TechSpot

Multiple instances of internet explorer keep running

By cossie96
Mar 12, 2015
  1. This seems to be a common problem around here, I keep getting 3 to 5 instances of internet explorer in my task manager keep popping up. After I end task they reappear at random times. Ran some malware scans to try and get rid but couldnt and ended up here from Google!

    Here are the FRST logs:

    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
    Ran by Lee (administrator) on LEE-PC on 13-03-2015 00:04:38
    Running from C:\Users\Lee\Desktop
    Loaded Profiles: Lee (Available profiles: Lee & LogMeInRemoteUser & Administrator)
    Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
    Internet Explorer Version 11 (Default browser: FF)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
    (Intel Corporation) C:\Windows\System32\igfxCUIService.exe
    (CrypKey (Canada) Ltd.) C:\Windows\System32\Crypserv.exe
    (Hagel Technologies Ltd.) C:\Program Files (x86)\DU Meter\DUMeterSvc.exe
    (COMODO) C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
    () C:\Program Files\Core Temp\Core Temp.exe
    (Hagel Technologies Ltd.) C:\Program Files (x86)\DU Meter\DUMeter.exe
    (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler.exe
    (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
    (Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
    (LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
    (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler64.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
    (Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
    (StarWind Software) C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    (Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
    (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
    (Siber Systems) C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
    (Akamai Technologies, Inc.) C:\Users\Lee\AppData\Local\Akamai\netsession_win.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
    (CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD14Agent.exe
    (Akamai Technologies, Inc.) C:\Users\Lee\AppData\Local\Akamai\netsession_win.exe
    (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    (Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe
    (Intel Corporation) C:\Windows\System32\igfxHK.exe
    (Intel Corporation) C:\Windows\System32\igfxTray.exe
    (Intel Corporation) C:\Windows\System32\igfxEM.exe
    (Samsung Electronics.) C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe
    (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    (COMODO) C:\Program Files\COMODO\COMODO Internet Security\cis.exe
    (Logitech, Inc.) C:\Program Files\Logitech\SetPointP\LogiAppBroker.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
    (COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
    (Azureus Software, Inc) C:\Program Files\Vuze - Copy\Azureus.exe
    (Microsoft Corporation) C:\Windows\splwow64.exe
    (Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
    (Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
    (Farbar) C:\Users\Lee\Desktop\FRST64(1).exe


    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12503184 2012-06-11] (Realtek Semiconductor)
    HKLM\...\Run: [LogMeIn GUI] => C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe [57928 2013-04-30] (LogMeIn, Inc.)
    HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [2991856 2013-02-21] (Logitech, Inc.)
    HKLM\...\Run: [COMODO Internet Security] => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1297624 2015-02-04] (COMODO)
    HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291648 2012-05-20] (Intel Corporation)
    HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2015-02-01] (Safer-Networking Ltd.)
    HKLM-x32\...\Run: [PowerDVD14Agent] => C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD14Agent.exe [795672 2014-11-04] (CyberLink Corp.)
    HKLM-x32\...\Run: [Aimersoft Helper Compact.exe] => C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe [1667072 2012-02-28] (AimerSoft)
    HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [335232 2015-03-10] (Oracle Corporation)
    Winlogon\Notify\igfxcui: igfxdev.dll [X]
    Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
    HKU\S-1-5-21-2617431701-2952813283-2152824867-1000\...\Run: [DU Meter] => C:\Program Files (x86)\DU Meter\DUMeter.exe [1832448 2009-03-13] (Hagel Technologies Ltd.)
    HKU\S-1-5-21-2617431701-2952813283-2152824867-1000\...\Run: [RoboForm] => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [109784 2014-06-11] (Siber Systems)
    HKU\S-1-5-21-2617431701-2952813283-2152824867-1000\...\Run: [AlcoholAutomount] => C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [75624 2015-01-03] (Alcohol Soft Development Team)
    HKU\S-1-5-21-2617431701-2952813283-2152824867-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Lee\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-29] (Akamai Technologies, Inc.)
    HKU\S-1-5-21-2617431701-2952813283-2152824867-1000\...\Policies\Explorer: [NoDriveTypeAutoRun] 0x91000000
    HKU\S-1-5-21-2617431701-2952813283-2152824867-1000\...\MountPoints2: {2f4c22e2-f37a-11e3-b0e5-94de80647f9f} - "O:\WD SmartWare.exe" autoplay=true
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TotalMedia Server.lnk
    ShortcutTarget: TotalMedia Server.lnk -> C:\Program Files (x86)\ArcSoft\TotalMedia Theatre 6\TotalMedia Server\TM Server.exe (No File)
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
    BootExecute: sdnclean64.exe

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    ProxyEnable: [S-1-5-21-2617431701-2952813283-2152824867-1000] => Internet Explorer proxy is enabled.
    HKU\S-1-5-21-2617431701-2952813283-2152824867-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/
    SearchScopes: HKLM-x32 -> {721061fb-eb79-4568-a03c-3ce26d68dae9} URL = http://ww.safetab.org/textresults.php?q={searchTerms}&full=1
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    BHO: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2009-03-13] (Siber Systems Inc.)
    BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_40\bin\ssv.dll [2015-03-10] (Oracle Corporation)
    BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll [2013-02-21] (Logitech, Inc.)
    BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-03-10] (Oracle Corporation)
    BHO-x32: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll [2009-03-13] (Siber Systems Inc.)
    BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dll [2015-03-10] (Oracle Corporation)
    BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2013-02-21] (Logitech, Inc.)
    BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-03-10] (Oracle Corporation)
    Toolbar: HKLM - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2009-03-13] (Siber Systems Inc.)
    Toolbar: HKLM-x32 - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll [2009-03-13] (Siber Systems Inc.)
    Toolbar: HKU\S-1-5-21-2617431701-2952813283-2152824867-1000 -> &RoboForm Toolbar - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2009-03-13] (Siber Systems Inc.)
    Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
    Tcpip\..\Interfaces\{7258CE01-B786-4EA8-B17F-96D63D4FD556}: [NameServer] 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1

    FireFox:
    ========
    FF ProfilePath: C:\Users\Lee\AppData\Roaming\Mozilla\Firefox\Profiles\4nv1m69g.default-1409845280021
    FF DefaultSearchEngine: Google UK
    FF Homepage: hxxp://news.sky.com/
    FF NetworkProxy: "no_proxies_on", ""
    FF NetworkProxy: "type", 4
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-03-09] ()
    FF Plugin: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-03-10] (Oracle Corporation)
    FF Plugin: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-10] (Oracle Corporation)
    FF Plugin: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll [2013-06-06] (Microsoft Corporation)
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
    FF Plugin: @sview.ru/sView -> C:\Program Files\sView\amd64\npStBrowserPlugin.dll [2014-03-01] ()
    FF Plugin: @videolan.org/vlc,version=2.1.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-30] (VideoLAN)
    FF Plugin: @videolan.org/vlc,version=2.1.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-30] (VideoLAN)
    FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-30] (VideoLAN)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-03-09] ()
    FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL [2013-04-19] (CANON INC.)
    FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
    FF Plugin-x32: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-03-10] (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-10] (Oracle Corporation)
    FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll [2012-05-25] (Yahoo! Inc.)
    FF Plugin-x32: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll [2013-06-06] (Microsoft Corporation)
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
    FF Plugin-x32: @mozilla.zeniko.ch/PDFlite_Browser_Plugin -> C:\Program Files (x86)\PDFlite\npPdfViewer.dll [2014-02-26] (Simon Bünzli)
    FF Plugin-x32: @sview.ru/sView -> C:\Program Files\sView\npStBrowserPlugin.dll [2014-03-01] ()
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-03] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-03] (Google Inc.)
    FF Plugin HKU\S-1-5-21-2617431701-2952813283-2152824867-1000: @hola.org/vlc,version=1.6.256 -> C:\Users\Lee\AppData\Local\Hola\firefox\app\vlc No File
    FF Plugin HKU\S-1-5-21-2617431701-2952813283-2152824867-1000: @mozilla.zeniko.ch/PDFlite_Browser_Plugin -> C:\Program Files (x86)\PDFlite\npPdfViewer.dll [2014-02-26] (Simon Bünzli)
    FF SearchPlugin: C:\Users\Lee\AppData\Roaming\Mozilla\Firefox\Profiles\4nv1m69g.default-1409845280021\searchplugins\d568b61e-ff95-47ff-89aa-3551e83792fb.xml [2014-12-07]
    FF Extension: Element Hiding Helper for Adblock Plus - C:\Users\Lee\AppData\Roaming\Mozilla\Firefox\Profiles\4nv1m69g.default-1409845280021\Extensions\elemhidehelper@adblockplus.org.xpi [2014-09-04]
    FF Extension: Ghostery - C:\Users\Lee\AppData\Roaming\Mozilla\Firefox\Profiles\4nv1m69g.default-1409845280021\Extensions\firefox@ghostery.com.xpi [2014-09-04]
    FF Extension: The Camelizer - Price Tracker - C:\Users\Lee\AppData\Roaming\Mozilla\Firefox\Profiles\4nv1m69g.default-1409845280021\Extensions\izer@camelcamelcamel.com.xpi [2014-09-12]
    FF Extension: Google Translator for Firefox - C:\Users\Lee\AppData\Roaming\Mozilla\Firefox\Profiles\4nv1m69g.default-1409845280021\Extensions\translator@zoli.bod.xpi [2014-10-07]
    FF Extension: Adblock Plus Filter Uploader - C:\Users\Lee\AppData\Roaming\Mozilla\Firefox\Profiles\4nv1m69g.default-1409845280021\Extensions\uploader@adblockfilters.mozdev.org.xpi [2014-09-04]
    FF Extension: All-in-One Sidebar - C:\Users\Lee\AppData\Roaming\Mozilla\Firefox\Profiles\4nv1m69g.default-1409845280021\Extensions\{097d3191-e6fa-4728-9826-b533d755359d}.xpi [2014-09-04]
    FF Extension: ScrapBook - C:\Users\Lee\AppData\Roaming\Mozilla\Firefox\Profiles\4nv1m69g.default-1409845280021\Extensions\{53A03D43-5363-4669-8190-99061B2DEBA5}.xpi [2014-09-18]
    FF Extension: Adblock Plus - C:\Users\Lee\AppData\Roaming\Mozilla\Firefox\Profiles\4nv1m69g.default-1409845280021\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-09-04]
    FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
    FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2013-06-06]
    FF HKLM-x32\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox
    FF Extension: RoboForm Toolbar for Firefox - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox [2013-06-07]
    FF HKU\S-1-5-21-2617431701-2952813283-2152824867-1000\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox

    Chrome:
    =======
    CHR StartupUrls: Default -> "hxxp://www.google.co.uk/"
    CHR DefaultSearchKeyword: Default -> search.conduit.com
    CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\PepperFlash\pepflashplayer.dll ()
    CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
    CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\ppGoogleNaClPluginChrome.dll No File
    CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\pdf.dll ()
    CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
    CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
    CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
    CHR Plugin: (Java(TM) Platform SE 7 U25) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll No File
    CHR Plugin: (SumatraPDF Browser Plugin) - C:\Program Files (x86)\PDFlite\npPdfViewer.dll (Simon Bünzli)
    CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll No File
    CHR Plugin: (CANON iMAGE GATEWAY Album Plugin Utility for IJ) - C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
    CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll No File
    CHR Plugin: (Java Deployment Toolkit 7.0.250.16) - C:\Windows\SysWOW64\npDeployJava1.dll No File
    CHR Profile: C:\Users\Lee\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Google Docs) - C:\Users\Lee\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-07-31]
    CHR Extension: (Google Drive) - C:\Users\Lee\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-07-31]
    CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Lee\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-24]
    CHR Extension: (YouTube) - C:\Users\Lee\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-07-31]
    CHR Extension: (Webpage Screenshot) - C:\Users\Lee\AppData\Local\Google\Chrome\User Data\Default\Extensions\ckibcdccnfeookdmbahgiakhnjcddpki [2014-05-20]
    CHR Extension: (Google Search) - C:\Users\Lee\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-07-31]
    CHR Extension: (Logitech SetPoint) - C:\Users\Lee\AppData\Local\Google\Chrome\User Data\Default\Extensions\edaibbiobngpbmeonadpbfafbkimjbdd [2013-07-31]
    CHR Extension: (Google Wallet) - C:\Users\Lee\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-24]
    CHR Extension: (Gmail) - C:\Users\Lee\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-07-31]
    CHR HKLM-x32\...\Chrome\Extension: [edaibbiobngpbmeonadpbfafbkimjbdd] - C:\ProgramData\Logitech\LogiSmoothChromeExt.crx [2013-06-06]
    CHR HKLM-x32\...\Chrome\Extension: [pnlccmojcmeohlpggmfnbbiapkmbliob] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\rf-chrome.crx [2014-06-11]

    ==================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2015-02-28] (Adobe Systems) [File not signed]
    S2 AxAutoMntSrv; C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [75624 2015-01-03] (Alcohol Soft Development Team)
    R2 CmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [7618952 2015-02-04] (COMODO)
    S3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2265304 2015-02-04] (COMODO)
    R2 Crypkey License; C:\Windows\system32\crypserv.exe [122880 2008-05-07] (CrypKey (Canada) Ltd.) [File not signed]
    R2 DUMeterSvc; C:\Program Files (x86)\DU Meter\DUMeterSvc.exe [1062912 2009-03-13] (Hagel Technologies Ltd.) [File not signed]
    S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]
    R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [282096 2014-03-17] (Intel Corporation)
    R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
    R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [376144 2013-08-12] (LogMeIn, Inc.)
    S2 LMIMaint; C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe [226640 2013-08-12] (LogMeIn, Inc.)
    S2 LogMeIn; C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe [407424 2013-04-30] (LogMeIn, Inc.)
    R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-03-06] (Malwarebytes Corporation)
    R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2015-03-06] (Malwarebytes Corporation)
    R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2015-02-01] (Safer-Networking Ltd.)
    R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2015-02-01] (Safer-Networking Ltd.)
    R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2015-02-01] (Safer-Networking Ltd.)
    R2 StarWindServiceAE; C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [370688 2015-01-03] (StarWind Software) [File not signed]
    R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [150440 2014-12-23] (SlySoft, Inc.)
    R3 AnyDVD; C:\Windows\SysWOW64\Drivers\AnyDVD.sys [150440 2014-12-23] (SlySoft, Inc.)
    R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [20184 2015-01-30] (COMODO)
    R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [792648 2015-01-30] (COMODO)
    S3 cpudrv64; C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [17864 2011-06-02] ()
    R3 DUMeterDrv; C:\Program Files (x86)\DU Meter\DUMETR64.SYS [20968 2013-03-01] (Hagel Technologies Ltd.) [File not signed]
    R1 dvdfabio; C:\Windows\system32\drivers\dvdfabio.sys [12704 2014-08-29] (DVDFab Software)
    S3 esgiguard; C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [15920 2015-01-31] (Enigma Software Group USA, LLC.)
    S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2015-01-31] ()
    R0 EUBKMON; C:\Windows\System32\drivers\EUBKMON.sys [48136 2014-10-14] ()
    S3 GVTDrv64; C:\Windows\GVTDrv64.sys [30528 2014-04-25] ()
    S2 Hardlock; C:\Windows\system32\drivers\hardlock.sys [296448 2005-06-14] (Aladdin Knowledge Systems Ltd.) [File not signed]
    S3 ISCT; C:\Windows\System32\DRIVERS\ISCTD64.sys [46568 2013-01-18] ()
    R3 L1C; C:\Windows\System32\DRIVERS\L1C62x64.sys [110744 2012-07-19] (Qualcomm Atheros Co., Ltd.)
    S2 LMIInfo; C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [16056 2013-04-30] (LogMeIn, Inc.)
    S4 LMIRfsClientNP; No ImagePath
    R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-03-06] (Malwarebytes Corporation)
    R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-03-12] (Malwarebytes Corporation)
    R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-03-06] (Malwarebytes Corporation)
    R1 NetworkX; C:\Windows\system32\ckldrv.sys [28664 2008-03-17] ()
    R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-08-10] (Corel Corporation)
    U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] ()
    R3 vdrive; C:\Windows\System32\DRIVERS\vdrive.sys [44960 2014-08-29] (DVDFab Software)
    R3 WsAudio_Device(1); C:\Windows\System32\drivers\VirtualAudio1.sys [31080 2015-01-31] (Wondershare)
    R3 WsAudio_Device(2); C:\Windows\System32\drivers\VirtualAudio2.sys [31080 2015-01-31] (Wondershare)
    R3 WsAudio_Device(3); C:\Windows\System32\drivers\VirtualAudio3.sys [31080 2015-01-31] (Wondershare)
    R3 WsAudio_Device(4); C:\Windows\System32\drivers\VirtualAudio4.sys [31080 2015-01-31] (Wondershare)
    R3 WsAudio_Device(5); C:\Windows\System32\drivers\VirtualAudio5.sys [31080 2015-01-31] (Wondershare)
    R2 {C5F942FD-1110-4664-86CE-0C6BDA305235}; C:\Program Files (x86)\CyberLink\PowerDVD14\Common\NavFilter\000.fcl [32456 2014-11-04] (CyberLink Corp.)
    R3 ALSysIO; \??\C:\TEMP\ALSysIO64.sys [X]
    S1 ArcCtrl; system32\drivers\ArcCtrl.sys [X]
    S1 ArcSec; system32\drivers\ArcSec.sys [X]
    S3 dgderdrv; System32\drivers\dgderdrv.sys [X]
    S4 nvlddmkm; system32\DRIVERS\nvlddmkm.sys [X]
    S4 nvvad_WaveExtensible; system32\drivers\nvvad64v.sys [X]
    S4 sptd; \SystemRoot\System32\Drivers\sptd.sys [X]
    S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]
     
  2. cossie96

    cossie96 TS Rookie Topic Starter Posts: 21

    ==================== NetSvcs (Whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


    ==================== One Month Created Files and Folders ========

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-03-13 00:04 - 2015-03-13 00:04 - 00026001 _____ () C:\Users\Lee\Desktop\FRST.txt
    2015-03-13 00:02 - 2015-03-13 00:02 - 02095616 _____ (Farbar) C:\Users\Lee\Desktop\FRST64(1).exe
    2015-03-12 15:38 - 2015-03-12 15:38 - 00001424 _____ () C:\Users\Lee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
    2015-03-10 19:48 - 2015-03-10 19:48 - 25021440 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2015-03-10 19:48 - 2015-03-10 19:48 - 19720192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2015-03-10 19:48 - 2015-03-10 19:48 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
    2015-03-10 19:48 - 2015-03-10 19:48 - 14398976 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
    2015-03-10 19:48 - 2015-03-10 19:48 - 14177280 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
    2015-03-10 19:48 - 2015-03-10 19:48 - 12875264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
    2015-03-10 19:48 - 2015-03-10 19:48 - 12827648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2015-03-10 19:48 - 2015-03-10 19:48 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
    2015-03-10 19:48 - 2015-03-10 19:48 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
    2015-03-10 19:48 - 2015-03-10 19:48 - 11411968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
    2015-03-10 19:48 - 2015-03-10 19:48 - 06035456 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
    2015-03-10 19:48 - 2015-03-10 19:48 - 05554104 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
    2015-03-10 19:48 - 2015-03-10 19:48 - 04300288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2015-03-10 19:48 - 2015-03-10 19:48 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
    2015-03-10 19:48 - 2015-03-10 19:48 - 03973048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
    2015-03-10 19:48 - 2015-03-10 19:48 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
    2015-03-10 19:48 - 2015-03-10 19:48 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
    2015-03-10 19:48 - 2015-03-10 19:48 - 03204096 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
    2015-03-10 19:48 - 2015-03-10 19:48 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
    2015-03-10 19:48 - 2015-03-10 19:48 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
    2015-03-10 19:48 - 2015-03-10 19:48 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
    2015-03-10 19:48 - 2015-03-10 19:48 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2015-03-10 19:48 - 2015-03-10 19:48 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
    2015-03-10 19:48 - 2015-03-10 19:48 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2015-03-10 19:48 - 2015-03-10 19:48 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2015-03-10 19:48 - 2015-03-10 19:48 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
    2015-03-10 19:48 - 2015-03-10 19:48 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
    2015-03-10 19:48 - 2015-03-10 19:48 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
    2015-03-10 19:48 - 2015-03-10 19:48 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
    2015-03-10 19:48 - 2015-03-10 19:48 - 01424896 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
    2015-03-10 19:48 - 2015-03-10 19:48 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
    2015-03-10 19:48 - 2015-03-10 19:48 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
    2015-03-10 19:48 - 2015-03-10 19:48 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2015-03-10 19:48 - 2015-03-10 19:48 - 01230848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
    2015-03-10 19:48 - 2015-03-10 19:48 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
    2015-03-10 19:48 - 2015-03-10 19:48 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
    2015-03-10 19:48 - 2015-03-10 19:48 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
    2015-03-10 19:48 - 2015-03-10 19:48 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
    2015-03-10 19:48 - 2015-03-10 19:48 - 01067520 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
    2015-03-10 19:48 - 2015-03-10 19:48 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
    2015-03-10 19:48 - 2015-03-10 19:48 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
    2015-03-10 19:48 - 2015-03-10 19:48 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
    2015-03-10 19:48 - 2015-03-10 19:48 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
    2015-03-10 19:48 - 2015-03-10 19:48 - 00828928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
    2015-03-10 19:48 - 2015-03-10 19:48 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
    2015-03-10 19:48 - 2015-03-10 19:48 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
    2015-03-10 19:48 - 2015-03-10 19:48 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
    2015-03-10 19:48 - 2015-03-10 19:48 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
    2015-03-10 19:48 - 2015-03-10 19:48 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
    2015-03-10 19:48 - 2015-03-10 19:48 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
    2015-03-10 19:48 - 2015-03-10 19:48 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
    2015-03-10 19:48 - 2015-03-10 19:48 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
    2015-03-10 19:48 - 2015-03-10 19:48 - 00693176 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
    2015-03-10 19:48 - 2015-03-10 19:48 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2015-03-10 19:48 - 2015-03-10 19:48 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
    2015-03-10 19:48 - 2015-03-10 19:48 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
    2015-03-10 19:48 - 2015-03-10 19:48 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
    2015-03-10 19:48 - 2015-03-10 19:48 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
    2015-03-10 19:48 - 2015-03-10 19:48 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
    2015-03-10 19:48 - 2015-03-10 19:48 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
    2015-03-10 19:48 - 2015-03-10 19:48 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
    2015-03-10 19:48 - 2015-03-10 19:48 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
    2015-03-10 19:48 - 2015-03-10 19:48 - 00619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
    2015-03-10 19:48 - 2015-03-10 19:48 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
    2015-03-10 19:48 - 2015-03-10 19:48 - 00616360 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
    2015-03-10 19:48 - 2015-03-10 19:48 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
    2015-03-10 19:48 - 2015-03-10 19:48 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
    2015-03-10 19:48 - 2015-03-10 19:48 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
    2015-03-10 19:48 - 2015-03-10 19:48 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
    2015-03-10 19:48 - 2015-03-10 19:48 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
    2015-03-10 19:48 - 2015-03-10 19:48 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2015-03-10 19:48 - 2015-03-10 19:48 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
    2015-03-10 19:48 - 2015-03-10 19:48 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
    2015-03-10 19:48 - 2015-03-10 19:48 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
    2015-03-10 19:48 - 2015-03-10 19:48 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
    2015-03-10 19:48 - 2015-03-10 19:48 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2015-03-10 19:48 - 2015-03-10 19:48 - 00459336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
    2015-03-10 19:48 - 2015-03-10 19:48 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
    2015-03-10 19:48 - 2015-03-10 19:48 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
    2015-03-10 19:48 - 2015-03-10 19:48 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
    2015-03-10 19:48 - 2015-03-10 19:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
    2015-03-10 19:48 - 2015-03-10 19:48 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
    2015-03-10 19:48 - 2015-03-10 19:48 - 00389800 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
    2015-03-10 19:48 - 2015-03-10 19:48 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
    2015-03-10 19:48 - 2015-03-10 19:48 - 00372224 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
    2015-03-10 19:48 - 2015-03-10 19:48 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
    2015-03-10 19:48 - 2015-03-10 19:48 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
    2015-03-10 19:48 - 2015-03-10 19:48 - 00342696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
    2015-03-10 19:48 - 2015-03-10 19:48 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
    2015-03-10 19:48 - 2015-03-10 19:48 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
    2015-03-10 19:48 - 2015-03-10 19:48 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
    2015-03-10 19:48 - 2015-03-10 19:48 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
    2015-03-10 19:48 - 2015-03-10 19:48 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
    2015-03-10 19:48 - 2015-03-10 19:48 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
    2015-03-10 19:48 - 2015-03-10 19:48 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
    2015-03-10 19:48 - 2015-03-10 19:48 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
    2015-03-10 19:48 - 2015-03-10 19:48 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
    2015-03-10 19:48 - 2015-03-10 19:48 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
    2015-03-10 19:48 - 2015-03-10 19:48 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
    2015-03-10 19:48 - 2015-03-10 19:48 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
    2015-03-10 19:48 - 2015-03-10 19:48 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
    2015-03-10 19:48 - 2015-03-10 19:48 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
    2015-03-10 19:48 - 2015-03-10 19:48 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
    2015-03-10 19:48 - 2015-03-10 19:48 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
    2015-03-10 19:48 - 2015-03-10 19:48 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
    2015-03-10 19:48 - 2015-03-10 19:48 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
    2015-03-10 19:48 - 2015-03-10 19:48 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
    2015-03-10 19:48 - 2015-03-10 19:48 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
    2015-03-10 19:48 - 2015-03-10 19:48 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
    2015-03-10 19:48 - 2015-03-10 19:48 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
    2015-03-10 19:48 - 2015-03-10 19:48 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
    2015-03-10 19:48 - 2015-03-10 19:48 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
    2015-03-10 19:48 - 2015-03-10 19:48 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
    2015-03-10 19:48 - 2015-03-10 19:48 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ubpm.dll
    2015-03-10 19:48 - 2015-03-10 19:48 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
    2015-03-10 19:48 - 2015-03-10 19:48 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
    2015-03-10 19:48 - 2015-03-10 19:48 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
    2015-03-10 19:48 - 2015-03-10 19:48 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
    2015-03-10 19:48 - 2015-03-10 19:48 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
    2015-03-10 19:48 - 2015-03-10 19:48 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
    2015-03-10 19:48 - 2015-03-10 19:48 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
    2015-03-10 19:48 - 2015-03-10 19:48 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
    2015-03-10 19:48 - 2015-03-10 19:48 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
    2015-03-10 19:48 - 2015-03-10 19:48 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
    2015-03-10 19:48 - 2015-03-10 19:48 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2015-03-10 19:48 - 2015-03-10 19:48 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
    2015-03-10 19:48 - 2015-03-10 19:48 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
    2015-03-10 19:48 - 2015-03-10 19:48 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
    2015-03-10 19:48 - 2015-03-10 19:48 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
    2015-03-10 19:48 - 2015-03-10 19:48 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
    2015-03-10 19:48 - 2015-03-10 19:48 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
    2015-03-10 19:48 - 2015-03-10 19:48 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
    2015-03-10 19:48 - 2015-03-10 19:48 - 00094656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
    2015-03-10 19:48 - 2015-03-10 19:48 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
    2015-03-10 19:48 - 2015-03-10 19:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
    2015-03-10 19:48 - 2015-03-10 19:48 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
    2015-03-10 19:48 - 2015-03-10 19:48 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
    2015-03-10 19:48 - 2015-03-10 19:48 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
    2015-03-10 19:48 - 2015-03-10 19:48 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
    2015-03-10 19:48 - 2015-03-10 19:48 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2015-03-10 19:48 - 2015-03-10 19:48 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
    2015-03-10 19:48 - 2015-03-10 19:48 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
    2015-03-10 19:48 - 2015-03-10 19:48 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
    2015-03-10 19:48 - 2015-03-10 19:48 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
    2015-03-10 19:48 - 2015-03-10 19:48 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
    2015-03-10 19:48 - 2015-03-10 19:48 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
    2015-03-10 19:48 - 2015-03-10 19:48 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
    2015-03-10 19:48 - 2015-03-10 19:48 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
    2015-03-10 19:48 - 2015-03-10 19:48 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
    2015-03-10 19:48 - 2015-03-10 19:48 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
    2015-03-10 19:48 - 2015-03-10 19:48 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
    2015-03-10 19:48 - 2015-03-10 19:48 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
    2015-03-10 19:48 - 2015-03-10 19:48 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
    2015-03-10 19:48 - 2015-03-10 19:48 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
    2015-03-10 19:48 - 2015-03-10 19:48 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
    2015-03-10 19:48 - 2015-03-10 19:48 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
    2015-03-10 19:48 - 2015-03-10 19:48 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
    2015-03-10 19:48 - 2015-03-10 19:48 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
    2015-03-10 19:48 - 2015-03-10 19:48 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
    2015-03-10 19:48 - 2015-03-10 19:48 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
    2015-03-10 19:48 - 2015-03-10 19:48 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2015-03-10 19:48 - 2015-03-10 19:48 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
    2015-03-10 19:48 - 2015-03-10 19:48 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
    2015-03-10 19:48 - 2015-03-10 19:48 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
    2015-03-10 19:48 - 2015-03-10 19:48 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
    2015-03-10 19:48 - 2015-03-10 19:48 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll
    2015-03-10 19:48 - 2015-03-10 19:48 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
    2015-03-10 19:48 - 2015-03-10 19:48 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
    2015-03-10 19:48 - 2015-03-10 19:48 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
    2015-03-10 19:48 - 2015-03-10 19:48 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
    2015-03-10 19:48 - 2015-03-10 19:48 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
    2015-03-10 19:48 - 2015-03-10 19:48 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
    2015-03-10 19:48 - 2015-03-10 19:48 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
    2015-03-10 19:48 - 2015-03-10 19:48 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
    2015-03-10 19:48 - 2015-03-10 19:48 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
    2015-03-10 19:48 - 2015-03-10 19:48 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
    2015-03-10 19:48 - 2015-03-10 19:48 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
    2015-03-10 19:48 - 2015-03-10 19:48 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
    2015-03-10 19:48 - 2015-03-10 19:48 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
    2015-03-10 19:48 - 2015-03-10 19:48 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
    2015-03-10 19:48 - 2015-03-10 19:48 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
    2015-03-10 19:48 - 2015-03-10 19:48 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
    2015-03-10 19:48 - 2015-03-10 19:48 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe
    2015-03-10 19:48 - 2015-03-10 19:48 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
    2015-03-10 19:48 - 2015-03-10 19:48 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
    2015-03-10 19:48 - 2015-03-10 19:48 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
    2015-03-10 19:48 - 2015-03-10 19:48 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe
    2015-03-10 19:48 - 2015-03-10 19:48 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll
    2015-03-10 19:48 - 2015-03-10 19:48 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
    2015-03-10 19:48 - 2015-03-10 19:48 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
    2015-03-10 19:48 - 2015-03-10 19:48 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
    2015-03-10 19:48 - 2015-03-10 19:48 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
    2015-03-10 19:48 - 2015-03-10 19:48 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
    2015-03-10 19:48 - 2015-03-10 19:48 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
    2015-03-10 19:48 - 2015-03-10 19:48 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
    2015-03-10 19:48 - 2015-03-10 19:48 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
    2015-03-10 19:48 - 2015-03-10 19:48 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
    2015-03-10 19:48 - 2015-03-10 19:48 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
    2015-03-10 19:48 - 2015-02-20 03:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
    2015-03-10 19:48 - 2015-02-20 02:22 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2015-03-10 19:46 - 2015-03-10 19:46 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
    2015-03-10 19:46 - 2015-03-10 19:46 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
    2015-03-10 17:55 - 2015-03-10 17:55 - 00001401 _____ () C:\Users\Lee\Desktop\Azureus copy.lnk
    2015-03-10 06:45 - 2015-03-12 15:26 - 00000000 ____D () C:\Program Files\Vuze - Copy
    2015-03-10 06:38 - 2015-03-10 06:37 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
    2015-03-10 06:37 - 2015-03-10 06:37 - 00000000 ____D () C:\Program Files\Java
    2015-03-10 05:50 - 2015-03-10 05:50 - 00002924 _____ () C:\Windows\System32\Tasks\{2B90FF94-BD6D-462B-BDAC-5AB4E4373D68}
    2015-03-10 05:49 - 2015-03-10 05:48 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
    2015-03-10 05:48 - 2015-03-10 05:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit
    2015-03-10 05:48 - 2015-03-10 05:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
    2015-03-09 01:14 - 2015-03-09 01:14 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2015-03-09 01:14 - 2015-03-09 01:14 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2015-03-08 15:47 - 2015-03-08 15:48 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Samsung
    2015-03-08 15:47 - 2015-03-08 15:47 - 00000000 ____D () C:\Users\Administrator\Documents\SelfMV
    2015-03-08 15:47 - 2015-03-08 15:47 - 00000000 ____D () C:\Users\Administrator\Documents\samsung
    2015-03-08 06:29 - 2015-03-08 06:29 - 00000000 ____D () C:\WMSDK
    2015-03-07 22:27 - 2015-03-08 06:16 - 00011152 _____ () C:\Windows\IE10_main.log
    2015-03-07 20:22 - 2009-07-14 01:14 - 00008704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ctfmon.exe.backup
    2015-03-07 17:23 - 2015-03-07 17:23 - 00028166 _____ () C:\Users\Lee\Documents\cc_20150307_172326.reg
    2015-03-07 17:23 - 2015-03-07 17:23 - 00006028 _____ () C:\Users\Lee\Documents\cc_20150307_172340.reg
    2015-03-07 00:50 - 2015-03-07 00:50 - 00000020 ___SH () C:\Users\Administrator\ntuser.ini
    2015-03-07 00:50 - 2015-03-07 00:50 - 00000000 ___RD () C:\Users\Administrator\Virtual Machines
    2015-03-07 00:50 - 2015-03-07 00:50 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Logitech
    2015-03-07 00:50 - 2015-03-07 00:50 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Adobe
    2015-03-07 00:50 - 2015-03-07 00:50 - 00000000 ____D () C:\Users\Administrator
    2015-03-07 00:50 - 2009-07-14 04:54 - 00000000 ___RD () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
    2015-03-07 00:50 - 2009-07-14 04:49 - 00000000 ___RD () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
    2015-03-07 00:24 - 2015-03-07 00:24 - 00012675 _____ () C:\Users\Lee\Desktop\hijackthis.log
    2015-03-06 21:02 - 2015-03-06 21:02 - 00023301 _____ () C:\Users\Lee\Desktop\dds.txt
    2015-03-06 21:02 - 2015-03-06 21:02 - 00007174 _____ () C:\Users\Lee\Desktop\attach.txt
    2015-03-06 01:22 - 2015-03-06 01:25 - 00285208 _____ (Trend Micro Inc.) C:\Windows\system32\Drivers\tmcomm.sys
    2015-03-05 22:25 - 2015-03-05 22:25 - 00003773 _____ () C:\Windows\wininit.ini
    2015-03-05 06:36 - 2015-03-12 07:26 - 00016480 _____ () C:\Windows\PFRO.log
    2015-03-05 06:30 - 2015-03-05 06:30 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
    2015-03-05 06:30 - 2015-03-05 06:30 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
    2015-03-05 06:30 - 2015-03-05 06:30 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
    2015-03-05 06:30 - 2015-03-05 06:30 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
    2015-03-05 06:30 - 2015-03-05 06:30 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
    2015-03-05 06:30 - 2015-03-05 06:30 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2015-03-05 06:30 - 2015-03-05 06:30 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
    2015-03-05 06:30 - 2015-03-05 06:30 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
    2015-03-05 06:30 - 2015-03-05 06:30 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
    2015-03-05 06:30 - 2015-03-05 06:30 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
    2015-03-05 06:30 - 2015-03-05 06:30 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
    2015-03-05 06:30 - 2015-03-05 06:30 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
    2015-03-05 06:30 - 2015-03-05 06:30 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
    2015-03-05 06:30 - 2015-03-05 06:30 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
    2015-03-05 06:30 - 2015-03-05 06:30 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
    2015-03-05 06:30 - 2015-03-05 06:30 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
    2015-03-05 06:30 - 2015-03-05 06:30 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
    2015-03-05 06:30 - 2015-03-05 06:30 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
    2015-03-05 06:30 - 2015-03-05 06:30 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
    2015-03-05 06:30 - 2015-03-05 06:30 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
    2015-03-05 06:30 - 2015-03-05 06:30 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
    2015-03-05 06:30 - 2015-03-05 06:30 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
    2015-03-05 06:30 - 2015-03-05 06:30 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
    2015-03-05 06:30 - 2015-03-05 06:30 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
    2015-03-05 06:30 - 2015-03-05 06:30 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
    2015-03-05 06:30 - 2015-03-05 06:30 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
    2015-03-05 06:30 - 2015-03-05 06:30 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
    2015-03-05 06:30 - 2015-03-05 06:30 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
    2015-03-05 06:30 - 2015-03-05 06:30 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
    2015-03-05 06:30 - 2015-03-05 06:30 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
    2015-03-05 06:30 - 2015-03-05 06:30 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
    2015-03-05 06:30 - 2015-03-05 06:30 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
    2015-03-05 06:30 - 2015-03-05 06:30 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
    2015-03-05 06:30 - 2015-03-05 06:30 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
    2015-03-05 06:30 - 2015-03-05 06:30 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
    2015-03-05 06:30 - 2015-03-05 06:30 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
    2015-03-05 06:30 - 2015-03-05 06:30 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
    2015-03-05 06:30 - 2015-03-05 06:30 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
    2015-03-05 06:30 - 2015-03-05 06:30 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
    2015-03-05 06:30 - 2015-03-05 06:30 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
    2015-03-05 06:30 - 2015-03-05 06:30 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
    2015-03-05 06:30 - 2015-03-05 06:30 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
    2015-03-05 06:30 - 2015-03-05 06:30 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
    2015-03-05 06:30 - 2015-03-05 06:30 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
    2015-03-05 06:30 - 2015-03-05 06:30 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
    2015-03-05 06:30 - 2015-03-05 06:30 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
    2015-03-05 06:30 - 2015-03-05 06:30 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
    2015-03-05 06:30 - 2015-03-05 06:30 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
    2015-03-05 06:30 - 2015-03-05 06:30 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
    2015-03-05 06:30 - 2015-03-05 06:30 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
    2015-03-05 06:30 - 2015-03-05 06:30 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
    2015-03-05 06:30 - 2015-03-05 06:30 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
    2015-03-05 06:28 - 2015-03-07 00:30 - 00009166 _____ () C:\Windows\IE11_main.log
    2015-02-28 20:43 - 2015-02-28 20:43 - 00000000 ____D () C:\ProgramData\Adobe Systems
    2015-02-28 20:42 - 2015-02-28 20:42 - 00002032 _____ () C:\Users\Public\Desktop\Adobe Audition 3.0.lnk
    2015-02-28 20:37 - 2015-03-12 15:38 - 00004340 _____ () C:\Windows\error.log
    2015-02-28 20:36 - 2015-03-12 15:38 - 00001008 _____ () C:\Windows\errord.log
    2015-02-28 20:21 - 2015-02-28 20:23 - 00014312 _____ () C:\Windows\DPINST.LOG
    2015-02-28 20:21 - 2015-02-28 20:21 - 00000000 ____D () C:\Users\Lee\MCS
    2015-02-28 20:21 - 2015-02-28 20:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Aaronia AG
    2015-02-28 19:59 - 2015-03-12 22:53 - 00043758 _____ () C:\Windows\setupact.log
    2015-02-28 19:59 - 2015-02-28 19:59 - 00000000 _____ () C:\Windows\setuperr.log
    2015-02-28 16:13 - 2015-02-28 16:13 - 00036356 _____ () C:\Users\Lee\Documents\cc_20150228_161312.reg
    2015-02-26 16:54 - 2015-03-06 20:42 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
    2015-02-25 14:33 - 2015-01-08 23:44 - 00419936 _____ () C:\Windows\SysWOW64\locale.nls
    2015-02-25 14:33 - 2015-01-08 23:43 - 00419936 _____ () C:\Windows\system32\locale.nls
    2015-02-23 21:31 - 2015-02-23 21:59 - 00000000 ____D () C:\Users\Lee\Desktop\New folder (6)
    2015-02-19 16:43 - 2015-02-19 16:43 - 00000000 ____D () C:\Users\Lee\AppData\Roaming\PDFlite
    2015-02-12 15:33 - 2015-02-12 15:33 - 00001687 _____ () C:\Users\Lee\Desktop\auCDtectTaskManager.exe - Shortcut.lnk
    2015-02-12 15:14 - 2015-02-12 15:33 - 00000000 ____D () C:\Program Files (x86)\auCDtect Task Manager
    2015-02-11 16:13 - 2015-02-11 16:13 - 00950272 _____ (Microsoft Corporation) C:\Windows\system32\perftrack.dll
    2015-02-11 16:13 - 2015-02-11 16:13 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\wdi.dll
    2015-02-11 16:13 - 2015-02-11 16:13 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdi.dll
    2015-02-11 16:13 - 2015-02-11 16:13 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\powertracker.dll
    2015-02-11 14:51 - 2015-02-11 14:51 - 01239720 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
    2015-02-11 14:51 - 2015-02-11 14:51 - 01098752 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
    2015-02-11 14:51 - 2015-02-11 14:51 - 00894976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
    2015-02-11 14:51 - 2015-02-11 14:51 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
    2015-02-11 14:51 - 2015-02-11 14:51 - 00762368 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
    2015-02-11 14:51 - 2015-02-11 14:51 - 00609280 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
    2015-02-11 14:51 - 2015-02-11 14:51 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
    2015-02-11 14:51 - 2015-02-11 14:51 - 00414720 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
    2015-02-11 14:51 - 2015-02-11 14:51 - 00406528 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
    2015-02-11 14:51 - 2015-02-11 14:51 - 00308224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
    2015-02-11 14:51 - 2015-02-11 14:51 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
    2015-02-11 14:51 - 2015-02-11 14:51 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll

