TechSpot

"Name Not available" in Volume Mixer

By David Armstrong
Feb 29, 2016
  1. I've been doing some reading online about this one and most of the instructions seem to be vague or inaccurate.

    I was following the instructions provided in "http://www.techspot.com/community/topics/name-not-available-in-audio-mixer.199084/" but figured it might be a better idea to post properly. I am running Microsoft Security Essentials and have run a Malwarebytes scan (found 2 things, nothing major) and RogueKiller (Found a few registry entries, 6, all related)

    Logs from the scan just done with Farbar.

    Thanks for your help.
     
  2. David Armstrong

    David Armstrong TS Rookie Topic Starter

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:27-02-2016
    Ran by DADMIN (administrator) on BEASTLY (29-02-2016 15:16:23)
    Running from C:\Users\DADMIN\Downloads
    Loaded Profiles: DADMIN (Available Profiles: DADMIN)
    Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
    Internet Explorer Version 11 (Default browser: FF)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\49.0.2623.40\remoting_host.exe
    (Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\49.0.2623.40\remoting_host.exe
    (Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
    (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
    (Dell) D:\Program Files (x86)\SonicWALL\SSL-VPN\NetExtender\NEService64.exe
    (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
    () C:\ProgramData\TVersity\Media Server\MediaServer.exe
    (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
    (The Chromium Authors) C:\ProgramData\TVersity\Media Server\berkelium.exe
    (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\49.0.2623.40\remoting_host.exe
    (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
    (Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
    (Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    (Intel Corporation) C:\Windows\System32\igfxtray.exe
    (Intel Corporation) C:\Windows\System32\hkcmd.exe
    (Intel Corporation) C:\Windows\System32\igfxpers.exe
    (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
    (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
    (Dell) D:\Program Files (x86)\SonicWALL\SSL-VPN\NetExtender\NEGui.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    (Apple Inc.) D:\Program Files (x86)\iTunes\iTunesHelper.exe
    (Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe
    (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
    (Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
    () C:\Users\DADMIN\Downloads\RogueKiller.exe
    (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_20_0_0_306.exe
    (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_20_0_0_306.exe


    ==================== Registry (Whitelisted) ===========================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [AtherosBtStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [617120 2011-03-13] (Atheros Commnucations)
    HKLM\...\Run: [AthBtTray] => C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [379552 2011-03-13] (Atheros Commnucations)
    HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11613288 2010-11-19] (Realtek Semiconductor)
    HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
    HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
    HKLM\...\Run: [SonicWALLNetExtender] => D:\Program Files (x86)\SonicWALL\SSL-VPN\NetExtender\NEGui.exe [1285632 2013-03-05] (Dell)
    HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1340192 2016-01-29] (Microsoft Corporation)
    HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2011-05-20] (Intel Corporation)
    HKLM-x32\...\Run: [JMB36X IDE Setup] => C:\Windows\RaidTool\xInsIDE.exe
    HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [iTunesHelper] => D:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-09-01] (Apple Inc.)
    HKLM-x32\...\Run: [PMBVolumeWatcher] => C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe [2670592 2015-06-01] (Sony Corporation)
    HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1085656 2015-12-13] (Adobe Systems Incorporated)
    Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
    HKU\S-1-5-21-3627395371-3048719877-2987423329-1000\...\Run: [AdobeBridge] => [X]
    HKU\S-1-5-21-3627395371-3048719877-2987423329-1000\...\Run: [DAEMON Tools Lite] => D:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3672640 2013-03-14] (Disc Soft Ltd)
    HKU\S-1-5-21-3627395371-3048719877-2987423329-1000\...\MountPoints2: {e2d6bc8a-15cd-11e4-8986-806e6f6e6963} - G:\.\Bin\ASSETUP.exe

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Tcpip\Parameters: [DhcpNameServer] 192.168.110.1
    Tcpip\..\Interfaces\{53323C16-F6CF-4E80-AFD9-B0B548707B54}: [DhcpNameServer] 192.168.110.1
    Tcpip\..\Interfaces\{D52937BF-0FA7-40CE-BD7B-1FFDAC1DDEB1}: [DhcpNameServer] 172.20.10.1

    Internet Explorer:
    ==================
    BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2011-03-13] (Atheros Commnucations)

    FireFox:
    ========
    FF ProfilePath: C:\Users\DADMIN\AppData\Roaming\Mozilla\Firefox\Profiles\r7srbn1e.default-1456775264902
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_306.dll [2016-02-10] ()
    FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_306.dll [2016-02-10] ()
    FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> D:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-05-06] ()
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [2011-04-05] (Microsoft Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
    FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> D:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [No File]
    FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-12-17] (Adobe Systems Inc.)
    FF Plugin HKU\S-1-5-21-3627395371-3048719877-2987423329-1000: @citrixonline.com/appdetectorplugin -> C:\Users\DADMIN\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2015-12-01] (Citrix Online)

