-05-11] (Sunbelt Software)
    S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
    R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3674864 2014-01-08] (Intel® Corporation)

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
    S3 HtcVCom32; C:\Windows\System32\DRIVERS\HtcVComV64.sys [121800 2010-03-08] (QUALCOMM Incorporated)
    R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
    R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-03-17] (Malwarebytes Corporation)
    S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-03-17] (Malwarebytes Corporation)
    S3 RDID1149; C:\Windows\System32\Drivers\rdwm1149.sys [234112 2013-12-18] (Roland Corporation)
    R2 sbapifs; C:\Windows\System32\DRIVERS\sbapifs.sys [72280 2011-05-11] (Sunbelt Software)
    R1 SbFw; C:\Windows\System32\drivers\SbFw.sys [253528 2011-04-05] (Sunbelt Software, Inc.)
    S3 SBFWIMCL; C:\Windows\System32\DRIVERS\sbfwim.sys [84568 2011-02-08] (Sunbelt Software, Inc.)
    R3 SBFWIMCLMP; C:\Windows\System32\DRIVERS\SBFWIM.sys [84568 2011-02-08] (Sunbelt Software, Inc.)
    S3 sbhips; C:\Windows\System32\drivers\sbhips.sys [60504 2011-04-05] (Sunbelt Software, Inc.)
    R1 SBRE; C:\Windows\system32\drivers\SBREdrv.sys [55384 2011-04-29] (Sunbelt Software)
    R1 SBRE; C:\Windows\SysWOW64\drivers\SBREdrv.sys [101720 2011-04-29] (Sunbelt Software)
    R1 SbTis; C:\Windows\System32\drivers\sbtis.sys [94296 2011-04-05] (Sunbelt Software, Inc.)
    U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-03-30] ()
    R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13832 2010-04-17] ()
    S3 catchme; \??\C:\ComboFix\catchme.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