    ==================== One Month Modified Files and Folders =======

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-03-13 00:04 - 2015-01-30 17:04 - 00000000 ____D () C:\FRST
    2015-03-13 00:04 - 2014-08-22 20:16 - 00000000 ____D () C:\TEMP
    2015-03-13 00:01 - 2013-06-06 22:35 - 00000000 ____D () C:\Users\Lee\AppData\Roaming\Azureus
    2015-03-12 23:58 - 2014-05-05 00:30 - 01474832 _____ () C:\Windows\system32\Drivers\sfi.dat
    2015-03-12 23:50 - 2014-03-30 15:03 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2015-03-12 23:25 - 2013-07-31 21:38 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2015-03-12 22:35 - 2013-07-31 21:38 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2015-03-12 20:35 - 2009-07-14 05:13 - 00902586 _____ () C:\Windows\system32\PerfStringBackup.INI
    2015-03-12 19:26 - 2013-07-31 21:38 - 00002190 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
    2015-03-12 16:01 - 2013-07-16 13:38 - 00000000 ____D () C:\Users\Lee\AppData\Roaming\foobar2000
    2015-03-12 15:58 - 2013-06-06 20:08 - 01333298 _____ () C:\Windows\WindowsUpdate.log
    2015-03-12 15:45 - 2009-07-14 04:45 - 00025232 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2015-03-12 15:45 - 2009-07-14 04:45 - 00025232 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2015-03-12 15:38 - 2009-07-14 05:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
    2015-03-12 07:26 - 2013-08-12 04:14 - 00000000 ____D () C:\ProgramData\LogMeIn
    2015-03-12 07:25 - 2013-07-15 19:27 - 00000000 ____D () C:\Users\Lee\AppData\Roaming\uTorrent
    2015-03-11 00:38 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\rescache
    2015-03-10 19:54 - 2014-08-23 19:56 - 00000000 ___RD () C:\Users\Lee\Virtual Machines
    2015-03-10 19:54 - 2009-07-14 04:57 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
    2015-03-10 19:53 - 2009-07-14 04:45 - 00296248 _____ () C:\Windows\system32\FNTCACHE.DAT
    2015-03-10 19:52 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
    2015-03-10 19:52 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\system32\Dism
    2015-03-10 17:51 - 2013-05-23 21:26 - 00007265 _____ () C:\Users\Lee\Desktop\BOX.txt
    2015-03-10 06:50 - 2013-06-06 22:35 - 00001691 _____ () C:\Users\Public\Desktop\Vuze.lnk
    2015-03-10 06:50 - 2013-06-06 22:35 - 00001691 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vuze.lnk
    2015-03-10 06:44 - 2013-06-06 22:35 - 00000000 ____D () C:\Program Files\Vuze
    2015-03-10 06:32 - 2014-12-10 14:52 - 00002094 _____ () C:\Users\Public\Desktop\Data Migration.lnk
    2015-03-10 05:48 - 2013-06-18 18:56 - 00000000 ____D () C:\Program Files (x86)\Java
    2015-03-10 05:15 - 2013-10-20 05:19 - 00000000 ____D () C:\ProgramData\Oracle
    2015-03-09 16:21 - 2013-06-19 21:31 - 00000000 ____D () C:\Program Files (x86)\!! StaxRip_1.1.8.0
    2015-03-09 01:49 - 2015-01-31 02:06 - 00000000 ____D () C:\Users\Lee\.get_iplayer
    2015-03-08 05:31 - 2014-10-21 03:33 - 00001980 _____ () C:\Users\Public\Desktop\Samsung Kies 3.lnk
    2015-03-08 05:31 - 2013-11-15 18:33 - 00000000 ____D () C:\Program Files (x86)\Samsung
    2015-03-08 01:31 - 2014-10-28 14:18 - 00000040 ___SH () C:\ProgramData\.zreglib
    2015-03-07 22:40 - 2013-07-09 22:03 - 00000000 ____D () C:\Windows\system32\MRT
    2015-03-07 22:36 - 2013-06-06 22:00 - 122905848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
    2015-03-07 20:29 - 2009-07-14 03:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
    2015-03-07 20:29 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
    2015-03-07 20:22 - 2009-07-13 23:26 - 00024064 _____ (Gerhard Schlager) C:\Windows\SysWOW64\ctfmon.exe
    2015-03-07 17:21 - 2015-02-01 06:25 - 00000000 ____D () C:\Windows\4FC9DA9DF608454E8191D7EFFDCC5726.TMP
    2015-03-07 17:21 - 2015-01-31 20:26 - 00000000 ____D () C:\Users\Lee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
    2015-03-07 17:21 - 2015-01-31 20:26 - 00000000 ____D () C:\sh4ldr
    2015-03-07 17:21 - 2014-05-25 06:14 - 00000000 ____D () C:\Program Files (x86)\R-Linux
    2015-03-07 17:20 - 2014-11-30 22:35 - 00000000 ____D () C:\Program Files (x86)\HDD Regenerator
    2015-03-07 17:18 - 2014-12-21 17:07 - 00000000 ____D () C:\Program Files (x86)\Nero
    2015-03-07 04:37 - 2014-08-22 13:10 - 00000000 ____D () C:\AdwCleaner
    2015-03-07 01:22 - 2013-07-13 16:25 - 00000000 ____D () C:\ProgramData\ArcSoft
    2015-03-07 00:19 - 2009-07-14 05:32 - 00000000 ____D () C:\Windows\Offline Web Pages
    2015-03-07 00:01 - 2013-06-06 21:07 - 00295552 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
    2015-03-06 23:55 - 2009-07-14 03:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
    2015-03-06 22:57 - 2014-03-30 15:03 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
    2015-03-06 22:57 - 2014-03-30 15:03 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
    2015-03-06 22:57 - 2014-03-30 15:03 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
    2015-03-06 22:57 - 2014-03-30 15:03 - 00001113 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2015-03-06 22:57 - 2014-03-30 15:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    2015-03-06 22:57 - 2014-03-30 15:03 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
    2015-03-06 20:44 - 2014-08-22 15:15 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
    2015-03-05 22:25 - 2015-02-01 06:41 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
    2015-03-05 06:36 - 2013-06-07 05:04 - 00000000 ____D () C:\Windows\Panther
    2015-03-05 06:29 - 2013-11-11 20:42 - 00028368 _____ (Microsoft Corporation) C:\Windows\system32\IEUDINIT.EXE
    2015-03-03 06:20 - 2013-06-11 23:18 - 00000000 ____D () C:\Users\Lee\AppData\Roaming\vlc
    2015-03-02 19:59 - 2015-01-31 02:16 - 00000245 _____ () C:\Users\Lee\.swfinfo
    2015-02-28 20:44 - 2013-06-06 22:19 - 00000000 ____D () C:\Users\Lee\AppData\Roaming\Adobe
    2015-02-28 20:42 - 2014-01-26 01:36 - 00002048 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Audition 3.0.lnk
    2015-02-28 20:42 - 2013-09-08 16:49 - 00000000 ____D () C:\ProgramData\Adobe
    2015-02-28 20:21 - 2013-06-06 20:09 - 00000000 ____D () C:\Users\Lee
    2015-02-28 20:03 - 2014-03-06 20:21 - 00000000 ____D () C:\Users\Lee\AppData\Roaming\spek
    2015-02-28 16:12 - 2013-12-30 00:53 - 00000000 ____D () C:\Users\Lee\AppData\Roaming\DAEMON Tools Lite
    2015-02-28 16:12 - 2013-06-07 15:25 - 00000000 ____D () C:\Users\Lee\AppData\Roaming\Media Player Classic
    2015-02-28 16:11 - 2013-08-15 11:24 - 00000829 _____ () C:\Users\Public\Desktop\CCleaner.lnk
    2015-02-28 16:11 - 2013-08-15 11:24 - 00000000 ____D () C:\Program Files\CCleaner
    2015-02-23 16:32 - 2013-06-22 11:47 - 00001112 _____ () C:\Users\Public\Desktop\AnyDVD.lnk
    2015-02-22 04:49 - 2013-06-25 20:35 - 00000000 ____D () C:\Program Files (x86)\! BD Rebuilder
    2015-02-21 00:01 - 2013-07-18 01:46 - 00000000 ____D () C:\Users\Lee\AppData\Roaming\Mp3tag
    2015-02-19 16:41 - 2013-06-23 19:37 - 00001870 _____ () C:\Users\Public\Desktop\PDFlite.lnk
    2015-02-15 22:08 - 2014-10-28 22:25 - 00001956 _____ () C:\Users\Public\Desktop\MKVToolNix GUI preview.lnk
    2015-02-15 22:08 - 2013-06-22 11:23 - 00001873 _____ () C:\Users\Public\Desktop\mkvmerge GUI.lnk
    2015-02-14 15:35 - 2014-09-23 17:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LAV Filters
    2015-02-14 15:35 - 2014-09-23 17:31 - 00000000 ____D () C:\Program Files (x86)\LAV Filters
    2015-02-11 16:31 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\tracing
    2015-02-11 16:10 - 2014-12-10 06:25 - 00000000 ____D () C:\Windows\system32\appraiser
    2015-02-11 16:10 - 2014-04-23 19:01 - 00000000 ___SD () C:\Windows\system32\CompatTel

    ==================== Files in the root of some directories =======

    2013-11-01 22:47 - 2013-11-01 22:51 - 0000496 _____ () C:\Users\Lee\AppData\Roaming\UserMetrics.osl
    2014-12-18 02:10 - 2014-12-18 02:10 - 0031794 _____ () C:\Users\Lee\AppData\Local\13E5D428_stp.CIS
    2014-12-18 02:10 - 2014-12-18 02:10 - 0000289 _____ () C:\Users\Lee\AppData\Local\13E5D428_stp.CIS.part
    2014-12-18 02:10 - 2014-12-18 02:10 - 0382062 _____ () C:\Users\Lee\AppData\Local\6AC3B58C_stp.CIS
    2014-12-18 02:10 - 2014-12-18 02:10 - 0000220 _____ () C:\Users\Lee\AppData\Local\6AC3B58C_stp.CIS.part
    2015-03-06 17:48 - 2015-03-06 17:48 - 0000000 _____ () C:\Users\Lee\AppData\Local\ars.cache
    2015-03-06 17:48 - 2015-03-06 17:48 - 0363889 _____ () C:\Users\Lee\AppData\Local\census.cache
    2015-03-06 01:22 - 2015-03-06 01:22 - 0000036 _____ () C:\Users\Lee\AppData\Local\housecall.guid.cache
    2014-12-10 15:00 - 2014-12-10 15:00 - 0007605 _____ () C:\Users\Lee\AppData\Local\Resmon.ResmonCfg
    2015-03-06 01:28 - 2015-03-06 01:28 - 0000010 _____ () C:\Users\Lee\AppData\Local\sponge.last.runtime.cache
    2014-10-28 14:18 - 2015-03-08 01:31 - 0000040 ___SH () C:\ProgramData\.zreglib

    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\System32\winlogon.exe => File is digitally signed
    C:\Windows\System32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\System32\services.exe => File is digitally signed
    C:\Windows\System32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\System32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed
    C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2015-03-05 00:56

    ==================== End Of Log ============================
     
  3. cossie96

    cossie96 TS Rookie Topic Starter Posts: 21

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015
    Ran by Lee at 2015-03-13 00:05:18
    Running from C:\Users\Lee\Desktop
    Boot Mode: Normal
    ==========================================================


    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: COMODO Antivirus (Enabled - Up to date) {F0BC89B2-8937-0933-021B-B17D981F2A71}
    AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
    AS: Comodo Defense+ (Disabled - Up to date) {4BDD6856-AF0D-06BD-38AB-8A0FE39860CC}

    ==================== Installed Programs ======================

    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    @Bios (HKLM-x32\...\{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}) (Version: 2.28 - GIGABYTE)
    µTorrent (HKU\S-1-5-21-2617431701-2952813283-2152824867-1000\...\uTorrent) (Version: 3.4.2.37951 - BitTorrent Inc.)
    7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version: - )
    Active@ KillDisk 9.1 (HKLM\...\{81B939C1-0219-42B6-A352-D5E43F2BDFAE}_is1) (Version: 9.1 - LSoft Technologies Inc)
    Adobe Audition 3.0 (HKLM-x32\...\Adobe Audition 3.0) (Version: 3.0 - Adobe Systems Incorporated)
    Adobe Audition 3.0 Vista Compatibility (HKLM\...\{75d2897c-87aa-4a06-8710-3ebda9f02de0}.sdb) (Version: - )
    Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
    AIDA64 Extreme v4.00 (HKLM-x32\...\AIDA64 Extreme_is1) (Version: 4.00 - FinalWire Ltd.)
    Aimersoft DRM Media Converter(Build 1.5.6.0) (HKLM-x32\...\Aimersoft DRM Media Converter_is1) (Version: - Aimersoft Software)
    Akamai NetSession Interface (HKU\S-1-5-21-2617431701-2952813283-2152824867-1000\...\Akamai) (Version: - Akamai Technologies, Inc)
    Another EAC3to GUI (HKLM-x32\...\{01D4AA75-96C7-4C4C-8238-6BC51A00C39D}) (Version: 0.9.119 - ACD)
    AnyDVD (HKLM-x32\...\AnyDVD) (Version: 7.5.8.0 - SlySoft)
    ASIO Proxy for foobar2000 (HKLM-x32\...\ASIOProxy) (Version: 0.6.5 - Maxim V.Anisiutkin)
    Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.7 - Atheros Communications Inc.)
    Auslogics DiskDefrag (HKLM-x32\...\{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1) (Version: 4.5.4.0 - Auslogics Labs Pty Ltd)
    Avidemux 2.6 - 64bits (HKLM-x32\...\Avidemux 2.6 - 64bits (64-bit)) (Version: 2.6.8.9046 - )
    AviSynth 2.5 (HKLM-x32\...\AviSynth) (Version: - )
    BBC iPlayer Downloads (HKLM-x32\...\{C3794B09-6C43-4B93-9CA8-F10BECCF2971}) (Version: 1.11.1 - BBC)
    BDtoAVCHD 2.1.5 (HKLM-x32\...\{C47F57C7-C22C-4CB8-BD48-41FF039F7E1B}) (Version: 2.1.5 - Joel Gali)
    Bitrate Viewer 2.3 (HKLM-x32\...\Bitrate Viewer) (Version: 2.3 - EDV & Astro Service)
    BitTorrent Sync (HKLM-x32\...\BitTorrent Sync) (Version: 1.4.83 - BitTorrent Inc.)
    BlackVue HD (HKLM-x32\...\BlackVueHD) (Version: - )
    BleachBit (HKLM-x32\...\BleachBit) (Version: 1.6 - BleachBit)
    Bulk Rename Utility 2.7.1.3 (HKLM\...\Bulk Rename Utility_is1) (Version: - TGRMN Software)
    Canon Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version: 4.1.6 - Canon Inc.)
    Canon MG6200 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG6200_series) (Version: - Canon Inc.)
    Canon MP Navigator EX 5.0 (HKLM-x32\...\MP Navigator EX 5.0) (Version: - )
    Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.1.0 - Canon Inc.)
    CCleaner (HKLM\...\CCleaner) (Version: 5.03 - Piriform)
    CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.4.5306 - CDBurnerXP)
    ClickRepair 3.9.1 and ClickRepairRT 1.3 (HKLM-x32\...\ClickRepair_is1) (Version: - Caloundra Audio Restoration)
    COMODO Antivirus (HKLM\...\{2736B6BD-31EC-4FC8-A48C-F0A5C914C0B6}) (Version: 7.0.55655.4142 - COMODO Security Solutions Inc.)
    Core Temp 1.0 RC6 (HKLM\...\{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1) (Version: 1.0 - Alcpu)
    Corel PaintShop Pro X4 (HKLM-x32\...\_{00580795-581C-4587-B9F2-37320D7AB37F}) (Version: 14.0.0.345 - Corel Corporation)
    Corel PaintShop Pro X4 (x32 Version: 14.0.0.345 - Corel Corporation) Hidden
    CPUID HWMonitor Pro 1.16 (HKLM\...\CPUID HWMonitorPro_is1) (Version: - )
    CrystalDiskInfo 5.6.2 (HKLM-x32\...\CrystalDiskInfo_is1) (Version: 5.6.2 - Crystal Dew World)
    CyberLink PowerDVD 14 (HKLM-x32\...\{32C8E300-BDB4-4398-92C2-E9B7D8A233DB}) (Version: 14.0.4704.58 - CyberLink Corp.)
    dBpoweramp (HKLM-x32\...\dBpoweramp) (Version: Release 15.1 - Illustrate)
    dBpoweramp DSP Effects (HKLM-x32\...\dBpoweramp DSP Effects) (Version: Release 11 - Illustrate)
    Disk Check 1.2 (HKLM\...\Disk Check_is1) (Version: - Puran Software)
    DiskInternals EFS Recovery (HKLM-x32\...\DiskInternals EFS Recovery) (Version: 2.3 - DiskInternals Research)
    Dreambox Config Creator v0.9.5 (HKLM-x32\...\{32981E26-6257-4F24-BDFB-80928C9119A8}) (Version: 0.9.5 - B16MCC)
    DreamboxUK Services Database (HKLM-x32\...\{4925E437-A7DF-44FB-AD9D-5095A32382B8}) (Version: 3.0.0 - DreamboxUK)
    DU Meter (HKLM-x32\...\DUMeter3_is1) (Version: 6.20 - Hagel Technologies Ltd.)
    Duplicate Cleaner Pro 3.2.4 (HKLM-x32\...\Duplicate Cleaner Pro) (Version: 3.2.4 - DigitalVolcano Software Ltd)
    DVD Audio Extractor 7.2.0 (HKLM-x32\...\DVD Audio Extractor_is1) (Version: - Computer Application Studio)
    DVD Decrypter (Remove Only) (HKLM-x32\...\DVD Decrypter) (Version: - )
    DVD Rebuilder (HKLM-x32\...\{584A1ECC-00AB-4FCC-B6AE-172741F32ABC}_is1) (Version: PRO v1.28.2 - jdobbs softworks and rockas association)
    DVDFab Virtual Drive (HKLM\...\DVDFab Virtual Drive_is1) (Version: 1.5.1.1 - Fengtao Software Inc.)
    EaseUS Data Recovery Wizard 6.1 (HKLM-x32\...\EaseUS Data Recovery Wizard 6.1_is1) (Version: - EaseUS)
    EncSpot Basic 2.0 (HKLM-x32\...\EncSpot Basic_is1) (Version: - GuerillaSoft)
    eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
    Exact Audio Copy 1.0beta4 (HKLM-x32\...\Exact Audio Copy) (Version: 1.0beta4 - Andre Wiethoff)
    ffdshow v1.3.4504 [2013-03-12] (HKLM-x32\...\ffdshow_is1) (Version: 1.3.4504.0 - )
    FLAC Frontend (HKLM-x32\...\{315E5E8B-0560-413A-B604-622A4C8BECBD}) (Version: 2.1.1 - Xiph.org)
    foobar2000 v1.3.2 (HKLM-x32\...\foobar2000) (Version: 1.3.2 - Peter Pawlowski)
    FreeFileSync 6.12 (HKLM-x32\...\FreeFileSync_is1) (Version: 6.12 - www.FreeFileSync.org)
    get_iplayer 4.9 (HKLM-x32\...\get_iplayer) (Version: 4.9 - infradead.org)
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 41.0.2272.89 - Google Inc.)
    Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
    Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
    Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
    Haali Media Splitter (HKLM-x32\...\HaaliMkx) (Version: - )
    HD Tune Pro 5.50 (HKLM-x32\...\HD Tune Pro_is1) (Version: - EFD Software)
    Helix YUV Codecs (remove only) (HKLM-x32\...\HelixYUVCodecs) (Version: - )
    ICA (x32 Version: 14.0.0.345 - Corel Corporation) Hidden
    ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
    Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
    Intel(R) Driver Update Utility 2.0 (x32 Version: 2.0.0.29 - Intel) Hidden
    Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
    Intel(R) Network Connections 18.3.72.0 (HKLM\...\PROSetDX) (Version: 18.3.72.0 - Intel)
    Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3496 - Intel Corporation)
    Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.63463 - Intel Corporation)
    Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.5.235 - Intel Corporation)
    Intel® Driver Update Utility (HKLM-x32\...\{8409c4f7-2340-4933-a304-5d37db4fb48b}) (Version: 2.0.0.29 - Intel)
    IPM_PSP_COM (x32 Version: 14.0.0.345 - Corel Corporation) Hidden
    Jasc Paint Shop Pro 9 (HKLM-x32\...\{F843C6A3-224D-4615-94F8-3C461BD9AEA0}) (Version: 9.00.0000 - Jasc Software Inc)
    Java 8 Update 40 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418040F0}) (Version: 8.0.400 - Oracle Corporation)
    Java 8 Update 40 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218040F0}) (Version: 8.0.400 - Oracle Corporation)
    Java SE Development Kit 8 Update 40 (HKLM-x32\...\{32A3A4F4-B792-11D6-A78A-00B0D0180400}) (Version: 8.0.400.25 - Oracle Corporation)
    Kernel Outlook PST Viewer ver 11.05.01 (HKLM-x32\...\Kernel Outlook PST Viewer_is1) (Version: - Lepide Software Pvt. Ltd.)
    LAV Filters 0.63.0 (HKLM-x32\...\lavfilters_is1) (Version: 0.63.0 - Hendrik Leppkes)
    Logitech SetPoint 6.52 (HKLM\...\sp6) (Version: 6.52.74 - Logitech)
    LogMeIn (HKLM-x32\...\{B27B646E-76EA-4412-91D8-A4DFDA8AD152}) (Version: 4.1.3256 - LogMeIn, Inc.)
    Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
    marvell 91xx driver (HKLM-x32\...\MagniDriver) (Version: 1.2.0.1020 - Marvell)
    MediaInfo 0.7.71 (HKLM\...\MediaInfo) (Version: 0.7.71 - MediaArea.net)
    Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
    Microsoft Sync Framework 2.0 Core Components (x64) ENU (HKLM\...\{8CCBEC22-D2DB-4DC9-A58A-E1A1F3A38C8A}) (Version: 2.0.1578.0 - Microsoft Corporation)
    Microsoft Sync Framework 2.0 Provider Services (x64) ENU (HKLM\...\{03AC245F-4C64-425C-89CF-7783C1D3AB2C}) (Version: 2.0.1578.0 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
    Minimal ADB and Fastboot version 1.1.3 (HKLM-x32\...\{DE46417A-9E9E-4BCD-BBDD-DA21943193BB}_is1) (Version: 1.1.3 - )
    MKV Chapterizer (HKLM-x32\...\MKV Chapterizer) (Version: - Fredrik Blomqvist)
    MKVToolNix 7.6.0 (64bit) (HKLM-x32\...\MKVToolNix) (Version: 7.6.0 - Moritz Bunkus)
    Monkey's Audio (HKLM-x32\...\Monkey's Audio_is1) (Version: - )
    Mozilla Firefox 36.0.1 (x86 en-GB) (HKLM-x32\...\Mozilla Firefox 36.0.1 (x86 en-GB)) (Version: 36.0.1 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 31.0 - Mozilla)
    Mp3tag v2.64 (HKLM-x32\...\Mp3tag) (Version: v2.64 - Florian Heidenreich)
    mp4UI (HKLM-x32\...\mp4UI) (Version: - )
    MPC-HC 1.7.6 (64-bit) (HKLM\...\{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1) (Version: 1.7.6 - MPC-HC Team)
    MTP Porting Kit (HKLM-x32\...\{353B1E6D-7073-4450-8C80-699BD8FCFB49}) (Version: 12.0.0 - Microsoft Corp)
    OpenOffice.org 3.3 (HKLM-x32\...\{3E171899-0175-47CC-84C4-562ACDD4C021}) (Version: 3.3.9567 - OpenOffice.org)
    PDFlite 2.0.0.0 (HKLM-x32\...\PDFlite) (Version: 2.0.0.0 - Amnis Technology Ltd)
    PSPPContent (x32 Version: 14.0.0.345 - Corel Corporation) Hidden
    PSPPHelp (x32 Version: 14.0.0.345 - Corel Corporation) Hidden
    PSPPro64 (Version: 14.0.0.345 - Corel Corporation) Hidden
    Raise Data Recovery for Ext2/3/4, version 5.15.1 (HKLM-x32\...\Raise Data Recovery for Ext2/3/4_is1) (Version: 5.15.1 - LLC "SysDev Laboratories")
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6662 - Realtek Semiconductor Corp.)
    RoboForm 7-9-7-5 (All Users) (HKLM-x32\...\AI RoboForm) (Version: 7-9-7-5 - Siber Systems)
    Samsung Data Migration (HKLM-x32\...\{D4DE3DB4-7734-47E5-8D92-B80146311406}) (Version: 2.7 - Samsung)
    Samsung Kies3 (HKLM-x32\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.15024.8 - Samsung Electronics Co., Ltd.)
    Samsung Kies3 (x32 Version: 3.2.15024.8 - Samsung Electronics Co., Ltd.) Hidden
    Samsung Magician (HKLM-x32\...\{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1) (Version: 4.5.1 - Samsung Electronics)
    SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.49.0 - SAMSUNG Electronics Co., Ltd.)
    SeaTools for Windows (HKLM-x32\...\SeaTools for Windows) (Version: - Seagate Technology)
    Setup (x32 Version: 14.0.0.345 - Corel Corporation) Hidden
    Smart Cutter for DV and DVB (HKLM-x32\...\{9A9CEF47-6227-4D03-A3E0-55C2B64F61DE}) (Version: 1.00.0000 - FameRing)
    SolveigMM Video Splitter Home Edition (HKLM-x32\...\SolveigMM Video Splitter Home Edition 4.0.1401.28) (Version: 4.0.1401.28 - Solveig Multimedia)
    Sony Noise Reduction Plug-In 2.0h (HKLM-x32\...\{06A1BE8A-4CA4-4A39-B9E4-E815AA8FE05C}) (Version: 2.0.451 - Sony)
    Sound Forge Pro 10.0 (HKLM-x32\...\{9660B18F-EC12-11DF-B006-0013D3D69929}) (Version: 10.0.491 - Sony)
    Spek (HKLM-x32\...\{7CDF6754-F5A0-4F34-B589-197530FEF862}) (Version: 0.8.2 - Spek Project)
    Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
    SpyHunter 4 (HKLM-x32\...\SpyHunter) (Version: 4.18.9.4384 - Enigma Software Group, LLC)
    SubtitleCreator (HKLM-x32\...\SubtitleCreator) (Version: V2.2 - Erik Vullings)
    SurCode DVD-DTS (HKLM-x32\...\SurCode DVD-DTS) (Version: - )
    sView (version 14.2_30) (HKLM\...\sView_is1) (Version: - Kirill Gavrilov)
    SyncToy 2.1 (x64) (HKLM\...\{88DAAF05-5A72-46D2-A7C5-C3759697E943}) (Version: 2.1.0 - Microsoft)
    System Requirements Lab for Intel (HKLM-x32\...\{04C4B49D-45D9-4A28-9ED1-B45CBD99B8C7}) (Version: 4.5.24.0 - Husdawg, LLC)
    Tau Analyzer (remove only) (HKLM-x32\...\Tau Analyzer) (Version: - )
    TMPGEnc MPEG Smart Renderer 4 (HKLM-x32\...\{41D9FD98-2F0A-41B7-9234-EF165E3E42B5}) (Version: 4.1.5.60 - Pegasys Inc.)
    Total Uninstall 5.10.0 (HKLM-x32\...\Total Uninstall 5_is1) (Version: 5.10.0 - )
    TSDoctor (HKLM-x32\...\{A7944F9C-E054-4DAB-97AB-9418EB3FEDFF}) (Version: 1.2.125 - Cypheros)
    Ultra Defragmenter (HKLM-x32\...\UltraDefrag) (Version: 7.0.0 beta1 - UltraDefrag Development Team)
    Universal Adb Driver (HKLM-x32\...\{D9C4202E-6D51-4B06-A8F1-22316E654BCA}) (Version: 1.0.0 - ClockworkMod)
    Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb)
    VideoReDo TVSuite Version 4.21.6.674 (HKLM-x32\...\VideoReDo4_is1) (Version: - DRD Systems, Inc.)
    Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
    Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
    VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
    VobSub v2.23 (Remove Only) (HKLM-x32\...\VobSub) (Version: - )
    Vuze (HKLM\...\8461-7759-5462-8226) (Version: 5.5.0.0 - Azureus Software, Inc.)
    Vuze (HKLM-x32\...\8461-7759-5462-8226) (Version: 5.6.0.0 - Azureus Software, Inc.)
    Vuze (HKLM-x32\...\8461-7759-5462-8226-1) (Version: 4.8.1.0 - Azureus Software, Inc.)
    WaveLab 6 (HKLM-x32\...\WaveLabPro) (Version: 6.1.1.353 - Steinberg)
    WinDirStat 1.1.2 (HKU\S-1-5-21-2617431701-2952813283-2152824867-1000\...\WinDirStat) (Version: - )
    Windows 7 USB/DVD Download Tool (HKLM-x32\...\{CCF298AF-9CE1-4B26-B251-486E98A34789}) (Version: 1.0.30 - Microsoft Corporation)
    Windows Surface Scanner 2.10 (HKLM-x32\...\Windows Surface Scanner 2.10) (Version: - )
    WinRAR 5.00 beta 4 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.00.4 - win.rar GmbH)
    yabause 0.9.13 (HKLM-x32\...\ (Win64)) (Version: 0.9.13 - Yabause team)
    Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version: - Yahoo! Inc.)