    Chrome:
    =======
    CHR HomePage: Default -> hxxp://www.google.com/
    CHR StartupUrls: Default -> "hxxps://www.google.ca/","hxxps://www.dayforcehcm.com/webclock/","hxxps://www.dayforcehcm.com/mydayforce/login.aspx","hxxp://www.google.com/","hxxps://www.henryschein.ca/ca-en/Dental/","hxxp://www.dentalcorp.ca/_intranet/","hxxp://www.netfirms.com/mail","hxxp://www.google.com/ig/redirectdomain?brand=LENP&bmod=LENP"
    CHR Profile: C:\Users\DADMIN\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Google Slides) - C:\Users\DADMIN\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-06-02]
    CHR Extension: (Google Docs) - C:\Users\DADMIN\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-06-02]
    CHR Extension: (Google Drive) - C:\Users\DADMIN\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-30]
    CHR Extension: (YouTube) - C:\Users\DADMIN\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-30]
    CHR Extension: (Google Search) - C:\Users\DADMIN\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-30]
    CHR Extension: (Google Sheets) - C:\Users\DADMIN\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-06-02]
    CHR Extension: (Chrome Remote Desktop) - C:\Users\DADMIN\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2016-02-23]
    CHR Extension: (Google Docs Offline) - C:\Users\DADMIN\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-23]
    CHR Extension: (AdBlock) - C:\Users\DADMIN\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-02-16]
    CHR Extension: (Boomerang for Gmail) - C:\Users\DADMIN\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdanidgdpmkimeiiojknlnekblgmpdll [2015-12-16]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\DADMIN\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-27]
    CHR Extension: (Gmail) - C:\Users\DADMIN\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-06-02]
    CHR Profile: C:\Users\DADMIN\AppData\Local\Google\Chrome\User Data\Profile 1
    CHR Extension: (Google Slides) - C:\Users\DADMIN\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-09-23]
    CHR Extension: (Google Docs) - C:\Users\DADMIN\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2015-09-28]
    CHR Extension: (Google Drive) - C:\Users\DADMIN\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-09]
    CHR Extension: (YouTube) - C:\Users\DADMIN\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-01]
    CHR Extension: (Google Search) - C:\Users\DADMIN\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-09]
    CHR Extension: (Google Sheets) - C:\Users\DADMIN\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-09-23]
    CHR Extension: (Chrome Remote Desktop) - C:\Users\DADMIN\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2016-02-18]
    CHR Extension: (Google Docs Offline) - C:\Users\DADMIN\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-23]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\DADMIN\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-09-23]
    CHR Extension: (Gmail) - C:\Users\DADMIN\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-09-28]
    CHR Profile: C:\Users\DADMIN\AppData\Local\Google\Chrome\User Data\Profile 2
    CHR Extension: (Google Slides) - C:\Users\DADMIN\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-11-16]
    CHR Extension: (Google Docs) - C:\Users\DADMIN\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aohghmighlieiainnegkcijnfilokake [2015-11-16]
    CHR Extension: (Google Drive) - C:\Users\DADMIN\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-16]
    CHR Extension: (YouTube) - C:\Users\DADMIN\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-11-16]
    CHR Extension: (Google Search) - C:\Users\DADMIN\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-16]
    CHR Extension: (Google Sheets) - C:\Users\DADMIN\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-11-16]
    CHR Extension: (Chrome Remote Desktop) - C:\Users\DADMIN\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2015-11-16]
    CHR Extension: (Google Docs Offline) - C:\Users\DADMIN\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-23]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\DADMIN\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-11-16]
    CHR Extension: (Gmail) - C:\Users\DADMIN\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-11-16]
    CHR Profile: C:\Users\DADMIN\AppData\Local\Google\Chrome\User Data\Profile 3
    CHR Extension: (Google Slides) - C:\Users\DADMIN\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-12-02]
    CHR Extension: (Google Docs) - C:\Users\DADMIN\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\aohghmighlieiainnegkcijnfilokake [2015-12-02]
    CHR Extension: (Google Drive) - C:\Users\DADMIN\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-12-02]
    CHR Extension: (YouTube) - C:\Users\DADMIN\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-12-02]
    CHR Extension: (Google Search) - C:\Users\DADMIN\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-02]
    CHR Extension: (Google Sheets) - C:\Users\DADMIN\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-12-02]
    CHR Extension: (Chrome Remote Desktop) - C:\Users\DADMIN\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2015-12-02]
    CHR Extension: (Google Docs Offline) - C:\Users\DADMIN\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-12-07]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\DADMIN\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-12-02]
    CHR Extension: (Gmail) - C:\Users\DADMIN\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-12-02]
    CHR Profile: C:\Users\DADMIN\AppData\Local\Google\Chrome\User Data\Profile 4
    CHR Extension: (Google Slides) - C:\Users\DADMIN\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-12-08]
    CHR Extension: (Google Docs) - C:\Users\DADMIN\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\aohghmighlieiainnegkcijnfilokake [2015-12-08]
    CHR Extension: (Google Drive) - C:\Users\DADMIN\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-12-08]
    CHR Extension: (YouTube) - C:\Users\DADMIN\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-12-08]
    CHR Extension: (Google Search) - C:\Users\DADMIN\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-08]
    CHR Extension: (Google Sheets) - C:\Users\DADMIN\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-12-08]
    CHR Extension: (Google Docs Offline) - C:\Users\DADMIN\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-12-14]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\DADMIN\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-12-08]
    CHR Extension: (Gmail) - C:\Users\DADMIN\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-12-08]

    ==================== Services (Whitelisted) ========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [74912 2011-03-13] (Atheros Commnucations) [File not signed]
    R2 chromoting; C:\Program Files (x86)\Google\Chrome Remote Desktop\49.0.2623.40\remoting_host.exe [69016 2016-02-05] (Google Inc.)
    S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
    R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2016-01-29] (Microsoft Corporation)
    R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [374344 2016-01-29] (Microsoft Corporation)
    R2 PMBDeviceInfoProvider; C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [494592 2015-06-01] (Sony Corporation)
    R2 SONICWALL_NetExtender; D:\Program Files (x86)\SonicWALL\SSL-VPN\NetExtender\NEService64.exe [581632 2013-03-05] (Dell)
    S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
    R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [6940944 2016-02-16] (TeamViewer GmbH)
    R2 TVersityMediaServer; C:\ProgramData\TVersity\Media Server\MediaServer.exe [4237312 2012-11-02] () [File not signed]
    S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