    ==================== One Month Created Files and Folders ========

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-03-31 06:25 - 2015-03-31 06:27 - 00021965 _____ () C:\Users\Cam Laptop\Desktop\FRST.txt
    2015-03-30 17:17 - 2015-03-30 17:17 - 00048224 _____ () C:\Users\Cam Laptop\Downloads\[kickass.to]the.walking.dead.s05e16.proper.hdtv.x264.killers.ettv.torrent
    2015-03-30 13:04 - 2015-03-30 13:05 - 00878128 _____ () C:\Windows\Minidump\033015-30810-01.dmp
    2015-03-30 12:24 - 2015-03-30 12:24 - 00021376 _____ () C:\ComboFix.txt
    2015-03-30 12:07 - 2015-03-30 12:24 - 00000000 ____D () C:\Qoobox
    2015-03-30 12:07 - 2015-03-30 12:24 - 00000000 ____D () C:\ComboFix
    2015-03-30 12:07 - 2011-06-26 17:45 - 00256000 _____ () C:\Windows\PEV.exe
    2015-03-30 12:07 - 2010-11-08 04:20 - 00208896 _____ () C:\Windows\MBR.exe
    2015-03-30 12:07 - 2009-04-20 15:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
    2015-03-30 12:07 - 2000-08-31 11:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
    2015-03-30 12:07 - 2000-08-31 11:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
    2015-03-30 12:07 - 2000-08-31 11:00 - 00098816 _____ () C:\Windows\sed.exe
    2015-03-30 12:07 - 2000-08-31 11:00 - 00080412 _____ () C:\Windows\grep.exe
    2015-03-30 12:07 - 2000-08-31 11:00 - 00068096 _____ () C:\Windows\zip.exe
    2015-03-30 12:06 - 2015-03-30 12:22 - 00000000 ____D () C:\Windows\erdnt
    2015-03-30 12:02 - 2015-03-30 12:02 - 05617067 ____R (Swearware) C:\Users\Cam Laptop\Desktop\ComboFix.exe
    2015-03-30 09:47 - 2015-03-30 10:01 - 00000000 ____D () C:\AdwCleaner
    2015-03-30 08:54 - 2015-03-30 08:54 - 01389240 _____ (Thisisu) C:\Users\Cam Laptop\Desktop\JRT.exe
    2015-03-30 08:53 - 2015-03-30 08:53 - 02208768 _____ () C:\Users\Cam Laptop\Desktop\adwcleaner_4.200.exe
    2015-03-30 08:47 - 2015-03-30 09:44 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2015-03-30 08:46 - 2015-03-30 08:46 - 00001104 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2015-03-30 08:46 - 2015-03-30 08:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    2015-03-30 08:46 - 2015-03-30 08:46 - 00000000 ____D () C:\ProgramData\Malwarebytes
    2015-03-30 08:46 - 2015-03-30 08:46 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
    2015-03-30 08:46 - 2015-03-17 06:15 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
    2015-03-30 08:46 - 2015-03-17 06:15 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
    2015-03-30 08:46 - 2015-03-17 06:15 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
    2015-03-30 08:31 - 2015-03-30 08:52 - 00000000 ____D () C:\ProgramData\RogueKiller
    2015-03-30 08:31 - 2015-03-30 08:31 - 00035064 _____ () C:\Windows\system32\Drivers\TrueSight.sys
    2015-03-30 08:29 - 2015-03-30 08:30 - 16727128 _____ () C:\Users\Cam Laptop\Desktop\RogueKiller.exe
    2015-03-28 20:13 - 2015-03-28 20:13 - 00008370 _____ () C:\Users\Cam Laptop\Downloads\[kickass.to]kidnapping.mr.heineken.2015.720p.brrip.x264.yify.torrent
    2015-03-28 20:10 - 2015-03-28 20:10 - 00008111 _____ () C:\Users\Cam Laptop\Downloads\[kickass.to]let.us.prey.2014.720p.brrip.x264.yify.torrent
    2015-03-28 20:09 - 2015-03-31 06:25 - 00000000 ____D () C:\FRST
    2015-03-28 19:36 - 2015-03-28 19:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TomTom
    2015-03-28 19:32 - 2015-03-28 19:32 - 00000000 ____D () C:\Users\Cam Laptop\Documents\TomTom
    2015-03-28 19:32 - 2015-03-28 19:32 - 00000000 ____D () C:\ProgramData\TomTom
    2015-03-28 19:31 - 2015-03-28 19:36 - 00000000 ____D () C:\Program Files (x86)\TomTom HOME 2
    2015-03-28 19:31 - 2015-03-28 19:31 - 00000000 ____D () C:\Users\Cam Laptop\AppData\Roaming\TomTom
    2015-03-28 19:31 - 2015-03-28 19:31 - 00000000 ____D () C:\Users\Cam Laptop\AppData\Local\TomTom
    2015-03-28 19:31 - 2015-03-28 19:31 - 00000000 ____D () C:\Program Files (x86)\TomTom International B.V
    2015-03-28 19:30 - 2015-03-28 19:30 - 00000000 ____D () C:\Program Files (x86)\TomTom DesktopSuite
    2015-03-27 22:40 - 2015-03-27 22:40 - 02095616 _____ (Farbar) C:\Users\Cam Laptop\Desktop\FRST64.exe
    2015-03-27 18:28 - 2015-03-27 18:28 - 00057410 _____ () C:\Users\Cam Laptop\Downloads\[kickass.to]kill.me.three.times.2014.hdrip.xvid.etrg.torrent
    2015-03-27 18:27 - 2015-03-27 18:27 - 00107546 _____ () C:\Users\Cam Laptop\Downloads\[kickass.to]robot.overlords.2014.hdrip.xvid.ac3.evo.torrent
    2015-03-27 18:26 - 2015-03-27 18:26 - 00019704 _____ () C:\Users\Cam Laptop\Downloads\[kickass.to]greys.anatomy.s11e17.hdtv.x264.killers.ettv.torrent
    2015-03-27 18:25 - 2015-03-27 18:25 - 00028280 _____ () C:\Users\Cam Laptop\Downloads\[kickass.to]vikings.s03e06.hdtv.x264.killers.ettv.torrent
    2015-03-24 22:56 - 2015-03-24 22:56 - 00340816 _____ () C:\Users\Cam Laptop\Downloads\394365_intl_x64_zip.exe
    2015-03-24 21:08 - 2015-03-24 21:10 - 00874664 _____ () C:\Windows\Minidump\032415-91432-01.dmp
    2015-03-24 14:39 - 2015-03-24 14:39 - 00020217 _____ () C:\Users\Cam Laptop\Downloads\[kickass.to]better.call.saul.s01e08.hdtv.x264.lol.ettv.torrent
    2015-03-24 10:06 - 2015-03-24 10:06 - 00012464 _____ () C:\Users\Cam Laptop\Downloads\[kickass.to]moone.boy.s03e04.hdtv.x264.failed.ettv.torrent
    2015-03-23 22:06 - 2015-03-23 22:06 - 00000000 ____H () C:\ProgramData\DP45977C.lfl
    2015-03-23 22:03 - 2014-05-14 18:37 - 03962840 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHD64.sys
    2015-03-23 22:03 - 2014-05-14 16:00 - 01099203 _____ () C:\Windows\system32\Drivers\RTAIODAT.DAT
    2015-03-23 22:03 - 2014-05-12 20:11 - 60636160 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoRes64.dat
    2015-03-23 22:03 - 2014-05-09 11:17 - 00628952 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtDataProc64.dll
    2015-03-23 22:03 - 2014-05-02 11:19 - 00033592 _____ () C:\Windows\system32\audioLibVc.dll
    2015-03-23 22:03 - 2014-04-30 11:34 - 00948952 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoInstII64.dll
    2015-03-23 22:03 - 2014-04-28 15:48 - 02800344 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RltkAPO64.dll
    2015-03-23 22:03 - 2014-04-25 13:51 - 02834648 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtPgEx64.dll
    2015-03-23 22:03 - 2014-04-25 13:23 - 01022168 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkApi64.dll
    2015-03-23 22:03 - 2014-04-23 17:51 - 02117424 _____ () C:\Windows\system32\SStudio.dll
    2015-03-23 22:03 - 2014-04-17 17:42 - 01317976 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO6064.dll
    2015-03-23 22:03 - 2014-04-17 17:42 - 01168472 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO5064.dll
    2015-03-23 22:03 - 2014-04-17 17:42 - 01136728 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO4064.dll
    2015-03-23 22:03 - 2014-04-10 12:20 - 12894808 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxVoiceAPO3064.dll
    2015-03-23 22:03 - 2014-04-10 12:20 - 01934424 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioRealtek264.dll
    2015-03-23 22:03 - 2014-04-10 12:19 - 28343384 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioVnA64.dll
    2015-03-23 22:03 - 2014-04-10 12:19 - 14863448 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioRealtek64.dll
    2015-03-23 22:03 - 2014-04-10 12:19 - 03959384 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioVnN64.dll
    2015-03-23 22:03 - 2014-04-10 12:19 - 02101848 _____ (Waves Audio Ltd.) C:\Windows\system32\WavesGUILib64.dll
    2015-03-23 22:03 - 2014-04-10 12:19 - 02041432 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioEQ64.dll
    2015-03-23 22:03 - 2014-04-10 12:19 - 01063512 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPOShell64.dll
    2015-03-23 22:03 - 2014-04-10 12:19 - 00900696 _____ (Waves Audio Ltd.) C:\Windows\SysWOW64\MaxxAudioAPOShell.dll
    2015-03-23 22:03 - 2014-04-09 16:39 - 00942384 _____ (Nahimic Inc) C:\Windows\system32\NAHIMICAPOSettingsIPC.dll
    2015-03-23 22:03 - 2014-04-09 16:38 - 05751048 _____ (Nahimic Inc) C:\Windows\system32\NAHIMICAPOlfx.dll
    2015-03-23 22:03 - 2014-04-07 16:03 - 06218072 _____ (Dolby Laboratories) C:\Windows\system32\DDPP64A.dll
    2015-03-23 22:03 - 2014-04-07 16:03 - 01939800 _____ (Dolby Laboratories) C:\Windows\system32\DDPD64A.dll
    2015-03-23 22:03 - 2014-04-07 16:03 - 00315736 _____ (Dolby Laboratories) C:\Windows\system32\DDPO64A.dll
    2015-03-23 22:03 - 2014-04-07 16:03 - 00261464 _____ (Dolby Laboratories) C:\Windows\system32\DDPA64.dll
    2015-03-23 22:03 - 2014-03-21 14:17 - 00291488 _____ (ICEpower a/s) C:\Windows\system32\ICEsoundAPO64.dll
    2015-03-23 22:03 - 2014-03-19 19:19 - 00956504 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxVoiceAPO2064.dll
    2015-03-23 22:03 - 2014-03-06 16:35 - 01959128 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTSnMg64.cpl
    2015-03-23 22:03 - 2014-03-05 05:11 - 01048824 _____ (SRS Labs, Inc.) C:\Windows\system32\slcnt64.dll
    2015-03-23 22:03 - 2014-03-05 05:11 - 00889592 _____ (DTS, Inc.) C:\Windows\system32\sl3apo64.dll
    2015-03-23 22:03 - 2014-03-05 05:11 - 00724728 _____ (DTS, Inc.) C:\Windows\system32\sltech64.dll
    2015-03-23 22:03 - 2014-03-05 05:11 - 00246008 _____ (TODO: <Company name>) C:\Windows\system32\slprp64.dll
    2015-03-23 22:03 - 2014-02-27 20:02 - 02162992 _____ (Yamaha Corporation) C:\Windows\system32\YamahaAE.dll
    2015-03-23 22:03 - 2014-02-18 17:04 - 02770976 _____ (Fortemedia Corporation) C:\Windows\system32\FMAPO64.dll
    2015-03-23 22:03 - 2014-02-06 11:28 - 05804772 _____ () C:\Windows\system32\Drivers\rtvienna.dat
    2015-03-23 22:03 - 2014-01-31 17:27 - 01313904 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxSpeechAPO64.dll
    2015-03-23 22:03 - 2014-01-28 11:48 - 01286872 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTCOM64.dll
    2015-03-23 22:03 - 2013-10-16 03:43 - 00209096 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAC64.dll
    2015-03-23 22:03 - 2013-10-11 12:47 - 00113576 _____ (Real Sound Lab SIA) C:\Windows\system32\CONEQMSAPOGUILibrary.dll
    2015-03-23 22:03 - 2013-10-11 11:31 - 00947760 _____ (Sony Corporation) C:\Windows\system32\SFSS_APO.dll
    2015-03-23 22:03 - 2013-10-07 00:26 - 00501184 _____ (DTS) C:\Windows\system32\DTSU2PLFX64.dll
    2015-03-23 22:03 - 2013-10-07 00:26 - 00487360 _____ (DTS) C:\Windows\system32\DTSU2PGFX64.dll
    2015-03-23 22:03 - 2013-10-07 00:26 - 00415680 _____ (DTS) C:\Windows\system32\DTSU2PREC64.dll
    2015-03-23 22:03 - 2013-08-14 15:36 - 00662784 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxVolumeSDAPO.dll
    2015-03-23 22:03 - 2013-08-14 15:35 - 00663296 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO30.dll
    2015-03-23 22:03 - 2013-06-25 12:47 - 00871856 _____ (TOSHIBA Corporation) C:\Windows\system32\tossaeapo64.dll
    2015-03-23 22:03 - 2013-06-25 12:47 - 00162224 _____ (TOSHIBA Corporation) C:\Windows\system32\toseaeapo64.dll
    2015-03-23 22:03 - 2013-06-25 12:46 - 00582056 _____ (TOSHIBA Corporation) C:\Windows\system32\tosasfapo64.dll
    2015-03-23 22:03 - 2013-06-21 11:01 - 00109848 _____ () C:\Windows\system32\AcpiServiceVnA64.dll
    2015-03-23 22:03 - 2013-04-03 14:13 - 00906800 _____ (Sony Corporation) C:\Windows\system32\MISS_APO.dll
    2015-03-23 22:03 - 2012-08-31 19:18 - 07164176 _____ (Dolby Laboratories) C:\Windows\system32\R4EEP64A.dll
    2015-03-23 22:03 - 2012-08-31 19:17 - 00434960 _____ (Dolby Laboratories) C:\Windows\system32\R4EED64A.dll
    2015-03-23 22:03 - 2012-08-31 19:17 - 00141584 _____ (Dolby Laboratories) C:\Windows\system32\R4EEL64A.dll
    2015-03-23 22:03 - 2012-08-31 19:17 - 00124176 _____ (Dolby Laboratories) C:\Windows\system32\R4EEA64A.dll
    2015-03-23 22:03 - 2012-08-31 19:17 - 00075024 _____ (Dolby Laboratories) C:\Windows\system32\R4EEG64A.dll
    2015-03-23 22:03 - 2012-03-08 11:47 - 00108640 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAR64.dll
    2015-03-23 22:03 - 2012-01-30 11:43 - 00836544 _____ (TOSHIBA Corporation) C:\Windows\system32\tadefxapo264.dll
    2015-03-23 22:03 - 2012-01-10 10:20 - 00065944 _____ (TOSHIBA CORPORATION.) C:\Windows\system32\tepeqapo64.dll
    2015-03-23 22:03 - 2011-12-20 15:32 - 00331880 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtlCPAPI64.dll
    2015-03-23 22:03 - 2011-11-22 16:28 - 00014952 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCoLDR64.dll
    2015-03-23 22:03 - 2011-09-02 14:21 - 00221024 _____ (Synopsys, Inc.) C:\Windows\system32\SFNHK64.dll
    2015-03-23 22:03 - 2011-09-02 14:21 - 00081248 _____ (Synopsys, Inc.) C:\Windows\system32\SFCOM64.dll