    ==================== Custom CLSID (selected items): ==========================

    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

    CustomCLSID: HKU\S-1-5-21-2617431701-2952813283-2152824867-1000_Classes\CLSID\{083f5ae0-2b0a-11dd-bd0b-0800200c9a66}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-2617431701-2952813283-2152824867-1000_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)
    CustomCLSID: HKU\S-1-5-21-2617431701-2952813283-2152824867-1000_Classes\CLSID\{AB246BE9-1623-4A84-ABDA-CFF4D4A273CB}\InprocServer32 -> C:\Windows\system32\kernel32.dll (Microsoft Corporation)

    ==================== Restore Points =========================

    ATTENTION: System Restore is disabled.

    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2009-07-14 02:34 - 2015-03-06 01:04 - 00001030 ____A C:\Windows\system32\Drivers\etc\hosts
    127.0.0.1 www.dumeter.com
    127.0.0.1 dumeter.com
    127.0.0.1 www.hageltech.com
    127.0.0.1 hageltech.com
    127.0.0.1 www.dumeter.com
    127.0.0.1 dumeter.com
    127.0.0.1 www.hageltech.com
    127.0.0.1 hageltech.com


    ==================== Scheduled Tasks (whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

    Task: {00376EE5-306A-4165-980D-FA6731F5F09F} - System32\Tasks\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2015-02-04] (COMODO)
    Task: {0A4DEECC-E220-446F-9063-C0C92E20DA84} - System32\Tasks\Softland\FBackup 5\FBackup 5 Tray Agent_Lee => C:\Program Files (x86)\Softland\FBackup 5\bTray.exe
    Task: {17AEC453-61E7-4616-B5C3-472199C65659} - System32\Tasks\Core Temp Autostart Lee => C:\Program Files\Core Temp\Core Temp.exe [2013-10-08] ()
    Task: {231274B1-2140-4DF9-8C4D-70CCA6C7DB34} - System32\Tasks\{EBCE1F7B-591D-4F2A-8C42-B806D02E0939} => pcalua.exe -a "H:\SOFTWARE\Surcode_MLP_Encoder_-_DVD_Pro_DTS_Encoder_1.0.29\Surcode DVD Pro DTS Encoder v1.0.29\Setup.exe" -d "H:\SOFTWARE\Surcode_MLP_Encoder_-_DVD_Pro_DTS_Encoder_1.0.29\Surcode DVD Pro DTS Encoder v1.0.29"
    Task: {3178CE0F-E97C-4A7A-BA26-3257E9675828} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2015-02-04] (COMODO)
    Task: {328C7112-74D5-4A85-91BC-D5B68195FD31} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe
    Task: {42E3159B-9C21-4247-9486-7DCE81759168} - System32\Tasks\COMODO\COMODO Cache Builder {0FB77674-7905-4F34-A362-C5A9A26F8CF9} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2015-02-04] (COMODO)
    Task: {49713724-1BDC-42DC-B5A2-DDF6C5A967C4} - System32\Tasks\COMODO\COMODO Scan {F140D794-60B6-4F00-9235-D6457AA25B22} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2015-02-04] (COMODO)
    Task: {6003D4CA-7770-4EA6-BCAB-666836C72555} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-07-31] (Google Inc.)
    Task: {66E51D79-60A8-4437-9067-6FAE14EB09B0} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2015-02-04] (COMODO)
    Task: {6F735468-4843-4861-BBF8-52C879B6DC2D} - System32\Tasks\SamsungMagician => C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe [2014-09-28] (Samsung Electronics.)
    Task: {82F7380C-9D1B-4C27-AE27-C8F6E769E77E} - System32\Tasks\{4458729A-2C26-46DC-B36A-6B30431CB4DD} => pcalua.exe -a H:\Bv_v15054.exe -d H:\
    Task: {98F1C12B-86EB-48E7-A2CF-7609D71DBF45} - System32\Tasks\{2B90FF94-BD6D-462B-BDAC-5AB4E4373D68} => C:\Program Files\Vuze\Azureus.exe [2015-03-10] (Azureus Software, Inc)
    Task: {9C07B6AF-EFA2-431F-8473-1775725836BD} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe
    Task: {B19730D5-2C3E-4A3C-92E0-31CF294125F4} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-07-31] (Google Inc.)
    Task: {B1CDC1B2-8E83-45C0-A294-75690FAF9F27} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
    Task: {B95384D2-DF79-47D7-9FB5-2523C635CA44} - System32\Tasks\{07224392-8460-49A2-9EF2-399520699431} => pcalua.exe -a "H:\SOFTWARE\Surcode_MLP_Encoder_-_DVD_Pro_DTS_Encoder_1.0.29\Surcode DVD Pro DTS Encoder v1.0.29\Setup.exe" -d "H:\SOFTWARE\Surcode_MLP_Encoder_-_DVD_Pro_DTS_Encoder_1.0.29\Surcode DVD Pro DTS Encoder v1.0.29"
    Task: {C4BDABBC-F71E-418C-ABEE-C9C19A9F89D2} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-02-28] (Piriform Ltd)
    Task: {CF8B175C-A8C8-4F28-80F2-515117721747} - System32\Tasks\{67F2308F-9874-4DF5-B8DC-59925F4E61C2} => pcalua.exe -a "H:\SOFTWARE\Surcode_MLP_Encoder_-_DVD_Pro_DTS_Encoder_1.0.29\Surcode DVD Pro DTS Encoder v1.0.29\Setup.exe" -d "H:\SOFTWARE\Surcode_MLP_Encoder_-_DVD_Pro_DTS_Encoder_1.0.29\Surcode DVD Pro DTS Encoder v1.0.29"
    Task: {DE5B5F5D-269B-463C-A4A1-5E805ED3B1EA} - System32\Tasks\{695555BD-C4CA-436F-9F40-E0FC87848796} => pcalua.exe -a "H:\SOFTWARE\Surcode_MLP_Encoder_-_DVD_Pro_DTS_Encoder_1.0.29\Surcode DVD Pro DTS Encoder v1.0.29\Setup.exe" -d "H:\SOFTWARE\Surcode_MLP_Encoder_-_DVD_Pro_DTS_Encoder_1.0.29\Surcode DVD Pro DTS Encoder v1.0.29"
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

    ==================== Loaded Modules (whitelisted) ==============

    2013-06-23 19:37 - 2005-03-11 18:07 - 00087040 _____ () C:\Windows\System32\redmonnt.dll
    2010-07-15 04:44 - 2010-07-15 04:44 - 00020032 _____ () C:\Program Files\Unlocker\UnlockerCOM.dll
    2014-09-25 06:20 - 2014-09-25 06:20 - 00102400 _____ () C:\Users\Lee\AppData\Roaming\BitTorrent Sync\SyncShellContextMenu.dll
    2013-06-08 21:27 - 2013-10-08 12:23 - 00890016 _____ () C:\Program Files\Core Temp\Core Temp.exe
    2013-06-26 20:36 - 2013-06-26 20:36 - 00006144 _____ () C:\Users\Lee\AppData\Local\Microsoft\Windows Sidebar\Gadgets\CoreTempGadget2.7.gadget\CoreTempReader.dll
    2013-06-26 20:36 - 2013-06-26 20:36 - 00008704 _____ () C:\Users\Lee\AppData\Local\Microsoft\Windows Sidebar\Gadgets\CoreTempGadget2.7.gadget\GetCoreTempInfoNET.dll
    2013-06-26 20:36 - 2013-06-26 20:36 - 00007680 _____ () C:\Users\Lee\AppData\Local\Microsoft\Windows Sidebar\Gadgets\CoreTempGadget2.7.gadget\SystemInfo.dll
    2013-04-15 17:39 - 2013-04-15 17:39 - 00073424 _____ () C:\Program Files\COMODO\COMODO Internet Security\scanners\smart.cav
    2013-07-04 15:50 - 2013-03-01 10:38 - 00166808 _____ () C:\Program Files (x86)\DU Meter\ssleay32.dll
    2013-07-04 15:50 - 2013-03-01 10:38 - 00846744 _____ () C:\Program Files (x86)\DU Meter\LIBEAY32.dll
    2013-07-04 15:50 - 2013-03-01 10:38 - 00846744 _____ () C:\Program Files (x86)\DU Meter\libeay32.dll
    2015-02-01 06:41 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
    2015-02-01 06:41 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
    2015-02-01 06:41 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
    2015-02-01 06:41 - 2015-02-01 06:41 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
    2015-02-01 06:41 - 2015-02-01 06:41 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
    2015-01-30 16:23 - 2015-01-30 16:23 - 00133120 _____ () C:\Users\Lee\AppData\Roaming\vhgbtkbb\colers.dll
    2014-12-03 01:59 - 2014-11-04 09:38 - 00867080 _____ () C:\Program Files (x86)\CyberLink\PowerDVD14\common\UNO\UNO.dll
    2014-12-03 01:58 - 2013-12-10 07:39 - 00074240 _____ () C:\Program Files (x86)\CyberLink\PowerDVD14\Common\Koan\_ctypes.pyd
    2014-12-03 01:58 - 2013-12-10 07:39 - 00285184 _____ () C:\Program Files (x86)\CyberLink\PowerDVD14\Common\Koan\_hashlib.pyd
    2014-12-03 01:58 - 2013-12-10 07:39 - 00040960 _____ () C:\Program Files (x86)\CyberLink\PowerDVD14\Common\Koan\_socket.pyd
    2014-12-03 01:58 - 2013-12-10 07:39 - 00721920 _____ () C:\Program Files (x86)\CyberLink\PowerDVD14\Common\Koan\_ssl.pyd
    2014-12-10 14:44 - 2014-09-28 17:59 - 00019872 _____ () C:\Program Files (x86)\Samsung\Samsung Magician\SAMSUNG_SSD.dll
    2013-06-06 20:49 - 2012-06-25 09:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
    2015-03-10 06:45 - 2015-03-10 06:50 - 00053160 _____ () C:\Program Files\Vuze - Copy\aereg.dll
    2013-06-06 22:42 - 2013-06-26 05:17 - 00028160 _____ () C:\Users\Lee\AppData\Roaming\Azureus\plugins\azutp\win32\utp.dll
    2013-06-06 22:13 - 2012-05-25 03:25 - 00921600 _____ () C:\Program Files (x86)\Yahoo!\Messenger\yui.dll
    2013-06-06 22:13 - 2012-05-25 03:25 - 00078336 _____ () C:\Program Files (x86)\Yahoo!\Messenger\pcre.dll

    ==================== Alternate Data Streams (whitelisted) =========

    (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

    AlternateDataStreams: C:\autoexec.bat:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\adtschema.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\aeinv.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\aepdu.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\aepic.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\aitstatic.exe:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\apisetschema.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\appidapi.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\appidcertstorecheck.exe:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\appidpolicyconverter.exe:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\appidsvc.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\appraiser.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\atmfd.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\atmlib.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\audiodg.exe:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\AudioEng.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\AUDIOKSE.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\AudioSes.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\audiosrv.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\auditpol.exe:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\blackbox.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\credssp.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\crypt32.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\cryptnet.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\cryptsp.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\cryptsvc.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\cryptui.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\csrsrv.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\dciman32.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\devinv.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\drmmgrtn.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\drmv2clt.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\dxmasf.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\dxtmsft.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\dxtrans.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\EncDump.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\evr.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\fontsub.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\generaltel.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\ie4uinit.exe:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\ieapfltr.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\iedkcs32.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\ieetwcollector.exe:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\ieetwcollectorres.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\ieetwproxystub.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\ieframe.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\iernonce.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\iertutil.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\iesetup.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\IEUDINIT.EXE:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\ieui.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\ieUnatt.exe:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\inetcpl.cpl:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\invagent.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\JavaScriptCollectionAgent.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\jscript9.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\jscript9diag.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\jsproxy.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\kerberos.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\lpk.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\lsasrv.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\lsass.exe:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\mf.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\mferror.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\mfplat.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\mfpmp.exe:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\mfps.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\MpSigStub.exe:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\MRT.exe:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\msaudite.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\msctf.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\msdxm.ocx:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\msfeeds.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\mshtml.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\MshtmlDac.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\mshtmled.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\mshtmlmedia.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\msmmsp.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\msnetobj.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\msobjs.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\msrating.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\msscp.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\MsSpellCheckingFacility.exe:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\msv1_0.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\ncrypt.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\nlasvc.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\ntoskrnl.exe:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\oleaut32.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\pcadm.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\pcaevts.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\pcalua.exe:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\pcasvc.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\pcawrk.exe:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\perftrack.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\powertracker.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\profsvc.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\qdvd.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\quartz.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\rdpcorets.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\RdpGroupPolicyExtension.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\rdpudd.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\rrinstaller.exe:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\rstrui.exe:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\scesrv.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\schannel.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\sdnclean64.exe:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\secur32.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\setbcdlocale.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\shell32.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\smss.exe:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\spwmp.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\srclient.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\srcore.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\sspicli.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\sspisrv.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\TSpkg.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\TSWbPrxy.exe:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\ubpm.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\urlmon.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\vbscript.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\WdfCoInstaller01009.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\wdi.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\wdigest.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\win32k.sys:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\WindowsCodecs.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\wininet.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\winload.efi:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\winload.exe:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\winresume.efi:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\wintrust.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\wmdrmsdk.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\wmp.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\WMPhoto.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\wmploc.DLL:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\ac3filter.ax:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\adtschema.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\apisetschema.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\appidapi.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\atmfd.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\atmlib.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\AudioEng.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\AUDIOKSE.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\AudioSes.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\auditpol.exe:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\blackbox.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\credssp.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\crypt32.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\cryptnet.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\cryptsp.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\cryptsvc.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\cryptui.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\ctfmon.exe:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\dciman32.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\drmmgrtn.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\drmv2clt.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\dxmasf.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\dxtmsft.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\dxtrans.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\evr.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\ff_acm.acm:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\ff_vfw.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\FlashPlayerApp.exe:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\fontsub.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\iconv.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\ieapfltr.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\iedkcs32.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\ieetwproxystub.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\ieframe.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\iernonce.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\iertutil.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\iesetup.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\ieui.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\ieUnatt.exe:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\inetcpl.cpl:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\jscript9.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\jscript9diag.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\jsproxy.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\kerberos.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\lpk.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\mf.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\mferror.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\mfplat.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\mfpmp.exe:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\mfps.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\msaudite.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\msctf.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\msdxm.ocx:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\msfeeds.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\mshtml.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\MshtmlDac.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\mshtmled.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\mshtmlmedia.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\msnetobj.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\msobjs.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\msrating.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\msscp.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\msv1_0.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\ncrypt.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\ncsi.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\nlaapi.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\ntkrnlpa.exe:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\ntoskrnl.exe:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\oleaut32.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\qdvd.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\quartz.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\rrinstaller.exe:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\scesrv.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\schannel.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\secur32.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\shell32.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\spwmp.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\srclient.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\sspicli.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\TSpkg.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\ubpm.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\urlmon.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\vbscript.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\wdi.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\wdigest.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\WindowsCodecs.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\wininet.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\wintrust.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\wmdrmsdk.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\wmp.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\WMPhoto.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\wmploc.DLL:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\xvid.ax:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\Drivers\appid.sys:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\Drivers\cng.sys:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\Drivers\EsgScanner.sys:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\Drivers\ksecdd.sys:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\Drivers\ksecpkg.sys:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\Drivers\mbam.sys:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\Drivers\mbamchameleon.sys:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\Drivers\mountmgr.sys:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\Drivers\mrxdav.sys:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\Drivers\mwac.sys:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\Drivers\PEAuth.sys:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\Drivers\tmcomm.sys:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\Drivers\VirtualAudio1.sys:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\Drivers\VirtualAudio2.sys:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\Drivers\VirtualAudio3.sys:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\Drivers\VirtualAudio4.sys:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\Drivers\VirtualAudio5.sys:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\Drivers\xusb21.sys:$CmdTcID
    AlternateDataStreams: C:\ProgramData\Temp:0888F409
    AlternateDataStreams: C:\ProgramData\Temp:3440EB47
    AlternateDataStreams: C:\ProgramData\Temp:4FC01C57
    AlternateDataStreams: C:\ProgramData\Temp:66633281
    AlternateDataStreams: C:\ProgramData\Temp:B755D674
    AlternateDataStreams: C:\Users\Lee\Desktop\BNYB.pdf:$CmdTcID
    AlternateDataStreams: C:\Users\Lee\Desktop\FRST64(1).exe:$CmdTcID
     
  4. cossie96

    cossie96 TS Rookie Topic Starter Posts: 21

    ==================== Safe Mode (whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


    ==================== EXE Association (whitelisted) ===============

    (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-2617431701-2952813283-2152824867-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Lee\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
    DNS Servers: 8.8.8.8 - 8.8.4.4

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (Currently there is no automatic fix for this section.)

    MSCONFIG\Services: CyberLink PowerDVD 13 Media Server Monitor Service => 2
    MSCONFIG\Services: CyberLink PowerDVD 13 Media Server Service => 2

    ==================== Accounts: =============================

    Administrator (S-1-5-21-2617431701-2952813283-2152824867-500 - Administrator - Disabled) => C:\Users\Administrator
    Guest (S-1-5-21-2617431701-2952813283-2152824867-501 - Limited - Enabled)
    HomeGroupUser$ (S-1-5-21-2617431701-2952813283-2152824867-1002 - Limited - Enabled)
    Lee (S-1-5-21-2617431701-2952813283-2152824867-1000 - Administrator - Enabled) => C:\Users\Lee
    LogMeInRemoteUser (S-1-5-21-2617431701-2952813283-2152824867-1003 - Administrator - Enabled) => C:\Users\LogMeInRemoteUser

    ==================== Faulty Device Manager Devices =============

    Name: ArcCtrl
    Description: ArcCtrl
    Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Manufacturer:
    Service: ArcCtrl
    Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
    Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
    Devices stay in this state if they have been prepared for removal.
    After you remove the device, this error disappears.Remove the device, and this error should be resolved.

    Name: ArcSec
    Description: ArcSec
    Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Manufacturer:
    Service: ArcSec
    Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
    Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
    Devices stay in this state if they have been prepared for removal.
    After you remove the device, this error disappears.Remove the device, and this error should be resolved.


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (03/10/2015 08:43:08 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: mbam.exe, version: 1.0.1.711, time stamp: 0x542b53ec
    Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
    Exception code: 0xc0000005
    Fault offset: 0x53410000
    Faulting process id: 0x1904
    Faulting application start time: 0xmbam.exe0
    Faulting application path: mbam.exe1
    Faulting module path: mbam.exe2
    Report Id: mbam.exe3

    Error: (03/10/2015 11:27:53 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: Azureus.exe, version: 4.8.0.0, time stamp: 0x50a12bac
    Faulting module name: utp.dll, version: 0.0.0.0, time stamp: 0x4d3dad8e
    Exception code: 0xc0000409
    Fault offset: 0x000034be
    Faulting process id: 0x1a80
    Faulting application start time: 0xAzureus.exe0
    Faulting application path: Azureus.exe1
    Faulting module path: Azureus.exe2
    Report Id: Azureus.exe3

    Error: (03/10/2015 08:13:53 AM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: The program Azureus.exe version 4.8.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

    Process ID: 1bb8

    Start Time: 01d05b09e0f00c55

    Termination Time: 0

    Application Path: C:\Program Files\Vuze - Copy\Azureus.exe

    Report Id: 5b25d3ae-c6fd-11e4-bacc-94de80647f9f

    Error: (03/07/2015 05:20:26 PM) (Source: Microsoft-Windows-RestartManager) (EventID: 10007) (User: Lee-PC)
    Description: Application or service 'hddrsrv' could not be restarted.

    Error: (03/07/2015 06:18:55 AM) (Source: SideBySide) (EventID: 80) (User: )
    Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
    A component version required by the application conflicts with another component version already active.
    Conflicting components are:.
    Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
    Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

    Error: (03/07/2015 05:39:19 AM) (Source: SideBySide) (EventID: 80) (User: )
    Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
    A component version required by the application conflicts with another component version already active.
    Conflicting components are:.
    Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
    Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

    Error: (03/06/2015 11:10:10 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: mbam.exe, version: 1.0.1.711, time stamp: 0x542b53ec
    Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
    Exception code: 0xc0000005
    Fault offset: 0x2520656c
    Faulting process id: 0xa8c
    Faulting application start time: 0xmbam.exe0
    Faulting application path: mbam.exe1
    Faulting module path: mbam.exe2
    Report Id: mbam.exe3

    Error: (03/06/2015 10:15:44 AM) (Source: SideBySide) (EventID: 80) (User: )
    Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
    A component version required by the application conflicts with another component version already active.
    Conflicting components are:.
    Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
    Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

    Error: (03/05/2015 09:55:39 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.17631, time stamp: 0x54b31a70
    Faulting module name: KERNELBASE.dll, version: 6.1.7601.18409, time stamp: 0x53159a86
    Exception code: 0xc0000005
    Fault offset: 0x00035dc6
    Faulting process id: 0x18c8
    Faulting application start time: 0xIEXPLORE.EXE0
    Faulting application path: IEXPLORE.EXE1
    Faulting module path: IEXPLORE.EXE2
    Report Id: IEXPLORE.EXE3

    Error: (03/05/2015 09:54:27 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: The program SDFiles.exe version 2.4.40.135 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

    Process ID: 2ac0

    Start Time: 01d0578e1ce3c305

    Termination Time: 3

    Application Path: C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFiles.exe

    Report Id: 28c6c640-c382-11e4-857e-94de80647f9f


    System errors:
    =============
    Error: (03/12/2015 03:38:44 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
    Description: The following boot-start or system-start driver(s) failed to load:
    ArcCtrl
    ArcSec

    Error: (03/12/2015 03:38:40 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The Hardlock service failed to start due to the following error:
    %%577

    Error: (03/12/2015 07:26:57 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
    Description: The following boot-start or system-start driver(s) failed to load:
    ArcCtrl
    ArcSec

    Error: (03/12/2015 07:26:52 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The Hardlock service failed to start due to the following error:
    %%577

    Error: (03/12/2015 07:26:08 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The COMODO Internet Security Helper Service service terminated unexpectedly. It has done this 1 time(s).

    Error: (03/10/2015 07:54:39 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
    Description: The following boot-start or system-start driver(s) failed to load:
    ArcCtrl
    ArcSec

    Error: (03/10/2015 07:54:35 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The Hardlock service failed to start due to the following error:
    %%577

    Error: (03/10/2015 07:53:46 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
    Description: The following boot-start or system-start driver(s) failed to load:
    ArcCtrl
    ArcSec

    Error: (03/10/2015 07:53:42 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The Hardlock service failed to start due to the following error:
    %%577

    Error: (03/10/2015 07:43:11 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
    Description: The following boot-start or system-start driver(s) failed to load:
    ArcCtrl
    ArcSec


    Microsoft Office Sessions:
    =========================
    Error: (03/10/2015 08:43:08 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: mbam.exe1.0.1.711542b53ecunknown0.0.0.000000000c000000553410000190401d05b72ae50a6b9C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exeunknown0e9419c0-c766-11e4-8a19-94de80647f9f

    Error: (03/10/2015 11:27:53 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Azureus.exe4.8.0.050a12bacutp.dll0.0.0.04d3dad8ec0000409000034be1a8001d05b0ac090e86bC:\Program Files\Vuze - Copy\Azureus.exeC:\Users\Lee\AppData\Roaming\Azureus\plugins\azutp\win32\utp.dll7d66178d-c718-11e4-bacc-94de80647f9f

    Error: (03/10/2015 08:13:53 AM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: Azureus.exe4.8.0.01bb801d05b09e0f00c550C:\Program Files\Vuze - Copy\Azureus.exe5b25d3ae-c6fd-11e4-bacc-94de80647f9f

    Error: (03/07/2015 05:20:26 PM) (Source: Microsoft-Windows-RestartManager) (EventID: 10007) (User: Lee-PC)
    Description: 0hrsrv.exehddrsrv03026217821360

    Error: (03/07/2015 06:18:55 AM) (Source: SideBySide) (EventID: 80) (User: )
    Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Program Files (x86)\Nero\Nero Toolkit\Nero DiscSpeed\DiscSpeed.exe

    Error: (03/07/2015 05:39:19 AM) (Source: SideBySide) (EventID: 80) (User: )
    Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Program Files (x86)\Nero\Nero Toolkit\Nero DiscSpeed\DiscSpeed.exe

    Error: (03/06/2015 11:10:10 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: mbam.exe1.0.1.711542b53ecunknown0.0.0.000000000c00000052520656ca8c01d05860fe53cf23C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exeunknownef41d0c6-c455-11e4-ab25-94de80647f9f

    Error: (03/06/2015 10:15:44 AM) (Source: SideBySide) (EventID: 80) (User: )
    Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Program Files (x86)\Nero\Nero Toolkit\Nero DiscSpeed\DiscSpeed.exe

    Error: (03/05/2015 09:55:39 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: IEXPLORE.EXE11.0.9600.1763154b31a70KERNELBASE.dll6.1.7601.1840953159a86c000000500035dc618c801d0578eb02d6275C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Windows\syswow64\KERNELBASE.dll5be6d395-c382-11e4-857e-94de80647f9f

    Error: (03/05/2015 09:54:27 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: SDFiles.exe2.4.40.1352ac001d0578e1ce3c3053C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFiles.exe28c6c640-c382-11e4-857e-94de80647f9f


    CodeIntegrity Errors:
    ===================================
    Date: 2015-03-12 15:38:40.028
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume6\Windows\System32\drivers\hardlock.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2015-03-12 15:38:39.996
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume6\Windows\System32\drivers\hardlock.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2015-03-12 07:26:52.950
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume6\Windows\System32\drivers\hardlock.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2015-03-12 07:26:52.903
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume6\Windows\System32\drivers\hardlock.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2015-03-10 19:54:35.031
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume6\Windows\System32\drivers\hardlock.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2015-03-10 19:54:34.984
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume6\Windows\System32\drivers\hardlock.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2015-03-10 19:53:42.859
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume6\Windows\System32\drivers\hardlock.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2015-03-10 19:53:42.828
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume6\Windows\System32\drivers\hardlock.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2015-03-10 07:43:07.294
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume6\Windows\System32\drivers\hardlock.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2015-03-10 07:43:07.263
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume6\Windows\System32\drivers\hardlock.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


    ==================== Memory info ===========================

    Processor: Intel(R) Core(TM) i7-3770K CPU @ 3.50GHz
    Percentage of memory in use: 47%
    Total physical RAM: 16274.14 MB
    Available physical RAM: 8617.89 MB
    Total Pagefile: 16472.33 MB
    Available Pagefile: 9952.54 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.83 MB

    ==================== Drives ================================

    Drive c: (WINDOWS) (Fixed) (Total:111.79 GB) (Free:66.33 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
    Drive d: (DATA RAID) (Fixed) (Total:3725.9 GB) (Free:419.67 GB) NTFS
    Drive e: (GAMES) (Fixed) (Total:3725.9 GB) (Free:557.13 GB) NTFS
    Drive g: (MUSIC) (Fixed) (Total:4657.4 GB) (Free:225.48 GB) NTFS
    Drive h: (DOWNLOADS) (Fixed) (Total:3725.9 GB) (Free:129.31 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (Size: 111.8 GB) (Disk ID: 0CD55C8F)
    Partition 1: (Active) - (Size=111.8 GB) - (Type=07 NTFS)

    ========================================================
    Disk: 1 (MBR Code: Windows 7 or 8) (Size: 3726 GB) (Disk ID: 00000000)

    Partition: GPT Partition Type.

    ========================================================
    Disk: 2 (MBR Code: Windows 7 or 8) (Size: 3726 GB) (Disk ID: 00000000)

    Partition: GPT Partition Type.

    ========================================================
    Disk: 3 (MBR Code: Windows 7 or 8) (Size: 3726 GB) (Disk ID: 00000000)

    Partition: GPT Partition Type.

    ========================================================
    Disk: 4 (MBR Code: Windows 7 or 8) (Size: 3726 GB) (Disk ID: 00000000)

    Partition: GPT Partition Type.

    ========================================================
    Disk: 5 (Size: 4657.5 GB) (Disk ID: 3FDC7B9D)

    Partition: GPT Partition Type.

    ========================================================
    Disk: 6 (MBR Code: Windows 7 or 8) (Size: 3726 GB) (Disk ID: 00000000)

    Partition: GPT Partition Type.

    ==================== End Of Log ============================
     
  5. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ===================================

    [​IMG] Did you disable system restore for whatever reason?
    [​IMG] Download RogueKiller from one of the following links and save it to your Desktop:

    Link 1
    Link 2

    • Close all the running programs
    • Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    [​IMG] Please download Malwarebytes Anti-Malware (MBAM) to your desktop.
    NOTE. If you already have MBAM 2.0 installed scroll down.

    • Double-click mbam-setup-2.0.0.1000.exe and follow the prompts to install the program.
    • At the end, be sure a checkmark is placed next to the following:
      • Launch Malwarebytes Anti-Malware
      • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
    • Click Finish.
    • On the Dashboard, click the 'Update Now >>' link
    • After the update completes, click the 'Scan Now >>' button.
    • Or, on the Dashboard, click the Scan Now >> button.
    • If an update is available, click the Update Now button.
    • A Threat Scan will begin.
    • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
    • In most cases, a restart will be required.
    • Wait for the prompt to restart the computer to appear, then click on Yes.


    If you already have MBAM 2.0 installed:

    • On the Dashboard, click the 'Update Now >>' link
    • After the update completes, click the 'Scan Now >>' button.
    • Or, on the Dashboard, click the Scan Now >> button.
    • If an update is available, click the Update Now button.
    • A Threat Scan will begin.
    • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
    • In most cases, a restart will be required.
    • Wait for the prompt to restart the computer to appear, then click on Yes.

    How to get logs:
    (Export log to save as txt)


    • After the restart once you are back at your desktop, open MBAM once more.
    • Click on the History tab > Application Logs.
    • Double click on the Scan Log which shows the Date and time of the scan just performed.
    • Click 'Export'.
    • Click 'Text file (*.txt)'
    • In the Save File dialog box which appears, click on Desktop.
    • In the File name: box type a name for your scan log.
    • A message box named 'File Saved' should appear stating "Your file has been successfully exported".
    • Click Ok
    • Attach that saved log to your next reply.


    (Copy to clipboard for pasting into forum replies or tickets)

    • After the restart once you are back at your desktop, open MBAM once more.
    • Click on the History tab > Application Logs.
    • Double click on the Scan Log which shows the Date and time of the scan just performed.
    • Click 'Copy to Clipboard'
    • Paste the contents of the clipboard into your reply.

    [​IMG] Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Scan button.
    • When the scan has finished click on Clean button.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the contents of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.

    [​IMG] Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.
     
  6. cossie96

    cossie96 TS Rookie Topic Starter Posts: 21

    Hi Broni, thanks for the reply. I disabled system restore years ago when I had a smaller SSD, ive never used it so left it like that.
    Running other stuff you suggested....
     
  7. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    System restore is rather important.
    I strongly suggest you turn it on.
     