    ===================== Drivers (Whitelisted) ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
    R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
    S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)
    R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [289120 2015-11-13] (Microsoft Corporation)
    R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133816 2015-11-13] (Microsoft Corporation)
    R3 NxDrv; C:\Windows\System32\DRIVERS\NxDrv.sys [24264 2013-03-05] (SonicWALL Inc.)
    R3 Sftfs; C:\Windows\System32\DRIVERS\Sftfswin7.sys [767648 2014-10-08] (Microsoft Corporation)
    R3 Sftplay; C:\Windows\System32\DRIVERS\Sftplaywin7.sys [273576 2014-10-08] (Microsoft Corporation)
    R3 Sftredir; C:\Windows\System32\DRIVERS\Sftredirwin7.sys [29864 2014-10-08] (Microsoft Corporation)
    R3 Sftvol; C:\Windows\System32\DRIVERS\Sftvolwin7.sys [23208 2014-10-08] (Microsoft Corporation)
    R0 sptd; C:\Windows\System32\Drivers\sptd.sys [564824 2014-08-08] (Duplex Secure Ltd.)
    U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [24688 2016-02-29] ()
    U3 aba01l9f; C:\Windows\System32\Drivers\aba01l9f.sys [0 ] (Marvell Semiconductor, Inc.) <==== ATTENTION (zero byte File/Folder)