    2015-03-23 22:03 - 2011-09-02 14:21 - 00078688 _____ (Synopsys, Inc.) C:\Windows\system32\SFAPO64.dll
    2015-03-23 22:03 - 2011-08-23 17:00 - 00603984 _____ (Knowles Acoustics ) C:\Windows\system32\KAAPORT64.dll
    2015-03-23 22:03 - 2011-05-31 09:42 - 01756264 _____ (DTS) C:\Windows\system32\DTSS2SpeakerDLL64.dll
    2015-03-23 22:03 - 2011-05-31 09:42 - 01568360 _____ (DTS) C:\Windows\system32\DTSS2HeadphoneDLL64.dll
    2015-03-23 22:03 - 2011-05-31 09:42 - 01486952 _____ (DTS) C:\Windows\system32\DTSBoostDLL64.dll
    2015-03-23 22:03 - 2011-05-31 09:42 - 00728680 _____ (DTS) C:\Windows\system32\DTSBassEnhancementDLL64.dll
    2015-03-23 22:03 - 2011-05-31 09:42 - 00712296 _____ (DTS) C:\Windows\system32\DTSSymmetryDLL64.dll
    2015-03-23 22:03 - 2011-05-31 09:42 - 00693352 _____ (DTS) C:\Windows\system32\DTSVoiceClarityDLL64.dll
    2015-03-23 22:03 - 2011-05-31 09:42 - 00491112 _____ (DTS) C:\Windows\system32\DTSNeoPCDLL64.dll
    2015-03-23 22:03 - 2011-05-31 09:42 - 00432744 _____ (DTS) C:\Windows\system32\DTSLimiterDLL64.dll
    2015-03-23 22:03 - 2011-05-31 09:42 - 00428648 _____ (DTS) C:\Windows\system32\DTSGainCompensatorDLL64.dll
    2015-03-23 22:03 - 2011-05-31 09:42 - 00242792 _____ (DTS) C:\Windows\system32\DTSLFXAPO64.dll
    2015-03-23 22:03 - 2011-05-31 09:42 - 00242792 _____ (DTS) C:\Windows\system32\DTSGFXAPO64.dll
    2015-03-23 22:03 - 2011-05-31 09:42 - 00241768 _____ (DTS) C:\Windows\system32\DTSGFXAPONS64.dll
    2015-03-23 22:03 - 2011-03-17 12:17 - 01361336 _____ (TOSHIBA Corporation) C:\Windows\system32\tosade.dll
    2015-03-23 22:03 - 2011-03-07 17:11 - 00148416 _____ (TOSHIBA Corporation) C:\Windows\system32\tadefxapo.dll
    2015-03-23 20:11 - 2015-03-23 20:22 - 00000000 ____D () C:\Users\Cam Laptop\Documents\MiniDisc clips
    2015-03-23 16:55 - 2015-03-23 17:02 - 00073592 _____ () C:\Users\Cam Laptop\Desktop\04 - Be Good Johnny.mp3.sfk
    2015-03-23 16:49 - 2015-03-23 16:49 - 00093464 _____ () C:\Users\Cam Laptop\Desktop\03 - It's a Mistake.mp3.sfk
    2015-03-23 15:42 - 2015-03-23 15:42 - 00034171 _____ () C:\Users\Cam Laptop\Downloads\[kickass.to]the.walking.dead.s05e15.proper.hdtv.x264.batv.ettv.torrent
    2015-03-23 15:41 - 2015-03-23 15:41 - 00115623 _____ () C:\Users\Cam Laptop\Downloads\[kickass.to]seventh.son.2015.cropped.hdrip.xvid.j****.etrg.torrent
    2015-03-22 15:50 - 2015-03-30 17:27 - 00004994 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for CamLaptop-PC-Cam Laptop CamLaptop-PC
    2015-03-22 13:43 - 2015-03-22 13:43 - 00000000 ____D () C:\Users\Cam Laptop\AppData\Roaming\Publish Providers
    2015-03-22 13:27 - 2015-03-22 13:37 - 00000000 ____D () C:\Users\Cam Laptop\AppData\Local\Sony
    2015-03-22 13:27 - 2015-03-22 13:27 - 00000000 ____D () C:\ProgramData\Sony
    2015-03-22 13:27 - 2015-03-22 13:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony
    2015-03-22 13:27 - 2015-03-22 13:27 - 00000000 ____D () C:\Program Files (x86)\Sony
    2015-03-22 13:26 - 2015-03-22 13:43 - 00000000 ____D () C:\Users\Cam Laptop\AppData\Roaming\Sony
    2015-03-22 13:16 - 2015-03-22 13:16 - 00015594 _____ () C:\Users\Cam Laptop\Downloads\[kickass.to]sony.sound.forge.pro.11.0.build.234.patch.keygen.di.chingliu.torrent
    2015-03-21 16:04 - 2015-03-21 16:04 - 00008304 _____ () C:\Users\Cam Laptop\Downloads\[kickass.to]paddington.2014.720p.brrip.x264.yify.torrent
    2015-03-21 16:03 - 2015-03-31 06:24 - 00003758 _____ () C:\Windows\System32\Tasks\AutoKMS
    2015-03-20 17:45 - 2015-03-20 17:45 - 00028781 _____ () C:\Users\Cam Laptop\Downloads\[kickass.to]greys.anatomy.s11e16.hdtv.xvid.fum.ettv.torrent
    2015-03-20 17:40 - 2015-03-20 17:40 - 00016546 _____ () C:\Users\Cam Laptop\Downloads\[kickass.to]the.vampire.diaries.s06e17.hdtv.x264.lol.ettv.torrent
    2015-03-20 17:39 - 2015-03-20 17:39 - 00029160 _____ () C:\Users\Cam Laptop\Downloads\[kickass.to]vikings.s03e05.hdtv.x264.killers.ettv.torrent
    2015-03-20 12:30 - 2015-03-20 12:30 - 00002037 _____ () C:\Users\Cam Laptop\Downloads\[kickass.to]james.e.l.fifty.shades.trilogy.bundle.fifty.shades.of.grey.fifty.shades.darker.fifty.shades.freed.epub.torrent
    2015-03-20 12:29 - 2015-03-20 12:29 - 00002156 _____ () C:\Users\Cam Laptop\Downloads\[kickass.to]fifty.shades.trilogy.02.darker.fifty.e.l.james.mobi.torrent
    2015-03-19 19:42 - 2015-03-19 19:42 - 00121993 _____ () C:\Users\Cam Laptop\Downloads\[kickass.to]the.water.diviner.2014.brrip.xvid.ac3.evo.torrent
    2015-03-17 19:04 - 2015-03-17 19:04 - 00017795 _____ () C:\Users\Cam Laptop\Downloads\[kickass.to]better.call.saul.s01e07.hdtv.x264.lol.ettv.torrent
    2015-03-17 10:58 - 2015-03-17 10:58 - 00012656 _____ () C:\Users\Cam Laptop\Downloads\MONOVA.ORG Johnny_Diesel_&_The_Injectors.torrent
    2015-03-17 10:55 - 2015-03-17 10:55 - 00012521 _____ () C:\Users\Cam Laptop\Downloads\Johnny_Diesel_&amp;_The_Injectors.torrent
    2015-03-17 10:54 - 2015-03-17 10:54 - 00012654 _____ () C:\Users\Cam Laptop\Downloads\[kickass.to]johnny.diesel.the.injectors.torrent
    2015-03-17 09:56 - 2015-03-17 09:56 - 00013548 _____ () C:\Users\Cam Laptop\Downloads\406377AFA17CE3F58C00FF1703204DCA5B569A65.torrent
    2015-03-17 09:54 - 2015-03-17 09:54 - 00020104 _____ () C:\Users\Cam Laptop\Downloads\Hunters_and_Collectors_-_Natural_Selection_2003_EAC_FLAC (1).torrent
    2015-03-17 09:53 - 2015-03-17 09:53 - 00020021 _____ () C:\Users\Cam Laptop\Downloads\Hunters.and.Collectors.-.Natural.Selection.2003.EAC.FLAC.torrent
    2015-03-17 09:52 - 2015-03-17 09:52 - 00020104 _____ () C:\Users\Cam Laptop\Downloads\Hunters_and_Collectors_-_Natural_Selection_2003_EAC_FLAC.torrent
    2015-03-17 09:51 - 2015-03-17 09:51 - 00020021 _____ () C:\Users\Cam Laptop\Downloads\Hunters+and+Collectors+-+Natural+Selection+2003+EAC+FLAC.torrent
    2015-03-17 09:31 - 2015-03-17 09:31 - 00020104 _____ () C:\Users\Cam Laptop\Downloads\[katproxy.com]hunters.and.collectors.natural.selection.2003.eac.flac.torrent
    2015-03-17 09:31 - 2015-03-17 09:31 - 00013521 _____ () C:\Users\Cam Laptop\Downloads\[katproxy.com]hunters.and.collectors.greatest.hits.live.2011.torrent
    2015-03-16 19:45 - 2015-03-16 19:45 - 00019256 _____ () C:\Users\Cam Laptop\Downloads\[kickass.to]the.wolf.of.wall.street.2013.480p.brrip.x264.stylishsalh.stylish.release.torrent
    2015-03-16 15:51 - 2015-03-16 15:51 - 00028254 _____ () C:\Users\Cam Laptop\Downloads\download.htm
    2015-03-16 14:19 - 2015-03-16 14:19 - 00177547 _____ () C:\Users\Cam Laptop\Downloads\[kickass.to]of.horses.and.men.2013.bdrip.720p.hc.eng.sub.aac.mp4.legi0n.torrent
    2015-03-16 13:36 - 2015-03-16 13:36 - 00033146 _____ () C:\Users\Cam Laptop\Downloads\[kickass.to]the.walking.dead.s05e14.hdtv.x264.killers.ettv.torrent
    2015-03-15 18:58 - 2015-03-15 18:58 - 00115079 _____ () C:\Users\Cam Laptop\Downloads\[kickass.to]focus.2015.hc.hdrip.xvid.ac3.j****.etrg.torrent
    2015-03-15 18:50 - 2015-03-15 18:50 - 00006261 _____ () C:\Users\Cam Laptop\Downloads\[kickass.to]e.l.james.01.fifty.shades.of.grey.pdf.mobi.epub.torrent
    2015-03-15 11:09 - 2015-03-15 11:09 - 00011262 _____ () C:\Users\Cam Laptop\Downloads\[kickass.to]monsters.dark.continent.2014.web.dl.x264.rarbg.torrent
    2015-03-15 11:08 - 2015-03-15 11:08 - 00042029 _____ () C:\Users\Cam Laptop\Downloads\[kickass.to]monsters.dark.continent.2014.1080p.web.dl.dd5.1.h264.fgt.torrent
    2015-03-15 11:06 - 2015-03-15 11:06 - 00012290 _____ () C:\Users\Cam Laptop\Downloads\[kickass.to]monsters.2010.720p.brrip.xvid.ac3.akademik.torrent
    2015-03-14 16:41 - 2015-03-14 16:41 - 00057864 _____ () C:\Users\Cam Laptop\Downloads\[kickass.to]cymbeline.2014.hdrip.xvid.j****.etrg.torrent
    2015-03-13 18:41 - 2015-03-13 18:41 - 00025381 _____ () C:\Users\Cam Laptop\Downloads\[kickass.to]vikings.s03e04.hdtv.x264.killers.ettv.torrent
    2015-03-13 18:41 - 2015-03-13 18:41 - 00020687 _____ () C:\Users\Cam Laptop\Downloads\[kickass.to]greys.anatomy.s11e15.hdtv.x264.lol.ettv.torrent
    2015-03-13 18:41 - 2015-03-13 18:41 - 00019586 _____ () C:\Users\Cam Laptop\Downloads\[kickass.to]the.vampire.diaries.s06e16.hdtv.x264.lol.ettv.torrent
    2015-03-13 18:40 - 2015-03-13 18:40 - 00111749 _____ () C:\Users\Cam Laptop\Downloads\[kickass.to]monster.high.haunted.2015.hdrip.xvid.ac3.evo.torrent
    2015-03-12 17:36 - 2015-03-12 17:36 - 00008900 _____ () C:\Users\Cam Laptop\Downloads\[kickass.to]top.five.2014.720p.brrip.x264.yify.torrent
    2015-03-12 17:35 - 2015-03-12 17:35 - 00122202 _____ () C:\Users\Cam Laptop\Downloads\[kickass.to]fifty.shades.of.grey.2015.uncut.hc.hdrip.x264.ac3.titan.torrent
    2015-03-11 17:16 - 2015-03-11 17:16 - 00013961 _____ () C:\Users\Cam Laptop\Downloads\[kickass.to]moone.boy.s03e01.hdtv.x264.failed.ettv.torrent
    2015-03-11 17:15 - 2015-03-11 17:15 - 00006255 _____ () C:\Users\Cam Laptop\Downloads\563C4679A75AD2A963644B3A153F81D61FA92CBD.torrent
    2015-03-10 19:45 - 2015-03-10 19:45 - 00010728 _____ () C:\Users\Cam Laptop\Downloads\[kickass.to]exodus.gods.and.kings.2014.720p.brrip.x264.yify.torrent
    2015-03-10 19:43 - 2015-03-10 19:43 - 00016178 _____ () C:\Users\Cam Laptop\Downloads\[kickass.to]better.call.saul.s01e06.hdtv.x264.lol.ettv.torrent
    2015-03-09 18:43 - 2015-03-09 18:43 - 00007780 _____ () C:\Users\Cam Laptop\Downloads\[kickass.to]barefoot.2014.720p.brrip.x264.yify.torrent
    2015-03-09 18:41 - 2015-03-09 18:41 - 00036187 _____ () C:\Users\Cam Laptop\Downloads\[kickass.to]the.walking.dead.s05e13.hdtv.x264.killers.ettv.torrent
    2015-03-08 19:36 - 2015-03-08 19:36 - 00020518 _____ () C:\Users\Cam Laptop\Downloads\Steel.Magnolias.1989.1080p.BluRay.x264.anoXmous.torrent
    2015-03-08 19:36 - 2015-03-08 19:36 - 00020518 _____ () C:\Users\Cam Laptop\Downloads\Steel.Magnolias.1989.1080p.BluRay.x264.anoXmous (1).torrent
    2015-03-08 19:28 - 2015-03-08 19:29 - 00874064 _____ () C:\Windows\Minidump\030815-27752-01.dmp
    2015-03-07 19:35 - 2015-03-07 19:36 - 00057435 _____ () C:\Users\Cam Laptop\Downloads\[kickass.to]steel.magnolias.2012.dvdrip.xvid.vh.prod.torrent
    2015-03-07 19:35 - 2015-03-07 19:35 - 00095405 _____ () C:\Users\Cam Laptop\Downloads\[kickass.to]steel.magnolias.2012.dvdrip.ac3.xvid.cm8.torrent
    2015-03-07 19:35 - 2015-03-07 19:35 - 00011347 _____ () C:\Users\Cam Laptop\Downloads\[kickass.to]beaches.1988.720p.brrip.1gb.mkvcage.torrent
    2015-03-06 20:00 - 2015-03-06 20:00 - 00027800 _____ () C:\Users\Cam Laptop\Downloads\[kickass.to]vikings.s03e02.hdtv.x264.killers.ettv.torrent
    2015-03-06 16:53 - 2015-03-06 16:53 - 00008813 _____ () C:\Users\Cam Laptop\Downloads\[kickass.to]greys.anatomy.s11e14.hdtv.x264.lol.eztv.torrent
    2015-03-06 16:52 - 2015-03-06 16:52 - 00027483 _____ () C:\Users\Cam Laptop\Downloads\[kickass.to]vikings.s03e03.hdtv.x264.2hd.ettv.torrent
    2015-03-06 09:20 - 2015-03-06 09:20 - 00008329 _____ () C:\Users\Cam Laptop\Downloads\[kickass.to]71.2014.720p.brrip.x264.yify.torrent
    2015-03-05 18:15 - 2015-03-05 18:15 - 00058103 _____ () C:\Users\Cam Laptop\Downloads\[kickass.to]the.pyramid.2014.hdrip.xvid.j****.etrg.torrent
    2015-03-05 12:54 - 2015-03-05 12:54 - 00020525 _____ () C:\Users\Cam Laptop\Downloads\[kickass.to]bear.grylls.escape.from.hell.series.1.4of6.canyons.720p.x264.hdtv.mvgroup.org.torrent
    2015-03-05 12:54 - 2015-03-05 12:54 - 00020157 _____ () C:\Users\Cam Laptop\Downloads\[kickass.to]bear.grylls.escape.from.hell.series.1.5of6.mountains.720p.x264.hdtv.mvgroup.org.torrent
    2015-03-05 12:53 - 2015-03-05 12:53 - 00020309 _____ () C:\Users\Cam Laptop\Downloads\[kickass.to]bear.grylls.escape.from.hell.series.1.3of6.desert.720p.x264.hdtv.mvgroup.org.torrent
    2015-03-05 12:13 - 2015-03-05 12:13 - 00020467 _____ () C:\Users\Cam Laptop\Downloads\[kickass.to]bear.grylls.escape.from.hell.series.1.2of6.snow.720p.x264.hdtv.mvgroup.org.torrent
    2015-03-05 07:54 - 2015-03-05 07:54 - 00053566 _____ () C:\Users\Cam Laptop\Downloads\[kickass.to]exodus.gods.and.kings.2014.1080p.web.dl.dd5.1.h264.rarbg.torrent
    2015-03-03 17:58 - 2015-03-03 17:58 - 00010196 _____ () C:\Users\Cam Laptop\Downloads\0ACC69C38CCF186E55CDE118BE422F3BF7C0290C.torrent
    2015-03-03 17:55 - 2015-03-03 17:55 - 00017857 _____ () C:\Users\Cam Laptop\Downloads\[kickass.to]better.call.saul.s01e05.hdtv.x264.lol.ettv.torrent
    2015-03-03 17:55 - 2015-03-03 17:55 - 00017857 _____ () C:\Users\Cam Laptop\Downloads\[kickass.to]better.call.saul.s01e05.hdtv.x264.lol.ettv (1).torrent
    2015-03-02 17:55 - 2015-03-02 17:55 - 00037333 _____ () C:\Users\Cam Laptop\Downloads\[kickass.to]the.walking.dead.s05e12.hdtv.x264.killers.ettv.torrent