  8. cossie96

    cossie96 TS Rookie Topic Starter Posts: 21

    RogueKiller V10.5.4.0 [Mar 12 2015] by Adlice Software
    mail : http://www.adlice.com/contact/
    Feedback : http://forum.adlice.com
    Website : http://www.adlice.com/softwares/roguekiller/
    Blog : http://www.adlice.com

    Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User : Lee [Administrator]
    Started from : C:\Users\Lee\Desktop\RogueKiller.exe
    Mode : Delete -- Date : 03/13/2015 01:29:15

    ¤¤¤ Processes : 2 ¤¤¤
    [Proc.Injected] iexplore.exe(5288) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe[7] -> Killed [TermProc]
    [Proc.Injected] iexplore.exe(7388) -- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[7] -> Killed [TermProc]

    ¤¤¤ Registry : 20 ¤¤¤
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\etdrv (\??\C:\Windows\etdrv.sys) -> Not selected
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\GVTDrv64 (\??\C:\Windows\GVTDrv64.sys) -> Not selected
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\etdrv (\??\C:\Windows\etdrv.sys) -> Not selected
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GVTDrv64 (\??\C:\Windows\GVTDrv64.sys) -> Not selected
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\ALSysIO (\??\C:\TEMP\ALSysIO64.sys) -> Not selected
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\etdrv (\??\C:\Windows\etdrv.sys) -> Not selected
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\GVTDrv64 (\??\C:\Windows\GVTDrv64.sys) -> Not selected
    [PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-2617431701-2952813283-2152824867-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1 -> Not selected
    [PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-2617431701-2952813283-2152824867-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1 -> Not selected
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{7258CE01-B786-4EA8-B17F-96D63D4FD556} | NameServer : 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1 [UNITED STATES (US)][UNITED STATES (US)][PHILIPPINES (PH)][UNITED STATES (US)] -> Not selected
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{7258CE01-B786-4EA8-B17F-96D63D4FD556} | NameServer : 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1 [UNITED STATES (US)][UNITED STATES (US)][PHILIPPINES (PH)][UNITED STATES (US)] -> Not selected
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{7258CE01-B786-4EA8-B17F-96D63D4FD556} | NameServer : 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1 [UNITED STATES (US)][UNITED STATES (US)][PHILIPPINES (PH)][UNITED STATES (US)] -> Not selected
    [PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> Not selected
    [PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> Not selected
    [PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-2617431701-2952813283-2152824867-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Not selected
    [PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-2617431701-2952813283-2152824867-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Not selected
    [PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Not selected
    [PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Not selected
    [PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Not selected
    [PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Not selected

    ¤¤¤ Tasks : 0 ¤¤¤

    ¤¤¤ Files : 0 ¤¤¤

    ¤¤¤ Hosts File : 8 ¤¤¤
    [C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 www.dumeter.com
    [C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 dumeter.com
    [C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 www.hageltech.com
    [C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 hageltech.com
    [C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 www.dumeter.com
    [C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 dumeter.com
    [C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 www.hageltech.com
    [C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 hageltech.com

    ¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤

    ¤¤¤ Web browsers : 2 ¤¤¤
    [PUM.Proxy][FIREFX:Config] 4nv1m69g.default-1409845280021 : user_pref("network.proxy.type", 4); -> Not selected
    [PUM.HomePage][FIREFX:Config] 4nv1m69g.default-1409845280021 : user_pref("browser.startup.homepage", "http://news.sky.com/"); -> Not selected

    ¤¤¤ MBR Check : ¤¤¤
    +++++ PhysicalDrive0: Samsung SSD 840 EVO 120GB ATA Device +++++
    --- User ---
    [MBR] 12e5e695fb92c313a25edf00f630af0b
    [BSP] ab4da252950065df3c2f3008668ca447 : HP MBR Code
    Partition table:
    User = LL1 ... OK
    User = LL2 ... OK

    +++++ PhysicalDrive1: WDC WD40EZRX-00SPEB0 ATA Device +++++
    --- User ---
    [MBR] 0086f36f0b7bc8b257f89fc226376c3d
    [BSP] 9e3b3c473b1db0daa516427cdae6e1cc : Windows Vista/7/8 MBR Code
    Partition table:
    0 - LDM metadata partition | Offset (sectors): 34 | Size: 1 MB
    1 - Microsoft reserved partition | Offset (sectors): 2082 | Size: 127 MB
    2 - LDM data partition | Offset (sectors): 262178 | Size: 3815319 MB
    User = LL1 ... OK
    User = LL2 ... OK

    +++++ PhysicalDrive2: WDC WD40EZRX-00SPEB0 ATA Device +++++
    --- User ---
    [MBR] 0086f36f0b7bc8b257f89fc226376c3d
    [BSP] 9e3b3c473b1db0daa516427cdae6e1cc : Windows Vista/7/8 MBR Code
    Partition table:
    0 - LDM metadata partition | Offset (sectors): 34 | Size: 1 MB
    1 - Microsoft reserved partition | Offset (sectors): 2082 | Size: 127 MB
    2 - LDM data partition | Offset (sectors): 262178 | Size: 3815319 MB
    User = LL1 ... OK
    User = LL2 ... OK

    +++++ PhysicalDrive3: WDC WD40EZRX-00SPEB0 ATA Device +++++
    --- User ---
    [MBR] 0086f36f0b7bc8b257f89fc226376c3d
    [BSP] 9e3b3c473b1db0daa516427cdae6e1cc : Windows Vista/7/8 MBR Code
    Partition table:
    0 - LDM metadata partition | Offset (sectors): 34 | Size: 1 MB
    1 - Microsoft reserved partition | Offset (sectors): 2082 | Size: 127 MB
    2 - LDM data partition | Offset (sectors): 262178 | Size: 3815319 MB
    User = LL1 ... OK
    User = LL2 ... OK

    +++++ PhysicalDrive4: WDC WD40 EZRX-00SPEB0 SCSI Disk Device +++++
    --- User ---
    [MBR] 0086f36f0b7bc8b257f89fc226376c3d
    [BSP] 9e3b3c473b1db0daa516427cdae6e1cc : Windows Vista/7/8 MBR Code
    Partition table:
    0 - LDM metadata partition | Offset (sectors): 34 | Size: 1 MB
    1 - Microsoft reserved partition | Offset (sectors): 2082 | Size: 127 MB
    2 - LDM data partition | Offset (sectors): 262178 | Size: 3815319 MB
    User = LL1 ... OK
    Error reading LL2 MBR! ([1] Incorrect function. )

    +++++ PhysicalDrive5: WDC WD50 EZRX-00MVLB1 SCSI Disk Device +++++
    --- User ---
    [MBR] f51f5b5e531cddf7b68b2d729672e3ab
    [BSP] e6628f88faabb0827ec26ef48fe1aa75 : Empty MBR Code
    Partition table:
    0 - Microsoft reserved partition | Offset (sectors): 34 | Size: 128 MB
    1 - Basic data partition | Offset (sectors): 264192 | Size: 4769178 MB
    User = LL1 ... OK
    Error reading LL2 MBR! ([1] Incorrect function. )

    +++++ PhysicalDrive6: ST4000DM 000-1F2168 SCSI Disk Device +++++
    --- User ---
    [MBR] 0086f36f0b7bc8b257f89fc226376c3d
    [BSP] 9e3b3c473b1db0daa516427cdae6e1cc : Windows Vista/7/8 MBR Code
    Partition table:
    0 - Microsoft reserved partition | Offset (sectors): 34 | Size: 128 MB
    1 - Basic data partition | Offset (sectors): 264192 | Size: 3815318 MB
    User = LL1 ... OK
    Error reading LL2 MBR! ([1] Incorrect function. )


    ============================================
    RKreport_SCN_03132015_012722.log

    Malwarebytes Anti-Malware
    www.malwarebytes.org

    Scan Date: 13/03/2015
    Scan Time: 02:41:46
    Logfile: mb.txt
    Administrator: Yes

    Version: 2.00.4.1028
    Malware Database: v2015.03.13.02
    Rootkit Database: v2015.02.25.01
    License: Premium
    Malware Protection: Enabled
    Malicious Website Protection: Enabled
    Self-protection: Disabled

    OS: Windows 7 Service Pack 1
    CPU: x64
    File System: NTFS
    User: Lee

    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 444171
    Time Elapsed: 4 min, 32 sec

    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Enabled
    Heuristics: Enabled
    PUP: Warn
    PUM: Warn

    Processes: 0
    (No malicious items detected)

    Modules: 0
    (No malicious items detected)

    Registry Keys: 0
    (No malicious items detected)

    Registry Values: 0
    (No malicious items detected)

    Registry Data: 0
    (No malicious items detected)

    Folders: 0
    (No malicious items detected)

    Files: 0
    (No malicious items detected)

    Physical Sectors: 0
    (No malicious items detected)


    (end)

    # AdwCleaner v4.112 - Logfile created 13/03/2015 at 01:55:56
    # Updated 09/03/2015 by Xplode
    # Database : 2015-03-05.1 [Local]
    # Operating system : Windows 7 Professional Service Pack 1 (x64)
    # Username : Lee - LEE-PC
    # Running from : C:\Users\Lee\Desktop\adwcleaner_4.112.exe
    # Option : Cleaning

    ***** [ Services ] *****


    ***** [ Files / Folders ] *****


    ***** [ Scheduled tasks ] *****


    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****

    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
    Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <local>

    ***** [ Web browsers ] *****

    -\\ Internet Explorer v11.0.9600.17689


    -\\ Mozilla Firefox v36.0.1 (x86 en-GB)


    -\\ Google Chrome v41.0.2272.89


    *************************

    AdwCleaner[R0].txt - [3113 bytes] - [22/08/2014 13:10:14]
    AdwCleaner[R10].txt - [1719 bytes] - [30/01/2015 17:24:40]
    AdwCleaner[R11].txt - [1840 bytes] - [30/01/2015 17:27:17]
    AdwCleaner[R12].txt - [1980 bytes] - [31/01/2015 19:58:01]
    AdwCleaner[R13].txt - [3152 bytes] - [07/03/2015 04:05:17]
    AdwCleaner[R14].txt - [2126 bytes] - [07/03/2015 04:12:25]
    AdwCleaner[R15].txt - [2928 bytes] - [13/03/2015 01:54:26]
    AdwCleaner[R1].txt - [1035 bytes] - [22/08/2014 13:23:26]
    AdwCleaner[R2].txt - [2750 bytes] - [07/12/2014 03:51:08]
    AdwCleaner[R3].txt - [1069 bytes] - [07/12/2014 04:03:28]
    AdwCleaner[R4].txt - [1150 bytes] - [11/12/2014 20:23:01]
    AdwCleaner[R5].txt - [2758 bytes] - [30/01/2015 15:59:19]
    AdwCleaner[R6].txt - [1418 bytes] - [30/01/2015 16:02:40]
    AdwCleaner[R7].txt - [1538 bytes] - [30/01/2015 16:05:18]
    AdwCleaner[R8].txt - [1598 bytes] - [30/01/2015 16:55:24]
    AdwCleaner[R9].txt - [1658 bytes] - [30/01/2015 17:16:38]
    AdwCleaner[S0].txt - [3189 bytes] - [22/08/2014 13:11:08]
    AdwCleaner[S1].txt - [2766 bytes] - [07/12/2014 03:54:47]
    AdwCleaner[S2].txt - [3038 bytes] - [30/01/2015 16:00:32]
    AdwCleaner[S3].txt - [1481 bytes] - [30/01/2015 16:03:40]
    AdwCleaner[S4].txt - [1782 bytes] - [30/01/2015 17:25:53]
    AdwCleaner[S5].txt - [2045 bytes] - [31/01/2015 19:59:28]
    AdwCleaner[S6].txt - [3251 bytes] - [07/03/2015 04:08:30]
    AdwCleaner[S7].txt - [2193 bytes] - [07/03/2015 04:37:20]
    AdwCleaner[S8].txt - [2864 bytes] - [13/03/2015 01:55:56]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S8].txt - [2923 bytes] ##########

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 6.4.3 (03.01.2015:1)
    OS: Windows 7 Professional x64
    Ran by Lee on 13/03/2015 at 1:58:54.23
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    ~~~ Services



    ~~~ Registry Values



    ~~~ Registry Keys



    ~~~ Files

    Successfully deleted: [File] "C:\Windows\wininit.ini"



    ~~~ Folders



    ~~~ FireFox

    Emptied folder: C:\Users\Lee\AppData\Roaming\mozilla\firefox\profiles\4nv1m69g.default-1409845280021\minidumps [1 files]



    ~~~ Event Viewer Logs were cleared





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on 13/03/2015 at 2:08:53.45
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     
  9. cossie96

    cossie96 TS Rookie Topic Starter Posts: 21

    Ive also turned on system restore
     
  10. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Very Important! Temporarily disable your anti-virus and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
      If the connection is not there use restore point you created prior to running Combofix.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error Illegal operation attempted on a registery key that has been marked for deletion, restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try the following...

    Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Download Rkill (courtesy of BleepingComputer.com) to your desktop.
    There are 2 different versions. If one of them won't run then download and try to run the other one.
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
    iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

    Restart computer in safe mode

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Windows Vista, 7 or 8 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    When the scan is done Notepad will open with rKill.txt log.
    NOTE. rKill.txt log will also be present on your desktop.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
     
  11. cossie96

    cossie96 TS Rookie Topic Starter Posts: 21

    Heres the ComboFix log:
    ComboFix 15-03-09.01 - Lee 13/03/2015 4:52.1.8 - x64
    Microsoft Windows 7 Professional 6.1.7601.1.1252.44.1033.18.16274.13073 [GMT 0:00]
    Running from: c:\users\Lee\Desktop\ComboFix.exe
    AV: COMODO Antivirus *Disabled/Updated* {F0BC89B2-8937-0933-021B-B17D981F2A71}
    SP: Comodo Defense+ *Disabled/Updated* {4BDD6856-AF0D-06BD-38AB-8A0FE39860CC}
    SP: Spybot - Search and Destroy *Disabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\users\Lee\AppData\Roaming\dvdae
    c:\users\Lee\AppData\Roaming\dvdae\dvdae.config
    c:\users\Lee\AppData\Roaming\dvdae\dvdae.lic
    c:\windows\Temp\log.txt
    .
    .
    ((((((((((((((((((((((((( Files Created from 2015-02-13 to 2015-03-13 )))))))))))))))))))))))))))))))
    .
    .
    2015-03-13 04:57 . 2015-03-13 04:57 -------- d-----w- c:\users\LogMeInRemoteUser\AppData\Local\temp
    2015-03-13 04:57 . 2015-03-13 04:57 -------- d-----w- c:\users\Lee\AppData\Local\temp
    2015-03-13 04:57 . 2015-03-13 04:57 -------- d-----w- c:\users\Default\AppData\Local\temp
    2015-03-13 01:22 . 2015-03-13 01:22 35064 ----a-w- c:\windows\system32\drivers\TrueSight.sys
    2015-03-13 01:22 . 2015-03-13 01:30 -------- d-----w- c:\programdata\RogueKiller
    2015-03-10 19:46 . 2015-03-10 19:46 465920 ----a-w- c:\windows\system32\WMPhoto.dll
    2015-03-10 19:46 . 2015-03-10 19:46 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll
    2015-03-10 06:45 . 2015-03-12 15:26 -------- d-----w- c:\program files\Vuze - Copy
    2015-03-10 06:38 . 2015-03-10 06:37 111016 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
    2015-03-10 06:37 . 2015-03-10 06:37 -------- d-----w- c:\program files\Java
    2015-03-10 05:53 . 2015-01-29 09:07 11910896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9482072B-AF74-4CBB-BD23-B21B371770EF}\mpengine.dll
    2015-03-10 05:50 . 2015-03-13 01:53 -------- d-----w- c:\users\Lee\AppData\Local\ElevatedDiagnostics
    2015-03-10 05:49 . 2015-03-10 05:49 -------- d-----w- c:\program files (x86)\Common Files\Java
    2015-03-10 05:49 . 2015-03-10 05:48 98216 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
    2015-03-09 01:14 . 2015-03-09 01:14 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2015-03-09 01:14 . 2015-03-09 01:14 701616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2015-03-08 06:29 . 2015-03-08 06:29 -------- d-----w- C:\WMSDK
    2015-03-07 20:22 . 2009-07-14 01:14 8704 ----a-w- c:\windows\SysWow64\ctfmon.exe.backup
    2015-03-07 00:50 . 2015-03-07 00:50 -------- d-----w- c:\users\Administrator
    2015-03-06 01:22 . 2015-03-06 01:25 285208 ----a-w- c:\windows\system32\drivers\tmcomm.sys
    2015-02-28 20:43 . 2015-02-28 20:43 -------- d-----w- c:\programdata\Adobe Systems
    2015-02-28 20:42 . 2015-02-28 20:42 -------- d-----w- c:\program files (x86)\Common Files\Adobe Systems Shared
    2015-02-28 20:21 . 2015-02-28 20:21 -------- d-----w- c:\users\Lee\MCS
    2015-02-19 16:43 . 2015-02-19 16:43 -------- d-----w- c:\users\Lee\AppData\Roaming\PDFlite
    2015-02-12 15:14 . 2015-02-12 15:33 -------- d---a-w- c:\program files (x86)\auCDtect Task Manager
    2015-02-11 16:13 . 2015-02-11 16:13 950272 ----a-w- c:\windows\system32\perftrack.dll
    2015-02-11 16:13 . 2015-02-11 16:13 29696 ----a-w- c:\windows\system32\powertracker.dll
    2015-02-11 16:13 . 2015-02-11 16:13 91136 ----a-w- c:\windows\system32\wdi.dll
    2015-02-11 16:13 . 2015-02-11 16:13 76800 ----a-w- c:\windows\SysWow64\wdi.dll
    2015-02-11 14:51 . 2015-02-11 14:51 894976 ----a-w- c:\windows\system32\appraiser.dll
    2015-02-11 14:51 . 2015-02-11 14:51 762368 ----a-w- c:\windows\system32\invagent.dll
    2015-02-11 14:51 . 2015-02-11 14:51 609280 ----a-w- c:\windows\system32\generaltel.dll
    2015-02-11 14:51 . 2015-02-11 14:51 414720 ----a-w- c:\windows\system32\devinv.dll
    2015-02-11 14:51 . 2015-02-11 14:51 227328 ----a-w- c:\windows\system32\aepdu.dll
    2015-02-11 14:51 . 2015-02-11 14:51 192000 ----a-w- c:\windows\system32\aepic.dll
    2015-02-11 14:51 . 2015-02-11 14:51 1239720 ----a-w- c:\windows\system32\aitstatic.exe
    2015-02-11 14:51 . 2015-02-11 14:51 1098752 ----a-w- c:\windows\system32\aeinv.dll
    2015-02-11 14:51 . 2015-02-11 14:51 861696 ----a-w- c:\windows\system32\oleaut32.dll
    2015-02-11 14:51 . 2015-02-11 14:51 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
    2015-02-11 14:51 . 2015-02-11 14:51 406528 ----a-w- c:\windows\system32\scesrv.dll
    2015-02-11 14:51 . 2015-02-11 14:51 308224 ----a-w- c:\windows\SysWow64\scesrv.dll
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2015-03-13 04:35 . 2014-03-30 15:03 129752 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
    2015-03-07 22:36 . 2013-06-06 22:00 122905848 ----a-w- c:\windows\system32\MRT.exe
    2015-03-07 20:22 . 2009-07-13 23:26 24064 ----a-w- c:\windows\SysWow64\ctfmon.exe
    2015-03-07 00:01 . 2013-06-06 21:07 295552 ------w- c:\windows\system32\MpSigStub.exe
    2015-03-06 22:57 . 2014-03-30 15:03 93400 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
    2015-03-06 22:57 . 2014-03-30 15:03 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
    2015-03-06 22:57 . 2014-03-30 15:03 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
    2015-03-05 06:29 . 2013-11-11 20:42 28368 ----a-w- c:\windows\system32\IEUDINIT.EXE
    2015-02-08 07:33 . 2013-06-10 22:37 47616 ----a-w- c:\windows\SysWow64\ff_acm.acm
    2015-02-08 07:33 . 2013-06-10 22:37 112640 ----a-w- c:\windows\SysWow64\ff_vfw.dll
    2015-02-01 06:41 . 2015-02-01 06:41 21040 ----a-w- c:\windows\system32\sdnclean64.exe
    2015-01-31 20:25 . 2015-01-31 20:25 22704 ----a-w- c:\windows\system32\drivers\EsgScanner.sys
    2015-01-31 01:04 . 2015-01-31 01:04 892928 ----a-w- c:\windows\SysWow64\iconv.dll
    2015-01-31 01:04 . 2015-01-31 01:04 675840 ----a-w- c:\windows\SysWow64\ac3filter.ax
    2015-01-31 01:04 . 2015-01-31 01:04 496640 ----a-w- c:\windows\SysWow64\xvid.ax
    2015-01-31 01:04 . 2015-01-31 01:04 31080 ----a-w- c:\windows\system32\drivers\VirtualAudio5.sys
    2015-01-31 01:04 . 2015-01-31 01:04 31080 ----a-w- c:\windows\system32\drivers\VirtualAudio4.sys
    2015-01-31 01:04 . 2015-01-31 01:04 31080 ----a-w- c:\windows\system32\drivers\VirtualAudio3.sys
    2015-01-31 01:04 . 2015-01-31 01:04 31080 ----a-w- c:\windows\system32\drivers\VirtualAudio2.sys
    2015-01-31 01:04 . 2015-01-31 01:04 31080 ----a-w- c:\windows\system32\drivers\VirtualAudio1.sys
    2015-01-30 12:27 . 2014-04-16 21:12 45880 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
    2015-01-30 12:27 . 2014-04-16 21:12 104608 ----a-w- c:\windows\system32\drivers\inspect.sys
    2015-01-30 12:27 . 2014-04-16 21:12 792648 ----a-w- c:\windows\system32\drivers\cmdguard.sys
    2015-01-30 12:27 . 2014-04-16 21:12 20184 ----a-w- c:\windows\system32\drivers\cmderd.sys
    2015-01-30 12:27 . 2014-03-25 19:22 40736 ----a-w- c:\windows\system32\cmdcsr.dll
    2015-01-30 12:27 . 2014-03-25 19:22 386768 ----a-w- c:\windows\SysWow64\guard32.dll
    2015-01-30 12:27 . 2014-03-25 19:22 481576 ----a-w- c:\windows\system32\guard64.dll
    2015-01-30 12:27 . 2014-03-25 19:22 354520 ----a-w- c:\windows\system32\cmdvrt64.dll
    2015-01-30 12:27 . 2014-03-25 19:22 45784 ----a-w- c:\windows\system32\cmdkbd64.dll
    2015-01-30 12:27 . 2014-03-25 19:22 286424 ----a-w- c:\windows\SysWow64\cmdvrt32.dll
    2015-01-30 12:27 . 2014-03-25 19:22 40664 ----a-w- c:\windows\SysWow64\cmdkbd32.dll
    2015-01-14 03:52 . 2015-01-14 03:52 210432 ----a-w- c:\windows\system32\profsvc.dll
    2015-01-14 03:52 . 2015-01-14 03:52 52224 ----a-w- c:\windows\SysWow64\nlaapi.dll
    2015-01-14 03:52 . 2015-01-14 03:52 303616 ----a-w- c:\windows\system32\nlasvc.dll
    2015-01-14 03:52 . 2015-01-14 03:52 156672 ----a-w- c:\windows\SysWow64\ncsi.dll
    2015-01-14 03:52 . 2015-01-14 03:52 87040 ----a-w- c:\windows\system32\TSWbPrxy.exe
    2015-01-14 03:52 . 2015-01-14 03:52 141312 ----a-w- c:\windows\system32\drivers\mrxdav.sys
    2015-01-01 19:52 . 2009-08-13 22:10 73984 ----a-w- c:\windows\system32\drivers\xusb21.sys
    2015-01-01 19:52 . 2009-07-30 22:46 1436920 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll
    2014-12-23 15:41 . 2014-12-23 15:41 150440 ----a-w- c:\windows\SysWow64\drivers\AnyDVD.sys
    2014-12-23 15:41 . 2014-12-23 15:41 150440 ----a-w- c:\windows\system32\drivers\AnyDVD.sys
    2014-12-20 22:31 . 2014-12-20 22:31 40344 ----a-w- c:\windows\system32\drivers\ElbyCDIO.sys
    2014-12-18 22:31 . 2014-12-18 22:31 97176 ----a-w- c:\windows\SysWow64\ElbyCDIO.dll
    2014-12-18 14:27 . 2014-12-18 14:27 82432 ----a-w- c:\users\Lee\AppData\Roaming\Microsoft\MSXML2\msxml4r.dll
    2014-12-18 14:27 . 2014-12-18 14:27 1275392 ----a-w- c:\users\Lee\AppData\Roaming\Microsoft\MSXML2\msxml4.dll
    2014-12-17 22:46 . 2013-06-06 21:15 6656 ----a-w- c:\windows\system32\lpcio.dll
    2014-12-16 14:12 . 2014-12-16 14:12 44544 ----a-w- c:\users\Lee\AppData\Roaming\Microsoft\MSXML2\msxml4a.dll
    .
    .
    ------- Sigcheck -------
    Note: Unsigned files aren't necessarily malware.
    .
    [-] 2015-03-07 20:22 . C3A2915C71AE6F225EB906C25CCD29B5 . 24064 . . [1.0.0.5] .. c:\windows\SysWOW64\ctfmon.exe
    [7] 2009-07-14 . 4A3CDCEF8ED41B221F3DBEF5792FB52D . 8704 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-t..cesframework-ctfmon_31bf3856ad364e35_6.1.7600.16385_none_9d06e2f6f1e51f98\ctfmon.exe
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "DU Meter"="c:\program files (x86)\DU Meter\DUMeter.exe" [2009-03-13 1832448]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
    "RoboForm"="c:\program files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2014-06-11 109784]
    "AlcoholAutomount"="c:\program files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" [2015-01-03 75624]
    "Akamai NetSession Interface"="c:\users\Lee\AppData\Local\Akamai\netsession_win.exe" [2014-10-29 4673432]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-05-20 291648]
    "SDTray"="c:\program files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [2015-02-01 4101576]
    "PowerDVD14Agent"="c:\program files (x86)\CyberLink\PowerDVD14\PowerDVD14Agent.exe" [2014-11-04 795672]
    "Aimersoft Helper Compact.exe"="c:\program files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe" [2012-02-28 1667072]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2015-03-10 335232]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
    "LoadAppInit_DLLs"=1 (0x1)
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ \0sdnclean64.exe
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
    @=""
    .
    R1 ArcCtrl;ArcCtrl;c:\windows\system32\drivers\ArcCtrl.sys;c:\windows\SYSNATIVE\drivers\ArcCtrl.sys [x]
    R1 ArcSec;ArcSec;c:\windows\system32\drivers\ArcSec.sys;c:\windows\SYSNATIVE\drivers\ArcSec.sys [x]
    R2 AxAutoMntSrv;Alcohol Virtual Drive Auto-mount Service;c:\program files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe;c:\program files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [x]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
    R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files (x86)\LogMeIn\x64\RaInfo.sys;c:\program files (x86)\LogMeIn\x64\RaInfo.sys [x]
    R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
    R3 cmdvirth;COMODO Virtual Service Manager;c:\program files\COMODO\COMODO Internet Security\cmdvirth.exe;c:\program files\COMODO\COMODO Internet Security\cmdvirth.exe [x]
    R3 cpudrv64;cpudrv64;c:\program files (x86)\SystemRequirementsLab\cpudrv64.sys;c:\program files (x86)\SystemRequirementsLab\cpudrv64.sys [x]
    R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
    R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys;c:\windows\SYSNATIVE\drivers\dgderdrv.sys [x]
    R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
    R3 EsgScanner;EsgScanner;c:\windows\system32\DRIVERS\EsgScanner.sys;c:\windows\SYSNATIVE\DRIVERS\EsgScanner.sys [x]
    R3 etdrv;etdrv;c:\windows\etdrv.sys;c:\windows\etdrv.sys [x]
    R3 GVTDrv64;GVTDrv64;c:\windows\GVTDrv64.sys;c:\windows\GVTDrv64.sys [x]
    R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys;c:\windows\SYSNATIVE\Drivers\ANDROIDUSB.sys [x]
    R3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [x]
    R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
    R3 ISCT;Intel(R) Smart Connect Technology Device Driver;c:\windows\system32\DRIVERS\ISCTD64.sys;c:\windows\SYSNATIVE\DRIVERS\ISCTD64.sys [x]
    R3 L1C;NDIS Miniport Driver for Qualcomm Atheros AR81xx PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
    R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
    R3 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [x]
    R3 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [x]
    R3 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [x]
    R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
    R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetAdp.sys [x]
    R3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetFlt.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
    R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
    R4 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]
    R4 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
    R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys;c:\windows\SYSNATIVE\Drivers\sptd.sys [x]
    S0 EUBAKUP;EUBAKUP;c:\windows\system32\drivers\eubakup.sys;c:\windows\SYSNATIVE\drivers\eubakup.sys [x]
    S0 EUBKMON;EUBKMON;c:\windows\system32\drivers\EUBKMON.sys;c:\windows\SYSNATIVE\drivers\EUBKMON.sys [x]
    S0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
    S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
    S1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\DRIVERS\cmderd.sys;c:\windows\SYSNATIVE\DRIVERS\cmderd.sys [x]
    S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys;c:\windows\SYSNATIVE\DRIVERS\cmdguard.sys [x]
    S1 dvdfabio;dvdfabio;c:\windows\system32\drivers\dvdfabio.sys;c:\windows\SYSNATIVE\drivers\dvdfabio.sys [x]
    S1 EUDSKACS;EUDSKACS;c:\windows\system32\drivers\eudskacs.sys;c:\windows\SYSNATIVE\drivers\eudskacs.sys [x]
    S1 EUFDDISK;EUFDDISK;c:\windows\system32\drivers\EuFdDisk.sys;c:\windows\SYSNATIVE\drivers\EuFdDisk.sys [x]
    S2 {C5F942FD-1110-4664-86CE-0C6BDA305235};Power Control [2014/12/03 02:00];c:\program files (x86)\CyberLink\PowerDVD14\Common\NavFilter\000.fcl;c:\program files (x86)\CyberLink\PowerDVD14\Common\NavFilter\000.fcl [x]
    S2 DUMeterSvc;DU Meter Service;c:\program files (x86)\DU Meter\DUMeterSvc.exe;c:\program files (x86)\DU Meter\DUMeterSvc.exe [x]
    S2 igfxCUIService1.0.0.0;Intel(R) HD Graphics Control Panel Service;c:\windows\system32\igfxCUIService.exe;c:\windows\SYSNATIVE\igfxCUIService.exe [x]
    S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
    S2 Intel(R) PROSet Monitoring Service;Intel(R) PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe;c:\windows\SYSNATIVE\IProsetMonitor.exe [x]
    S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
    S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn\x64\LMIGuardianSvc.exe;c:\program files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [x]
    S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
    S3 ALSysIO;ALSysIO;c:\temp\ALSysIO64.sys;c:\temp\ALSysIO64.sys [x]
    S3 DUMeterDrv;Hagel Technologies DU Meter traffic accounting driver;c:\program files (x86)\DU Meter\DUMETR64.SYS;c:\program files (x86)\DU Meter\DUMETR64.SYS [x]
    S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
    S3 iusb3hub;Intel(R) USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
    S3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
    S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\DRIVERS\LEqdUsb.Sys;c:\windows\SYSNATIVE\DRIVERS\LEqdUsb.Sys [x]
    S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\DRIVERS\LHidEqd.Sys;c:\windows\SYSNATIVE\DRIVERS\LHidEqd.Sys [x]
    S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys;c:\windows\SYSNATIVE\drivers\MBfilt64.sys [x]
    S3 vdrive;vdrive;c:\windows\system32\DRIVERS\vdrive.sys;c:\windows\SYSNATIVE\DRIVERS\vdrive.sys [x]
    S3 WsAudio_Device(1);WsAudio_Device(1);c:\windows\system32\drivers\VirtualAudio1.sys;c:\windows\SYSNATIVE\drivers\VirtualAudio1.sys [x]
    S3 WsAudio_Device(2);WsAudio_Device(2);c:\windows\system32\drivers\VirtualAudio2.sys;c:\windows\SYSNATIVE\drivers\VirtualAudio2.sys [x]
    S3 WsAudio_Device(3);WsAudio_Device(3);c:\windows\system32\drivers\VirtualAudio3.sys;c:\windows\SYSNATIVE\drivers\VirtualAudio3.sys [x]
    S3 WsAudio_Device(4);WsAudio_Device(4);c:\windows\system32\drivers\VirtualAudio4.sys;c:\windows\SYSNATIVE\drivers\VirtualAudio4.sys [x]
    S3 WsAudio_Device(5);WsAudio_Device(5);c:\windows\system32\drivers\VirtualAudio5.sys;c:\windows\SYSNATIVE\drivers\VirtualAudio5.sys [x]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - ALSYSIO
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
    2015-03-12 19:25 1061704 ----a-w- c:\program files (x86)\Google\Chrome\Application\41.0.2272.89\Installer\chrmstp.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2015-03-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-07-31 21:38]
    .
    2015-03-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-07-31 21:38]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-06-11 12503184]
    "LogMeIn GUI"="c:\program files (x86)\LogMeIn\x64\LogMeInSystray.exe" [2013-04-30 57928]
    "EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2013-02-21 2991856]
    "COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cistray.exe" [2015-02-04 1297624]
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://www.google.com/
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = <local>
    IE: Customize Menu - file://C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComCustomizeIEMenu.html
    IE: Fill Forms - file://C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComFillForms.html
    IE: Save Forms - file://C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComSavePass.html
    IE: Show RoboForm Toolbar - file://C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComShowToolbar.html
    TCP: Interfaces\{7258CE01-B786-4EA8-B17F-96D63D4FD556}: NameServer = 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
    FF - ProfilePath - c:\users\Lee\AppData\Roaming\Mozilla\Firefox\Profiles\4nv1m69g.default-1409845280021\
    FF - prefs.js: browser.startup.homepage - hxxp://news.sky.com/
    FF - prefs.js: network.proxy.type - 4
    .
    - - - - ORPHANS REMOVED - - - -
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\TotalMedia Server.lnk - c:\program files (x86)\ArcSoft\TotalMedia Theatre 6\TotalMedia Server\TM Server.exe
    ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)
    AddRemove-dBpoweramp - c:\windows\system32\SpoonUninstall.exe
    AddRemove-dBpoweramp DSP Effects - c:\windows\system32\SpoonUninstall.exe
    AddRemove-HelixYUVCodecs - c:\windows\system32\uninstHelixYUV.exe
    .
    .
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\DUMeterSvc]
    "ImagePath"="c:\program files (x86)\DU Meter\DUMeterSvc.exe /startedbyscm:E1F6D4BE-40E33354-DUMeterService"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{C5F942FD-1110-4664-86CE-0C6BDA305235}]
    "ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD14\Common\NavFilter\000.fcl"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\COMODO\CIS\Installer\Sym_Cam\CIS]
    "SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
    00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Environment*]
    "v5Licence0"="15-5S4H-NNE7-9T31-SDYA-7EM4-HH8VUVW"
    "Activated"="N"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\CmdAgent\Mode\Configurations]
    "SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
    00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,59,00,53,00,\
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\CmdAgent\Mode\Data]
    "SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
    00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\CmdAgent\Mode\Options]
    "SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
    00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Cam]
    "SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
    00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro]
    "SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
    00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,59,00,53,00,\
    .
    Completion time: 2015-03-13 05:05:25
    ComboFix-quarantined-files.txt 2015-03-13 05:05
    .
    Pre-Run: 70,163,976,192 bytes free
    Post-Run: 71,182,893,056 bytes free
    .
    - - End Of File - - 7B83F37F496F4115E38D65B79705B47D
    B1F7D7F6E4FBE98E578562A22A94D02C
     
  12. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    Re-run Farbar Recovery Scan Tool (FRST) you ran at the very beginning of this topic.

    • Double-click to run it. When the tool opens click Yes to disclaimer.
    • Make sure you checkmark Addition.txt box.
    • Press Scan button.
    • Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.
     