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
     
  3. David Armstrong

    David Armstrong TS Rookie Topic Starter

    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2016-02-29 15:16 - 2016-02-29 15:16 - 02371072 _____ (Farbar) C:\Users\DADMIN\Downloads\FRST64.exe
    2016-02-29 15:16 - 2016-02-29 15:16 - 00020826 _____ C:\Users\DADMIN\Downloads\FRST.txt
    2016-02-29 15:16 - 2016-02-29 15:16 - 00000000 ____D C:\FRST
    2016-02-29 15:06 - 2016-02-29 15:06 - 00024688 _____ C:\Windows\system32\Drivers\TrueSight.sys
    2016-02-29 15:05 - 2016-02-29 15:05 - 00000000 ____D C:\ProgramData\RogueKiller
    2016-02-29 15:04 - 2016-02-29 15:04 - 20956744 _____ C:\Users\DADMIN\Downloads\RogueKiller.exe
    2016-02-29 14:47 - 2016-02-29 14:47 - 00000000 ____D C:\Users\DADMIN\Desktop\Old Firefox Data
    2016-02-29 14:11 - 2016-02-29 14:11 - 00000000 ___RD C:\Users\DADMIN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
    2016-02-29 13:54 - 2016-02-29 13:54 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2016-02-29 13:53 - 2016-02-29 13:53 - 00001110 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2016-02-29 13:53 - 2016-02-29 13:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    2016-02-29 13:53 - 2016-02-29 13:53 - 00000000 ____D C:\ProgramData\Malwarebytes
    2016-02-29 13:53 - 2016-02-29 13:53 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
    2016-02-29 13:53 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
    2016-02-29 13:53 - 2015-10-05 09:50 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
    2016-02-29 13:53 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
    2016-02-25 15:12 - 2016-02-25 15:12 - 00019941 _____ C:\Users\DADMIN\Desktop\RingCentralFeb16Greenbank.pdf
    2016-02-15 16:23 - 2016-02-16 00:18 - 00000000 ____D C:\Users\DADMIN\AppData\Roaming\TeamViewer
    2016-02-15 11:11 - 2016-02-15 11:11 - 00000000 ____D C:\Users\DADMIN\AppData\Local\TeamViewer
    2016-02-15 11:10 - 2016-02-24 12:22 - 00000000 ____D C:\Program Files (x86)\TeamViewer
    2016-02-15 11:10 - 2016-02-23 07:39 - 00000975 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 11.lnk
    2016-02-15 11:10 - 2016-02-23 07:39 - 00000963 _____ C:\Users\Public\Desktop\TeamViewer 11.lnk
    2016-02-12 21:01 - 2016-02-24 03:16 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
    2016-02-09 15:19 - 2016-02-06 05:48 - 25839104 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2016-02-09 15:19 - 2016-02-06 05:32 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
    2016-02-09 15:19 - 2016-02-06 05:24 - 02887680 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
    2016-02-09 15:19 - 2016-02-06 05:11 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
    2016-02-09 15:19 - 2016-02-06 05:10 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
    2016-02-09 15:19 - 2016-02-06 05:01 - 20366848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2016-02-09 15:19 - 2016-02-06 04:54 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2016-02-09 15:19 - 2016-02-06 04:43 - 02280448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2016-02-09 15:19 - 2016-02-06 04:38 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2016-02-09 15:19 - 2016-02-06 04:37 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2016-02-09 15:19 - 2016-02-06 04:32 - 14458368 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
    2016-02-09 15:19 - 2016-02-06 04:16 - 12857856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2016-02-09 15:19 - 2016-02-06 04:09 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
    2016-02-09 15:19 - 2016-02-06 03:54 - 01312256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2016-02-09 15:19 - 2016-01-22 15:31 - 00387784 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
    2016-02-09 15:19 - 2016-01-22 15:10 - 00341200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
    2016-02-09 15:19 - 2016-01-22 01:56 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
    2016-02-09 15:19 - 2016-01-22 01:41 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
    2016-02-09 15:19 - 2016-01-22 01:40 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
    2016-02-09 15:19 - 2016-01-22 01:40 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
    2016-02-09 15:19 - 2016-01-22 01:40 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
    2016-02-09 15:19 - 2016-01-22 01:40 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
    2016-02-09 15:19 - 2016-01-22 01:33 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
    2016-02-09 15:19 - 2016-01-22 01:32 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
    2016-02-09 15:19 - 2016-01-22 01:29 - 06052352 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
    2016-02-09 15:19 - 2016-01-22 01:27 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
    2016-02-09 15:19 - 2016-01-22 01:27 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
    2016-02-09 15:19 - 2016-01-22 01:27 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
    2016-02-09 15:19 - 2016-01-22 01:20 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
    2016-02-09 15:19 - 2016-01-22 01:17 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
    2016-02-09 15:19 - 2016-01-22 01:09 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
    2016-02-09 15:19 - 2016-01-22 01:08 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
    2016-02-09 15:19 - 2016-01-22 01:05 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
    2016-02-09 15:19 - 2016-01-22 01:04 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
    2016-02-09 15:19 - 2016-01-22 01:02 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2016-02-09 15:19 - 2016-01-22 01:02 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
    2016-02-09 15:19 - 2016-01-22 01:02 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
    2016-02-09 15:19 - 2016-01-22 01:01 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
    2016-02-09 15:19 - 2016-01-22 01:01 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
    2016-02-09 15:19 - 2016-01-22 01:00 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
    2016-02-09 15:19 - 2016-01-22 01:00 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
    2016-02-09 15:19 - 2016-01-22 00:55 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2016-02-09 15:19 - 2016-01-22 00:55 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
    2016-02-09 15:19 - 2016-01-22 00:51 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2016-02-09 15:19 - 2016-01-22 00:51 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
    2016-02-09 15:19 - 2016-01-22 00:50 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
    2016-02-09 15:19 - 2016-01-22 00:48 - 00718336 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
    2016-02-09 15:19 - 2016-01-22 00:47 - 00798208 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
    2016-02-09 15:19 - 2016-01-22 00:46 - 02123264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
    2016-02-09 15:19 - 2016-01-22 00:46 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
    2016-02-09 15:19 - 2016-01-22 00:43 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
    2016-02-09 15:19 - 2016-01-22 00:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
    2016-02-09 15:19 - 2016-01-22 00:38 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
    2016-02-09 15:19 - 2016-01-22 00:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
    2016-02-09 15:19 - 2016-01-22 00:35 - 04611072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2016-02-09 15:19 - 2016-01-22 00:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2016-02-09 15:19 - 2016-01-22 00:34 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
    2016-02-09 15:19 - 2016-01-22 00:33 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
    2016-02-09 15:19 - 2016-01-22 00:31 - 02597376 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
    2016-02-09 15:19 - 2016-01-22 00:27 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
    2016-02-09 15:19 - 2016-01-22 00:25 - 00687104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2016-02-09 15:19 - 2016-01-22 00:24 - 02050560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2016-02-09 15:19 - 2016-01-22 00:24 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
    2016-02-09 15:19 - 2016-01-22 00:08 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
    2016-02-09 15:19 - 2016-01-22 00:07 - 02120704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2016-02-09 15:19 - 2016-01-22 00:02 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
    2016-02-09 15:19 - 2016-01-16 14:06 - 00025024 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
    2016-02-09 15:19 - 2016-01-16 13:54 - 01162240 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
    2016-02-09 15:19 - 2016-01-11 14:05 - 03169792 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
    2016-02-09 15:19 - 2016-01-11 14:05 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
    2016-02-09 15:19 - 2016-01-11 14:05 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
    2016-02-09 15:19 - 2016-01-11 13:52 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
    2016-02-09 15:19 - 2016-01-11 13:47 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
    2016-02-09 15:19 - 2016-01-11 13:26 - 02610176 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
    2016-02-09 15:19 - 2016-01-11 13:24 - 00709120 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