    ==================== One Month Modified Files and Folders =======

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-03-31 06:25 - 2009-07-14 16:13 - 00796678 _____ () C:\Windows\system32\PerfStringBackup.INI
    2015-03-31 06:24 - 2014-07-11 16:58 - 01728050 _____ () C:\Windows\WindowsUpdate.log
    2015-03-31 06:23 - 2009-07-14 14:20 - 00000000 ____D () C:\Windows\system32\NDF
    2015-03-31 06:20 - 2014-08-21 12:04 - 00000000 ____D () C:\Users\Cam Laptop\AppData\Local\HTC MediaHub
    2015-03-31 06:20 - 2014-08-13 18:36 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2015-03-31 06:19 - 2009-07-14 16:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
    2015-03-31 06:18 - 2009-07-14 15:51 - 00110735 _____ () C:\Windows\setupact.log
    2015-03-30 19:12 - 2009-07-14 15:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2015-03-30 19:12 - 2009-07-14 15:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2015-03-30 18:53 - 2009-07-14 15:45 - 00371576 _____ () C:\Windows\system32\FNTCACHE.DAT
    2015-03-30 18:18 - 2014-09-05 18:43 - 00000000 ____D () C:\Users\Cam Laptop\AppData\Roaming\uTorrent
    2015-03-30 17:47 - 2014-08-13 18:36 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2015-03-30 17:41 - 2014-08-29 15:46 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
    2015-03-30 17:17 - 2014-08-13 19:45 - 00000000 ____D () C:\Users\Cam Laptop\Documents\BitLord
    2015-03-30 13:04 - 2014-08-25 21:59 - 774855153 _____ () C:\Windows\MEMORY.DMP
    2015-03-30 13:04 - 2014-08-25 21:59 - 00000000 ____D () C:\Windows\Minidump
    2015-03-30 13:04 - 2011-04-02 15:17 - 00456224 _____ () C:\Windows\PFRO.log
    2015-03-30 12:24 - 2009-07-14 14:20 - 00000000 __RHD () C:\Users\Default
    2015-03-30 12:21 - 2009-07-14 13:34 - 00000215 _____ () C:\Windows\system.ini
    2015-03-30 09:41 - 2014-07-11 17:20 - 00001632 _____ () C:\Windows\system32\ServiceFilter.ini
    2015-03-30 09:39 - 2011-04-02 15:45 - 00000000 ____D () C:\Windows\en
    2015-03-30 08:25 - 2014-07-11 17:20 - 00002538 _____ () C:\Windows\system32\AutoRunFilter.ini
    2015-03-28 19:33 - 2014-08-21 12:01 - 00000000 ____D () C:\Users\Cam Laptop\AppData\Local\Downloaded Installations
    2015-03-28 19:31 - 2014-08-13 19:53 - 00000000 ____D () C:\Users\Cam Laptop\AppData\Roaming\Mozilla
    2015-03-24 22:57 - 2014-08-13 17:43 - 00000000 ____D () C:\Users\Cam Laptop\AppData\Local\VirtualStore
    2015-03-24 08:21 - 2014-08-13 18:37 - 00002185 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
    2015-03-24 08:11 - 2015-02-23 16:35 - 00000000 ____D () C:\Program Files (x86)\ASIO4ALL v2
    2015-03-23 22:06 - 2014-07-11 17:08 - 00000000 ___HD () C:\Program Files (x86)\Temp
    2015-03-23 22:05 - 2014-07-11 17:08 - 00000000 ____D () C:\Windows\SysWOW64\RTCOM
    2015-03-22 13:20 - 2014-08-13 18:34 - 00000000 ____D () C:\Users\Cam Laptop\AppData\Roaming\Adobe
    2015-03-21 21:53 - 2014-08-13 21:17 - 00000000 ____D () C:\Users\Cam Laptop\AppData\Roaming\vlc
    2015-03-08 11:24 - 2014-08-13 19:45 - 00000000 ____D () C:\Users\Cam Laptop\AppData\Roaming\BitLord

    ==================== Files in the root of some directories =======

    2015-02-21 16:20 - 2015-02-21 16:20 - 0002349 _____ () C:\Program Files (x86)\unins000.dat
    2002-12-17 03:00 - 2002-12-17 03:00 - 0082253 _____ (Jordan Russell) C:\Program Files (x86)\unins000.exe
    2014-08-13 19:45 - 2015-03-08 11:24 - 0000000 _____ () C:\Users\Cam Laptop\AppData\Roaming\bitlord_log.txt
    2014-08-13 20:32 - 2014-08-13 20:32 - 0004608 _____ () C:\Users\Cam Laptop\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2014-09-04 21:59 - 2014-09-04 21:59 - 0000218 _____ () C:\Users\Cam Laptop\AppData\Local\recently-used.xbel
    2015-01-10 22:53 - 2015-01-10 22:53 - 0000000 _____ () C:\Users\Cam Laptop\AppData\Local\{F3F17653-322B-4B59-8ADC-327A0EFC1C5A}
    2015-03-23 22:06 - 2015-03-23 22:06 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
    2014-07-11 17:25 - 2014-07-11 17:26 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
    2014-07-11 17:25 - 2014-07-11 17:25 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log