  13. cossie96

    cossie96 TS Rookie Topic Starter Posts: 21

    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
    Ran by Lee (administrator) on LEE-PC on 13-03-2015 22:11:10
    Running from C:\Users\Lee\Desktop
    Loaded Profiles: Lee (Available profiles: Lee & LogMeInRemoteUser & Administrator)
    Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
    Internet Explorer Version 11 (Default browser: FF)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
    (Intel Corporation) C:\Windows\System32\igfxCUIService.exe
    (CrypKey (Canada) Ltd.) C:\Windows\System32\Crypserv.exe
    (Hagel Technologies Ltd.) C:\Program Files (x86)\DU Meter\DUMeterSvc.exe
    (COMODO) C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
    () C:\Program Files\Core Temp\Core Temp.exe
    (Hagel Technologies Ltd.) C:\Program Files (x86)\DU Meter\DUMeter.exe
    (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler.exe
    (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
    (Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
    (LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
    (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler64.exe
    (Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
    (StarWind Software) C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
    (Intel Corporation) C:\Windows\System32\igfxHK.exe
    (Intel Corporation) C:\Windows\System32\igfxTray.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    (Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
    (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
    (Siber Systems) C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
    (Akamai Technologies, Inc.) C:\Users\Lee\AppData\Local\Akamai\netsession_win.exe
    (Intel Corporation) C:\Windows\System32\igfxEM.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
    (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    (Akamai Technologies, Inc.) C:\Users\Lee\AppData\Local\Akamai\netsession_win.exe
    (Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe
    (Samsung Electronics.) C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe
    (COMODO) C:\Program Files\COMODO\COMODO Internet Security\cis.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
    (Logitech, Inc.) C:\Program Files\Logitech\SetPointP\LogiAppBroker.exe
    (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
    (Azureus Software, Inc) C:\Program Files\Vuze - Copy\Azureus.exe
    (COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
    (Farbar) C:\Users\Lee\Desktop\FRST64(1).exe


    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12503184 2012-06-11] (Realtek Semiconductor)
    HKLM\...\Run: [LogMeIn GUI] => C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe [57928 2013-04-30] (LogMeIn, Inc.)
    HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [2991856 2013-02-21] (Logitech, Inc.)
    HKLM\...\Run: [COMODO Internet Security] => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1297624 2015-02-04] (COMODO)
    HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291648 2012-05-20] (Intel Corporation)
    HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2015-02-01] (Safer-Networking Ltd.)
    HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [335232 2015-03-10] (Oracle Corporation)
    Winlogon\Notify\igfxcui: igfxdev.dll [X]
    Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
    HKU\S-1-5-21-2617431701-2952813283-2152824867-1000\...\Run: [DU Meter] => C:\Program Files (x86)\DU Meter\DUMeter.exe [1832448 2015-01-30] (Hagel Technologies Ltd.)
    HKU\S-1-5-21-2617431701-2952813283-2152824867-1000\...\Run: [RoboForm] => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [109784 2014-06-11] (Siber Systems)
    HKU\S-1-5-21-2617431701-2952813283-2152824867-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Lee\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-29] (Akamai Technologies, Inc.)
    HKU\S-1-5-21-2617431701-2952813283-2152824867-1000\...\Policies\Explorer: [NoDriveTypeAutoRun] 0x91000000
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
    BootExecute: sdnclean64.exe

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKU\S-1-5-21-2617431701-2952813283-2152824867-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
    HKU\S-1-5-21-2617431701-2952813283-2152824867-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    SearchScopes: HKLM-x32 -> {721061fb-eb79-4568-a03c-3ce26d68dae9} URL = http://ww.safetab.org/textresults.php?q={searchTerms}&full=1
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    BHO: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2009-03-13] (Siber Systems Inc.)
    BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_40\bin\ssv.dll [2015-03-10] (Oracle Corporation)
    BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll [2013-02-21] (Logitech, Inc.)
    BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-03-10] (Oracle Corporation)
    BHO-x32: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll [2009-03-13] (Siber Systems Inc.)
    BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dll [2015-03-10] (Oracle Corporation)
    BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2013-02-21] (Logitech, Inc.)
    BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-03-10] (Oracle Corporation)
    Toolbar: HKLM - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2009-03-13] (Siber Systems Inc.)
    Toolbar: HKLM-x32 - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll [2009-03-13] (Siber Systems Inc.)
    Toolbar: HKU\S-1-5-21-2617431701-2952813283-2152824867-1000 -> &RoboForm Toolbar - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2009-03-13] (Siber Systems Inc.)
    Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
    Tcpip\..\Interfaces\{7258CE01-B786-4EA8-B17F-96D63D4FD556}: [NameServer] 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1

    FireFox:
    ========
    FF ProfilePath: C:\Users\Lee\AppData\Roaming\Mozilla\Firefox\Profiles\4nv1m69g.default-1409845280021
    FF DefaultSearchEngine: Google UK
    FF Homepage: hxxp://news.sky.com/
    FF NetworkProxy: "no_proxies_on", ""
    FF NetworkProxy: "type", 4
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-03-09] ()
    FF Plugin: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-03-10] (Oracle Corporation)
    FF Plugin: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-10] (Oracle Corporation)
    FF Plugin: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll [2013-06-06] (Microsoft Corporation)
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
    FF Plugin: @sview.ru/sView -> C:\Program Files\sView\amd64\npStBrowserPlugin.dll [2014-03-01] ()
    FF Plugin: @videolan.org/vlc,version=2.1.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-30] (VideoLAN)
    FF Plugin: @videolan.org/vlc,version=2.1.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-30] (VideoLAN)
    FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-30] (VideoLAN)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-03-09] ()
    FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL [2013-04-19] (CANON INC.)
    FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
    FF Plugin-x32: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-03-10] (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-10] (Oracle Corporation)
    FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll [2012-05-25] (Yahoo! Inc.)
    FF Plugin-x32: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll [2013-06-06] (Microsoft Corporation)
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
    FF Plugin-x32: @mozilla.zeniko.ch/PDFlite_Browser_Plugin -> C:\Program Files (x86)\PDFlite\npPdfViewer.dll [2014-02-26] (Simon Bünzli)
    FF Plugin-x32: @sview.ru/sView -> C:\Program Files\sView\npStBrowserPlugin.dll [2014-03-01] ()
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-03] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-03] (Google Inc.)
    FF Plugin HKU\S-1-5-21-2617431701-2952813283-2152824867-1000: @hola.org/vlc,version=1.6.256 -> C:\Users\Lee\AppData\Local\Hola\firefox\app\vlc No File
    FF Plugin HKU\S-1-5-21-2617431701-2952813283-2152824867-1000: @mozilla.zeniko.ch/PDFlite_Browser_Plugin -> C:\Program Files (x86)\PDFlite\npPdfViewer.dll [2014-02-26] (Simon Bünzli)
    FF SearchPlugin: C:\Users\Lee\AppData\Roaming\Mozilla\Firefox\Profiles\4nv1m69g.default-1409845280021\searchplugins\d568b61e-ff95-47ff-89aa-3551e83792fb.xml [2014-12-07]
    FF Extension: Element Hiding Helper for Adblock Plus - C:\Users\Lee\AppData\Roaming\Mozilla\Firefox\Profiles\4nv1m69g.default-1409845280021\Extensions\elemhidehelper@adblockplus.org.xpi [2014-09-04]
    FF Extension: Ghostery - C:\Users\Lee\AppData\Roaming\Mozilla\Firefox\Profiles\4nv1m69g.default-1409845280021\Extensions\firefox@ghostery.com.xpi [2014-09-04]
    FF Extension: The Camelizer - Price Tracker - C:\Users\Lee\AppData\Roaming\Mozilla\Firefox\Profiles\4nv1m69g.default-1409845280021\Extensions\izer@camelcamelcamel.com.xpi [2014-09-12]
    FF Extension: Google Translator for Firefox - C:\Users\Lee\AppData\Roaming\Mozilla\Firefox\Profiles\4nv1m69g.default-1409845280021\Extensions\translator@zoli.bod.xpi [2014-10-07]
    FF Extension: Adblock Plus Filter Uploader - C:\Users\Lee\AppData\Roaming\Mozilla\Firefox\Profiles\4nv1m69g.default-1409845280021\Extensions\uploader@adblockfilters.mozdev.org.xpi [2014-09-04]
    FF Extension: All-in-One Sidebar - C:\Users\Lee\AppData\Roaming\Mozilla\Firefox\Profiles\4nv1m69g.default-1409845280021\Extensions\{097d3191-e6fa-4728-9826-b533d755359d}.xpi [2014-09-04]
    FF Extension: ScrapBook - C:\Users\Lee\AppData\Roaming\Mozilla\Firefox\Profiles\4nv1m69g.default-1409845280021\Extensions\{53A03D43-5363-4669-8190-99061B2DEBA5}.xpi [2014-09-18]
    FF Extension: Adblock Plus - C:\Users\Lee\AppData\Roaming\Mozilla\Firefox\Profiles\4nv1m69g.default-1409845280021\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-09-04]
    FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
    FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2013-06-06]
    FF HKLM-x32\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox
    FF Extension: RoboForm Toolbar for Firefox - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox [2013-06-07]
    FF HKU\S-1-5-21-2617431701-2952813283-2152824867-1000\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox

    Chrome:
    =======
    CHR StartupUrls: Default -> "hxxp://www.google.co.uk/"
    CHR DefaultSearchKeyword: Default -> search.conduit.com
    CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\PepperFlash\pepflashplayer.dll ()
    CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
    CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\ppGoogleNaClPluginChrome.dll No File
    CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\pdf.dll ()
    CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
    CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
    CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
    CHR Plugin: (Java(TM) Platform SE 7 U25) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll No File
    CHR Plugin: (SumatraPDF Browser Plugin) - C:\Program Files (x86)\PDFlite\npPdfViewer.dll (Simon Bünzli)
    CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll No File
    CHR Plugin: (CANON iMAGE GATEWAY Album Plugin Utility for IJ) - C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
    CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll No File
    CHR Plugin: (Java Deployment Toolkit 7.0.250.16) - C:\Windows\SysWOW64\npDeployJava1.dll No File
    CHR Profile: C:\Users\Lee\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Google Docs) - C:\Users\Lee\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-07-31]
    CHR Extension: (Google Drive) - C:\Users\Lee\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-07-31]
    CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Lee\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-24]
    CHR Extension: (YouTube) - C:\Users\Lee\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-07-31]
    CHR Extension: (Webpage Screenshot) - C:\Users\Lee\AppData\Local\Google\Chrome\User Data\Default\Extensions\ckibcdccnfeookdmbahgiakhnjcddpki [2014-05-20]
    CHR Extension: (Google Search) - C:\Users\Lee\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-07-31]
    CHR Extension: (Logitech SetPoint) - C:\Users\Lee\AppData\Local\Google\Chrome\User Data\Default\Extensions\edaibbiobngpbmeonadpbfafbkimjbdd [2013-07-31]
    CHR Extension: (Google Wallet) - C:\Users\Lee\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-24]
    CHR Extension: (Gmail) - C:\Users\Lee\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-07-31]
    CHR HKLM-x32\...\Chrome\Extension: [edaibbiobngpbmeonadpbfafbkimjbdd] - C:\ProgramData\Logitech\LogiSmoothChromeExt.crx [2013-06-06]
    CHR HKLM-x32\...\Chrome\Extension: [pnlccmojcmeohlpggmfnbbiapkmbliob] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\rf-chrome.crx [2014-06-11]

    ==================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2015-02-28] (Adobe Systems) [File not signed]
    S2 AxAutoMntSrv; C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [75624 2015-01-03] (Alcohol Soft Development Team)
    R2 CmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [7618952 2015-02-04] (COMODO)
    S3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2265304 2015-02-04] (COMODO)
    R2 Crypkey License; C:\Windows\system32\crypserv.exe [122880 2008-05-07] (CrypKey (Canada) Ltd.) [File not signed]
    R2 DUMeterSvc; C:\Program Files (x86)\DU Meter\DUMeterSvc.exe [1062912 2015-01-30] (Hagel Technologies Ltd.) [File not signed]
    S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]
    R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [282096 2014-03-17] (Intel Corporation)
    R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
    R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [376144 2013-08-12] (LogMeIn, Inc.)
    S2 LMIMaint; C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe [226640 2013-08-12] (LogMeIn, Inc.)
    S2 LogMeIn; C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe [407424 2013-04-30] (LogMeIn, Inc.)
    S4 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-03-06] (Malwarebytes Corporation)
    S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2015-03-06] (Malwarebytes Corporation)
    S3 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2015-02-01] (Safer-Networking Ltd.)
    S3 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2015-02-01] (Safer-Networking Ltd.)
    S3 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2015-02-01] (Safer-Networking Ltd.)
    R2 StarWindServiceAE; C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [370688 2015-01-03] (StarWind Software) [File not signed]
    R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [150440 2014-12-23] (SlySoft, Inc.)
    R3 AnyDVD; C:\Windows\SysWOW64\Drivers\AnyDVD.sys [150440 2014-12-23] (SlySoft, Inc.)
    R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [20184 2015-01-30] (COMODO)
    R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [792648 2015-01-30] (COMODO)
    S3 cpudrv64; C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [17864 2011-06-02] ()
    R3 DUMeterDrv; C:\Program Files (x86)\DU Meter\DUMETR64.SYS [20968 2015-03-13] (Hagel Technologies Ltd.) [File not signed]
    R1 dvdfabio; C:\Windows\system32\drivers\dvdfabio.sys [12704 2014-08-29] (DVDFab Software)
    R0 EUBKMON; C:\Windows\System32\drivers\EUBKMON.sys [48136 2014-10-14] ()
    S3 GVTDrv64; C:\Windows\GVTDrv64.sys [30528 2014-04-25] ()
    S2 Hardlock; C:\Windows\system32\drivers\hardlock.sys [296448 2005-06-14] (Aladdin Knowledge Systems Ltd.) [File not signed]
    S3 ISCT; C:\Windows\System32\DRIVERS\ISCTD64.sys [46568 2013-01-18] ()
    R3 L1C; C:\Windows\System32\DRIVERS\L1C62x64.sys [110744 2012-07-19] (Qualcomm Atheros Co., Ltd.)
    S2 LMIInfo; C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [16056 2013-04-30] (LogMeIn, Inc.)
    S4 LMIRfsClientNP; No ImagePath
    R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-03-06] (Malwarebytes Corporation)
    S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-03-06] (Malwarebytes Corporation)
    R1 NetworkX; C:\Windows\system32\ckldrv.sys [28664 2008-03-17] ()
    R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-08-10] (Corel Corporation)
    U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-03-13] ()
    R3 vdrive; C:\Windows\System32\DRIVERS\vdrive.sys [44960 2014-08-29] (DVDFab Software)
    R3 WsAudio_Device(1); C:\Windows\System32\drivers\VirtualAudio1.sys [31080 2015-01-31] (Wondershare)
    R3 WsAudio_Device(2); C:\Windows\System32\drivers\VirtualAudio2.sys [31080 2015-01-31] (Wondershare)
    R3 WsAudio_Device(3); C:\Windows\System32\drivers\VirtualAudio3.sys [31080 2015-01-31] (Wondershare)
    R3 WsAudio_Device(4); C:\Windows\System32\drivers\VirtualAudio4.sys [31080 2015-01-31] (Wondershare)
    R3 WsAudio_Device(5); C:\Windows\System32\drivers\VirtualAudio5.sys [31080 2015-01-31] (Wondershare)
    R2 {C5F942FD-1110-4664-86CE-0C6BDA305235}; C:\Program Files (x86)\CyberLink\PowerDVD14\Common\NavFilter\000.fcl [32456 2014-11-04] (CyberLink Corp.)
    R3 ALSysIO; \??\C:\TEMP\ALSysIO64.sys [X]
    S1 ArcCtrl; system32\drivers\ArcCtrl.sys [X]
    S1 ArcSec; system32\drivers\ArcSec.sys [X]
    S3 catchme; \??\C:\ComboFix\catchme.sys [X]
    S3 dgderdrv; System32\drivers\dgderdrv.sys [X]
    S4 nvlddmkm; system32\DRIVERS\nvlddmkm.sys [X]
    S4 nvvad_WaveExtensible; system32\drivers\nvvad64v.sys [X]
    S4 sptd; \SystemRoot\System32\Drivers\sptd.sys [X]
    S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
     
  14. cossie96

    cossie96 TS Rookie Topic Starter Posts: 21

    ==================== One Month Created Files and Folders ========

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-03-13 17:54 - 2015-03-13 20:48 - 00000224 _____ () C:\Windows\setupact.log
    2015-03-13 17:54 - 2015-03-13 17:54 - 00000000 _____ () C:\Windows\setuperr.log
    2015-03-13 16:23 - 2015-03-13 16:23 - 00001624 _____ () C:\Users\Public\Desktop\Vuze.lnk
    2015-03-13 16:23 - 2015-03-13 16:23 - 00001624 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vuze.lnk
    2015-03-13 16:23 - 2015-03-13 16:23 - 00000000 ____D () C:\Program Files\Vuze
    2015-03-13 05:05 - 2015-03-13 05:05 - 00025921 _____ () C:\ComboFix.txt
    2015-03-13 04:51 - 2015-03-13 05:05 - 00000000 ____D () C:\ComboFix
    2015-03-13 04:51 - 2011-06-26 06:45 - 00256000 _____ () C:\Windows\PEV.exe
    2015-03-13 04:51 - 2010-11-07 17:20 - 00208896 _____ () C:\Windows\MBR.exe
    2015-03-13 04:51 - 2009-04-20 04:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
    2015-03-13 04:51 - 2000-08-31 00:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
    2015-03-13 04:51 - 2000-08-31 00:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
    2015-03-13 04:51 - 2000-08-31 00:00 - 00098816 _____ () C:\Windows\sed.exe
    2015-03-13 04:51 - 2000-08-31 00:00 - 00080412 _____ () C:\Windows\grep.exe
    2015-03-13 04:51 - 2000-08-31 00:00 - 00068096 _____ () C:\Windows\zip.exe
    2015-03-13 04:47 - 2015-03-13 04:47 - 05613296 ____R (Swearware) C:\Users\Lee\Desktop\ComboFix.exe
    2015-03-13 04:40 - 2015-03-13 05:05 - 00000000 ____D () C:\Qoobox
    2015-03-13 04:40 - 2015-03-13 05:03 - 00000000 ____D () C:\Windows\erdnt
    2015-03-13 02:08 - 2015-03-13 02:08 - 00000823 _____ () C:\Users\Lee\Desktop\JRT.txt
    2015-03-13 01:57 - 2015-03-13 01:57 - 00003011 _____ () C:\Users\Lee\Desktop\AdwCleaner[S8].txt
    2015-03-13 01:51 - 2015-03-13 01:51 - 01388333 _____ (Thisisu) C:\Users\Lee\Desktop\JRT.exe
    2015-03-13 01:50 - 2015-03-13 01:50 - 02171392 _____ () C:\Users\Lee\Desktop\adwcleaner_4.112.exe
    2015-03-13 01:48 - 2015-03-13 02:47 - 00001045 _____ () C:\Users\Lee\Desktop\mb.txt
    2015-03-13 01:30 - 2015-03-13 01:30 - 00008451 _____ () C:\Users\Lee\Desktop\RKreport_DEL_03132015_012915.log
    2015-03-13 01:22 - 2015-03-13 01:30 - 00000000 ____D () C:\ProgramData\RogueKiller
    2015-03-13 01:22 - 2015-03-13 01:22 - 00035064 _____ () C:\Windows\system32\Drivers\TrueSight.sys
    2015-03-13 01:19 - 2015-03-13 01:19 - 15632984 _____ () C:\Users\Lee\Desktop\RogueKiller.exe
    2015-03-13 00:05 - 2015-03-13 00:05 - 00063806 _____ () C:\Users\Lee\Desktop\Addition.txt
    2015-03-13 00:04 - 2015-03-13 22:11 - 00024398 _____ () C:\Users\Lee\Desktop\FRST.txt
    2015-03-13 00:02 - 2015-03-13 00:02 - 02095616 _____ (Farbar) C:\Users\Lee\Desktop\FRST64(1).exe
    2015-03-12 15:38 - 2015-03-12 15:38 - 00001424 _____ () C:\Users\Lee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
    2015-03-10 19:48 - 2015-03-10 19:48 - 25021440 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2015-03-10 19:48 - 2015-03-10 19:48 - 19720192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2015-03-10 19:48 - 2015-03-10 19:48 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
    2015-03-10 19:48 - 2015-03-10 19:48 - 14398976 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
    2015-03-10 19:48 - 2015-03-10 19:48 - 14177280 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
    2015-03-10 19:48 - 2015-03-10 19:48 - 12875264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
    2015-03-10 19:48 - 2015-03-10 19:48 - 12827648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2015-03-10 19:48 - 2015-03-10 19:48 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
    2015-03-10 19:48 - 2015-03-10 19:48 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
    2015-03-10 19:48 - 2015-03-10 19:48 - 11411968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
    2015-03-10 19:48 - 2015-03-10 19:48 - 06035456 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
    2015-03-10 19:48 - 2015-03-10 19:48 - 05554104 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
    2015-03-10 19:48 - 2015-03-10 19:48 - 04300288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2015-03-10 19:48 - 2015-03-10 19:48 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
    2015-03-10 19:48 - 2015-03-10 19:48 - 03973048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
    2015-03-10 19:48 - 2015-03-10 19:48 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
    2015-03-10 19:48 - 2015-03-10 19:48 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
    2015-03-10 19:48 - 2015-03-10 19:48 - 03204096 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
    2015-03-10 19:48 - 2015-03-10 19:48 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
    2015-03-10 19:48 - 2015-03-10 19:48 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
    2015-03-10 19:48 - 2015-03-10 19:48 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
    2015-03-10 19:48 - 2015-03-10 19:48 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2015-03-10 19:48 - 2015-03-10 19:48 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
    2015-03-10 19:48 - 2015-03-10 19:48 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2015-03-10 19:48 - 2015-03-10 19:48 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2015-03-10 19:48 - 2015-03-10 19:48 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
    2015-03-10 19:48 - 2015-03-10 19:48 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
    2015-03-10 19:48 - 2015-03-10 19:48 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
    2015-03-10 19:48 - 2015-03-10 19:48 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
    2015-03-10 19:48 - 2015-03-10 19:48 - 01424896 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
    2015-03-10 19:48 - 2015-03-10 19:48 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
    2015-03-10 19:48 - 2015-03-10 19:48 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
    2015-03-10 19:48 - 2015-03-10 19:48 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2015-03-10 19:48 - 2015-03-10 19:48 - 01230848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
    2015-03-10 19:48 - 2015-03-10 19:48 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
    2015-03-10 19:48 - 2015-03-10 19:48 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
    2015-03-10 19:48 - 2015-03-10 19:48 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
    2015-03-10 19:48 - 2015-03-10 19:48 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
    2015-03-10 19:48 - 2015-03-10 19:48 - 01067520 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
    2015-03-10 19:48 - 2015-03-10 19:48 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
    2015-03-10 19:48 - 2015-03-10 19:48 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
    2015-03-10 19:48 - 2015-03-10 19:48 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
    2015-03-10 19:48 - 2015-03-10 19:48 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
    2015-03-10 19:48 - 2015-03-10 19:48 - 00828928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
    2015-03-10 19:48 - 2015-03-10 19:48 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
    2015-03-10 19:48 - 2015-03-10 19:48 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
    2015-03-10 19:48 - 2015-03-10 19:48 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
    2015-03-10 19:48 - 2015-03-10 19:48 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
    2015-03-10 19:48 - 2015-03-10 19:48 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
    2015-03-10 19:48 - 2015-03-10 19:48 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
    2015-03-10 19:48 - 2015-03-10 19:48 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
    2015-03-10 19:48 - 2015-03-10 19:48 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
    2015-03-10 19:48 - 2015-03-10 19:48 - 00693176 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
    2015-03-10 19:48 - 2015-03-10 19:48 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2015-03-10 19:48 - 2015-03-10 19:48 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
    2015-03-10 19:48 - 2015-03-10 19:48 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
    2015-03-10 19:48 - 2015-03-10 19:48 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
    2015-03-10 19:48 - 2015-03-10 19:48 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
    2015-03-10 19:48 - 2015-03-10 19:48 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
    2015-03-10 19:48 - 2015-03-10 19:48 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
    2015-03-10 19:48 - 2015-03-10 19:48 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
    2015-03-10 19:48 - 2015-03-10 19:48 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
    2015-03-10 19:48 - 2015-03-10 19:48 - 00619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
    2015-03-10 19:48 - 2015-03-10 19:48 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
    2015-03-10 19:48 - 2015-03-10 19:48 - 00616360 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
    2015-03-10 19:48 - 2015-03-10 19:48 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
    2015-03-10 19:48 - 2015-03-10 19:48 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
    2015-03-10 19:48 - 2015-03-10 19:48 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
    2015-03-10 19:48 - 2015-03-10 19:48 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
    2015-03-10 19:48 - 2015-03-10 19:48 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
    2015-03-10 19:48 - 2015-03-10 19:48 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2015-03-10 19:48 - 2015-03-10 19:48 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
    2015-03-10 19:48 - 2015-03-10 19:48 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
    2015-03-10 19:48 - 2015-03-10 19:48 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
    2015-03-10 19:48 - 2015-03-10 19:48 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
    2015-03-10 19:48 - 2015-03-10 19:48 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2015-03-10 19:48 - 2015-03-10 19:48 - 00459336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
    2015-03-10 19:48 - 2015-03-10 19:48 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
    2015-03-10 19:48 - 2015-03-10 19:48 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
    2015-03-10 19:48 - 2015-03-10 19:48 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
    2015-03-10 19:48 - 2015-03-10 19:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
    2015-03-10 19:48 - 2015-03-10 19:48 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
    2015-03-10 19:48 - 2015-03-10 19:48 - 00389800 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
    2015-03-10 19:48 - 2015-03-10 19:48 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
    2015-03-10 19:48 - 2015-03-10 19:48 - 00372224 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
    2015-03-10 19:48 - 2015-03-10 19:48 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
    2015-03-10 19:48 - 2015-03-10 19:48 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
    2015-03-10 19:48 - 2015-03-10 19:48 - 00342696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
    2015-03-10 19:48 - 2015-03-10 19:48 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
    2015-03-10 19:48 - 2015-03-10 19:48 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
    2015-03-10 19:48 - 2015-03-10 19:48 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
    2015-03-10 19:48 - 2015-03-10 19:48 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
    2015-03-10 19:48 - 2015-03-10 19:48 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
    2015-03-10 19:48 - 2015-03-10 19:48 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
    2015-03-10 19:48 - 2015-03-10 19:48 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
    2015-03-10 19:48 - 2015-03-10 19:48 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
    2015-03-10 19:48 - 2015-03-10 19:48 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
    2015-03-10 19:48 - 2015-03-10 19:48 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
    2015-03-10 19:48 - 2015-03-10 19:48 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
    2015-03-10 19:48 - 2015-03-10 19:48 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
    2015-03-10 19:48 - 2015-03-10 19:48 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
    2015-03-10 19:48 - 2015-03-10 19:48 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
    2015-03-10 19:48 - 2015-03-10 19:48 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
    2015-03-10 19:48 - 2015-03-10 19:48 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
    2015-03-10 19:48 - 2015-03-10 19:48 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
    2015-03-10 19:48 - 2015-03-10 19:48 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
    2015-03-10 19:48 - 2015-03-10 19:48 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
    2015-03-10 19:48 - 2015-03-10 19:48 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
    2015-03-10 19:48 - 2015-03-10 19:48 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
    2015-03-10 19:48 - 2015-03-10 19:48 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
    2015-03-10 19:48 - 2015-03-10 19:48 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
    2015-03-10 19:48 - 2015-03-10 19:48 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
    2015-03-10 19:48 - 2015-03-10 19:48 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
    2015-03-10 19:48 - 2015-03-10 19:48 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ubpm.dll
    2015-03-10 19:48 - 2015-03-10 19:48 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
    2015-03-10 19:48 - 2015-03-10 19:48 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
    2015-03-10 19:48 - 2015-03-10 19:48 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
    2015-03-10 19:48 - 2015-03-10 19:48 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
    2015-03-10 19:48 - 2015-03-10 19:48 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
    2015-03-10 19:48 - 2015-03-10 19:48 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
    2015-03-10 19:48 - 2015-03-10 19:48 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
    2015-03-10 19:48 - 2015-03-10 19:48 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
    2015-03-10 19:48 - 2015-03-10 19:48 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
    2015-03-10 19:48 - 2015-03-10 19:48 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
    2015-03-10 19:48 - 2015-03-10 19:48 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2015-03-10 19:48 - 2015-03-10 19:48 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
    2015-03-10 19:48 - 2015-03-10 19:48 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
    2015-03-10 19:48 - 2015-03-10 19:48 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
    2015-03-10 19:48 - 2015-03-10 19:48 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
    2015-03-10 19:48 - 2015-03-10 19:48 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
    2015-03-10 19:48 - 2015-03-10 19:48 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
    2015-03-10 19:48 - 2015-03-10 19:48 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
    2015-03-10 19:48 - 2015-03-10 19:48 - 00094656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
    2015-03-10 19:48 - 2015-03-10 19:48 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
    2015-03-10 19:48 - 2015-03-10 19:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
    2015-03-10 19:48 - 2015-03-10 19:48 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
    2015-03-10 19:48 - 2015-03-10 19:48 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
    2015-03-10 19:48 - 2015-03-10 19:48 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
    2015-03-10 19:48 - 2015-03-10 19:48 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
    2015-03-10 19:48 - 2015-03-10 19:48 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2015-03-10 19:48 - 2015-03-10 19:48 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
    2015-03-10 19:48 - 2015-03-10 19:48 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
    2015-03-10 19:48 - 2015-03-10 19:48 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
    2015-03-10 19:48 - 2015-03-10 19:48 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
    2015-03-10 19:48 - 2015-03-10 19:48 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
    2015-03-10 19:48 - 2015-03-10 19:48 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
    2015-03-10 19:48 - 2015-03-10 19:48 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
    2015-03-10 19:48 - 2015-03-10 19:48 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
    2015-03-10 19:48 - 2015-03-10 19:48 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
    2015-03-10 19:48 - 2015-03-10 19:48 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
    2015-03-10 19:48 - 2015-03-10 19:48 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
    2015-03-10 19:48 - 2015-03-10 19:48 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
    2015-03-10 19:48 - 2015-03-10 19:48 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
    2015-03-10 19:48 - 2015-03-10 19:48 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
    2015-03-10 19:48 - 2015-03-10 19:48 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
    2015-03-10 19:48 - 2015-03-10 19:48 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
    2015-03-10 19:48 - 2015-03-10 19:48 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
    2015-03-10 19:48 - 2015-03-10 19:48 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
    2015-03-10 19:48 - 2015-03-10 19:48 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
    2015-03-10 19:48 - 2015-03-10 19:48 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
    2015-03-10 19:48 - 2015-03-10 19:48 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2015-03-10 19:48 - 2015-03-10 19:48 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
    2015-03-10 19:48 - 2015-03-10 19:48 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
    2015-03-10 19:48 - 2015-03-10 19:48 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
    2015-03-10 19:48 - 2015-03-10 19:48 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
    2015-03-10 19:48 - 2015-03-10 19:48 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll
    2015-03-10 19:48 - 2015-03-10 19:48 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
    2015-03-10 19:48 - 2015-03-10 19:48 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
    2015-03-10 19:48 - 2015-03-10 19:48 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
    2015-03-10 19:48 - 2015-03-10 19:48 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
    2015-03-10 19:48 - 2015-03-10 19:48 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
    2015-03-10 19:48 - 2015-03-10 19:48 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
    2015-03-10 19:48 - 2015-03-10 19:48 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
    2015-03-10 19:48 - 2015-03-10 19:48 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
    2015-03-10 19:48 - 2015-03-10 19:48 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
    2015-03-10 19:48 - 2015-03-10 19:48 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
    2015-03-10 19:48 - 2015-03-10 19:48 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
    2015-03-10 19:48 - 2015-03-10 19:48 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
    2015-03-10 19:48 - 2015-03-10 19:48 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
    2015-03-10 19:48 - 2015-03-10 19:48 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
    2015-03-10 19:48 - 2015-03-10 19:48 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
    2015-03-10 19:48 - 2015-03-10 19:48 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
    2015-03-10 19:48 - 2015-03-10 19:48 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe
    2015-03-10 19:48 - 2015-03-10 19:48 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
    2015-03-10 19:48 - 2015-03-10 19:48 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
    2015-03-10 19:48 - 2015-03-10 19:48 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
    2015-03-10 19:48 - 2015-03-10 19:48 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe
    2015-03-10 19:48 - 2015-03-10 19:48 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll
    2015-03-10 19:48 - 2015-03-10 19:48 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
    2015-03-10 19:48 - 2015-03-10 19:48 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
    2015-03-10 19:48 - 2015-03-10 19:48 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
    2015-03-10 19:48 - 2015-03-10 19:48 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
    2015-03-10 19:48 - 2015-03-10 19:48 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
    2015-03-10 19:48 - 2015-03-10 19:48 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
    2015-03-10 19:48 - 2015-03-10 19:48 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
    2015-03-10 19:48 - 2015-03-10 19:48 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
    2015-03-10 19:48 - 2015-03-10 19:48 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
    2015-03-10 19:48 - 2015-03-10 19:48 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
    2015-03-10 19:48 - 2015-02-20 03:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
    2015-03-10 19:48 - 2015-02-20 02:22 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2015-03-10 19:46 - 2015-03-10 19:46 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
    2015-03-10 19:46 - 2015-03-10 19:46 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
    2015-03-10 17:55 - 2015-03-10 17:55 - 00001401 _____ () C:\Users\Lee\Desktop\Azureus copy.lnk
    2015-03-10 06:45 - 2015-03-13 16:22 - 00000000 ____D () C:\Program Files\Vuze - Copy
    2015-03-10 06:38 - 2015-03-10 06:37 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
    2015-03-10 06:37 - 2015-03-10 06:37 - 00000000 ____D () C:\Program Files\Java
    2015-03-10 05:50 - 2015-03-10 05:50 - 00002924 _____ () C:\Windows\System32\Tasks\{2B90FF94-BD6D-462B-BDAC-5AB4E4373D68}
    2015-03-10 05:49 - 2015-03-10 05:48 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
    2015-03-10 05:48 - 2015-03-10 05:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit
    2015-03-10 05:48 - 2015-03-10 05:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
    2015-03-09 01:14 - 2015-03-09 01:14 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2015-03-09 01:14 - 2015-03-09 01:14 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2015-03-08 15:47 - 2015-03-08 15:48 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Samsung
    2015-03-08 15:47 - 2015-03-08 15:47 - 00000000 ____D () C:\Users\Administrator\Documents\SelfMV
    2015-03-08 15:47 - 2015-03-08 15:47 - 00000000 ____D () C:\Users\Administrator\Documents\samsung
    2015-03-08 06:29 - 2015-03-08 06:29 - 00000000 ____D () C:\WMSDK
    2015-03-07 20:22 - 2009-07-14 01:14 - 00008704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ctfmon.exe.backup
    2015-03-07 17:23 - 2015-03-07 17:23 - 00028166 _____ () C:\Users\Lee\Documents\cc_20150307_172326.reg
    2015-03-07 17:23 - 2015-03-07 17:23 - 00006028 _____ () C:\Users\Lee\Documents\cc_20150307_172340.reg
    2015-03-07 00:50 - 2015-03-07 00:50 - 00000020 ___SH () C:\Users\Administrator\ntuser.ini
    2015-03-07 00:50 - 2015-03-07 00:50 - 00000000 ___RD () C:\Users\Administrator\Virtual Machines
    2015-03-07 00:50 - 2015-03-07 00:50 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Logitech
    2015-03-07 00:50 - 2015-03-07 00:50 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Adobe
    2015-03-07 00:50 - 2015-03-07 00:50 - 00000000 ____D () C:\Users\Administrator
    2015-03-07 00:50 - 2009-07-14 04:54 - 00000000 ___RD () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
    2015-03-07 00:50 - 2009-07-14 04:49 - 00000000 ___RD () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
    2015-03-07 00:24 - 2015-03-07 00:24 - 00012675 _____ () C:\Users\Lee\Desktop\hijackthis.log
    2015-03-06 21:02 - 2015-03-06 21:02 - 00023301 _____ () C:\Users\Lee\Desktop\dds.txt
    2015-03-06 21:02 - 2015-03-06 21:02 - 00007174 _____ () C:\Users\Lee\Desktop\attach.txt
    2015-03-06 01:22 - 2015-03-06 01:25 - 00285208 _____ (Trend Micro Inc.) C:\Windows\system32\Drivers\tmcomm.sys
    2015-03-05 06:30 - 2015-03-05 06:30 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
    2015-03-05 06:30 - 2015-03-05 06:30 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
    2015-03-05 06:30 - 2015-03-05 06:30 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
    2015-03-05 06:30 - 2015-03-05 06:30 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
    2015-03-05 06:30 - 2015-03-05 06:30 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
    2015-03-05 06:30 - 2015-03-05 06:30 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2015-03-05 06:30 - 2015-03-05 06:30 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
    2015-03-05 06:30 - 2015-03-05 06:30 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
    2015-03-05 06:30 - 2015-03-05 06:30 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
    2015-03-05 06:30 - 2015-03-05 06:30 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
    2015-03-05 06:30 - 2015-03-05 06:30 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
    2015-03-05 06:30 - 2015-03-05 06:30 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
    2015-03-05 06:30 - 2015-03-05 06:30 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
    2015-03-05 06:30 - 2015-03-05 06:30 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
    2015-03-05 06:30 - 2015-03-05 06:30 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
    2015-03-05 06:30 - 2015-03-05 06:30 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
    2015-03-05 06:30 - 2015-03-05 06:30 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
    2015-03-05 06:30 - 2015-03-05 06:30 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
    2015-03-05 06:30 - 2015-03-05 06:30 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
    2015-03-05 06:30 - 2015-03-05 06:30 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
    2015-03-05 06:30 - 2015-03-05 06:30 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
    2015-03-05 06:30 - 2015-03-05 06:30 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
    2015-03-05 06:30 - 2015-03-05 06:30 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
    2015-03-05 06:30 - 2015-03-05 06:30 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
    2015-03-05 06:30 - 2015-03-05 06:30 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
    2015-03-05 06:30 - 2015-03-05 06:30 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
    2015-03-05 06:30 - 2015-03-05 06:30 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
    2015-03-05 06:30 - 2015-03-05 06:30 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
    2015-03-05 06:30 - 2015-03-05 06:30 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
    2015-03-05 06:30 - 2015-03-05 06:30 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
    2015-03-05 06:30 - 2015-03-05 06:30 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
    2015-03-05 06:30 - 2015-03-05 06:30 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
    2015-03-05 06:30 - 2015-03-05 06:30 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
    2015-03-05 06:30 - 2015-03-05 06:30 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
    2015-03-05 06:30 - 2015-03-05 06:30 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
    2015-03-05 06:30 - 2015-03-05 06:30 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
    2015-03-05 06:30 - 2015-03-05 06:30 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
    2015-03-05 06:30 - 2015-03-05 06:30 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
    2015-03-05 06:30 - 2015-03-05 06:30 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
    2015-03-05 06:30 - 2015-03-05 06:30 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
    2015-03-05 06:30 - 2015-03-05 06:30 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
    2015-03-05 06:30 - 2015-03-05 06:30 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
    2015-03-05 06:30 - 2015-03-05 06:30 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
    2015-03-05 06:30 - 2015-03-05 06:30 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
    2015-03-05 06:30 - 2015-03-05 06:30 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
    2015-03-05 06:30 - 2015-03-05 06:30 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
    2015-03-05 06:30 - 2015-03-05 06:30 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
    2015-03-05 06:30 - 2015-03-05 06:30 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
    2015-03-05 06:30 - 2015-03-05 06:30 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
    2015-03-05 06:30 - 2015-03-05 06:30 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
    2015-03-05 06:30 - 2015-03-05 06:30 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
    2015-03-05 06:30 - 2015-03-05 06:30 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
    2015-02-28 20:43 - 2015-02-28 20:43 - 00000000 ____D () C:\ProgramData\Adobe Systems
    2015-02-28 20:42 - 2015-02-28 20:42 - 00002032 _____ () C:\Users\Public\Desktop\Adobe Audition 3.0.lnk
    2015-02-28 20:21 - 2015-02-28 20:21 - 00000000 ____D () C:\Users\Lee\MCS
    2015-02-28 20:21 - 2015-02-28 20:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Aaronia AG
    2015-02-28 16:13 - 2015-02-28 16:13 - 00036356 _____ () C:\Users\Lee\Documents\cc_20150228_161312.reg
    2015-02-26 16:54 - 2015-03-06 20:42 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
    2015-02-25 14:33 - 2015-01-08 23:44 - 00419936 _____ () C:\Windows\SysWOW64\locale.nls
    2015-02-25 14:33 - 2015-01-08 23:43 - 00419936 _____ () C:\Windows\system32\locale.nls
    2015-02-23 21:31 - 2015-02-23 21:59 - 00000000 ____D () C:\Users\Lee\Desktop\New folder (6)
    2015-02-19 16:43 - 2015-02-19 16:43 - 00000000 ____D () C:\Users\Lee\AppData\Roaming\PDFlite
    2015-02-12 15:33 - 2015-02-12 15:33 - 00001687 _____ () C:\Users\Lee\Desktop\auCDtectTaskManager.exe - Shortcut.lnk
    2015-02-12 15:14 - 2015-02-12 15:33 - 00000000 ____D () C:\Program Files (x86)\auCDtect Task Manager
    2015-02-11 16:13 - 2015-02-11 16:13 - 00950272 _____ (Microsoft Corporation) C:\Windows\system32\perftrack.dll
    2015-02-11 16:13 - 2015-02-11 16:13 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\wdi.dll
    2015-02-11 16:13 - 2015-02-11 16:13 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdi.dll
    2015-02-11 16:13 - 2015-02-11 16:13 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\powertracker.dll
    2015-02-11 14:51 - 2015-02-11 14:51 - 01239720 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
    2015-02-11 14:51 - 2015-02-11 14:51 - 01098752 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
    2015-02-11 14:51 - 2015-02-11 14:51 - 00894976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
    2015-02-11 14:51 - 2015-02-11 14:51 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
    2015-02-11 14:51 - 2015-02-11 14:51 - 00762368 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
    2015-02-11 14:51 - 2015-02-11 14:51 - 00609280 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
    2015-02-11 14:51 - 2015-02-11 14:51 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
    2015-02-11 14:51 - 2015-02-11 14:51 - 00414720 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
    2015-02-11 14:51 - 2015-02-11 14:51 - 00406528 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
    2015-02-11 14:51 - 2015-02-11 14:51 - 00308224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
    2015-02-11 14:51 - 2015-02-11 14:51 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
    2015-02-11 14:51 - 2015-02-11 14:51 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll

    ==================== One Month Modified Files and Folders =======

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-03-13 22:11 - 2015-01-30 17:04 - 00000000 ____D () C:\FRST
    2015-03-13 22:11 - 2014-08-22 20:16 - 00000000 ____D () C:\TEMP
    2015-03-13 22:08 - 2013-06-06 22:35 - 00000000 ____D () C:\Users\Lee\AppData\Roaming\Azureus
    2015-03-13 22:06 - 2014-05-05 00:30 - 01474832 _____ () C:\Windows\system32\Drivers\sfi.dat
    2015-03-13 21:25 - 2013-07-31 21:38 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2015-03-13 16:52 - 2013-06-06 20:08 - 01511366 _____ () C:\Windows\WindowsUpdate.log
    2015-03-13 16:33 - 2009-07-14 04:45 - 00025232 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2015-03-13 16:33 - 2009-07-14 04:45 - 00025232 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2015-03-13 16:31 - 2009-07-14 05:13 - 00902586 _____ () C:\Windows\system32\PerfStringBackup.INI
    2015-03-13 16:28 - 2013-07-15 19:27 - 00000000 ____D () C:\Users\Lee\AppData\Roaming\uTorrent
    2015-03-13 16:27 - 2013-06-07 05:04 - 00000000 ____D () C:\Windows\Panther
    2015-03-13 16:26 - 2013-07-31 21:38 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2015-03-13 16:26 - 2009-07-14 05:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
    2015-03-13 06:26 - 2013-07-04 15:50 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DU Meter
    2015-03-13 06:26 - 2013-07-04 15:50 - 00000000 ____D () C:\Program Files (x86)\DU Meter
    2015-03-13 06:21 - 2009-07-14 05:08 - 00032620 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
    2015-03-13 05:05 - 2009-07-14 03:20 - 00000000 __RHD () C:\Users\Default
    2015-03-13 05:03 - 2009-07-14 02:34 - 00000215 _____ () C:\Windows\system.ini
    2015-03-13 04:35 - 2014-03-30 15:03 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2015-03-13 02:46 - 2014-03-30 15:03 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
    2015-03-13 01:55 - 2014-08-22 13:10 - 00000000 ____D () C:\AdwCleaner
    2015-03-13 01:53 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\system32\NDF
    2015-03-13 01:31 - 2013-08-12 04:14 - 00000000 ____D () C:\ProgramData\LogMeIn
    2015-03-12 19:26 - 2013-07-31 21:38 - 00002190 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
    2015-03-12 16:01 - 2013-07-16 13:38 - 00000000 ____D () C:\Users\Lee\AppData\Roaming\foobar2000
    2015-03-11 00:38 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\rescache
    2015-03-10 19:54 - 2014-08-23 19:56 - 00000000 ___RD () C:\Users\Lee\Virtual Machines
    2015-03-10 19:54 - 2009-07-14 04:57 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
    2015-03-10 19:53 - 2009-07-14 04:45 - 00296248 _____ () C:\Windows\system32\FNTCACHE.DAT
    2015-03-10 19:52 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
    2015-03-10 19:52 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\system32\Dism
    2015-03-10 17:51 - 2013-05-23 21:26 - 00007265 _____ () C:\Users\Lee\Desktop\BOX.txt
    2015-03-10 06:32 - 2014-12-10 14:52 - 00002094 _____ () C:\Users\Public\Desktop\Data Migration.lnk
    2015-03-10 05:48 - 2013-06-18 18:56 - 00000000 ____D () C:\Program Files (x86)\Java
    2015-03-10 05:15 - 2013-10-20 05:19 - 00000000 ____D () C:\ProgramData\Oracle
    2015-03-09 16:21 - 2013-06-19 21:31 - 00000000 ____D () C:\Program Files (x86)\!! StaxRip_1.1.8.0
    2015-03-09 01:49 - 2015-01-31 02:06 - 00000000 ____D () C:\Users\Lee\.get_iplayer
    2015-03-08 05:31 - 2014-10-21 03:33 - 00001980 _____ () C:\Users\Public\Desktop\Samsung Kies 3.lnk
    2015-03-08 05:31 - 2013-11-15 18:33 - 00000000 ____D () C:\Program Files (x86)\Samsung
    2015-03-08 01:31 - 2014-10-28 14:18 - 00000040 ___SH () C:\ProgramData\.zreglib
    2015-03-07 22:40 - 2013-07-09 22:03 - 00000000 ____D () C:\Windows\system32\MRT
    2015-03-07 22:36 - 2013-06-06 22:00 - 122905848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
    2015-03-07 20:29 - 2009-07-14 03:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
    2015-03-07 20:29 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
    2015-03-07 20:22 - 2009-07-13 23:26 - 00024064 _____ (Gerhard Schlager) C:\Windows\SysWOW64\ctfmon.exe
    2015-03-07 17:21 - 2015-02-01 06:25 - 00000000 ____D () C:\Windows\4FC9DA9DF608454E8191D7EFFDCC5726.TMP
    2015-03-07 17:21 - 2014-05-25 06:14 - 00000000 ____D () C:\Program Files (x86)\R-Linux
    2015-03-07 17:20 - 2014-11-30 22:35 - 00000000 ____D () C:\Program Files (x86)\HDD Regenerator
    2015-03-07 17:18 - 2014-12-21 17:07 - 00000000 ____D () C:\Program Files (x86)\Nero
    2015-03-07 01:22 - 2013-07-13 16:25 - 00000000 ____D () C:\ProgramData\ArcSoft
    2015-03-07 00:19 - 2009-07-14 05:32 - 00000000 ____D () C:\Windows\Offline Web Pages
    2015-03-07 00:01 - 2013-06-06 21:07 - 00295552 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
    2015-03-06 23:55 - 2009-07-14 03:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
    2015-03-06 22:57 - 2014-03-30 15:03 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
    2015-03-06 22:57 - 2014-03-30 15:03 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
    2015-03-06 22:57 - 2014-03-30 15:03 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
    2015-03-06 22:57 - 2014-03-30 15:03 - 00001113 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2015-03-06 22:57 - 2014-03-30 15:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    2015-03-06 20:44 - 2014-08-22 15:15 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
    2015-03-05 22:25 - 2015-02-01 06:41 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
    2015-03-05 06:29 - 2013-11-11 20:42 - 00028368 _____ (Microsoft Corporation) C:\Windows\system32\IEUDINIT.EXE
    2015-03-03 06:20 - 2013-06-11 23:18 - 00000000 ____D () C:\Users\Lee\AppData\Roaming\vlc
    2015-03-02 19:59 - 2015-01-31 02:16 - 00000245 _____ () C:\Users\Lee\.swfinfo
    2015-02-28 20:44 - 2013-06-06 22:19 - 00000000 ____D () C:\Users\Lee\AppData\Roaming\Adobe
    2015-02-28 20:42 - 2014-01-26 01:36 - 00002048 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Audition 3.0.lnk
    2015-02-28 20:42 - 2013-09-08 16:49 - 00000000 ____D () C:\ProgramData\Adobe
    2015-02-28 20:21 - 2013-06-06 20:09 - 00000000 ____D () C:\Users\Lee
    2015-02-28 20:03 - 2014-03-06 20:21 - 00000000 ____D () C:\Users\Lee\AppData\Roaming\spek
    2015-02-28 16:12 - 2013-12-30 00:53 - 00000000 ____D () C:\Users\Lee\AppData\Roaming\DAEMON Tools Lite
    2015-02-28 16:12 - 2013-06-07 15:25 - 00000000 ____D () C:\Users\Lee\AppData\Roaming\Media Player Classic
    2015-02-28 16:11 - 2013-08-15 11:24 - 00000829 _____ () C:\Users\Public\Desktop\CCleaner.lnk
    2015-02-28 16:11 - 2013-08-15 11:24 - 00000000 ____D () C:\Program Files\CCleaner
    2015-02-23 16:32 - 2013-06-22 11:47 - 00001112 _____ () C:\Users\Public\Desktop\AnyDVD.lnk
    2015-02-22 04:49 - 2013-06-25 20:35 - 00000000 ____D () C:\Program Files (x86)\! BD Rebuilder
    2015-02-21 00:01 - 2013-07-18 01:46 - 00000000 ____D () C:\Users\Lee\AppData\Roaming\Mp3tag
    2015-02-19 16:41 - 2013-06-23 19:37 - 00001870 _____ () C:\Users\Public\Desktop\PDFlite.lnk
    2015-02-15 22:08 - 2014-10-28 22:25 - 00001956 _____ () C:\Users\Public\Desktop\MKVToolNix GUI preview.lnk
    2015-02-15 22:08 - 2013-06-22 11:23 - 00001873 _____ () C:\Users\Public\Desktop\mkvmerge GUI.lnk
    2015-02-14 15:35 - 2014-09-23 17:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LAV Filters
    2015-02-14 15:35 - 2014-09-23 17:31 - 00000000 ____D () C:\Program Files (x86)\LAV Filters
    2015-02-11 16:31 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\tracing
    2015-02-11 16:10 - 2014-12-10 06:25 - 00000000 ____D () C:\Windows\system32\appraiser
    2015-02-11 16:10 - 2014-04-23 19:01 - 00000000 ___SD () C:\Windows\system32\CompatTel

    ==================== Files in the root of some directories =======

    2013-11-01 22:47 - 2013-11-01 22:51 - 0000496 _____ () C:\Users\Lee\AppData\Roaming\UserMetrics.osl
    2014-12-18 02:10 - 2014-12-18 02:10 - 0031794 _____ () C:\Users\Lee\AppData\Local\13E5D428_stp.CIS
    2014-12-18 02:10 - 2014-12-18 02:10 - 0000289 _____ () C:\Users\Lee\AppData\Local\13E5D428_stp.CIS.part
    2014-12-18 02:10 - 2014-12-18 02:10 - 0382062 _____ () C:\Users\Lee\AppData\Local\6AC3B58C_stp.CIS
    2014-12-18 02:10 - 2014-12-18 02:10 - 0000220 _____ () C:\Users\Lee\AppData\Local\6AC3B58C_stp.CIS.part
    2015-03-06 17:48 - 2015-03-06 17:48 - 0000000 _____ () C:\Users\Lee\AppData\Local\ars.cache
    2015-03-06 17:48 - 2015-03-06 17:48 - 0363889 _____ () C:\Users\Lee\AppData\Local\census.cache
    2015-03-06 01:22 - 2015-03-06 01:22 - 0000036 _____ () C:\Users\Lee\AppData\Local\housecall.guid.cache
    2014-12-10 15:00 - 2014-12-10 15:00 - 0007605 _____ () C:\Users\Lee\AppData\Local\Resmon.ResmonCfg
    2015-03-06 01:28 - 2015-03-06 01:28 - 0000010 _____ () C:\Users\Lee\AppData\Local\sponge.last.runtime.cache
    2014-10-28 14:18 - 2015-03-08 01:31 - 0000040 ___SH () C:\ProgramData\.zreglib

    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\System32\winlogon.exe => File is digitally signed
    C:\Windows\System32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\System32\services.exe => File is digitally signed
    C:\Windows\System32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\System32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed
    C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2015-03-05 00:56

    ==================== End Of Log ============================
     
  15. cossie96

    cossie96 TS Rookie Topic Starter Posts: 21

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015
    Ran by Lee at 2015-03-13 22:11:25
    Running from C:\Users\Lee\Desktop
    Boot Mode: Normal
    ==========================================================


    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: COMODO Antivirus (Enabled - Up to date) {F0BC89B2-8937-0933-021B-B17D981F2A71}
    AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Spybot - Search and Destroy (Disabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
    AS: Comodo Defense+ (Disabled - Up to date) {4BDD6856-AF0D-06BD-38AB-8A0FE39860CC}

    ==================== Installed Programs ======================

    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    @Bios (HKLM-x32\...\{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}) (Version: 2.28 - GIGABYTE)
    µTorrent (HKU\S-1-5-21-2617431701-2952813283-2152824867-1000\...\uTorrent) (Version: 3.4.2.37951 - BitTorrent Inc.)
    7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version: - )
    Active@ KillDisk 9.1 (HKLM\...\{81B939C1-0219-42B6-A352-D5E43F2BDFAE}_is1) (Version: 9.1 - LSoft Technologies Inc)
    Adobe Audition 3.0 (HKLM-x32\...\Adobe Audition 3.0) (Version: 3.0 - Adobe Systems Incorporated)
    Adobe Audition 3.0 Vista Compatibility (HKLM\...\{75d2897c-87aa-4a06-8710-3ebda9f02de0}.sdb) (Version: - )
    Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
    AIDA64 Extreme v4.00 (HKLM-x32\...\AIDA64 Extreme_is1) (Version: 4.00 - FinalWire Ltd.)
    Aimersoft DRM Media Converter(Build 1.5.6.0) (HKLM-x32\...\Aimersoft DRM Media Converter_is1) (Version: - Aimersoft Software)
    Akamai NetSession Interface (HKU\S-1-5-21-2617431701-2952813283-2152824867-1000\...\Akamai) (Version: - Akamai Technologies, Inc)
    Another EAC3to GUI (HKLM-x32\...\{01D4AA75-96C7-4C4C-8238-6BC51A00C39D}) (Version: 0.9.119 - ACD)
    AnyDVD (HKLM-x32\...\AnyDVD) (Version: 7.5.8.0 - SlySoft)
    ASIO Proxy for foobar2000 (HKLM-x32\...\ASIOProxy) (Version: 0.6.5 - Maxim V.Anisiutkin)
    Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.7 - Atheros Communications Inc.)
    Auslogics DiskDefrag (HKLM-x32\...\{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1) (Version: 4.5.4.0 - Auslogics Labs Pty Ltd)
    Avidemux 2.6 - 64bits (HKLM-x32\...\Avidemux 2.6 - 64bits (64-bit)) (Version: 2.6.8.9046 - )
    AviSynth 2.5 (HKLM-x32\...\AviSynth) (Version: - )
    BBC iPlayer Downloads (HKLM-x32\...\{C3794B09-6C43-4B93-9CA8-F10BECCF2971}) (Version: 1.11.1 - BBC)
    BDtoAVCHD 2.1.5 (HKLM-x32\...\{C47F57C7-C22C-4CB8-BD48-41FF039F7E1B}) (Version: 2.1.5 - Joel Gali)
    Bitrate Viewer 2.3 (HKLM-x32\...\Bitrate Viewer) (Version: 2.3 - EDV & Astro Service)
    BitTorrent Sync (HKLM-x32\...\BitTorrent Sync) (Version: 1.4.83 - BitTorrent Inc.)
    BlackVue HD (HKLM-x32\...\BlackVueHD) (Version: - )
    BleachBit (HKLM-x32\...\BleachBit) (Version: 1.6 - BleachBit)
    Bulk Rename Utility 2.7.1.3 (HKLM\...\Bulk Rename Utility_is1) (Version: - TGRMN Software)
    Canon Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version: 4.1.6 - Canon Inc.)
    Canon MG6200 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG6200_series) (Version: - Canon Inc.)
    Canon MP Navigator EX 5.0 (HKLM-x32\...\MP Navigator EX 5.0) (Version: - )
    Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.1.0 - Canon Inc.)
    CCleaner (HKLM\...\CCleaner) (Version: 5.03 - Piriform)
    CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.4.5306 - CDBurnerXP)
    ClickRepair 3.9.1 and ClickRepairRT 1.3 (HKLM-x32\...\ClickRepair_is1) (Version: - Caloundra Audio Restoration)
    COMODO Antivirus (HKLM\...\{2736B6BD-31EC-4FC8-A48C-F0A5C914C0B6}) (Version: 7.0.55655.4142 - COMODO Security Solutions Inc.)
    Core Temp 1.0 RC6 (HKLM\...\{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1) (Version: 1.0 - Alcpu)
    Corel PaintShop Pro X4 (HKLM-x32\...\_{00580795-581C-4587-B9F2-37320D7AB37F}) (Version: 14.0.0.345 - Corel Corporation)
    Corel PaintShop Pro X4 (x32 Version: 14.0.0.345 - Corel Corporation) Hidden
    CPUID HWMonitor Pro 1.16 (HKLM\...\CPUID HWMonitorPro_is1) (Version: - )
    CrystalDiskInfo 5.6.2 (HKLM-x32\...\CrystalDiskInfo_is1) (Version: 5.6.2 - Crystal Dew World)
    CyberLink PowerDVD 14 (HKLM-x32\...\{32C8E300-BDB4-4398-92C2-E9B7D8A233DB}) (Version: 14.0.4704.58 - CyberLink Corp.)
    dBpoweramp (HKLM-x32\...\dBpoweramp) (Version: Release 15.1 - Illustrate)
    dBpoweramp DSP Effects (HKLM-x32\...\dBpoweramp DSP Effects) (Version: Release 11 - Illustrate)
    Disk Check 1.2 (HKLM\...\Disk Check_is1) (Version: - Puran Software)
    DiskInternals EFS Recovery (HKLM-x32\...\DiskInternals EFS Recovery) (Version: 2.3 - DiskInternals Research)
    Dreambox Config Creator v0.9.5 (HKLM-x32\...\{32981E26-6257-4F24-BDFB-80928C9119A8}) (Version: 0.9.5 - B16MCC)
    DreamboxUK Services Database (HKLM-x32\...\{4925E437-A7DF-44FB-AD9D-5095A32382B8}) (Version: 3.0.0 - DreamboxUK)
    DU Meter (HKLM-x32\...\DUMeter3_is1) (Version: 6.20 - Hagel Technologies Ltd.)
    Duplicate Cleaner Pro 3.2.4 (HKLM-x32\...\Duplicate Cleaner Pro) (Version: 3.2.4 - DigitalVolcano Software Ltd)
    DVD Audio Extractor 7.2.0 (HKLM-x32\...\DVD Audio Extractor_is1) (Version: - Computer Application Studio)
    DVD Decrypter (Remove Only) (HKLM-x32\...\DVD Decrypter) (Version: - )
    DVD Rebuilder (HKLM-x32\...\{584A1ECC-00AB-4FCC-B6AE-172741F32ABC}_is1) (Version: PRO v1.28.2 - jdobbs softworks and rockas association)
    DVDFab Virtual Drive (HKLM\...\DVDFab Virtual Drive_is1) (Version: 1.5.1.1 - Fengtao Software Inc.)
    EaseUS Data Recovery Wizard 6.1 (HKLM-x32\...\EaseUS Data Recovery Wizard 6.1_is1) (Version: - EaseUS)
    EncSpot Basic 2.0 (HKLM-x32\...\EncSpot Basic_is1) (Version: - GuerillaSoft)
    eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
    Exact Audio Copy 1.0beta4 (HKLM-x32\...\Exact Audio Copy) (Version: 1.0beta4 - Andre Wiethoff)
    ffdshow v1.3.4504 [2013-03-12] (HKLM-x32\...\ffdshow_is1) (Version: 1.3.4504.0 - )
    FLAC Frontend (HKLM-x32\...\{315E5E8B-0560-413A-B604-622A4C8BECBD}) (Version: 2.1.1 - Xiph.org)
    foobar2000 v1.3.2 (HKLM-x32\...\foobar2000) (Version: 1.3.2 - Peter Pawlowski)
    FreeFileSync 6.12 (HKLM-x32\...\FreeFileSync_is1) (Version: 6.12 - www.FreeFileSync.org)
    get_iplayer 4.9 (HKLM-x32\...\get_iplayer) (Version: 4.9 - infradead.org)
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 41.0.2272.89 - Google Inc.)
    Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
    Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
    Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
    Haali Media Splitter (HKLM-x32\...\HaaliMkx) (Version: - )
    HD Tune Pro 5.50 (HKLM-x32\...\HD Tune Pro_is1) (Version: - EFD Software)
    Helix YUV Codecs (remove only) (HKLM-x32\...\HelixYUVCodecs) (Version: - )
    ICA (x32 Version: 14.0.0.345 - Corel Corporation) Hidden
    ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
    Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
    Intel(R) Driver Update Utility 2.0 (x32 Version: 2.0.0.29 - Intel) Hidden
    Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
    Intel(R) Network Connections 18.3.72.0 (HKLM\...\PROSetDX) (Version: 18.3.72.0 - Intel)
    Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3496 - Intel Corporation)
    Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.63463 - Intel Corporation)
    Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.5.235 - Intel Corporation)
    Intel® Driver Update Utility (HKLM-x32\...\{8409c4f7-2340-4933-a304-5d37db4fb48b}) (Version: 2.0.0.29 - Intel)
    IPM_PSP_COM (x32 Version: 14.0.0.345 - Corel Corporation) Hidden
    Jasc Paint Shop Pro 9 (HKLM-x32\...\{F843C6A3-224D-4615-94F8-3C461BD9AEA0}) (Version: 9.00.0000 - Jasc Software Inc)
    Java 8 Update 40 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418040F0}) (Version: 8.0.400 - Oracle Corporation)
    Java 8 Update 40 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218040F0}) (Version: 8.0.400 - Oracle Corporation)
    Java SE Development Kit 8 Update 40 (HKLM-x32\...\{32A3A4F4-B792-11D6-A78A-00B0D0180400}) (Version: 8.0.400.25 - Oracle Corporation)
    Kernel Outlook PST Viewer ver 11.05.01 (HKLM-x32\...\Kernel Outlook PST Viewer_is1) (Version: - Lepide Software Pvt. Ltd.)
    LAV Filters 0.63.0 (HKLM-x32\...\lavfilters_is1) (Version: 0.63.0 - Hendrik Leppkes)
    Logitech SetPoint 6.52 (HKLM\...\sp6) (Version: 6.52.74 - Logitech)
    LogMeIn (HKLM-x32\...\{B27B646E-76EA-4412-91D8-A4DFDA8AD152}) (Version: 4.1.3256 - LogMeIn, Inc.)
    Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
    marvell 91xx driver (HKLM-x32\...\MagniDriver) (Version: 1.2.0.1020 - Marvell)
    MediaInfo 0.7.71 (HKLM\...\MediaInfo) (Version: 0.7.71 - MediaArea.net)
    Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
    Microsoft Sync Framework 2.0 Core Components (x64) ENU (HKLM\...\{8CCBEC22-D2DB-4DC9-A58A-E1A1F3A38C8A}) (Version: 2.0.1578.0 - Microsoft Corporation)
    Microsoft Sync Framework 2.0 Provider Services (x64) ENU (HKLM\...\{03AC245F-4C64-425C-89CF-7783C1D3AB2C}) (Version: 2.0.1578.0 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
    Minimal ADB and Fastboot version 1.1.3 (HKLM-x32\...\{DE46417A-9E9E-4BCD-BBDD-DA21943193BB}_is1) (Version: 1.1.3 - )
    MKV Chapterizer (HKLM-x32\...\MKV Chapterizer) (Version: - Fredrik Blomqvist)
    MKVToolNix 7.6.0 (64bit) (HKLM-x32\...\MKVToolNix) (Version: 7.6.0 - Moritz Bunkus)
    Monkey's Audio (HKLM-x32\...\Monkey's Audio_is1) (Version: - )
    Mozilla Firefox 36.0.1 (x86 en-GB) (HKLM-x32\...\Mozilla Firefox 36.0.1 (x86 en-GB)) (Version: 36.0.1 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 31.0 - Mozilla)
    Mp3tag v2.64 (HKLM-x32\...\Mp3tag) (Version: v2.64 - Florian Heidenreich)
    mp4UI (HKLM-x32\...\mp4UI) (Version: - )
    MPC-HC 1.7.6 (64-bit) (HKLM\...\{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1) (Version: 1.7.6 - MPC-HC Team)
    MTP Porting Kit (HKLM-x32\...\{353B1E6D-7073-4450-8C80-699BD8FCFB49}) (Version: 12.0.0 - Microsoft Corp)
    OpenOffice.org 3.3 (HKLM-x32\...\{3E171899-0175-47CC-84C4-562ACDD4C021}) (Version: 3.3.9567 - OpenOffice.org)
    PDFlite 2.0.0.0 (HKLM-x32\...\PDFlite) (Version: 2.0.0.0 - Amnis Technology Ltd)
    PSPPContent (x32 Version: 14.0.0.345 - Corel Corporation) Hidden
    PSPPHelp (x32 Version: 14.0.0.345 - Corel Corporation) Hidden
    PSPPro64 (Version: 14.0.0.345 - Corel Corporation) Hidden
    Raise Data Recovery for Ext2/3/4, version 5.15.1 (HKLM-x32\...\Raise Data Recovery for Ext2/3/4_is1) (Version: 5.15.1 - LLC "SysDev Laboratories")
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6662 - Realtek Semiconductor Corp.)
    RoboForm 7-9-7-5 (All Users) (HKLM-x32\...\AI RoboForm) (Version: 7-9-7-5 - Siber Systems)
    Samsung Data Migration (HKLM-x32\...\{D4DE3DB4-7734-47E5-8D92-B80146311406}) (Version: 2.7 - Samsung)
    Samsung Kies3 (HKLM-x32\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.15024.8 - Samsung Electronics Co., Ltd.)
    Samsung Kies3 (x32 Version: 3.2.15024.8 - Samsung Electronics Co., Ltd.) Hidden
    Samsung Magician (HKLM-x32\...\{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1) (Version: 4.5.1 - Samsung Electronics)
    SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.49.0 - SAMSUNG Electronics Co., Ltd.)
    SeaTools for Windows (HKLM-x32\...\SeaTools for Windows) (Version: - Seagate Technology)
    Setup (x32 Version: 14.0.0.345 - Corel Corporation) Hidden
    Smart Cutter for DV and DVB (HKLM-x32\...\{9A9CEF47-6227-4D03-A3E0-55C2B64F61DE}) (Version: 1.00.0000 - FameRing)
    SolveigMM Video Splitter Home Edition (HKLM-x32\...\SolveigMM Video Splitter Home Edition 4.0.1401.28) (Version: 4.0.1401.28 - Solveig Multimedia)
    Sony Noise Reduction Plug-In 2.0h (HKLM-x32\...\{06A1BE8A-4CA4-4A39-B9E4-E815AA8FE05C}) (Version: 2.0.451 - Sony)
    Sound Forge Pro 10.0 (HKLM-x32\...\{9660B18F-EC12-11DF-B006-0013D3D69929}) (Version: 10.0.491 - Sony)
    Spek (HKLM-x32\...\{7CDF6754-F5A0-4F34-B589-197530FEF862}) (Version: 0.8.2 - Spek Project)
    Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
    SubtitleCreator (HKLM-x32\...\SubtitleCreator) (Version: V2.2 - Erik Vullings)
    SurCode DVD-DTS (HKLM-x32\...\SurCode DVD-DTS) (Version: - )
    sView (version 14.2_30) (HKLM\...\sView_is1) (Version: - Kirill Gavrilov)
    SyncToy 2.1 (x64) (HKLM\...\{88DAAF05-5A72-46D2-A7C5-C3759697E943}) (Version: 2.1.0 - Microsoft)
    System Requirements Lab for Intel (HKLM-x32\...\{04C4B49D-45D9-4A28-9ED1-B45CBD99B8C7}) (Version: 4.5.24.0 - Husdawg, LLC)
    Tau Analyzer (remove only) (HKLM-x32\...\Tau Analyzer) (Version: - )
    TMPGEnc MPEG Smart Renderer 4 (HKLM-x32\...\{41D9FD98-2F0A-41B7-9234-EF165E3E42B5}) (Version: 4.1.5.60 - Pegasys Inc.)
    Total Uninstall 5.10.0 (HKLM-x32\...\Total Uninstall 5_is1) (Version: 5.10.0 - )
    TSDoctor (HKLM-x32\...\{A7944F9C-E054-4DAB-97AB-9418EB3FEDFF}) (Version: 1.2.125 - Cypheros)
    Ultra Defragmenter (HKLM-x32\...\UltraDefrag) (Version: 7.0.0 beta1 - UltraDefrag Development Team)
    Universal Adb Driver (HKLM-x32\...\{D9C4202E-6D51-4B06-A8F1-22316E654BCA}) (Version: 1.0.0 - ClockworkMod)
    Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb)
    VideoReDo TVSuite Version 4.21.6.674 (HKLM-x32\...\VideoReDo4_is1) (Version: - DRD Systems, Inc.)
    Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
    Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
    VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
    VobSub v2.23 (Remove Only) (HKLM-x32\...\VobSub) (Version: - )
    Vuze (HKLM\...\8461-7759-5462-8226) (Version: 5.5.0.0 - Azureus Software, Inc.)
    Vuze (HKLM-x32\...\8461-7759-5462-8226) (Version: 5.6.0.0 - Azureus Software, Inc.)
    Vuze (HKLM-x32\...\8461-7759-5462-8226-1) (Version: 4.8.1.0 - Azureus Software, Inc.)
    WaveLab 6 (HKLM-x32\...\WaveLabPro) (Version: 6.1.1.353 - Steinberg)
    WinDirStat 1.1.2 (HKU\S-1-5-21-2617431701-2952813283-2152824867-1000\...\WinDirStat) (Version: - )
    Windows Surface Scanner 2.10 (HKLM-x32\...\Windows Surface Scanner 2.10) (Version: - )
    WinRAR 5.00 beta 4 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.00.4 - win.rar GmbH)
    yabause 0.9.13 (HKLM-x32\...\ (Win64)) (Version: 0.9.13 - Yabause team)
    Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version: - Yahoo! Inc.)