    2016-02-09 15:19 - 2016-01-11 13:23 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
    2016-02-09 15:19 - 2016-01-11 13:23 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
    2016-02-09 15:19 - 2016-01-11 13:23 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
    2016-02-09 15:19 - 2016-01-11 13:23 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
    2016-02-09 15:19 - 2016-01-11 13:23 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
    2016-02-09 15:19 - 2016-01-11 13:14 - 00573440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
    2016-02-09 15:19 - 2016-01-11 13:14 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
    2016-02-09 15:19 - 2016-01-11 13:14 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
    2016-02-09 15:19 - 2016-01-11 13:14 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
    2016-02-09 15:19 - 2016-01-11 09:08 - 01362944 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
    2016-02-09 15:19 - 2016-01-11 09:08 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
    2016-02-09 15:19 - 2016-01-11 09:08 - 00677376 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
    2016-02-09 15:19 - 2016-01-11 09:08 - 00499200 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
    2016-02-09 15:19 - 2016-01-11 09:08 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
    2016-02-09 15:19 - 2016-01-07 12:53 - 03211776 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
    2016-02-09 15:19 - 2016-01-07 12:42 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
    2016-02-09 15:19 - 2016-01-06 14:02 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
    2016-02-09 15:19 - 2016-01-06 14:02 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
    2016-02-09 15:19 - 2016-01-06 13:41 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
    2016-02-09 15:19 - 2015-12-20 13:50 - 03180544 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
    2016-02-09 15:19 - 2015-12-20 13:50 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
    2016-02-09 15:19 - 2015-12-20 09:08 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
    2016-02-09 15:18 - 2016-01-22 01:27 - 05573056 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
    2016-02-09 15:18 - 2016-01-22 01:27 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
    2016-02-09 15:18 - 2016-01-22 01:27 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
    2016-02-09 15:18 - 2016-01-22 01:24 - 01733592 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
    2016-02-09 15:18 - 2016-01-22 01:20 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
    2016-02-09 15:18 - 2016-01-22 01:20 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
    2016-02-09 15:18 - 2016-01-22 01:20 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
    2016-02-09 15:18 - 2016-01-22 01:20 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
    2016-02-09 15:18 - 2016-01-22 01:20 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
    2016-02-09 15:18 - 2016-01-22 01:20 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
    2016-02-09 15:18 - 2016-01-22 01:20 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
    2016-02-09 15:18 - 2016-01-22 01:20 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
    2016-02-09 15:18 - 2016-01-22 01:20 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
    2016-02-09 15:18 - 2016-01-22 01:20 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
    2016-02-09 15:18 - 2016-01-22 01:19 - 14179840 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
    2016-02-09 15:18 - 2016-01-22 01:19 - 01214464 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
    2016-02-09 15:18 - 2016-01-22 01:19 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
    2016-02-09 15:18 - 2016-01-22 01:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
    2016-02-09 15:18 - 2016-01-22 01:18 - 00961024 _____ (Microsoft Corporation) C:\Windows\system32\CPFilters.dll
    2016-02-09 15:18 - 2016-01-22 01:18 - 00723968 _____ (Microsoft Corporation) C:\Windows\system32\EncDec.dll
    2016-02-09 15:18 - 2016-01-22 01:18 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
    2016-02-09 15:18 - 2016-01-22 01:17 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
    2016-02-09 15:18 - 2016-01-22 01:17 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
    2016-02-09 15:18 - 2016-01-22 01:17 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\mtxoci.dll
    2016-02-09 15:18 - 2016-01-22 01:16 - 01461248 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
    2016-02-09 15:18 - 2016-01-22 01:16 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
    2016-02-09 15:18 - 2016-01-22 01:16 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
    2016-02-09 15:18 - 2016-01-22 01:15 - 01866752 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
    2016-02-09 15:18 - 2016-01-22 01:15 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
    2016-02-09 15:18 - 2016-01-22 01:15 - 00730112 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
    2016-02-09 15:18 - 2016-01-22 01:15 - 00422400 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
    2016-02-09 15:18 - 2016-01-22 01:13 - 03993536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
    2016-02-09 15:18 - 2016-01-22 01:13 - 03938752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
    2016-02-09 15:18 - 2016-01-22 01:13 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
    2016-02-09 15:18 - 2016-01-22 01:13 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
    2016-02-09 15:18 - 2016-01-22 01:13 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
    2016-02-09 15:18 - 2016-01-22 01:12 - 01940992 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
    2016-02-09 15:18 - 2016-01-22 01:12 - 00880128 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
    2016-02-09 15:18 - 2016-01-22 01:12 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
    2016-02-09 15:18 - 2016-01-22 01:12 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
    2016-02-09 15:18 - 2016-01-22 01:12 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
    2016-02-09 15:18 - 2016-01-22 01:12 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
    2016-02-09 15:18 - 2016-01-22 01:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
    2016-02-09 15:18 - 2016-01-22 01:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
    2016-02-09 15:18 - 2016-01-22 01:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
    2016-02-09 15:18 - 2016-01-22 01:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
    2016-02-09 15:18 - 2016-01-22 01:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
    2016-02-09 15:18 - 2016-01-22 01:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
    2016-02-09 15:18 - 2016-01-22 01:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
    2016-02-09 15:18 - 2016-01-22 01:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
    2016-02-09 15:18 - 2016-01-22 01:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
    2016-02-09 15:18 - 2016-01-22 01:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
    2016-02-09 15:18 - 2016-01-22 01:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
    2016-02-09 15:18 - 2016-01-22 01:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
    2016-02-09 15:18 - 2016-01-22 01:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
    2016-02-09 15:18 - 2016-01-22 01:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
    2016-02-09 15:18 - 2016-01-22 01:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
    2016-02-09 15:18 - 2016-01-22 01:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
    2016-02-09 15:18 - 2016-01-22 01:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
    2016-02-09 15:18 - 2016-01-22 01:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
    2016-02-09 15:18 - 2016-01-22 01:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
    2016-02-09 15:18 - 2016-01-22 01:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
    2016-02-09 15:18 - 2016-01-22 01:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
    2016-02-09 15:18 - 2016-01-22 01:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
    2016-02-09 15:18 - 2016-01-22 01:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
    2016-02-09 15:18 - 2016-01-22 01:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
    2016-02-09 15:18 - 2016-01-22 01:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
    2016-02-09 15:18 - 2016-01-22 01:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
    2016-02-09 15:18 - 2016-01-22 01:09 - 01314328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
    2016-02-09 15:18 - 2016-01-22 01:06 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
    2016-02-09 15:18 - 2016-01-22 01:06 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
    2016-02-09 15:18 - 2016-01-22 01:06 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
    2016-02-09 15:18 - 2016-01-22 01:06 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
    2016-02-09 15:18 - 2016-01-22 01:06 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
    2016-02-09 15:18 - 2016-01-22 01:06 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
    2016-02-09 15:18 - 2016-01-22 01:06 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
    2016-02-09 15:18 - 2016-01-22 01:06 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
    2016-02-09 15:18 - 2016-01-22 01:05 - 12877824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