    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\System32\winlogon.exe => File is digitally signed
    C:\Windows\System32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\System32\services.exe => File is digitally signed
    C:\Windows\System32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\System32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed
    C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2015-03-25 12:49

    ==================== End Of Log ============================
     
  16. stratagem72

    stratagem72 TS Rookie Topic Starter Posts: 26

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015
    Ran by Cam Laptop at 2015-03-31 06:30:02
    Running from C:\Users\Cam Laptop\Desktop
    Boot Mode: Normal
    ==========================================================


    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Sunbelt VIPRE (Enabled - Out of date) {BE5DD172-7F42-7948-1A60-E6A720288F81}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Sunbelt VIPRE (Enabled - Out of date) {053C3096-5978-76C6-20D0-DDD55BAFC53C}
    FW: Sunbelt VIPRE (Enabled) {86665057-352D-7810-313F-4F92DEFBC8FA}

    ==================== Installed Programs ======================

    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    µTorrent (HKU\S-1-5-21-1043452877-789864633-615203981-1000\...\uTorrent) (Version: 3.4.2.38758 - BitTorrent Inc.)
    µTorrent (HKU\S-1-5-21-1043452877-789864633-615203981-1001\...\uTorrent) (Version: 3.4.2.39710 - BitTorrent Inc.)
    Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 16.0.0.245 - Adobe Systems Incorporated)
    Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
    Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
    Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
    ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.12 - Michael Tippach)
    Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.12.5.0 - Asmedia Technology)
    ASUS AI Recovery (HKLM-x32\...\{38253529-D97D-4901-AE53-5CC9736D3A2E}) (Version: 1.0.13 - ASUS)
    ASUS FancyStart (HKLM-x32\...\{2B81872B-A054-48DA-BE3B-FA5C164C303A}) (Version: 1.0.8 - ASUSTeK Computer Inc.)
    ASUS K3 Series ScreenSaver (HKLM-x32\...\ASUS K3 Series ScreenSaver) (Version: 1.0.0002 - ASUS)
    ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.0.20 - ASUS)
    ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.0.6 - ASUS)
    ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 1.1.43 - ASUS)
    ASUS SmartLogon (HKLM-x32\...\{64452561-169F-4A36-A2FF-B5E118EC65F5}) (Version: 1.0.0011 - ASUS)
    ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 1.02.0030 - ASUS)
    ASUS Virtual Camera (HKLM-x32\...\{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}) (Version: 1.0.21 - asus)
    ASUS WebStorage (HKLM-x32\...\ASUS WebStorage) (Version: 3.0.84.161 - eCareme Technologies, Inc.)
    AsusVibe2.0 (HKLM-x32\...\Asus Vibe2.0) (Version: 2.0.4.617 - ASUSTEK)
    ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0010 - ASUS)
    BitLord 2.3 (HKLM-x32\...\BitLord) (Version: 2.3.2-255 - House of Life)
    BOSS TONE STUDIO for GT (HKLM-x32\...\BOSS-TONE-STUDIO-for-GT) (Version: 1.0.3 - Roland Corporation)
    BOSS TONE STUDIO for GT (x32 Version: 1.0.3 - Roland Corporation) Hidden
    Control ActiveX de Windows Live Mesh para conexiones remotas (HKLM-x32\...\{04668DF2-D32F-4555-9C7E-35523DCD6544}) (Version: 15.4.5722.2 - Microsoft Corporation)
    Contrôle ActiveX Windows Live Mesh pour connexions à distance (HKLM-x32\...\{55D003F4-9599-44BF-BA9E-95D060730DD3}) (Version: 15.4.5722.2 - Microsoft Corporation)
    Controlo ActiveX do Windows Live Mesh para Ligações Remotas (HKLM-x32\...\{E54EEB5D-41ED-40FE-B4A8-8565DB81469B}) (Version: 15.4.5722.2 - Microsoft Corporation)
    CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1908 - CyberLink Corp.)
    CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.3602c - CyberLink Corp.)
    CyberLink PowerDVD 10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.2312.52 - CyberLink Corp.)
    D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
    Epson Connect Guide (HKLM-x32\...\Epson Connect Guide) (Version: - )
    Epson Event Manager (HKLM-x32\...\{C9AC7ED6-FD1C-4E83-8553-ECF8BCA111E8}) (Version: 3.01.0007 - Seiko Epson Corporation)
    Epson FAX Utility (HKLM-x32\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 1.31.00 - SEIKO EPSON CORPORATION)
    Epson Network Guide WF-3520 Series (HKLM-x32\...\WF-3520 Series Netg) (Version: - )
    Epson PC-FAX Driver (HKLM-x32\...\EPSON PC-FAX Driver 2) (Version: - )
    EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation)
    Epson User's Guide WF-3520 Series (HKLM-x32\...\WF-3520 Series Useg) (Version: - )
    EPSON WF-3520 Series Printer Uninstall (HKLM\...\EPSON WF-3520 Series) (Version: - SEIKO EPSON Corporation)
    EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.6.0 - SEIKO EPSON CORPORATION)
    ETDWare PS/2-X64 8.0.5.3_WHQL (HKLM\...\Elantech) (Version: 8.0.5.3 - ELAN Microelectronic Corp.)
    Fast Boot (HKLM\...\{13F4A7F3-EABC-4261-AF6B-1317777F0755}) (Version: 1.0.10 - ASUS)
    Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 41.0.2272.101 - Google Inc.)
    Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
    GT-100 Librarian (HKLM-x32\...\InstallShield_{03F9C50A-C775-4793-B332-4B68374F706C}) (Version: 1.01.1010 - BOSS Corporation)
    GT-100 Librarian (x32 Version: 1.01.1010 - BOSS Corporation) Hidden
    GT-100 Ver2 Driver (HKLM\...\RolandRDID0149) (Version: - Roland Corporation)
    HTC Driver Installer (HKLM-x32\...\{4CEEE5D0-F905-4688-B9F9-ECC710507796}) (Version: 4.13.0.003 - HTC Corporation)
    HTC Sync Manager (HKLM-x32\...\{231D0C79-98A6-4693-A366-36DE7D7346EC}) (Version: 3.1.24.5 - HTC)
    Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
    Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2291 - Intel Corporation)
    Intel(R) Turbo Boost Technology Monitor (HKLM\...\{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}) (Version: 1.0.400.4 - Intel)
    Intel® PROSet/Wireless Software (HKLM-x32\...\{eddf4201-b72e-4e94-9e7b-ac1ba97c029f}) (Version: 16.11.0 - Intel Corporation)
    Internode Monthly Usage Meter 8.5.2 (HKLM-x32\...\Internode Monthly Usage Meter_is1) (Version: - )
    IPTInstaller (HKLM-x32\...\{08208143-777D-4A06-BB54-71BF0AD1BB70}) (Version: 4.0.9 - HTC)
    Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
    Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Logitech SetPoint 6.65 (HKLM\...\sp6) (Version: 6.65.62 - Logitech)
    Malwarebytes Anti-Malware version 2.1.4.1018 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.4.1018 - Malwarebytes Corporation)
    Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
    Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
    Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4420.1017 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{402ED4A1-8F5B-387A-8688-997ABF58B8F2}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
    Noise Reduction Plug-In 2.0 (HKLM-x32\...\{847C6940-D852-11E2-81D2-F04DA23A5C58}) (Version: 2.0.596 - Sony)
    NVIDIA Graphics Driver 268.56 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 268.56 - NVIDIA Corporation)
    Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
    Process Hacker 2.33 (r5590) (HKLM\...\Process_Hacker2_is1) (Version: 2.33.0.5590 - wj32)
    Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.38.113.2011 - Realtek)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7246 - Realtek Semiconductor Corp.)
    Realtek USB 2.0 Reader Driver (HKLM-x32\...\{62BBB2F0-E220-4821-A564-730807D2C34D}) (Version: 6.1.7600.10001 - Realtek Semiconductor Corp.)
    rgc:audio Triangle II (HKLM-x32\...\rgc:audio Triangle II Monophonic Synthesizer_is1) (Version: - )
    Software Updater (HKLM-x32\...\{FA7EE274-7370-43B7-9A45-A39B17CCCDC5}) (Version: 4.3.3 - SEIKO EPSON CORPORATION)
    Sonic Focus (HKLM-x32\...\{09BCB9CE-964B-4BDA-AE46-B5A0ABEF1D3F}) (Version: 1.0.0.4 - Synopsys )
    Sound Forge Pro 11.0 (HKLM-x32\...\{A376BDE2-EE3D-11E2-AA13-F04DA23A5C58}) (Version: 11.0.234 - Sony)
    Speccy (HKLM\...\Speccy) (Version: 1.25 - Piriform)
    syncables desktop SE (HKLM-x32\...\{341697D8-9923-445E-B42A-529E5A99CB7A}) (Version: 5.5.746.11492 - syncables)
    System Requirements Lab for Intel (HKLM-x32\...\{04C4B49D-45D9-4A28-9ED1-B45CBD99B8C7}) (Version: 4.5.24.0 - Husdawg, LLC)
    TeraCopy 2.3 (HKLM\...\TeraCopy_is1) (Version: - Code Sector)
    TomTom HOME (HKLM-x32\...\{BB05590A-6602-43F3-A400-77EA0976BC0A}) (Version: 2.9.8 - TomTom)
    TomTom HOME Visual Studio Merge Modules (HKLM-x32\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)
    VIPRE Antivirus Premium (HKLM-x32\...\{C1D1FC57-3EB9-4B21-BCA3-F1C927508200}) (Version: 4.0.4194 - Sunbelt Software)
    VIPRE Antivirus Premium (x32 Version: 4.0.4194 - Sunbelt Software) Hidden
    VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
    Windows 7 USB/DVD Download Tool (HKLM-x32\...\{CCF298AF-9CE1-4B26-B251-486E98A34789}) (Version: 1.0.30 - Microsoft Corporation)
    Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
    Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
    WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.31.0 - ASUS)
    WinZip 15.0 (HKLM-x32\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240BE}) (Version: 15.0.9302 - WinZip Computing, S.L. )
    Wireless Console 3 (HKLM-x32\...\{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}) (Version: 3.0.19 - ASUS)
    用于远程连接的 Windows Live Mesh ActiveX 控件(简体中文) (HKLM-x32\...\{F992409C-9D10-4AE2-BAEB-B5409AD3785E}) (Version: 15.4.5722.2 - Microsoft Corporation)
    適用遠端連線的 Windows Live Mesh ActiveX 控制項 (HKLM-x32\...\{622DE1BE-9EDE-49D3-B349-29D64760342A}) (Version: 15.4.5722.2 - Microsoft Corporation)