    ==================== Custom CLSID (selected items): ==========================

    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

    CustomCLSID: HKU\S-1-5-21-2617431701-2952813283-2152824867-1000_Classes\CLSID\{083f5ae0-2b0a-11dd-bd0b-0800200c9a66}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-2617431701-2952813283-2152824867-1000_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)
    CustomCLSID: HKU\S-1-5-21-2617431701-2952813283-2152824867-1000_Classes\CLSID\{AB246BE9-1623-4A84-ABDA-CFF4D4A273CB}\InprocServer32 -> C:\Windows\system32\kernel32.dll (Microsoft Corporation)

    ==================== Restore Points =========================

    13-03-2015 04:38:12 combo
    13-03-2015 06:07:12 Windows Update
    13-03-2015 16:16:38 Removed Windows 7 USB/DVD Download Tool

    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2009-07-14 02:34 - 2015-03-13 06:17 - 00000235 ____A C:\Windows\system32\Drivers\etc\hosts
    127.0.0.1 localhost
    127.0.0.1 www.dumeter.com
    127.0.0.1 dumeter.com
    127.0.0.1 www.hageltech.com
    127.0.0.1 hageltech.com
    127.0.0.1 www.dumeter.com
    127.0.0.1 dumeter.com
    127.0.0.1 www.hageltech.com
    127.0.0.1 hageltech.com


    ==================== Scheduled Tasks (whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

    Task: {00376EE5-306A-4165-980D-FA6731F5F09F} - System32\Tasks\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2015-02-04] (COMODO)
    Task: {0A4DEECC-E220-446F-9063-C0C92E20DA84} - System32\Tasks\Softland\FBackup 5\FBackup 5 Tray Agent_Lee => C:\Program Files (x86)\Softland\FBackup 5\bTray.exe
    Task: {17AEC453-61E7-4616-B5C3-472199C65659} - System32\Tasks\Core Temp Autostart Lee => C:\Program Files\Core Temp\Core Temp.exe [2013-10-08] ()
    Task: {231274B1-2140-4DF9-8C4D-70CCA6C7DB34} - System32\Tasks\{EBCE1F7B-591D-4F2A-8C42-B806D02E0939} => pcalua.exe -a "H:\SOFTWARE\Surcode_MLP_Encoder_-_DVD_Pro_DTS_Encoder_1.0.29\Surcode DVD Pro DTS Encoder v1.0.29\Setup.exe" -d "H:\SOFTWARE\Surcode_MLP_Encoder_-_DVD_Pro_DTS_Encoder_1.0.29\Surcode DVD Pro DTS Encoder v1.0.29"
    Task: {3178CE0F-E97C-4A7A-BA26-3257E9675828} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2015-02-04] (COMODO)
    Task: {328C7112-74D5-4A85-91BC-D5B68195FD31} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDImmunize.exe
    Task: {42E3159B-9C21-4247-9486-7DCE81759168} - System32\Tasks\COMODO\COMODO Cache Builder {0FB77674-7905-4F34-A362-C5A9A26F8CF9} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2015-02-04] (COMODO)
    Task: {49713724-1BDC-42DC-B5A2-DDF6C5A967C4} - System32\Tasks\COMODO\COMODO Scan {F140D794-60B6-4F00-9235-D6457AA25B22} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2015-02-04] (COMODO)
    Task: {6003D4CA-7770-4EA6-BCAB-666836C72555} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-07-31] (Google Inc.)
    Task: {66E51D79-60A8-4437-9067-6FAE14EB09B0} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2015-02-04] (COMODO)
    Task: {6F735468-4843-4861-BBF8-52C879B6DC2D} - System32\Tasks\SamsungMagician => C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe [2014-09-28] (Samsung Electronics.)
    Task: {82F7380C-9D1B-4C27-AE27-C8F6E769E77E} - System32\Tasks\{4458729A-2C26-46DC-B36A-6B30431CB4DD} => pcalua.exe -a H:\Bv_v15054.exe -d H:\
    Task: {98F1C12B-86EB-48E7-A2CF-7609D71DBF45} - System32\Tasks\{2B90FF94-BD6D-462B-BDAC-5AB4E4373D68} => C:\Program Files\Vuze\Azureus.exe [2015-03-13] (Azureus Software, Inc)
    Task: {9C07B6AF-EFA2-431F-8473-1775725836BD} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDScan.exe
    Task: {B19730D5-2C3E-4A3C-92E0-31CF294125F4} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-07-31] (Google Inc.)
    Task: {B1CDC1B2-8E83-45C0-A294-75690FAF9F27} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDUpdate.exe
    Task: {B95384D2-DF79-47D7-9FB5-2523C635CA44} - System32\Tasks\{07224392-8460-49A2-9EF2-399520699431} => pcalua.exe -a "H:\SOFTWARE\Surcode_MLP_Encoder_-_DVD_Pro_DTS_Encoder_1.0.29\Surcode DVD Pro DTS Encoder v1.0.29\Setup.exe" -d "H:\SOFTWARE\Surcode_MLP_Encoder_-_DVD_Pro_DTS_Encoder_1.0.29\Surcode DVD Pro DTS Encoder v1.0.29"
    Task: {C4BDABBC-F71E-418C-ABEE-C9C19A9F89D2} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-02-28] (Piriform Ltd)
    Task: {CF8B175C-A8C8-4F28-80F2-515117721747} - System32\Tasks\{67F2308F-9874-4DF5-B8DC-59925F4E61C2} => pcalua.exe -a "H:\SOFTWARE\Surcode_MLP_Encoder_-_DVD_Pro_DTS_Encoder_1.0.29\Surcode DVD Pro DTS Encoder v1.0.29\Setup.exe" -d "H:\SOFTWARE\Surcode_MLP_Encoder_-_DVD_Pro_DTS_Encoder_1.0.29\Surcode DVD Pro DTS Encoder v1.0.29"
    Task: {DE5B5F5D-269B-463C-A4A1-5E805ED3B1EA} - System32\Tasks\{695555BD-C4CA-436F-9F40-E0FC87848796} => pcalua.exe -a "H:\SOFTWARE\Surcode_MLP_Encoder_-_DVD_Pro_DTS_Encoder_1.0.29\Surcode DVD Pro DTS Encoder v1.0.29\Setup.exe" -d "H:\SOFTWARE\Surcode_MLP_Encoder_-_DVD_Pro_DTS_Encoder_1.0.29\Surcode DVD Pro DTS Encoder v1.0.29"
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

    ==================== Loaded Modules (whitelisted) ==============

    2013-06-23 19:37 - 2005-03-11 18:07 - 00087040 _____ () C:\Windows\System32\redmonnt.dll
    2010-07-15 04:44 - 2010-07-15 04:44 - 00020032 _____ () C:\Program Files\Unlocker\UnlockerCOM.dll
    2014-09-25 06:20 - 2014-09-25 06:20 - 00102400 _____ () C:\Users\Lee\AppData\Roaming\BitTorrent Sync\SyncShellContextMenu.dll
    2013-06-08 21:27 - 2013-10-08 12:23 - 00890016 _____ () C:\Program Files\Core Temp\Core Temp.exe
    2013-06-26 20:36 - 2013-06-26 20:36 - 00006144 _____ () C:\Users\Lee\AppData\Local\Microsoft\Windows Sidebar\Gadgets\CoreTempGadget2.7.gadget\CoreTempReader.dll
    2013-06-26 20:36 - 2013-06-26 20:36 - 00008704 _____ () C:\Users\Lee\AppData\Local\Microsoft\Windows Sidebar\Gadgets\CoreTempGadget2.7.gadget\GetCoreTempInfoNET.dll
    2013-06-26 20:36 - 2013-06-26 20:36 - 00007680 _____ () C:\Users\Lee\AppData\Local\Microsoft\Windows Sidebar\Gadgets\CoreTempGadget2.7.gadget\SystemInfo.dll
    2013-04-15 17:39 - 2013-04-15 17:39 - 00073424 _____ () C:\Program Files\COMODO\COMODO Internet Security\scanners\smart.cav
    2013-07-04 15:50 - 2015-03-13 06:26 - 00166808 _____ () C:\Program Files (x86)\DU Meter\ssleay32.dll
    2013-07-04 15:50 - 2015-03-13 06:26 - 00846744 _____ () C:\Program Files (x86)\DU Meter\LIBEAY32.dll
    2013-07-04 15:50 - 2015-03-13 06:26 - 00846744 _____ () C:\Program Files (x86)\DU Meter\libeay32.dll
    2015-02-01 06:41 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
    2015-02-01 06:41 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
    2015-02-01 06:41 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
    2015-01-30 16:23 - 2015-01-30 16:23 - 00133120 _____ () C:\Users\Lee\AppData\Roaming\vhgbtkbb\colers.dll
    2014-12-10 14:44 - 2014-09-28 17:59 - 00019872 _____ () C:\Program Files (x86)\Samsung\Samsung Magician\SAMSUNG_SSD.dll
    2013-06-06 20:49 - 2012-06-25 09:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
    2015-03-10 06:45 - 2015-03-10 06:50 - 00053160 _____ () C:\Program Files\Vuze - Copy\aereg.dll
    2013-06-06 22:42 - 2013-06-26 05:17 - 00028160 _____ () C:\Users\Lee\AppData\Roaming\Azureus\plugins\azutp\win32\utp.dll

    ==================== Alternate Data Streams (whitelisted) =========

    (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

    AlternateDataStreams: C:\autoexec.bat:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\adtschema.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\aeinv.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\aepdu.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\aepic.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\aitstatic.exe:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\apisetschema.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\appidapi.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\appidcertstorecheck.exe:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\appidpolicyconverter.exe:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\appidsvc.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\appraiser.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\atmfd.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\atmlib.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\audiodg.exe:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\AudioEng.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\AUDIOKSE.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\AudioSes.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\audiosrv.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\auditpol.exe:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\blackbox.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\credssp.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\crypt32.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\cryptnet.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\cryptsp.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\cryptsvc.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\cryptui.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\csrsrv.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\dciman32.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\devinv.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\drmmgrtn.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\drmv2clt.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\dxmasf.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\dxtmsft.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\dxtrans.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\EncDump.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\evr.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\fontsub.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\generaltel.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\ie4uinit.exe:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\ieapfltr.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\iedkcs32.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\ieetwcollector.exe:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\ieetwcollectorres.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\ieetwproxystub.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\ieframe.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\iernonce.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\iertutil.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\iesetup.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\IEUDINIT.EXE:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\ieui.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\ieUnatt.exe:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\inetcpl.cpl:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\invagent.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\JavaScriptCollectionAgent.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\jscript9.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\jscript9diag.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\jsproxy.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\kerberos.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\lpk.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\lsasrv.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\lsass.exe:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\mf.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\mferror.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\mfplat.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\mfpmp.exe:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\mfps.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\MpSigStub.exe:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\MRT.exe:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\msaudite.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\msctf.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\msdxm.ocx:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\msfeeds.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\mshtml.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\MshtmlDac.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\mshtmled.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\mshtmlmedia.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\msmmsp.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\msnetobj.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\msobjs.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\msrating.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\msscp.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\MsSpellCheckingFacility.exe:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\msv1_0.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\ncrypt.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\nlasvc.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\ntoskrnl.exe:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\oleaut32.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\pcadm.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\pcaevts.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\pcalua.exe:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\pcasvc.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\pcawrk.exe:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\perftrack.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\powertracker.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\profsvc.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\qdvd.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\quartz.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\rdpcorets.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\RdpGroupPolicyExtension.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\rdpudd.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\rrinstaller.exe:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\rstrui.exe:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\scesrv.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\schannel.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\sdnclean64.exe:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\secur32.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\setbcdlocale.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\shell32.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\smss.exe:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\spwmp.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\srclient.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\srcore.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\sspicli.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\sspisrv.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\TSpkg.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\TSWbPrxy.exe:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\ubpm.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\urlmon.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\vbscript.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\WdfCoInstaller01009.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\wdi.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\wdigest.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\win32k.sys:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\WindowsCodecs.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\wininet.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\winload.efi:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\winload.exe:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\winresume.efi:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\wintrust.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\wmdrmsdk.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\wmp.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\WMPhoto.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\wmploc.DLL:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\ac3filter.ax:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\adtschema.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\apisetschema.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\appidapi.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\atmfd.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\atmlib.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\AudioEng.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\AUDIOKSE.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\AudioSes.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\auditpol.exe:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\blackbox.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\credssp.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\crypt32.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\cryptnet.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\cryptsp.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\cryptsvc.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\cryptui.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\ctfmon.exe:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\dciman32.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\drmmgrtn.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\drmv2clt.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\dxmasf.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\dxtmsft.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\dxtrans.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\evr.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\ff_acm.acm:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\ff_vfw.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\FlashPlayerApp.exe:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\fontsub.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\iconv.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\ieapfltr.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\iedkcs32.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\ieetwproxystub.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\ieframe.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\iernonce.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\iertutil.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\iesetup.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\ieui.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\ieUnatt.exe:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\inetcpl.cpl:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\jscript9.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\jscript9diag.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\jsproxy.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\kerberos.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\lpk.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\mf.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\mferror.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\mfplat.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\mfpmp.exe:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\mfps.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\msaudite.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\msctf.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\msdxm.ocx:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\msfeeds.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\mshtml.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\MshtmlDac.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\mshtmled.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\mshtmlmedia.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\msnetobj.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\msobjs.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\msrating.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\msscp.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\msv1_0.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\ncrypt.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\ncsi.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\nlaapi.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\ntkrnlpa.exe:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\ntoskrnl.exe:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\oleaut32.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\qdvd.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\quartz.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\rrinstaller.exe:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\scesrv.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\schannel.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\secur32.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\shell32.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\spwmp.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\srclient.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\sspicli.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\TSpkg.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\ubpm.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\urlmon.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\vbscript.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\wdi.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\wdigest.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\WindowsCodecs.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\wininet.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\wintrust.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\wmdrmsdk.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\wmp.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\WMPhoto.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\wmploc.DLL:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\xvid.ax:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\Drivers\appid.sys:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\Drivers\cng.sys:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\Drivers\ksecdd.sys:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\Drivers\ksecpkg.sys:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\Drivers\mbam.sys:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\Drivers\mbamchameleon.sys:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\Drivers\mountmgr.sys:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\Drivers\mrxdav.sys:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\Drivers\mwac.sys:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\Drivers\PEAuth.sys:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\Drivers\tmcomm.sys:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\Drivers\VirtualAudio1.sys:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\Drivers\VirtualAudio2.sys:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\Drivers\VirtualAudio3.sys:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\Drivers\VirtualAudio4.sys:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\Drivers\VirtualAudio5.sys:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\Drivers\xusb21.sys:$CmdTcID
    AlternateDataStreams: C:\ProgramData\Temp:0888F409
    AlternateDataStreams: C:\ProgramData\Temp:3440EB47
    AlternateDataStreams: C:\ProgramData\Temp:4FC01C57
    AlternateDataStreams: C:\ProgramData\Temp:66633281
    AlternateDataStreams: C:\ProgramData\Temp:B755D674
    AlternateDataStreams: C:\Users\Lee\Desktop\adwcleaner_4.112.exe:$CmdTcID
    AlternateDataStreams: C:\Users\Lee\Desktop\BNYB.pdf:$CmdTcID
    AlternateDataStreams: C:\Users\Lee\Desktop\FRST64(1).exe:$CmdTcID
    AlternateDataStreams: C:\Users\Lee\Desktop\JRT.exe:$CmdTcID
    AlternateDataStreams: C:\Users\Lee\Desktop\RogueKiller.exe:$CmdTcID
     
  16. cossie96

    cossie96 TS Rookie Topic Starter Posts: 21

    ==================== Safe Mode (whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


    ==================== EXE Association (whitelisted) ===============

    (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-2617431701-2952813283-2152824867-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Lee\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
    DNS Servers: 8.8.8.8 - 8.8.4.4

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (Currently there is no automatic fix for this section.)

    MSCONFIG\Services: CyberLink PowerDVD 13 Media Server Monitor Service => 2
    MSCONFIG\Services: CyberLink PowerDVD 13 Media Server Service => 2
    MSCONFIG\startupreg: Aimersoft Helper Compact.exe => C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe
    MSCONFIG\startupreg: AlcoholAutomount => "C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" -automount
    MSCONFIG\startupreg: PowerDVD14Agent => "C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD14Agent.exe"

    ==================== Accounts: =============================

    Administrator (S-1-5-21-2617431701-2952813283-2152824867-500 - Administrator - Disabled) => C:\Users\Administrator
    Guest (S-1-5-21-2617431701-2952813283-2152824867-501 - Limited - Enabled)
    HomeGroupUser$ (S-1-5-21-2617431701-2952813283-2152824867-1002 - Limited - Enabled)
    Lee (S-1-5-21-2617431701-2952813283-2152824867-1000 - Administrator - Enabled) => C:\Users\Lee
    LogMeInRemoteUser (S-1-5-21-2617431701-2952813283-2152824867-1003 - Administrator - Enabled) => C:\Users\LogMeInRemoteUser

    ==================== Faulty Device Manager Devices =============

    Name: ArcCtrl
    Description: ArcCtrl
    Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Manufacturer:
    Service: ArcCtrl
    Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
    Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
    Devices stay in this state if they have been prepared for removal.
    After you remove the device, this error disappears.Remove the device, and this error should be resolved.

    Name: ArcSec
    Description: ArcSec
    Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Manufacturer:
    Service: ArcSec
    Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
    Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
    Devices stay in this state if they have been prepared for removal.
    After you remove the device, this error disappears.Remove the device, and this error should be resolved.


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (03/13/2015 05:18:45 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: Azureus.exe, version: 4.8.0.0, time stamp: 0x50a12bac
    Faulting module name: utp.dll, version: 0.0.0.0, time stamp: 0x4d3dad8e
    Exception code: 0xc0000409
    Fault offset: 0x000034be
    Faulting process id: 0x1498
    Faulting application start time: 0xAzureus.exe0
    Faulting application path: Azureus.exe1
    Faulting module path: Azureus.exe2
    Report Id: Azureus.exe3


    System errors:
    =============
    Error: (03/13/2015 04:31:31 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
    Description: The following fatal alert was generated: 10. The internal error state is 10.

    Error: (03/13/2015 04:31:31 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
    Description: The following fatal alert was generated: 10. The internal error state is 10.

    Error: (03/13/2015 04:31:31 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
    Description: The following fatal alert was generated: 10. The internal error state is 10.


    Microsoft Office Sessions:
    =========================
    Error: (03/13/2015 05:18:45 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Azureus.exe4.8.0.050a12bacutp.dll0.0.0.04d3dad8ec0000409000034be149801d05db08507d5d2C:\Program Files\Vuze - Copy\Azureus.exeC:\Users\Lee\AppData\Roaming\Azureus\plugins\azutp\win32\utp.dll00c75e34-c9a5-11e4-a71e-94de80647f9f


    CodeIntegrity Errors:
    ===================================
    Date: 2015-03-13 16:26:29.673
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume6\Windows\System32\drivers\hardlock.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2015-03-13 16:26:29.626
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume6\Windows\System32\drivers\hardlock.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2015-03-13 16:18:54.938
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume6\Windows\System32\drivers\hardlock.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2015-03-13 16:18:54.907
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume6\Windows\System32\drivers\hardlock.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2015-03-13 06:29:31.432
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume6\Windows\System32\drivers\hardlock.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2015-03-13 06:29:31.386
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume6\Windows\System32\drivers\hardlock.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2015-03-13 06:21:43.105
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume6\Windows\System32\drivers\hardlock.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2015-03-13 06:21:43.058
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume6\Windows\System32\drivers\hardlock.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2015-03-13 06:08:49.041
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume6\Windows\System32\drivers\hardlock.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2015-03-13 06:08:49.001
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume6\Windows\System32\drivers\hardlock.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


    ==================== Memory info ===========================

    Processor: Intel(R) Core(TM) i7-3770K CPU @ 3.50GHz
    Percentage of memory in use: 38%
    Total physical RAM: 16274.14 MB
    Available physical RAM: 9940.01 MB
    Total Pagefile: 16472.33 MB
    Available Pagefile: 11958.73 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.84 MB

    ==================== Drives ================================

    Drive c: (WINDOWS) (Fixed) (Total:111.79 GB) (Free:65.23 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
    Drive d: (DATA RAID) (Fixed) (Total:3725.9 GB) (Free:419.67 GB) NTFS
    Drive e: (GAMES) (Fixed) (Total:3725.9 GB) (Free:557.13 GB) NTFS
    Drive g: (MUSIC) (Fixed) (Total:4657.4 GB) (Free:225.48 GB) NTFS
    Drive h: (DOWNLOADS) (Fixed) (Total:3725.9 GB) (Free:128.11 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (Size: 111.8 GB) (Disk ID: 0CD55C8F)
    Partition 1: (Active) - (Size=111.8 GB) - (Type=07 NTFS)

    ========================================================
    Disk: 1 (MBR Code: Windows 7 or 8) (Size: 3726 GB) (Disk ID: 00000000)

    Partition: GPT Partition Type.

    ========================================================
    Disk: 2 (MBR Code: Windows 7 or 8) (Size: 3726 GB) (Disk ID: 00000000)

    Partition: GPT Partition Type.

    ========================================================
    Disk: 3 (MBR Code: Windows 7 or 8) (Size: 3726 GB) (Disk ID: 00000000)

    Partition: GPT Partition Type.

    ========================================================
    Disk: 4 (MBR Code: Windows 7 or 8) (Size: 3726 GB) (Disk ID: 00000000)

    Partition: GPT Partition Type.

    ========================================================
    Disk: 5 (Size: 4657.5 GB) (Disk ID: 3FDC7B9D)

    Partition: GPT Partition Type.

    ========================================================
    Disk: 6 (MBR Code: Windows 7 or 8) (Size: 3726 GB) (Disk ID: 00000000)

    Partition: GPT Partition Type.

    ==================== End Of Log ============================
     
  17. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    Download attached fixlist.txt file and save it to the Desktop.
    NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    Run FRST(FRST64) and press the Fix button just once and wait.
    The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
     

    Attached Files:

  18. cossie96

    cossie96 TS Rookie Topic Starter Posts: 21

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-03-2015
    Ran by Lee at 2015-03-13 22:37:17 Run:1
    Running from C:\Users\Lee\Desktop
    Loaded Profiles: Lee (Available profiles: Lee & LogMeInRemoteUser & Administrator)
    Boot Mode: Normal
    ==============================================

    Content of fixlist:
    *****************
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKU\S-1-5-21-2617431701-2952813283-2152824867-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    SearchScopes: HKLM-x32 -> {721061fb-eb79-4568-a03c-3ce26d68dae9} URL = http://ww.safetab.org/textresults.php?q={searchTerms}&full=1
    FF Plugin HKU\S-1-5-21-2617431701-2952813283-2152824867-1000: @hola.org/vlc,version=1.6.256 -> C:\Users\Lee\AppData\Local\Hola\firefox\app\vlc No File
    CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\ppGoogleNaClPluginChrome.dll No File
    CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
    CHR Plugin: (Java(TM) Platform SE 7 U25) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll No File
    CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll No File
    CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll No File
    CHR Plugin: (Java Deployment Toolkit 7.0.250.16) - C:\Windows\SysWOW64\npDeployJava1.dll No File
    S4 LMIRfsClientNP; No ImagePath
    R3 ALSysIO; \??\C:\TEMP\ALSysIO64.sys [X]
    S1 ArcCtrl; system32\drivers\ArcCtrl.sys [X]
    S1 ArcSec; system32\drivers\ArcSec.sys [X]
    S3 catchme; \??\C:\ComboFix\catchme.sys [X]
    S3 dgderdrv; System32\drivers\dgderdrv.sys [X]
    S4 nvlddmkm; system32\DRIVERS\nvlddmkm.sys [X]
    S4 nvvad_WaveExtensible; system32\drivers\nvvad64v.sys [X]
    S4 sptd; \SystemRoot\System32\Drivers\sptd.sys [X]
    S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]
    2013-11-01 22:47 - 2013-11-01 22:51 - 0000496 _____ () C:\Users\Lee\AppData\Roaming\UserMetrics.osl
    2014-12-18 02:10 - 2014-12-18 02:10 - 0031794 _____ () C:\Users\Lee\AppData\Local\13E5D428_stp.CIS
    2014-12-18 02:10 - 2014-12-18 02:10 - 0000289 _____ () C:\Users\Lee\AppData\Local\13E5D428_stp.CIS.part
    2014-12-18 02:10 - 2014-12-18 02:10 - 0382062 _____ () C:\Users\Lee\AppData\Local\6AC3B58C_stp.CIS
    2014-12-18 02:10 - 2014-12-18 02:10 - 0000220 _____ () C:\Users\Lee\AppData\Local\6AC3B58C_stp.CIS.part
    2015-03-06 17:48 - 2015-03-06 17:48 - 0000000 _____ () C:\Users\Lee\AppData\Local\ars.cache
    2015-03-06 17:48 - 2015-03-06 17:48 - 0363889 _____ () C:\Users\Lee\AppData\Local\census.cache
    2015-03-06 01:22 - 2015-03-06 01:22 - 0000036 _____ () C:\Users\Lee\AppData\Local\housecall.guid.cache
    2014-12-10 15:00 - 2014-12-10 15:00 - 0007605 _____ () C:\Users\Lee\AppData\Local\Resmon.ResmonCfg
    2015-03-06 01:28 - 2015-03-06 01:28 - 0000010 _____ () C:\Users\Lee\AppData\Local\sponge.last.runtime.cache
    2014-10-28 14:18 - 2015-03-08 01:31 - 0000040 ___SH () C:\ProgramData\.zreglib
    AlternateDataStreams: C:\autoexec.bat:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\adtschema.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\aeinv.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\aepdu.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\aepic.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\aitstatic.exe:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\apisetschema.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\appidapi.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\appidcertstorecheck.exe:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\appidpolicyconverter.exe:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\appidsvc.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\appraiser.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\atmfd.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\atmlib.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\audiodg.exe:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\AudioEng.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\AUDIOKSE.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\AudioSes.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\audiosrv.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\auditpol.exe:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\blackbox.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\credssp.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\crypt32.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\cryptnet.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\cryptsp.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\cryptsvc.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\cryptui.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\csrsrv.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\dciman32.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\devinv.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\drmmgrtn.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\drmv2clt.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\dxmasf.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\dxtmsft.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\dxtrans.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\EncDump.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\evr.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\fontsub.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\generaltel.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\ie4uinit.exe:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\ieapfltr.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\iedkcs32.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\ieetwcollector.exe:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\ieetwcollectorres.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\ieetwproxystub.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\ieframe.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\iernonce.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\iertutil.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\iesetup.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\IEUDINIT.EXE:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\ieui.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\ieUnatt.exe:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\inetcpl.cpl:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\invagent.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\JavaScriptCollectionAgent.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\jscript9.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\jscript9diag.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\jsproxy.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\kerberos.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\lpk.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\lsasrv.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\lsass.exe:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\mf.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\mferror.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\mfplat.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\mfpmp.exe:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\mfps.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\MpSigStub.exe:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\MRT.exe:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\msaudite.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\msctf.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\msdxm.ocx:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\msfeeds.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\mshtml.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\MshtmlDac.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\mshtmled.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\mshtmlmedia.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\msmmsp.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\msnetobj.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\msobjs.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\msrating.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\msscp.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\MsSpellCheckingFacility.exe:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\msv1_0.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\ncrypt.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\nlasvc.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\ntoskrnl.exe:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\oleaut32.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\pcadm.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\pcaevts.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\pcalua.exe:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\pcasvc.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\pcawrk.exe:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\perftrack.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\powertracker.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\profsvc.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\qdvd.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\quartz.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\rdpcorets.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\RdpGroupPolicyExtension.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\rdpudd.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\rrinstaller.exe:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\rstrui.exe:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\scesrv.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\schannel.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\sdnclean64.exe:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\secur32.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\setbcdlocale.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\shell32.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\smss.exe:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\spwmp.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\srclient.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\srcore.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\sspicli.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\sspisrv.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\TSpkg.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\TSWbPrxy.exe:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\ubpm.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\urlmon.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\vbscript.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\WdfCoInstaller01009.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\wdi.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\wdigest.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\win32k.sys:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\WindowsCodecs.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\wininet.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\winload.efi:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\winload.exe:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\winresume.efi:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\wintrust.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\wmdrmsdk.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\wmp.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\WMPhoto.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\wmploc.DLL:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\ac3filter.ax:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\adtschema.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\apisetschema.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\appidapi.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\atmfd.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\atmlib.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\AudioEng.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\AUDIOKSE.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\AudioSes.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\auditpol.exe:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\blackbox.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\credssp.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\crypt32.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\cryptnet.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\cryptsp.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\cryptsvc.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\cryptui.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\ctfmon.exe:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\dciman32.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\drmmgrtn.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\drmv2clt.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\dxmasf.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\dxtmsft.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\dxtrans.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\evr.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\ff_acm.acm:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\ff_vfw.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\FlashPlayerApp.exe:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\fontsub.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\iconv.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\ieapfltr.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\iedkcs32.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\ieetwproxystub.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\ieframe.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\iernonce.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\iertutil.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\iesetup.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\ieui.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\ieUnatt.exe:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\inetcpl.cpl:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\jscript9.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\jscript9diag.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\jsproxy.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\kerberos.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\lpk.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\mf.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\mferror.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\mfplat.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\mfpmp.exe:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\mfps.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\msaudite.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\msctf.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\msdxm.ocx:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\msfeeds.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\mshtml.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\MshtmlDac.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\mshtmled.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\mshtmlmedia.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\msnetobj.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\msobjs.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\msrating.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\msscp.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\msv1_0.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\ncrypt.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\ncsi.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\nlaapi.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\ntkrnlpa.exe:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\ntoskrnl.exe:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\oleaut32.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\qdvd.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\quartz.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\rrinstaller.exe:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\scesrv.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\schannel.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\secur32.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\shell32.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\spwmp.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\srclient.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\sspicli.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\TSpkg.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\ubpm.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\urlmon.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\vbscript.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\wdi.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\wdigest.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\WindowsCodecs.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\wininet.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\wintrust.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\wmdrmsdk.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\wmp.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\WMPhoto.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\wmploc.DLL:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\xvid.ax:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\Drivers\appid.sys:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\Drivers\cng.sys:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\Drivers\ksecdd.sys:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\Drivers\ksecpkg.sys:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\Drivers\mbam.sys:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\Drivers\mbamchameleon.sys:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\Drivers\mountmgr.sys:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\Drivers\mrxdav.sys:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\Drivers\mwac.sys:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\Drivers\PEAuth.sys:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\Drivers\tmcomm.sys:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\Drivers\VirtualAudio1.sys:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\Drivers\VirtualAudio2.sys:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\Drivers\VirtualAudio3.sys:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\Drivers\VirtualAudio4.sys:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\Drivers\VirtualAudio5.sys:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\Drivers\xusb21.sys:$CmdTcID
    AlternateDataStreams: C:\ProgramData\Temp:0888F409
    AlternateDataStreams: C:\ProgramData\Temp:3440EB47
    AlternateDataStreams: C:\ProgramData\Temp:4FC01C57
    AlternateDataStreams: C:\ProgramData\Temp:66633281
    AlternateDataStreams: C:\ProgramData\Temp:B755D674
    AlternateDataStreams: C:\Users\Lee\Desktop\adwcleaner_4.112.exe:$CmdTcID
    AlternateDataStreams: C:\Users\Lee\Desktop\BNYB.pdf:$CmdTcID
    AlternateDataStreams: C:\Users\Lee\Desktop\FRST64(1).exe:$CmdTcID
    AlternateDataStreams: C:\Users\Lee\Desktop\JRT.exe:$CmdTcID
    AlternateDataStreams: C:\Users\Lee\Desktop\RogueKiller.exe:$CmdTcID