    2016-02-09 15:18 - 2016-01-22 01:05 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
    2016-02-09 15:18 - 2016-01-22 01:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
    2016-02-09 15:18 - 2016-01-22 01:04 - 00642048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CPFilters.dll
    2016-02-09 15:18 - 2016-01-22 01:04 - 00535040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\EncDec.dll
    2016-02-09 15:18 - 2016-01-22 01:02 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
    2016-02-09 15:18 - 2016-01-22 01:02 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
    2016-02-09 15:18 - 2016-01-22 01:02 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
    2016-02-09 15:18 - 2016-01-22 01:02 - 00176128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msorcl32.dll
    2016-02-09 15:18 - 2016-01-22 01:02 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
    2016-02-09 15:18 - 2016-01-22 01:02 - 00114176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mtxoci.dll
    2016-02-09 15:18 - 2016-01-22 01:02 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
    2016-02-09 15:18 - 2016-01-22 01:00 - 01498624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
    2016-02-09 15:18 - 2016-01-22 00:59 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
    2016-02-09 15:18 - 2016-01-22 00:59 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
    2016-02-09 15:18 - 2016-01-22 00:59 - 00642560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
    2016-02-09 15:18 - 2016-01-22 00:59 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
    2016-02-09 15:18 - 2016-01-22 00:59 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
    2016-02-09 15:18 - 2016-01-22 00:59 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
    2016-02-09 15:18 - 2016-01-22 00:59 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
    2016-02-09 15:18 - 2016-01-22 00:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
    2016-02-09 15:18 - 2016-01-22 00:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
    2016-02-09 15:18 - 2016-01-22 00:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
    2016-02-09 15:18 - 2016-01-22 00:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
    2016-02-09 15:18 - 2016-01-22 00:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
    2016-02-09 15:18 - 2016-01-22 00:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
    2016-02-09 15:18 - 2016-01-22 00:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
    2016-02-09 15:18 - 2016-01-22 00:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
    2016-02-09 15:18 - 2016-01-22 00:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
    2016-02-09 15:18 - 2016-01-22 00:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
    2016-02-09 15:18 - 2016-01-22 00:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
    2016-02-09 15:18 - 2016-01-22 00:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
    2016-02-09 15:18 - 2016-01-22 00:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
    2016-02-09 15:18 - 2016-01-22 00:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
    2016-02-09 15:18 - 2016-01-22 00:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
    2016-02-09 15:18 - 2016-01-22 00:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
    2016-02-09 15:18 - 2016-01-22 00:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
    2016-02-09 15:18 - 2016-01-22 00:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
    2016-02-09 15:18 - 2016-01-22 00:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
    2016-02-09 15:18 - 2016-01-22 00:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
    2016-02-09 15:18 - 2016-01-22 00:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
    2016-02-09 15:18 - 2016-01-22 00:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
    2016-02-09 15:18 - 2016-01-22 00:19 - 03231232 _____ (Microsoft Corporation) C:\Windows\explorer.exe
    2016-02-09 15:18 - 2016-01-22 00:13 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
    2016-02-09 15:18 - 2016-01-22 00:12 - 02973184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
    2016-02-09 15:18 - 2016-01-22 00:07 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
    2016-02-09 15:18 - 2016-01-22 00:07 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
    2016-02-09 15:18 - 2016-01-22 00:05 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
    2016-02-09 15:18 - 2016-01-21 23:59 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
    2016-02-09 15:18 - 2016-01-21 23:58 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
    2016-02-09 15:18 - 2016-01-21 23:58 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
    2016-02-09 15:18 - 2016-01-21 23:57 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
    2016-02-09 15:18 - 2016-01-21 23:57 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
    2016-02-09 15:18 - 2016-01-21 23:53 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
    2016-02-09 15:18 - 2016-01-21 23:53 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
    2016-02-09 15:18 - 2016-01-21 23:53 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
    2016-02-09 15:18 - 2016-01-21 23:53 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
    2016-02-09 15:18 - 2016-01-21 23:51 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
    2016-02-09 15:18 - 2016-01-21 23:51 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
    2016-02-09 15:18 - 2016-01-21 23:51 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
    2016-02-09 15:18 - 2016-01-21 23:51 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
    2016-02-09 15:18 - 2016-01-21 23:51 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
    2016-02-09 15:18 - 2016-01-16 14:01 - 02085888 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
    2016-02-09 15:18 - 2016-01-16 13:36 - 01413632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2016-02-29 14:26 - 2015-06-02 11:53 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2016-02-29 14:24 - 2014-11-11 23:31 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
    2016-02-29 14:16 - 2009-07-13 23:45 - 00031904 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2016-02-29 14:16 - 2009-07-13 23:45 - 00031904 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2016-02-29 14:11 - 2015-06-02 11:53 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2016-02-29 14:05 - 2009-07-14 00:13 - 00782744 _____ C:\Windows\system32\PerfStringBackup.INI
    2016-02-29 14:05 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\inf
    2016-02-29 14:01 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
    2016-02-29 14:00 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\ModemLogs
    2016-02-29 13:52 - 2014-08-13 23:10 - 00000000 ____D C:\Users\DADMIN\AppData\Roaming\vlc
    2016-02-29 13:44 - 2015-12-01 12:35 - 00000000 ____D C:\Users\DADMIN\AppData\Local\Citrix
    2016-02-29 13:44 - 2014-07-27 17:19 - 00000000 ____D C:\Windows\system32\appmgmt
    2016-02-29 02:00 - 2014-07-27 16:35 - 00000000 ____D C:\Users\DADMIN\AppData\Local\Adobe
    2016-02-26 03:00 - 2015-04-05 02:00 - 00000000 ___SD C:\Windows\SysWOW64\GWX
    2016-02-26 03:00 - 2015-04-05 02:00 - 00000000 ___SD C:\Windows\system32\GWX
    2016-02-25 15:12 - 2015-04-08 09:19 - 00000000 ____D C:\Users\DADMIN\AppData\Local\CutePDF Writer
    2016-02-24 03:16 - 2014-07-27 16:27 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
    2016-02-24 03:16 - 2009-07-13 23:45 - 04888752 _____ C:\Windows\system32\FNTCACHE.DAT
    2016-02-24 03:15 - 2014-08-19 22:13 - 00000000 ____D C:\Users\DADMIN\AppData\Roaming\SoftGrid Client
    2016-02-24 03:00 - 2014-10-15 07:55 - 00002155 _____ C:\Windows\epplauncher.mif
    2016-02-24 03:00 - 2014-10-15 07:55 - 00002121 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
    2016-02-24 03:00 - 2014-10-15 07:55 - 00000000 ____D C:\Program Files\Microsoft Security Client
    2016-02-24 03:00 - 2014-10-15 07:55 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
    2016-02-23 06:14 - 2015-07-29 23:36 - 00000000 ____D C:\Users\DADMIN\AppData\Local\CrashDumps
    2016-02-19 17:27 - 2015-06-02 11:54 - 00002216 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
    2016-02-19 17:27 - 2015-06-02 11:54 - 00002187 _____ C:\Users\Public\Desktop\Google Chrome.lnk
    2016-02-18 11:23 - 2014-07-27 16:48 - 00058016 _____ C:\Users\DADMIN\AppData\Local\GDIPFONTCACHEV1.DAT
    2016-02-10 04:09 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\rescache
    2016-02-10 03:31 - 2014-12-11 03:17 - 00000000 ____D C:\Windows\system32\appraiser
    2016-02-10 03:31 - 2014-07-27 17:23 - 00000000 ___SD C:\Windows\system32\CompatTel
    2016-02-10 03:31 - 2011-04-12 03:28 - 00000000 ____D C:\Program Files\Windows Journal
    2016-02-10 03:15 - 2014-07-27 16:35 - 00000000 ____D C:\Windows\system32\MRT
    2016-02-10 03:11 - 2014-07-27 16:35 - 146614896 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
    2016-02-10 03:04 - 2014-07-27 16:58 - 00766610 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
    2016-02-10 01:24 - 2014-11-11 23:31 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
    2016-02-10 01:24 - 2014-08-08 00:18 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2016-02-10 01:24 - 2014-08-08 00:18 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2016-02-02 20:21 - 2015-06-02 11:53 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
    2016-02-02 20:21 - 2015-06-02 11:53 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