    ==================== Custom CLSID (selected items): ==========================

    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


    ==================== Restore Points =========================

    23-03-2015 21:35:32 Scheduled Checkpoint
    28-03-2015 19:34:19 Installed TomTom HOME.
    30-03-2015 12:07:21 ComboFix created restore point

    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2009-07-14 13:34 - 2015-03-30 12:21 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
    127.0.0.1 localhost

    ==================== Scheduled Tasks (whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

    Task: {0A493A09-8F16-4A0C-AD5C-BCB26334A4E8} - System32\Tasks\Microsoft Office 15 Sync Maintenance for CamLaptop-PC-Cam Laptop CamLaptop-PC => C:\Program Files\Microsoft Office\Office15\MsoSync.exe [2012-10-01] (Microsoft Corporation)
    Task: {60444620-6C26-4C13-BFC2-3B33B258416B} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
    Task: {633F46F6-D09F-4915-8AE7-4C60E0ADD0C9} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
    Task: {63F961EE-38D5-4569-ABC7-3DCAE4545279} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-05] (Adobe Systems Incorporated)
    Task: {659744FE-CFED-4F9C-A328-0E4B8CF849B3} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-08-13] (Google Inc.)
    Task: {79EA60F2-6168-4B57-9363-34DCAC7655C2} - System32\Tasks\ASUS SmartLogon Console Sensor => C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe [2010-11-16] (ASUS)
    Task: {81A162C4-AF04-4FA4-9FEA-729338D41B2B} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [2014-08-31] ()
    Task: {8D899A07-9A1F-46E1-BE38-925C6911E2EB} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
    Task: {A234A5E0-7DBD-4D20-BC35-751FB076E4FA} - System32\Tasks\ATKOSD2 => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [2010-08-18] (ASUS)
    Task: {D98DE736-A3B9-4DC6-A1B1-BB60A15CE812} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2012-10-01] (Microsoft Corporation)
    Task: {E7956F4C-9E78-4A4E-90CE-61859E64FAF3} - System32\Tasks\ASUS Live Update => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2011-08-31] (ASUSTeK Computer Inc.)
    Task: {EA453F75-C6CB-48B7-8857-70FD857006BA} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-08-13] (Google Inc.)
    Task: {EF03BCAE-EF92-4E75-BBCE-61377A0CE07E} - System32\Tasks\ASUS P4G => C:\Program Files\P4G\BatteryLife.exe [2010-12-02] (ASUS)
    Task: {F6EB24F2-2F5A-4DF2-8BD6-4409B3A3E788} - System32\Tasks\ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2010-08-03] (ASUS)
    Task: {FEA63454-D28B-4B0F-B33F-0C126C3822E7} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

    ==================== Loaded Modules (whitelisted) ==============

    2014-10-06 21:51 - 2012-01-20 14:55 - 00678400 _____ () C:\Program Files\TeraCopy\TeraCopyExt64.dll
    2010-07-15 10:11 - 2010-07-15 10:11 - 00031360 _____ () C:\Program Files\P4G\DevMng.dll
    2010-04-03 13:21 - 2008-10-01 17:08 - 00011264 _____ () C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll
    2014-08-06 14:42 - 2014-08-06 14:42 - 00821600 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe
    2011-07-07 17:12 - 2011-01-27 11:11 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
    2010-09-24 10:53 - 2010-09-24 10:53 - 01601536 _____ () C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
    2013-10-17 16:27 - 2013-10-17 16:27 - 00166912 _____ () C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
    2014-08-06 14:40 - 2014-08-06 14:40 - 00031080 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\DbAccess.dll
    2014-08-06 14:41 - 2014-08-06 14:41 - 00607376 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\sqlite3.dll
    2014-08-06 14:41 - 2014-08-06 14:41 - 00059752 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\NAdvLog.dll
    2014-08-06 14:41 - 2014-08-06 14:41 - 00036216 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\NFileCacheDBAccess.dll
    2014-08-06 14:42 - 2014-08-06 14:42 - 00080248 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\ninstallerhelper.dll
    2014-08-06 14:44 - 2014-08-06 14:44 - 00129376 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\zlib1.dll
    2014-08-06 14:46 - 2014-08-06 14:46 - 00223592 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\DevConnMon.dll
    2011-08-31 16:33 - 2011-08-31 16:33 - 00208384 _____ () C:\Program Files (x86)\ASUS\ASUS Live Update\alvupdt.dll
    2011-01-19 07:21 - 2011-01-19 07:21 - 00204800 _____ () C:\Program Files (x86)\asus\VirtualCamera\virtualCamera.ax
    2009-07-14 08:03 - 2009-07-14 12:15 - 00364544 _____ () C:\Windows\SysWOW64\msjetoledb40.dll
    2011-01-19 12:20 - 2011-01-19 12:20 - 00308560 _____ () C:\Program Files (x86)\Sunbelt Software\VIPRE\Vipre.dll
    2014-08-21 10:38 - 2015-02-27 18:05 - 00192376 _____ () C:\Program Files (x86)\Sunbelt Software\VIPRE\Definitions\libBase64.dll
    2014-08-21 10:38 - 2015-02-27 18:05 - 00180088 _____ () C:\Program Files (x86)\Sunbelt Software\VIPRE\Definitions\libMachoUniv.dll
    2005-12-22 18:28 - 2005-12-22 18:28 - 00160768 _____ () C:\Program Files (x86)\Sunbelt Software\VIPRE\unrar.dll
    2009-11-03 08:20 - 2009-11-03 08:20 - 00619816 ____N () C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
    2009-11-03 08:23 - 2009-11-03 08:23 - 00013096 ____N () C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
    2015-03-21 21:50 - 2015-03-14 21:12 - 01174856 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.101\libglesv2.dll
    2015-03-21 21:50 - 2015-03-14 21:12 - 00080200 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.101\libegl.dll
    2015-03-21 21:50 - 2015-03-14 21:12 - 09278792 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.101\pdf.dll

    ==================== Alternate Data Streams (whitelisted) =========

    (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


    ==================== Safe Mode (whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBPIMSvc => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SBAMSvc => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SBPIMSvc => ""="Service"

    ==================== EXE Association (whitelisted) ===============

    (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-1043452877-789864633-615203981-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Cam Laptop\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
    DNS Servers: 192.168.0.1

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (Currently there is no automatic fix for this section.)

    MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^AsusVibeLauncher.lnk => C:\Windows\pss\AsusVibeLauncher.lnk.CommonStartup
    MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^FancyStart daemon.lnk => C:\Windows\pss\FancyStart daemon.lnk.CommonStartup
    MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    MSCONFIG\startupreg: ApnTBMon => "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe"
    MSCONFIG\startupreg: ASUS Screen Saver Protector => C:\Windows\AsScrPro.exe
    MSCONFIG\startupreg: ASUSWebStorage => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe /S
    MSCONFIG\startupreg: BDRegion => C:\Program Files (x86)\Cyberlink\Shared files\brs.exe
    MSCONFIG\startupreg: CLMLServer => "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
    MSCONFIG\startupreg: GoogleChromeAutoLaunch_48E3BD7109F03F0636B1DE020A82339F => "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
    MSCONFIG\startupreg: Logitech Download Assistant => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
    MSCONFIG\startupreg: RemoteControl10 => "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
    MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
    MSCONFIG\startupreg: SonicMasterTray => C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe
    MSCONFIG\startupreg: UpdateLBPShortCut => "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
    MSCONFIG\startupreg: UpdateP2GoShortCut => "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"

    ==================== Accounts: =============================

    Administrator (S-1-5-21-1043452877-789864633-615203981-500 - Administrator - Disabled)
    Cam Laptop (S-1-5-21-1043452877-789864633-615203981-1001 - Administrator - Enabled) => C:\Users\Cam Laptop
    Guest (S-1-5-21-1043452877-789864633-615203981-501 - Limited - Disabled)
    UpdatusUser (S-1-5-21-1043452877-789864633-615203981-1000 - Limited - Enabled) => C:\Users\UpdatusUser

    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (03/30/2015 05:15:04 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: WLANExt.exe, version: 6.1.7600.16385, time stamp: 0x4a5bcc33
    Faulting module name: IWMSSvc.dll, version: 16.10.0.0, time stamp: 0x52cda706
    Exception code: 0xc0000005
    Fault offset: 0x000000000014c2a2
    Faulting process id: 0x5c4
    Faulting application start time: 0xWLANExt.exe0
    Faulting application path: WLANExt.exe1
    Faulting module path: WLANExt.exe2
    Report Id: WLANExt.exe3


    System errors:
    =============
    Error: (03/30/2015 05:15:43 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
    Description: WLAN Extensibility Module has stopped unexpectedly.

    Module Path: C:\Windows\System32\IWMSSvc.dll

    Error: (03/30/2015 05:15:36 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
    Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ZeroConfigService service.

    Error: (03/30/2015 01:05:37 PM) (Source: BugCheck) (EventID: 1001) (User: )
    Description: 0x0000009f (0x0000000000000003, 0xfffffa8008a86060, 0xfffff80000b9c3d8, 0xfffff98042da6d30)C:\Windows\MEMORY.DMP033015-30810-01

    Error: (03/30/2015 01:05:02 PM) (Source: EventLog) (EventID: 6008) (User: )
    Description: The previous system shutdown at 12:52:26 PM on ‎30/‎03/‎2015 was unexpected.