    *****************

    "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast" => Key deleted successfully.
    HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => Key not found.
    "HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
    "HKU\S-1-5-21-2617431701-2952813283-2152824867-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
    "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{721061fb-eb79-4568-a03c-3ce26d68dae9}" => Key deleted successfully.
    HKCR\Wow6432Node\CLSID\{721061fb-eb79-4568-a03c-3ce26d68dae9} => Key not found.
    "HKU\S-1-5-21-2617431701-2952813283-2152824867-1000\Software\MozillaPlugins\@hola.org/vlc,version=1.6.256" => Key deleted successfully.
    FF Plugin HKU\S-1-5-21-2617431701-2952813283-2152824867-1000: @hola.org/vlc,version=1.6.256 -> C:\Users\Lee\AppData\Local\Hola\firefox\app\vlc No File not found.
    C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\ppGoogleNaClPluginChrome.dll not found.
    C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll not found.
    C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll not found.
    C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll not found.
    C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll not found.
    C:\Windows\SysWOW64\npDeployJava1.dll not found.
    LMIRfsClientNP => Service deleted successfully.
    ALSysIO => Service stopped successfully.
    ALSysIO => Service deleted successfully.
    ArcCtrl => Service deleted successfully.
    ArcSec => Service deleted successfully.
    catchme => Service deleted successfully.
    dgderdrv => Service deleted successfully.
    nvlddmkm => Service deleted successfully.
    nvvad_WaveExtensible => Service deleted successfully.
    sptd => Service deleted successfully.
    VBoxNetFlt => Service deleted successfully.
    C:\Users\Lee\AppData\Roaming\UserMetrics.osl => Moved successfully.
    C:\Users\Lee\AppData\Local\13E5D428_stp.CIS => Moved successfully.
    C:\Users\Lee\AppData\Local\13E5D428_stp.CIS.part => Moved successfully.
    C:\Users\Lee\AppData\Local\6AC3B58C_stp.CIS => Moved successfully.
    C:\Users\Lee\AppData\Local\6AC3B58C_stp.CIS.part => Moved successfully.
    C:\Users\Lee\AppData\Local\ars.cache => Moved successfully.
    C:\Users\Lee\AppData\Local\census.cache => Moved successfully.
    C:\Users\Lee\AppData\Local\housecall.guid.cache => Moved successfully.
    C:\Users\Lee\AppData\Local\Resmon.ResmonCfg => Moved successfully.
    C:\Users\Lee\AppData\Local\sponge.last.runtime.cache => Moved successfully.
    C:\ProgramData\.zreglib => Moved successfully.
    "C:\autoexec.bat" => ":$CmdTcID" ADS not found.
    "C:\Windows\system32\adtschema.dll" => ":$CmdTcID" ADS not found.
    "C:\Windows\system32\aeinv.dll" => ":$CmdTcID" ADS not found.
    "C:\Windows\system32\aepdu.dll" => ":$CmdTcID" ADS not found.
    "C:\Windows\system32\aepic.dll" => ":$CmdTcID" ADS not found.
    "C:\Windows\system32\aitstatic.exe" => ":$CmdTcID" ADS not found.
    "C:\Windows\system32\apisetschema.dll" => ":$CmdTcID" ADS not found.
    "C:\Windows\system32\appidapi.dll" => ":$CmdTcID" ADS not found.
    "C:\Windows\system32\appidcertstorecheck.exe" => ":$CmdTcID" ADS not found.
    "C:\Windows\system32\appidpolicyconverter.exe" => ":$CmdTcID" ADS not found.
    "C:\Windows\system32\appidsvc.dll" => ":$CmdTcID" ADS not found.
    "C:\Windows\system32\appraiser.dll" => ":$CmdTcID" ADS not found.
    "C:\Windows\system32\atmfd.dll" => ":$CmdTcID" ADS not found.
    "C:\Windows\system32\atmlib.dll" => ":$CmdTcID" ADS not found.
    "C:\Windows\system32\audiodg.exe" => ":$CmdTcID" ADS not found.
    "C:\Windows\system32\AudioEng.dll" => ":$CmdTcID" ADS not found.
    "C:\Windows\system32\AUDIOKSE.dll" => ":$CmdTcID" ADS not found.
    "C:\Windows\system32\AudioSes.dll" => ":$CmdTcID" ADS not found.
    "C:\Windows\system32\audiosrv.dll" => ":$CmdTcID" ADS not found.
    "C:\Windows\system32\auditpol.exe" => ":$CmdTcID" ADS not found.
    "C:\Windows\system32\blackbox.dll" => ":$CmdTcID" ADS not found.
    "C:\Windows\system32\credssp.dll" => ":$CmdTcID" ADS not found.
    "C:\Windows\system32\crypt32.dll" => ":$CmdTcID" ADS not found.
    "C:\Windows\system32\cryptnet.dll" => ":$CmdTcID" ADS not found.
    "C:\Windows\system32\cryptsp.dll" => ":$CmdTcID" ADS not found.
    "C:\Windows\system32\cryptsvc.dll" => ":$CmdTcID" ADS not found.
    "C:\Windows\system32\cryptui.dll" => ":$CmdTcID" ADS not found.
    "C:\Windows\system32\csrsrv.dll" => ":$CmdTcID" ADS not found.
    "C:\Windows\system32\dciman32.dll" => ":$CmdTcID" ADS not found.
    "C:\Windows\system32\devinv.dll" => ":$CmdTcID" ADS not found.
    "C:\Windows\system32\drmmgrtn.dll" => ":$CmdTcID" ADS not found.
    "C:\Windows\system32\drmv2clt.dll" => ":$CmdTcID" ADS not found.
    "C:\Windows\system32\dxmasf.dll" => ":$CmdTcID" ADS not found.
    "C:\Windows\system32\dxtmsft.dll" => ":$CmdTcID" ADS not found.
    "C:\Windows\system32\dxtrans.dll" => ":$CmdTcID" ADS not found.
    "C:\Windows\system32\EncDump.dll" => ":$CmdTcID" ADS not found.
    "C:\Windows\system32\evr.dll" => ":$CmdTcID" ADS not found.
    "C:\Windows\system32\fontsub.dll" => ":$CmdTcID" ADS not found.
    "C:\Windows\system32\generaltel.dll" => ":$CmdTcID" ADS not found.
    "C:\Windows\system32\ie4uinit.exe" => ":$CmdTcID" ADS not found.
    "C:\Windows\system32\ieapfltr.dll" => ":$CmdTcID" ADS not found.
    "C:\Windows\system32\iedkcs32.dll" => ":$CmdTcID" ADS not found.
    "C:\Windows\system32\ieetwcollector.exe" => ":$CmdTcID" ADS not found.
    "C:\Windows\system32\ieetwcollectorres.dll" => ":$CmdTcID" ADS not found.
    "C:\Windows\system32\ieetwproxystub.dll" => ":$CmdTcID" ADS not found.
    "C:\Windows\system32\ieframe.dll" => ":$CmdTcID" ADS not found.
    "C:\Windows\system32\iernonce.dll" => ":$CmdTcID" ADS not found.
    "C:\Windows\system32\iertutil.dll" => ":$CmdTcID" ADS not found.
    "C:\Windows\system32\iesetup.dll" => ":$CmdTcID" ADS not found.
    "C:\Windows\system32\IEUDINIT.EXE" => ":$CmdTcID" ADS not found.
    "C:\Windows\system32\ieui.dll" => ":$CmdTcID" ADS not found.
    "C:\Windows\system32\ieUnatt.exe" => ":$CmdTcID" ADS not found.
    "C:\Windows\system32\inetcpl.cpl" => ":$CmdTcID" ADS not found.
    "C:\Windows\system32\invagent.dll" => ":$CmdTcID" ADS not found.
    "C:\Windows\system32\JavaScriptCollectionAgent.dll" => ":$CmdTcID" ADS not found.
    "C:\Windows\system32\jscript9.dll" => ":$CmdTcID" ADS not found.
    "C:\Windows\system32\jscript9diag.dll" => ":$CmdTcID" ADS not found.
    "C:\Windows\system32\jsproxy.dll" => ":$CmdTcID" ADS not found.
    "C:\Windows\system32\kerberos.dll" => ":$CmdTcID" ADS not found.
    "C:\Windows\system32\lpk.dll" => ":$CmdTcID" ADS not found.
    "C:\Windows\system32\lsasrv.dll" => ":$CmdTcID" ADS not found.
    "C:\Windows\system32\lsass.exe" => ":$CmdTcID" ADS not found.
    "C:\Windows\system32\mf.dll" => ":$CmdTcID" ADS not found.
    "C:\Windows\system32\mferror.dll" => ":$CmdTcID" ADS not found.
    "C:\Windows\system32\mfplat.dll" => ":$CmdTcID" ADS not found.
    "C:\Windows\system32\mfpmp.exe" => ":$CmdTcID" ADS not found.
    "C:\Windows\system32\mfps.dll" => ":$CmdTcID" ADS not found.
    "C:\Windows\system32\MpSigStub.exe" => ":$CmdTcID" ADS not found.
    "C:\Windows\system32\MRT.exe" => ":$CmdTcID" ADS not found.
    "C:\Windows\system32\msaudite.dll" => ":$CmdTcID" ADS not found.
    "C:\Windows\system32\msctf.dll" => ":$CmdTcID" ADS not found.
    "C:\Windows\system32\msdxm.ocx" => ":$CmdTcID" ADS not found.
    "C:\Windows\system32\msfeeds.dll" => ":$CmdTcID" ADS not found.
    "C:\Windows\system32\mshtml.dll" => ":$CmdTcID" ADS not found.
    "C:\Windows\system32\MshtmlDac.dll" => ":$CmdTcID" ADS not found.
    "C:\Windows\system32\mshtmled.dll" => ":$CmdTcID" ADS not found.
    "C:\Windows\system32\mshtmlmedia.dll" => ":$CmdTcID" ADS not found.
    "C:\Windows\system32\msmmsp.dll" => ":$CmdTcID" ADS not found.
    "C:\Windows\system32\msnetobj.dll" => ":$CmdTcID" ADS not found.
    "C:\Windows\system32\msobjs.dll" => ":$CmdTcID" ADS not found.
    "C:\Windows\system32\msrating.dll" => ":$CmdTcID" ADS not found.
    "C:\Windows\system32\msscp.dll" => ":$CmdTcID" ADS not found.
    "C:\Windows\system32\MsSpellCheckingFacility.exe" => ":$CmdTcID" ADS not found.
    "C:\Windows\system32\msv1_0.dll" => ":$CmdTcID" ADS not found.
    "C:\Windows\system32\ncrypt.dll" => ":$CmdTcID" ADS not found.
    "C:\Windows\system32\nlasvc.dll" => ":$CmdTcID" ADS not found.
    "C:\Windows\system32\ntoskrnl.exe" => ":$CmdTcID" ADS not found.
    "C:\Windows\system32\oleaut32.dll" => ":$CmdTcID" ADS not found.
    "C:\Windows\system32\pcadm.dll" => ":$CmdTcID" ADS not found.
    "C:\Windows\system32\pcaevts.dll" => ":$CmdTcID" ADS not found.
    "C:\Windows\system32\pcalua.exe" => ":$CmdTcID" ADS not found.
    "C:\Windows\system32\pcasvc.dll" => ":$CmdTcID" ADS not found.
    "C:\Windows\system32\pcawrk.exe" => ":$CmdTcID" ADS not found.
    "C:\Windows\system32\perftrack.dll" => ":$CmdTcID" ADS not found.
    "C:\Windows\system32\powertracker.dll" => ":$CmdTcID" ADS not found.
    "C:\Windows\system32\profsvc.dll" => ":$CmdTcID" ADS not found.
    "C:\Windows\system32\qdvd.dll" => ":$CmdTcID" ADS not found.
    "C:\Windows\system32\quartz.dll" => ":$CmdTcID" ADS not found.
    "C:\Windows\system32\rdpcorets.dll" => ":$CmdTcID" ADS not found.
    "C:\Windows\system32\RdpGroupPolicyExtension.dll" => ":$CmdTcID" ADS not found.
    "C:\Windows\system32\rdpudd.dll" => ":$CmdTcID" ADS not found.
    "C:\Windows\system32\rrinstaller.exe" => ":$CmdTcID" ADS not found.
    "C:\Windows\system32\rstrui.exe" => ":$CmdTcID" ADS not found.
    "C:\Windows\system32\scesrv.dll" => ":$CmdTcID" ADS not found.
    "C:\Windows\system32\schannel.dll" => ":$CmdTcID" ADS not found.
    "C:\Windows\system32\sdnclean64.exe" => ":$CmdTcID" ADS not found.
    "C:\Windows\system32\secur32.dll" => ":$CmdTcID" ADS not found.
    "C:\Windows\system32\setbcdlocale.dll" => ":$CmdTcID" ADS not found.
    "C:\Windows\system32\shell32.dll" => ":$CmdTcID" ADS not found.
    "C:\Windows\system32\smss.exe" => ":$CmdTcID" ADS not found.
    "C:\Windows\system32\spwmp.dll" => ":$CmdTcID" ADS not found.
    "C:\Windows\system32\srclient.dll" => ":$CmdTcID" ADS not found.
    "C:\Windows\system32\srcore.dll" => ":$CmdTcID" ADS not found.
    "C:\Windows\system32\sspicli.dll" => ":$CmdTcID" ADS not found.
    "C:\Windows\system32\sspisrv.dll" => ":$CmdTcID" ADS not found.
    "C:\Windows\system32\TSpkg.dll" => ":$CmdTcID" ADS not found.
    "C:\Windows\system32\TSWbPrxy.exe" => ":$CmdTcID" ADS not found.
    "C:\Windows\system32\ubpm.dll" => ":$CmdTcID" ADS not found.
    "C:\Windows\system32\urlmon.dll" => ":$CmdTcID" ADS not found.
    "C:\Windows\system32\vbscript.dll" => ":$CmdTcID" ADS not found.
    "C:\Windows\system32\WdfCoInstaller01009.dll" => ":$CmdTcID" ADS not found.
    "C:\Windows\system32\wdi.dll" => ":$CmdTcID" ADS not found.
    "C:\Windows\system32\wdigest.dll" => ":$CmdTcID" ADS not found.
    "C:\Windows\system32\win32k.sys" => ":$CmdTcID" ADS not found.
    "C:\Windows\system32\WindowsCodecs.dll" => ":$CmdTcID" ADS not found.
    "C:\Windows\system32\wininet.dll" => ":$CmdTcID" ADS not found.
    "C:\Windows\system32\winload.efi" => ":$CmdTcID" ADS not found.
    "C:\Windows\system32\winload.exe" => ":$CmdTcID" ADS not found.
    "C:\Windows\system32\winresume.efi" => ":$CmdTcID" ADS not found.
    "C:\Windows\system32\wintrust.dll" => ":$CmdTcID" ADS not found.
    "C:\Windows\system32\wmdrmsdk.dll" => ":$CmdTcID" ADS not found.
    "C:\Windows\system32\wmp.dll" => ":$CmdTcID" ADS not found.
    "C:\Windows\system32\WMPhoto.dll" => ":$CmdTcID" ADS not found.
    "C:\Windows\system32\wmploc.DLL" => ":$CmdTcID" ADS not found.
    "C:\Windows\SysWOW64\ac3filter.ax" => ":$CmdTcID" ADS not found.
    "C:\Windows\SysWOW64\adtschema.dll" => ":$CmdTcID" ADS not found.
    "C:\Windows\SysWOW64\apisetschema.dll" => ":$CmdTcID" ADS not found.
    "C:\Windows\SysWOW64\appidapi.dll" => ":$CmdTcID" ADS not found.
    "C:\Windows\SysWOW64\atmfd.dll" => ":$CmdTcID" ADS not found.
    "C:\Windows\SysWOW64\atmlib.dll" => ":$CmdTcID" ADS not found.
    "C:\Windows\SysWOW64\AudioEng.dll" => ":$CmdTcID" ADS not found.
    "C:\Windows\SysWOW64\AUDIOKSE.dll" => ":$CmdTcID" ADS not found.
    "C:\Windows\SysWOW64\AudioSes.dll" => ":$CmdTcID" ADS not found.
    "C:\Windows\SysWOW64\auditpol.exe" => ":$CmdTcID" ADS not found.
    "C:\Windows\SysWOW64\blackbox.dll" => ":$CmdTcID" ADS not found.
    "C:\Windows\SysWOW64\credssp.dll" => ":$CmdTcID" ADS not found.
    "C:\Windows\SysWOW64\crypt32.dll" => ":$CmdTcID" ADS not found.
    "C:\Windows\SysWOW64\cryptnet.dll" => ":$CmdTcID" ADS not found.
    "C:\Windows\SysWOW64\cryptsp.dll" => ":$CmdTcID" ADS not found.
    "C:\Windows\SysWOW64\cryptsvc.dll" => ":$CmdTcID" ADS not found.
    "C:\Windows\SysWOW64\cryptui.dll" => ":$CmdTcID" ADS not found.
    "C:\Windows\SysWOW64\ctfmon.exe" => ":$CmdTcID" ADS not found.
    "C:\Windows\SysWOW64\dciman32.dll" => ":$CmdTcID" ADS not found.
    "C:\Windows\SysWOW64\drmmgrtn.dll" => ":$CmdTcID" ADS not found.
    "C:\Windows\SysWOW64\drmv2clt.dll" => ":$CmdTcID" ADS not found.
    "C:\Windows\SysWOW64\dxmasf.dll" => ":$CmdTcID" ADS not found.
    "C:\Windows\SysWOW64\dxtmsft.dll" => ":$CmdTcID" ADS not found.
    "C:\Windows\SysWOW64\dxtrans.dll" => ":$CmdTcID" ADS not found.
    "C:\Windows\SysWOW64\evr.dll" => ":$CmdTcID" ADS not found.
    "C:\Windows\SysWOW64\ff_acm.acm" => ":$CmdTcID" ADS not found.
    "C:\Windows\SysWOW64\ff_vfw.dll" => ":$CmdTcID" ADS not found.
    "C:\Windows\SysWOW64\FlashPlayerApp.exe" => ":$CmdTcID" ADS not found.
    "C:\Windows\SysWOW64\fontsub.dll" => ":$CmdTcID" ADS not found.
    "C:\Windows\SysWOW64\iconv.dll" => ":$CmdTcID" ADS not found.
    "C:\Windows\SysWOW64\ieapfltr.dll" => ":$CmdTcID" ADS not found.
    "C:\Windows\SysWOW64\iedkcs32.dll" => ":$CmdTcID" ADS not found.
    "C:\Windows\SysWOW64\ieetwproxystub.dll" => ":$CmdTcID" ADS not found.
    "C:\Windows\SysWOW64\ieframe.dll" => ":$CmdTcID" ADS not found.
    "C:\Windows\SysWOW64\iernonce.dll" => ":$CmdTcID" ADS not found.
    "C:\Windows\SysWOW64\iertutil.dll" => ":$CmdTcID" ADS not found.
    "C:\Windows\SysWOW64\iesetup.dll" => ":$CmdTcID" ADS not found.
    "C:\Windows\SysWOW64\ieui.dll" => ":$CmdTcID" ADS not found.
    "C:\Windows\SysWOW64\ieUnatt.exe" => ":$CmdTcID" ADS not found.
    "C:\Windows\SysWOW64\inetcpl.cpl" => ":$CmdTcID" ADS not found.
    "C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll" => ":$CmdTcID" ADS not found.
    "C:\Windows\SysWOW64\jscript9.dll" => ":$CmdTcID" ADS not found.
    "C:\Windows\SysWOW64\jscript9diag.dll" => ":$CmdTcID" ADS not found.
    "C:\Windows\SysWOW64\jsproxy.dll" => ":$CmdTcID" ADS not found.
    "C:\Windows\SysWOW64\kerberos.dll" => ":$CmdTcID" ADS not found.
    "C:\Windows\SysWOW64\lpk.dll" => ":$CmdTcID" ADS not found.
    "C:\Windows\SysWOW64\mf.dll" => ":$CmdTcID" ADS not found.
    "C:\Windows\SysWOW64\mferror.dll" => ":$CmdTcID" ADS not found.
    "C:\Windows\SysWOW64\mfplat.dll" => ":$CmdTcID" ADS not found.
    "C:\Windows\SysWOW64\mfpmp.exe" => ":$CmdTcID" ADS not found.
    "C:\Windows\SysWOW64\mfps.dll" => ":$CmdTcID" ADS not found.
    "C:\Windows\SysWOW64\msaudite.dll" => ":$CmdTcID" ADS not found.
    "C:\Windows\SysWOW64\msctf.dll" => ":$CmdTcID" ADS not found.
    "C:\Windows\SysWOW64\msdxm.ocx" => ":$CmdTcID" ADS not found.
    "C:\Windows\SysWOW64\msfeeds.dll" => ":$CmdTcID" ADS not found.
    "C:\Windows\SysWOW64\mshtml.dll" => ":$CmdTcID" ADS not found.
    "C:\Windows\SysWOW64\MshtmlDac.dll" => ":$CmdTcID" ADS not found.
    "C:\Windows\SysWOW64\mshtmled.dll" => ":$CmdTcID" ADS not found.
    "C:\Windows\SysWOW64\mshtmlmedia.dll" => ":$CmdTcID" ADS not found.
    "C:\Windows\SysWOW64\msnetobj.dll" => ":$CmdTcID" ADS not found.
    "C:\Windows\SysWOW64\msobjs.dll" => ":$CmdTcID" ADS not found.
    "C:\Windows\SysWOW64\msrating.dll" => ":$CmdTcID" ADS not found.
    "C:\Windows\SysWOW64\msscp.dll" => ":$CmdTcID" ADS not found.
    "C:\Windows\SysWOW64\msv1_0.dll" => ":$CmdTcID" ADS not found.
    "C:\Windows\SysWOW64\ncrypt.dll" => ":$CmdTcID" ADS not found.
    "C:\Windows\SysWOW64\ncsi.dll" => ":$CmdTcID" ADS not found.
    "C:\Windows\SysWOW64\nlaapi.dll" => ":$CmdTcID" ADS not found.
    "C:\Windows\SysWOW64\ntkrnlpa.exe" => ":$CmdTcID" ADS not found.
    "C:\Windows\SysWOW64\ntoskrnl.exe" => ":$CmdTcID" ADS not found.
    "C:\Windows\SysWOW64\oleaut32.dll" => ":$CmdTcID" ADS not found.
    "C:\Windows\SysWOW64\qdvd.dll" => ":$CmdTcID" ADS not found.
    "C:\Windows\SysWOW64\quartz.dll" => ":$CmdTcID" ADS not found.
    "C:\Windows\SysWOW64\rrinstaller.exe" => ":$CmdTcID" ADS not found.
    "C:\Windows\SysWOW64\scesrv.dll" => ":$CmdTcID" ADS not found.
    "C:\Windows\SysWOW64\schannel.dll" => ":$CmdTcID" ADS not found.
    "C:\Windows\SysWOW64\secur32.dll" => ":$CmdTcID" ADS not found.
    "C:\Windows\SysWOW64\shell32.dll" => ":$CmdTcID" ADS not found.
    "C:\Windows\SysWOW64\spwmp.dll" => ":$CmdTcID" ADS not found.
    "C:\Windows\SysWOW64\srclient.dll" => ":$CmdTcID" ADS not found.
    "C:\Windows\SysWOW64\sspicli.dll" => ":$CmdTcID" ADS not found.
    "C:\Windows\SysWOW64\TSpkg.dll" => ":$CmdTcID" ADS not found.
    "C:\Windows\SysWOW64\ubpm.dll" => ":$CmdTcID" ADS not found.
    "C:\Windows\SysWOW64\urlmon.dll" => ":$CmdTcID" ADS not found.
    "C:\Windows\SysWOW64\vbscript.dll" => ":$CmdTcID" ADS not found.
    "C:\Windows\SysWOW64\wdi.dll" => ":$CmdTcID" ADS not found.
    "C:\Windows\SysWOW64\wdigest.dll" => ":$CmdTcID" ADS not found.
    "C:\Windows\SysWOW64\WindowsCodecs.dll" => ":$CmdTcID" ADS not found.
    "C:\Windows\SysWOW64\wininet.dll" => ":$CmdTcID" ADS not found.
    "C:\Windows\SysWOW64\wintrust.dll" => ":$CmdTcID" ADS not found.
    "C:\Windows\SysWOW64\wmdrmsdk.dll" => ":$CmdTcID" ADS not found.
    "C:\Windows\SysWOW64\wmp.dll" => ":$CmdTcID" ADS not found.
    "C:\Windows\SysWOW64\WMPhoto.dll" => ":$CmdTcID" ADS not found.
    "C:\Windows\SysWOW64\wmploc.DLL" => ":$CmdTcID" ADS not found.
    "C:\Windows\SysWOW64\xvid.ax" => ":$CmdTcID" ADS not found.
    "C:\Windows\system32\Drivers\appid.sys" => ":$CmdTcID" ADS not found.
    "C:\Windows\system32\Drivers\cng.sys" => ":$CmdTcID" ADS not found.
    "C:\Windows\system32\Drivers\ksecdd.sys" => ":$CmdTcID" ADS not found.
    "C:\Windows\system32\Drivers\ksecpkg.sys" => ":$CmdTcID" ADS not found.
    "C:\Windows\system32\Drivers\mbam.sys" => ":$CmdTcID" ADS not found.
    "C:\Windows\system32\Drivers\mbamchameleon.sys" => ":$CmdTcID" ADS not found.
    "C:\Windows\system32\Drivers\mountmgr.sys" => ":$CmdTcID" ADS not found.
    "C:\Windows\system32\Drivers\mrxdav.sys" => ":$CmdTcID" ADS not found.
    "C:\Windows\system32\Drivers\mwac.sys" => ":$CmdTcID" ADS not found.
    "C:\Windows\system32\Drivers\PEAuth.sys" => ":$CmdTcID" ADS not found.
    "C:\Windows\system32\Drivers\tmcomm.sys" => ":$CmdTcID" ADS not found.
    "C:\Windows\system32\Drivers\VirtualAudio1.sys" => ":$CmdTcID" ADS not found.
    "C:\Windows\system32\Drivers\VirtualAudio2.sys" => ":$CmdTcID" ADS not found.
    "C:\Windows\system32\Drivers\VirtualAudio3.sys" => ":$CmdTcID" ADS not found.
    "C:\Windows\system32\Drivers\VirtualAudio4.sys" => ":$CmdTcID" ADS not found.
    "C:\Windows\system32\Drivers\VirtualAudio5.sys" => ":$CmdTcID" ADS not found.
    "C:\Windows\system32\Drivers\xusb21.sys" => ":$CmdTcID" ADS not found.
    C:\ProgramData\Temp => ":0888F409" ADS removed successfully.
    C:\ProgramData\Temp => ":3440EB47" ADS removed successfully.
    C:\ProgramData\Temp => ":4FC01C57" ADS removed successfully.
    C:\ProgramData\Temp => ":66633281" ADS removed successfully.
    C:\ProgramData\Temp => ":B755D674" ADS removed successfully.
    "C:\Users\Lee\Desktop\adwcleaner_4.112.exe" => ":$CmdTcID" ADS not found.
    "C:\Users\Lee\Desktop\BNYB.pdf" => ":$CmdTcID" ADS not found.
    "C:\Users\Lee\Desktop\FRST64(1).exe" => ":$CmdTcID" ADS not found.
    "C:\Users\Lee\Desktop\JRT.exe" => ":$CmdTcID" ADS not found.
    "C:\Users\Lee\Desktop\RogueKiller.exe" => ":$CmdTcID" ADS not found.

    ==== End of Fixlog 22:37:17 ====
     
  19. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    Last scans...

    [​IMG] Download Security Check from here or here and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
    NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
    NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
    NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run


    [​IMG] Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
      • Windows Defender
      • Other Services
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.

    [​IMG] Download Temp File Cleaner (TFC)
    Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.

    [​IMG] Download Sophos Free Virus Removal Tool and save it to your desktop.
    • Double click the icon and select Run
    • Click Next
    • Select I accept the terms in this license agreement, then click Next twice
    • Click Install
    • Click Finish to launch the program
    • Once the virus database has been updated click Start Scanning
    • If any threats are found click Details, then View log file... (bottom left hand corner)
    • Copy and paste the results in your reply
    • Close the Notepad document, close the Threat Details screen, then click Start cleanup
    • Click Exit to close the program
     
  20. cossie96

    cossie96 TS Rookie Topic Starter Posts: 21

    Results of screen317's Security Check version 0.99.98
    Windows 7 Service Pack 1 x64 (UAC is disabled!)
    Internet Explorer 11
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Firewall Enabled!
    COMODO Antivirus
    Antivirus up to date!
    `````````Anti-malware/Other Utilities Check:`````````
    Spybot - Search & Destroy
    Duplicate Cleaner Pro 3.2.4
    Java 8 Update 40
    Java SE Development Kit 8 Update 40
    Java 64-bit 8 Update 31
    Adobe Flash Player 16.0.0.305
    Mozilla Firefox (36.0.1)
    Google Chrome (40.0.2214.115)
    Google Chrome (41.0.2272.89)
    ````````Process Check: objlist.exe by Laurent````````
    Spybot Teatimer.exe is disabled!
    Comodo Firewall cmdagent.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C:
    ````````````````````End of Log``````````````````````

    Farbar Service Scanner Version: 17-01-2015
    Ran by Lee (administrator) on 13-03-2015 at 22:49:08
    Running from "C:\Users\Lee\Desktop"
    Microsoft Windows 7 Professional Service Pack 1 (X64)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Google.com is accessible.
    Yahoo.com is accessible.


    Windows Firewall:
    =============

    Firewall Disabled Policy:
    ==================


    System Restore:
    ============
    SDRSVC Service is not running. Checking service configuration:
    The start type of SDRSVC service is set to Disabled. The default start type is 3.
    The ImagePath of SDRSVC service is OK.
    The ServiceDll of SDRSVC service is OK.


    System Restore Policy:
    ========================


    Action Center:
    ============


    Windows Update:
    ============

    Windows Autoupdate Disabled Policy:
    ============================


    Windows Defender:
    ==============

    Other Services:
    ==============


    File Check:
    ========
    C:\Windows\System32\nsisvc.dll => File is digitally signed
    C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
    C:\Windows\System32\dhcpcore.dll => File is digitally signed
    C:\Windows\System32\drivers\afd.sys => File is digitally signed
    C:\Windows\System32\drivers\tdx.sys => File is digitally signed
    C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
    C:\Windows\System32\dnsrslvr.dll => File is digitally signed
    C:\Windows\System32\mpssvc.dll => File is digitally signed
    C:\Windows\System32\bfe.dll => File is digitally signed
    C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
    C:\Windows\System32\SDRSVC.dll => File is digitally signed
    C:\Windows\System32\vssvc.exe => File is digitally signed
    C:\Windows\System32\wscsvc.dll => File is digitally signed
    C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
    C:\Windows\System32\wuaueng.dll => File is digitally signed
    C:\Windows\System32\qmgr.dll => File is digitally signed
    C:\Windows\System32\es.dll => File is digitally signed
    C:\Windows\System32\cryptsvc.dll => File is digitally signed
    C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
    C:\Windows\System32\ipnathlp.dll => File is digitally signed
    C:\Windows\System32\iphlpsvc.dll => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed


    **** End of log ****
     
  21. cossie96

    cossie96 TS Rookie Topic Starter Posts: 21

  22. cossie96

    cossie96 TS Rookie Topic Starter Posts: 21

    2015-03-14 05:05:27.898 Sophos Virus Removal Tool version 2.5.4
    2015-03-14 05:05:27.898 Copyright (c) 2009-2014 Sophos Limited. All rights reserved.

    2015-03-14 05:05:27.898 This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them.

    2015-03-14 05:05:27.898 Windows version 6.1 SP 1.0 Service Pack 1 build 7601 SM=0x100 PT=0x1 WOW64
    2015-03-14 05:05:27.898 Checking for updates...
    2015-03-14 05:05:30.582 Update progress: proxy server not available
    2015-03-14 05:05:31.939 Update not required
    2015-03-14 05:05:32.781 Option all = no
    2015-03-14 05:05:32.781 Option recurse = yes
    2015-03-14 05:05:32.781 Option archive = no
    2015-03-14 05:05:32.781 Option service = yes
    2015-03-14 05:05:32.781 Option confirm = yes
    2015-03-14 05:05:32.781 Option sxl = yes
    2015-03-14 05:05:32.781 Option max-data-age = 35
    2015-03-14 05:05:32.781 Option EnableSafeClean = yes
    2015-03-14 05:05:32.828 Option vdl-logging = yes
    2015-03-14 05:05:32.828 Customer ID: 094260ca9b3af99f9d4a3909fc47a743
    2015-03-14 05:05:32.828 Machine ID: 53111dcf2c6c42248ef6d2e046a1cbc2
    2015-03-14 05:05:32.906 Component SVRTcli.exe version 2.5.4
    2015-03-14 05:05:32.906 Component control.dll version 2.5.4
    2015-03-14 05:05:32.906 Component SVRTservice.exe version 2.5.4
    2015-03-14 05:05:32.906 Component engine\osdp.dll version 1.44.1.2183
    2015-03-14 05:05:32.906 Component engine\veex.dll version 3.58.3.2183
    2015-03-14 05:05:32.906 Component engine\savi.dll version 8.1.5.2183
    2015-03-14 05:05:32.906 Component rkdisk.dll version 1.5.30.0
    2015-03-14 05:05:32.906 Version info: Product version 2.5.4
    2015-03-14 05:05:32.906 Version info: Detection engine 3.58.3
    2015-03-14 05:05:32.906 Version info: Detection data 5.11G
    2015-03-14 05:05:32.906 Version info: Build date 03/02/2015
    2015-03-14 05:05:32.906 Version info: Data files added 397
    2015-03-14 05:05:32.906 Version info: Last successful update 14/03/2015 02:02:16

    2015-03-14 06:16:20.116 Could not open C:\Boot\BCD
    2015-03-14 06:27:31.291 >>> Virus 'Mal/Generic-S' found in file C:\Program Files (x86)\MVC Player Free v0.0.2.3\MVCtoAVI.exe\Tools\MVC Player Free Demuxer\MVC Player Free Demuxer.exe
    2015-03-14 06:27:31.291 >>> Virus 'Mal/Generic-S' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA
    2015-03-14 06:27:31.291 >>> Virus 'Mal/Generic-S' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA
    2015-03-14 06:27:31.291 >>> Virus 'Mal/Generic-S' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin
    2015-03-14 06:27:31.291 >>> Virus 'Mal/Generic-S' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin
    2015-03-14 06:27:31.291 >>> Virus 'Mal/Generic-S' found in file HKU\S-1-5-21-2617431701-2952813283-2152824867-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
    2015-03-14 06:27:31.291 >>> Virus 'Mal/Generic-S' found in file HKU\S-1-5-21-2617431701-2952813283-2152824867-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
    2015-03-14 06:27:31.291 >>> Virus 'Mal/Generic-S' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
    2015-03-14 06:31:29.301 Could not open C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-03-14 06:31:29.301 Could not open C:\System Volume Information\{79c218f6-c9d2-11e4-a1df-94de80647f9f}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-03-14 06:45:53.356 Could not open C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb
    2015-03-14 06:45:53.356 Could not open C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb
    2015-03-14 06:45:55.384 Could not open C:\Windows\System32\config\RegBack\DEFAULT
    2015-03-14 06:45:55.384 Could not open C:\Windows\System32\config\RegBack\SAM
    2015-03-14 06:45:55.384 Could not open C:\Windows\System32\config\RegBack\SECURITY
    2015-03-14 06:45:55.400 Could not open C:\Windows\System32\config\RegBack\SOFTWARE
    2015-03-14 06:45:55.400 Could not open C:\Windows\System32\config\RegBack\SYSTEM
    2015-03-14 07:38:40.462 The following items will be cleaned up:
    2015-03-14 07:38:40.462 Mal/Generic-S
     
  23. cossie96

    cossie96 TS Rookie Topic Starter Posts: 21

    2015-03-14 15:53:42.143 Threat 'Mal/Generic-S' has been cleaned up.
    2015-03-14 15:53:42.143 File "C:\Program Files (x86)\MVC Player Free v0.0.2.3\MVCtoAVI.exe\Tools\MVC Player Free Demuxer\MVC Player Free Demuxer.exe" belongs to malware 'Mal/Generic-S'.
    2015-03-14 15:53:42.143 File "C:\Program Files (x86)\MVC Player Free v0.0.2.3\MVCtoAVI.exe\Tools\MVC Player Free Demuxer\MVC Player Free Demuxer.exe" has been cleaned up.
    2015-03-14 15:53:42.143 Removal successful
    2015-03-14 15:53:42.153 Contents of SafeClean bin directory:
    2015-03-14 15:53:42.153 {
    2015-03-14 15:53:42.153 RecordID : "0000000000000001",
    2015-03-14 15:53:42.153 ItemType : "1",
    2015-03-14 15:53:42.153 Location : "C:\Program Files (x86)\MVC Player Free v0.0.2.3\MVCtoAVI.exe\Tools\MVC Player Free Demuxer\",
    2015-03-14 15:53:42.153 FileName : "MVC Player Free Demuxer.exe",
    2015-03-14 15:53:42.153 ThreatName : "Mal/Generic-S",
    2015-03-14 15:53:42.153 Checksum : "7bd22f8a0b2ffe153549cb32669da56918193961a057ea95308a250674ee9b12",
    2015-03-14 15:53:42.153 TimeStamp : "Sat Mar 14 15:53:38 2015"
    2015-03-14 15:53:42.153 }
    2015-03-14 15:53:42.603 Error level 0
     
  24. cossie96

    cossie96 TS Rookie Topic Starter Posts: 21

    I have a major problem after using Sophos and rebooting. My C drive is not accessible, I cant access the drive or anything on it, even system restore.
    When I right click C drive and goto owner it says "Unable to display current owner." and I cant take ownership of it.

    In safemode I can access it.

    Any ideas?
     
  25. Broni

    Broni Malware Annihilator Posts: 52,911   +344

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...