    ==================== Files in the root of some directories =======

    2008-02-05 12:28 - 2008-02-05 12:28 - 0000051 _____ () C:\Users\DADMIN\AppData\Local\setup.txt

    Some files in TEMP:
    ====================
    C:\Users\DADMIN\AppData\Local\Temp\bitool.dll
    C:\Users\DADMIN\AppData\Local\Temp\converter.exe
    C:\Users\DADMIN\AppData\Local\Temp\dllnt_dump.dll
    C:\Users\DADMIN\AppData\Local\Temp\vlc-2.2.1-win32.exe
    C:\Users\DADMIN\AppData\Local\Temp\_is5550.exe


    ==================== Bamital & volsnap =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\system32\winlogon.exe => File is digitally signed
    C:\Windows\system32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\system32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\system32\services.exe => File is digitally signed
    C:\Windows\system32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\system32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\system32\rpcss.dll => File is digitally signed
    C:\Windows\system32\dnsapi.dll => File is digitally signed
    C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
    C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2016-02-28 00:32

    ==================== End of FRST.txt ============================
     
  4. David Armstrong

    David Armstrong TS Rookie Topic Starter

    Addition.txt:

    Additional scan result of Farbar Recovery Scan Tool (x64) Version:27-02-2016
    Ran by DADMIN (2016-02-29 15:16:37)
    Running from C:\Users\DADMIN\Downloads
    Windows 7 Professional Service Pack 1 (X64) (2014-07-27 20:43:41)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-3627395371-3048719877-2987423329-500 - Administrator - Disabled)
    DADMIN (S-1-5-21-3627395371-3048719877-2987423329-1000 - Administrator - Enabled) => C:\Users\DADMIN
    Guest (S-1-5-21-3627395371-3048719877-2987423329-501 - Limited - Enabled)
    HomeGroupUser$ (S-1-5-21-3627395371-3048719877-2987423329-1002 - Limited - Enabled)

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Microsoft Security Essentials (Enabled - Up to date) {768124D7-F5F7-6D2F-DDC2-94DFA4017C95}
    AS: Microsoft Security Essentials (Enabled - Up to date) {CDE0C533-D3CD-62A1-E772-AFADDF863628}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    µTorrent (HKU\S-1-5-21-3627395371-3048719877-2987423329-1000\...\uTorrent) (Version: 3.4.5.41202 - BitTorrent Inc.)
    Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
    Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)
    Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.306 - Adobe Systems Incorporated)
    Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)
    Adobe Reader XI (11.0.14) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.14 - Adobe Systems Incorporated)
    Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{B678797F-DF38-4556-8A31-8B818E261868}) (Version: 8.0.0.23 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
    Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.14.1.0 - Asmedia Technology)
    Bluetooth Win7 Suite (64) (HKLM\...\{230D1595-57DA-4933-8C4E-375797EBB7E1}) (Version: 7.2.0.65 - Atheros Communications)
    Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
    Chrome Remote Desktop Host (HKLM-x32\...\{EBFF2EA1-3944-4CA2-89FA-8B70C0058DD3}) (Version: 49.0.2623.40 - Google Inc.)
    CutePDF Writer 3.0 (HKLM\...\CutePDF Writer Installation) (Version: 3.0 - Acro Software Inc.)
    DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.47.1.0333 - Disc Soft Ltd)
    Dell SonicWALL NetExtender (HKLM-x32\...\{EF06A6A8-6B81-4A09-8223-789953972FFF}) (Version: 7.0.196 - Dell)
    ffdshow v1.3.4531 [2014-06-28] (HKLM-x32\...\ffdshow_is1) (Version: 1.3.4531.0 - )
    Free FLAC to MP3 Converter 1.2 (HKLM-x32\...\{A54C01BD-1277-4722-B42B-EC9800A90B1E}_is1) (Version: 1.2 - PolySoft Solutions)
    Free Video Cutter Joiner 10.4 (HKLM-x32\...\{8C5A4758-C782-4200-B337-DB3466D33ADD}}_is1) (Version: 10.4 - DVDVideoMedia, Inc.)
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 48.0.2564.116 - Google Inc.)
    Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
    Intel(R) Network Connections 15.6.25.0 (HKLM\...\PROSetDX) (Version: 15.6.25.0 - Intel)
    Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3347 - Intel Corporation)
    Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.6.0.1002 - Intel Corporation)
    iTunes (HKLM\...\{F46AA0F1-E284-4878-A462-5F11B9166C0E}) (Version: 11.4.0.18 - Apple Inc.)
    JMicron JMB36X Driver (HKLM-x32\...\{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}) (Version: 1.17.58.2 - JMicron Technology Corp.)
    Logitech Unifying Software 2.50 (HKLM\...\Logitech Unifying) (Version: 2.50.25 - Logitech)
    LogMeIn Client (HKLM-x32\...\{9E01C3E5-F23A-4232-AFC7-FCF2D04D73EC}) (Version: 1.3.615 - LogMeIn, Inc.)
    Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
    marvell 91xx driver (HKLM-x32\...\MagniDriver) (Version: 1.0.0.1045 - Marvell)
    MergeModule_x64 (Version: 9.1.00 - Sony Corporation) Hidden
    MergeModule_x86 (x32 Version: 9.3.00 - Sony Corporation) Hidden
    Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
    Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.6122.5000 - Microsoft Corporation)
    Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.7130.5000 - Microsoft Corporation)
    Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.9.218.0 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Mozilla Firefox 44.0.2 (x86 en-GB) (HKLM-x32\...\Mozilla Firefox 44.0.2 (x86 en-GB)) (Version: 44.0.2 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 44.0.2.5884 - Mozilla)
    PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
    PlayMemories Home (HKLM-x32\...\{94F4815B-755A-4FFA-AFDC-EE8FE776981E}) (Version: 4.3.01.06011 - Sony Corporation)
    PMB_ModeEditor (x32 Version: 9.3.00 - Sony Corporation) Hidden
    PMB_ServiceUploader (x32 Version: 9.3.01 - Sony Corporation) Hidden
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6251 - Realtek Semiconductor Corp.)
    StudioTax 2014 (HKLM-x32\...\{7ECEB694-CC1D-4ECA-A175-A6119ECE0944}) (Version: 10.0.2.0 - BHOK IT Consulting)
    TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.55321 - TeamViewer)
    TVersity Codec Pack 1.4 (HKLM-x32\...\TVersity Codec Pack) (Version: 1.4 - TVersity Inc.)
    TVersity Media Server 1.9.3 (HKLM-x32\...\TVersity Media Server) (Version: 1.9.3 - TVersity)
    VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
    WinRAR 5.11 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.11.0 - win.rar GmbH)