    Error: (03/30/2015 00:21:24 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
    Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

    Error: (03/30/2015 00:20:13 PM) (Source: Application Popup) (EventID: 1060) (User: )
    Description: \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

    Error: (03/30/2015 00:15:12 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
    Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

    Error: (03/30/2015 00:02:10 PM) (Source: DCOM) (EventID: 10010) (User: )
    Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}


    Microsoft Office Sessions:
    =========================
    Error: (03/30/2015 05:15:04 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: WLANExt.exe6.1.7600.163854a5bcc33IWMSSvc.dll16.10.0.052cda706c0000005000000000014c2a25c401d06a8df3e89a78C:\Windows\system32\WLANExt.exeC:\Windows\System32\IWMSSvc.dll1a7400c9-d6a4-11e4-9bff-5404a639c413


    CodeIntegrity Errors:
    ===================================
    Date: 2015-03-30 12:20:13.071
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2015-03-30 12:20:12.822
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


    ==================== Memory info ===========================

    Processor: Intel(R) Core(TM) i7-2670QM CPU @ 2.20GHz
    Percentage of memory in use: 24%
    Total physical RAM: 8102.7 MB
    Available physical RAM: 6138.5 MB
    Total Pagefile: 16205.39 MB
    Available Pagefile: 13893.34 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.85 MB

    ==================== Drives ================================

    Drive c: (OS) (Fixed) (Total:673.63 GB) (Free:476.03 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: 496B9619)
    Partition 1: (Not Active) - (Size=25 GB) - (Type=1C)
    Partition 2: (Active) - (Size=673.6 GB) - (Type=07 NTFS)

    ==================== End Of Log ============================
     
  17. Broni

    Broni Malware Annihilator Posts: 52,884   +344

    Download attached fixlist.txt file and save it to the Desktop.
    NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    Run FRST(FRST64) and press the Fix button just once and wait.
    The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
     

    Attached Files:

  18. stratagem72

    stratagem72 TS Rookie Topic Starter Posts: 26

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-03-2015
    Ran by Cam Laptop at 2015-03-31 11:55:50 Run:1
    Running from C:\Users\Cam Laptop\Desktop
    Loaded Profiles: UpdatusUser & Cam Laptop (Available profiles: UpdatusUser & Cam Laptop)
    Boot Mode: Normal
    ==============================================

    Content of fixlist:
    *****************
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKU\S-1-5-21-1043452877-789864633-615203981-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    CHR StartupUrls: Default -> "", "hxxp://google.com.au/", "hxxp://www.mystartsearch.com/?type=hp&ts=1427144569&from=slbnew&uid=HitachiXHTS547575A9E384_J2540054HULR3EHULR3EX"
    S3 catchme; \??\C:\ComboFix\catchme.sys [X]
    2015-02-21 16:20 - 2015-02-21 16:20 - 0002349 _____ () C:\Program Files (x86)\unins000.dat
    2002-12-17 03:00 - 2002-12-17 03:00 - 0082253 _____ (Jordan Russell) C:\Program Files (x86)\unins000.exe
    2014-08-13 19:45 - 2015-03-08 11:24 - 0000000 _____ () C:\Users\Cam Laptop\AppData\Roaming\bitlord_log.txt
    2014-08-13 20:32 - 2014-08-13 20:32 - 0004608 _____ () C:\Users\Cam Laptop\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2014-09-04 21:59 - 2014-09-04 21:59 - 0000218 _____ () C:\Users\Cam Laptop\AppData\Local\recently-used.xbel
    2015-01-10 22:53 - 2015-01-10 22:53 - 0000000 _____ () C:\Users\Cam Laptop\AppData\Local\{F3F17653-322B-4B59-8ADC-327A0EFC1C5A}
    2015-03-23 22:06 - 2015-03-23 22:06 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
    2014-07-11 17:25 - 2014-07-11 17:26 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
    2014-07-11 17:25 - 2014-07-11 17:25 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
    FF Extension: Avira Browser Safety - C:\Users\Cam Laptop\AppData\Roaming\Mozilla\Firefox\Profiles\wcmgAloW.default\Extensions\abs@avira.com [2014-08-13]
    C:\Users\Cam Laptop\AppData\Roaming\Mozilla\Firefox\Profiles\wcmgAloW.default\Extensions\abs@avira.com

    *****************

    "HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
    "HKU\S-1-5-21-1043452877-789864633-615203981-1001\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
    Chrome StartupUrls deleted successfully.
    catchme => Service deleted successfully.
    C:\Program Files (x86)\unins000.dat => Moved successfully.
    C:\Program Files (x86)\unins000.exe => Moved successfully.
    C:\Users\Cam Laptop\AppData\Roaming\bitlord_log.txt => Moved successfully.
    C:\Users\Cam Laptop\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini => Moved successfully.
    C:\Users\Cam Laptop\AppData\Local\recently-used.xbel => Moved successfully.
    C:\Users\Cam Laptop\AppData\Local\{F3F17653-322B-4B59-8ADC-327A0EFC1C5A} => Moved successfully.
    C:\ProgramData\DP45977C.lfl => Moved successfully.
    C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log => Moved successfully.
    C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log => Moved successfully.
    C:\Users\Cam Laptop\AppData\Roaming\Mozilla\Firefox\Profiles\wcmgAloW.default\Extensions\abs@avira.com => Moved successfully.
    "C:\Users\Cam Laptop\AppData\Roaming\Mozilla\Firefox\Profiles\wcmgAloW.default\Extensions\abs@avira.com" => File/Directory not found.

    ==== End of Fixlog 11:55:53 ====
     
  19. Broni

    Broni Malware Annihilator Posts: 52,884   +344

    Last scans...

    [​IMG] Download Security Check from here or here and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
    NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
    NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
    NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run


    [​IMG] Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
      • Windows Defender
      • Other Services
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.

    [​IMG] Download Temp File Cleaner (TFC)
    Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.

    [​IMG] Download Sophos Free Virus Removal Tool and save it to your desktop.
    • Double click the icon and select Run
    • Click Next
    • Select I accept the terms in this license agreement, then click Next twice
    • Click Install
    • Click Finish to launch the program
    • Once the virus database has been updated click Start Scanning
    • If any threats are found click Details, then View log file... (bottom left hand corner)
    • Copy and paste the results in your reply
    • Close the Notepad document, close the Threat Details screen, then click Start cleanup
    • Click Exit to close the program
     
  20. stratagem72

    stratagem72 TS Rookie Topic Starter Posts: 26

    Results of screen317's Security Check version 0.99.99
    Windows 7 Service Pack 1 x64 (UAC is enabled)
    Internet Explorer 11
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Firewall Disabled!
    Sunbelt VIPRE
    Antivirus out of date!
    `````````Anti-malware/Other Utilities Check:`````````
    Java 8 Update 31
    Java version 32-bit out of Date!
    Adobe Flash Player 16.0.0.305 Flash Player out of Date!
    Adobe Reader XI
    Google Chrome (41.0.2272.101)
    Google Chrome (41.0.2272.89)
    ````````Process Check: objlist.exe by Laurent````````
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C: 0%
    ````````````````````End of Log``````````````````````
     
  21. stratagem72

    stratagem72 TS Rookie Topic Starter Posts: 26

    Farbar Service Scanner Version: 17-01-2015
    Ran by Cam Laptop (administrator) on 31-03-2015 at 12:36:22
    Running from "C:\Users\Cam Laptop\Desktop"
    Microsoft Windows 7 Home Premium Service Pack 1 (X64)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Google.com is accessible.
    Yahoo.com is accessible.


    Windows Firewall:
    =============

    Firewall Disabled Policy:
    ==================
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall"=DWORD:0


    System Restore:
    ============

    System Restore Policy:
    ========================


    Action Center:
    ============


    Windows Update:
    ============

    Windows Autoupdate Disabled Policy:
    ============================


    Windows Defender:
    ==============
    WinDefend Service is not running. Checking service configuration:
    The start type of WinDefend service is set to Demand. The default start type is Auto.
    The ImagePath of WinDefend service is OK.
    The ServiceDll of WinDefend service is OK.


    Windows Defender Disabled Policy:
    ==========================
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
    "DisableAntiSpyware"=DWORD:1


    Other Services:
    ==============


    File Check:
    ========
    C:\Windows\System32\nsisvc.dll => File is digitally signed
    C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
    C:\Windows\System32\dhcpcore.dll => File is digitally signed
    C:\Windows\System32\drivers\afd.sys => File is digitally signed
    C:\Windows\System32\drivers\tdx.sys => File is digitally signed
    C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
    C:\Windows\System32\dnsrslvr.dll => File is digitally signed
    C:\Windows\System32\mpssvc.dll => File is digitally signed
    C:\Windows\System32\bfe.dll => File is digitally signed
    C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
    C:\Windows\System32\SDRSVC.dll => File is digitally signed
    C:\Windows\System32\vssvc.exe => File is digitally signed
    C:\Windows\System32\wscsvc.dll => File is digitally signed
    C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
    C:\Windows\System32\wuaueng.dll => File is digitally signed
    C:\Windows\System32\qmgr.dll => File is digitally signed
    C:\Windows\System32\es.dll => File is digitally signed
    C:\Windows\System32\cryptsvc.dll => File is digitally signed
    C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
    C:\Windows\System32\ipnathlp.dll => File is digitally signed
    C:\Windows\System32\iphlpsvc.dll => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed


    **** End of log ****
     
  22. stratagem72

    stratagem72 TS Rookie Topic Starter Posts: 26

    I'm waiting on the last scan. It's taking AGES
     
  23. stratagem72

    stratagem72 TS Rookie Topic Starter Posts: 26

    Here is is:

    2015-03-31 01:51:22.033 Sophos Virus Removal Tool version 2.5.4
    2015-03-31 01:51:22.033 Copyright (c) 2009-2014 Sophos Limited. All rights reserved.

    2015-03-31 01:51:22.033 This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them.

    2015-03-31 01:51:22.033 Windows version 6.1 SP 1.0 Service Pack 1 build 7601 SM=0x300 PT=0x1 WOW64
    2015-03-31 01:51:22.033 Checking for updates...
    2015-03-31 01:51:25.034 Update progress: proxy server not available
    2015-03-31 01:51:55.851 Option all = no
    2015-03-31 01:51:55.851 Option recurse = yes
    2015-03-31 01:51:55.851 Option archive = no
    2015-03-31 01:51:55.851 Option service = yes
    2015-03-31 01:51:55.851 Option confirm = yes
    2015-03-31 01:51:55.851 Option sxl = yes
    2015-03-31 01:51:55.852 Option max-data-age = 35
    2015-03-31 01:51:55.852 Option EnableSafeClean = yes
    2015-03-31 01:51:57.288 Option vdl-logging = yes
    2015-03-31 01:51:57.312 Customer ID: 094260ca9b3af99f9d4a3909fc47a743
    2015-03-31 01:51:57.312 Machine ID: 63fc0367cd194020941a62e2c4f0bfd6
    2015-03-31 01:51:57.317 Component SVRTcli.exe version 2.5.4
    2015-03-31 01:51:57.318 Component control.dll version 2.5.4
    2015-03-31 01:51:57.320 Component SVRTservice.exe version 2.5.4
    2015-03-31 01:51:57.322 Component engine\osdp.dll version 1.44.1.2183
    2015-03-31 01:51:57.323 Component engine\veex.dll version 3.58.3.2183
    2015-03-31 01:51:57.325 Component engine\savi.dll version 8.1.5.2183
    2015-03-31 01:51:57.336 Component rkdisk.dll version 1.5.30.0
    2015-03-31 01:51:57.336 Version info: Product version 2.5.4
    2015-03-31 01:51:57.337 Version info: Detection engine 3.58.3
    2015-03-31 01:51:57.337 Version info: Detection data 5.11
    2015-03-31 01:51:57.337 Version info: Build date 3/02/2015
    2015-03-31 01:51:57.337 Version info: Data files added 497
    2015-03-31 01:51:57.337 Version info: Last successful update (not yet updated)
    2015-03-31 01:52:17.212 Downloading updates...
    2015-03-31 01:52:17.214 Update progress: [I96736] Looking for package C1A903B2-E63E-483b-982D-04BB9C457C60 1.0
    2015-03-31 01:52:17.214 Update progress: [I49502] Found supplement SAVIW32 LATEST
    2015-03-31 01:52:17.214 Update progress: [I49502] Found supplement IDE512 LATEST
    2015-03-31 01:52:17.214 Update progress: [I49502] Found supplement IDE513 LATEST
    2015-03-31 01:52:17.214 Update progress: [I49502] Found supplement IDE514 LATEST
    2015-03-31 01:52:17.214 Update progress: [I49502] Found supplement IDE515 LATEST
    2015-03-31 01:52:17.214 Update progress: [I19463] Syncing product C1A903B2-E63E-483b-982D-04BB9C457C60 1
    2015-03-31 01:52:17.214 Update progress: [I19463] Syncing product SAVIW32 51
    2015-03-31 01:52:34.866 Update progress: [I19463] Syncing product IDE512 166
    2015-03-31 01:52:47.903 Installing updates...
    2015-03-31 01:52:48.510 Error level 1
    2015-03-31 01:52:48.774 Update progress: [I19463] Syncing product IDE513 171
    2015-03-31 01:52:48.774 Update progress: [I19463] Syncing product IDE514 161
    2015-03-31 01:52:48.774 Update progress: [I19463] Syncing product IDE515 5
    2015-03-31 01:53:31.610 Update successful
    2015-03-31 01:54:11.495 Option all = no
    2015-03-31 01:54:11.496 Option recurse = yes
    2015-03-31 01:54:11.496 Option archive = no
    2015-03-31 01:54:11.496 Option service = yes
    2015-03-31 01:54:11.496 Option confirm = yes
    2015-03-31 01:54:11.496 Option sxl = yes
    2015-03-31 01:54:11.497 Option max-data-age = 35
    2015-03-31 01:54:11.497 Option EnableSafeClean = yes
    2015-03-31 01:54:11.750 Option vdl-logging = yes
    2015-03-31 01:54:11.770 Customer ID: 094260ca9b3af99f9d4a3909fc47a743
    2015-03-31 01:54:11.770 Machine ID: 63fc0367cd194020941a62e2c4f0bfd6
    2015-03-31 01:54:11.776 Component SVRTcli.exe version 2.5.4
    2015-03-31 01:54:11.778 Component control.dll version 2.5.4
    2015-03-31 01:54:11.780 Component SVRTservice.exe version 2.5.4
    2015-03-31 01:54:11.782 Component engine\osdp.dll version 1.44.1.2183
    2015-03-31 01:54:11.784 Component engine\veex.dll version 3.58.3.2183
    2015-03-31 01:54:11.785 Component engine\savi.dll version 8.1.5.2183
    2015-03-31 01:54:11.797 Component rkdisk.dll version 1.5.30.0
    2015-03-31 01:54:11.797 Version info: Product version 2.5.4
    2015-03-31 01:54:11.798 Version info: Detection engine 3.58.3
    2015-03-31 01:54:11.798 Version info: Detection data 5.11G
    2015-03-31 01:54:11.798 Version info: Build date 3/02/2015
    2015-03-31 01:54:11.798 Version info: Data files added 496
    2015-03-31 01:54:11.798 Version info: Last successful update 31/03/2015 12:53:31 PM

    2015-03-31 02:46:57.021 Could not open C:\Boot\BCD
    2015-03-31 02:52:28.388 Could not open C:\pagefile.sys
    2015-03-31 03:19:29.413 Could not open C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-03-31 03:19:29.436 Could not open C:\System Volume Information\{4b427e08-d13b-11e4-9c8f-5404a639c413}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-03-31 03:19:29.436 Could not open C:\System Volume Information\{a6fee048-d667-11e4-af29-5404a639c413}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-03-31 03:19:29.436 Could not open C:\System Volume Information\{cc0ccadb-d746-11e4-994d-5404a639c413}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-03-31 03:19:29.436 Could not open C:\System Volume Information\{fc699a0d-d520-11e4-8fc2-5404a639c413}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-03-31 03:19:47.900 Could not open C:\Users\Cam Laptop\AppData\Local\Google\Chrome\User Data\Default\Current Session
    2015-03-31 03:19:47.951 Could not open C:\Users\Cam Laptop\AppData\Local\Google\Chrome\User Data\Default\Current Tabs
    2015-03-31 03:19:48.487 Could not check C:\Users\Cam Laptop\AppData\Local\Google\Chrome\User Data\Default\Extension Rules\LOCK (virus scan failed)
    2015-03-31 03:19:48.631 Could not check C:\Users\Cam Laptop\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOCK (virus scan failed)
    2015-03-31 03:20:01.331 Could not check C:\Users\Cam Laptop\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pafkbggdmjlpgkdkcbjmhmfcdpncadgh\LOCK (virus scan failed)
    2015-03-31 03:20:18.817 Could not check C:\Users\Cam Laptop\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOCK (virus scan failed)
    2015-03-31 03:23:07.818 >>> Virus 'Mal/KeyGen-V' found in file C:\Users\Cam Laptop\Documents\BitLord\SONY Sound Forge Pro 11.0 build 234 (patch-keygen DI) [ChingLiu]\DI v2.3 Keygen and Patch\Keygen.exe
    2015-03-31 03:23:07.819 >>> Virus 'Mal/KeyGen-V' found in file HKU\S-1-5-21-1043452877-789864633-615203981-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
    2015-03-31 03:23:07.819 >>> Virus 'Mal/KeyGen-V' found in file HKU\S-1-5-21-1043452877-789864633-615203981-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
    2015-03-31 03:23:07.820 >>> Virus 'Mal/KeyGen-V' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
    2015-03-31 03:34:58.674 Could not open C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb
    2015-03-31 03:34:58.690 Could not open C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb
    2015-03-31 05:46:00.407 Could not open C:\Windows\System32\config\RegBack\DEFAULT
    2015-03-31 05:46:00.407 Could not open C:\Windows\System32\config\RegBack\SAM
    2015-03-31 05:46:00.408 Could not open C:\Windows\System32\config\RegBack\SECURITY
    2015-03-31 05:46:00.408 Could not open C:\Windows\System32\config\RegBack\SOFTWARE
    2015-03-31 05:46:00.408 Could not open C:\Windows\System32\config\RegBack\SYSTEM
    2015-03-31 06:28:51.063 The following items will be cleaned up:
    2015-03-31 06:28:51.085 Mal/KeyGen-V
     
  24. Broni

    Broni Malware Annihilator Posts: 52,884   +344

    [​IMG] Update Adobe Flash Player: http://get.adobe.com/flashplayer/
    Make sure you UN-check Yes, install McAfee Security Scan Plus

    NOTE 1: Beginning with Adobe Flash Version 11.3, the universal installer includes the 32-bit and 64-bit versions of the Flash Player.
    NOTE 2: While installing make sure you UN-check any extra garbage which wants to install alongside.

    [​IMG] Update your Java version here: http://www.java.com/en/download/manual.jsp
    Alternate download: http://www.filehippo.com/search?q=java

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.
    Note 2: If you're running 64-bit system make sure you install BOTH, 32-bit and 64-bit Java.

    ======================================

    Your computer is clean [​IMG]

    1. This step will remove all cleaning tools we used, it'll reset restore points (so you won't get reinfected by accidentally using some older restore point) and it'll make some other minor adjustments...
    This is a very crucial step so make sure you don't skip it.
    Download [​IMG]DelFix by Xplode to your desktop. Delfix will delete all the used tools and logfiles.

    Double-click Delfix.exe to start the tool.
    Make sure the following items are checked:
    • Activate UAC (optional; some users prefer to keep it off)
    • Remove disinfection tools
    • Create registry backup
    • Purge System Restore
    • Reset system settings
    Now click "Run" and wait patiently.
    Once finished a logfile will be created. You don't have to attach it to your next reply.

    2. Make sure Windows Updates are current.

    3. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    4. Check if your browser plugins are up to date.
    Firefox - https://www.mozilla.org/en-US/plugincheck/
    other browsers: https://browsercheck.qualys.com/ (click on "Scan without installing plugin" and then on "Scan now")

    5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    7. Run Temporary File Cleaner (TFC), AdwCleaner and Junkware Removal Tool (JRT) weekly (you need to redownload these tools since they were removed by DelFix).

    8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    10. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

    11. Read:
    How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
    Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
    About those Toolbars and Add-ons - Potentially Unwanted Programs (PUPs) which change your browser settings: http://www.bleepingcomputer.com/for...curity-questions-best-practices/#entry3187642

    12. Please, let me know, how your computer is doing.
     
  25. stratagem72

    stratagem72 TS Rookie Topic Starter Posts: 26

    I've done those last few things. Where it says this:

    3. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately

    Where would it have told me this, and what was the problem(s) that I had?

    Thanks so much for your help. (y)
     

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...