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {009025F2-0B9D-47A1-8377-9B8D177F8751} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-13] (Adobe Systems Incorporated)
    Task: {3814E5D2-B904-45C9-92B1-40EA81268C5D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-02-10] (Adobe Systems Incorporated)
    Task: {3F8B5140-E4D6-4351-B64B-5106D702BF7F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-06-02] (Google Inc.)
    Task: {9520BD1D-732C-4B0E-AE70-D415EEDF678C} - System32\Tasks\AdobeAAMUpdater-1.0-Beastly-DADMIN => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-04-04] (Adobe Systems Incorporated)
    Task: {A6E51AFF-BFC6-41B3-8940-9BD3583CC1F9} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-06-02] (Google Inc.)

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

    ==================== Shortcuts =============================

    (The entries could be listed to be restored or removed.)

    ==================== Loaded Modules (Whitelisted) ==============

    2015-04-08 09:12 - 2013-10-23 14:24 - 00087600 _____ () C:\Windows\System32\cpwmon64.dll
    2010-11-24 15:33 - 2012-11-02 18:06 - 04237312 _____ () C:\ProgramData\TVersity\Media Server\MediaServer.exe
    2014-07-27 16:25 - 2011-05-23 04:16 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
    2016-02-29 15:04 - 2016-02-29 15:04 - 20956744 _____ () C:\Users\DADMIN\Downloads\RogueKiller.exe
    2014-07-03 12:20 - 2014-07-03 12:20 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
    2014-07-03 12:19 - 2014-07-03 12:19 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
    2014-08-08 23:30 - 2012-11-02 18:05 - 00100352 _____ () C:\ProgramData\TVersity\Media Server\EasyHook32.dll
    2014-08-08 23:30 - 2012-11-02 18:05 - 00079872 _____ () C:\ProgramData\TVersity\Media Server\portaudio_x86.dll
    2010-11-24 15:36 - 2012-11-02 18:06 - 00346112 _____ () C:\ProgramData\TVersity\Media Server\taglib.dll
    2010-11-24 15:36 - 2012-11-02 18:06 - 00731136 _____ () C:\ProgramData\TVersity\Media Server\X11.dll
    2010-11-24 15:36 - 2012-11-02 18:06 - 00165888 _____ () C:\ProgramData\TVersity\Media Server\CORE_RL_lcms_.dll
    2010-11-24 15:36 - 2012-11-02 18:06 - 00329728 _____ () C:\ProgramData\TVersity\Media Server\libcurl.dll
    2010-11-24 15:36 - 2012-11-02 18:06 - 00714752 _____ () C:\ProgramData\TVersity\Media Server\log4cxx.dll
    2010-11-24 15:36 - 2012-11-02 18:06 - 04532240 _____ () C:\ProgramData\TVersity\Media Server\avcodec-52.dll
    2010-11-24 15:36 - 2012-11-02 18:05 - 00081936 _____ () C:\ProgramData\TVersity\Media Server\avutil-50.dll
    2010-11-24 15:36 - 2012-11-02 18:06 - 00311808 _____ () C:\ProgramData\TVersity\Media Server\libmp3lame-0.dll
    2010-11-24 15:36 - 2012-11-02 18:06 - 00793616 _____ () C:\ProgramData\TVersity\Media Server\avformat-52.dll
    2010-11-24 15:36 - 2012-11-02 18:05 - 00201232 _____ () C:\ProgramData\TVersity\Media Server\swscale-0.dll
    2010-11-24 15:36 - 2012-11-02 18:06 - 00507888 _____ () C:\ProgramData\TVersity\Media Server\sqlite3.dll
    2006-09-16 00:03 - 2012-11-02 18:06 - 00007680 _____ () C:\ProgramData\TVersity\Media Server\ImageMagickCoders\IM_MOD_RL_GRAY_.dll
    2016-02-10 03:41 - 2016-02-10 03:41 - 00172544 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\689ff5005671c420fe1ea3d7d2454667\IsdiInterop.ni.dll
    2014-07-27 16:29 - 2011-05-20 09:05 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)


    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


    ==================== EXE Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)


    ==================== Hosts content: ===============================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts


    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-3627395371-3048719877-2987423329-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\DADMIN\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
    DNS Servers: 192.168.110.1
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    Windows Firewall is enabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (Currently there is no automatic fix for this section.)


    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
    FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
    FirewallRules: [{CFE36E4E-73DE-4818-B922-1D76017C9108}] => (Allow) C:\Users\DADMIN\AppData\Roaming\uTorrent\uTorrent.exe
    FirewallRules: [{FECF163C-9354-4140-A712-3C73AA252E79}] => (Allow) C:\Users\DADMIN\AppData\Roaming\uTorrent\uTorrent.exe
    FirewallRules: [{FC712E2F-23D0-46E5-8924-E5438B3CEE7A}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{2B2E3776-0725-404B-8593-84990CB63EE0}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{28BA2D85-4115-45DA-ADCF-299C8DD929FF}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{EB2C267D-F8D5-4535-AD1C-F88C3199CF63}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{B1CD6097-3B0A-4167-977E-7587B9EF58E7}] => (Allow) C:\ProgramData\TVersity\Media Server\MediaServer.exe
    FirewallRules: [{41BFA955-9533-425E-B80F-7BCB02680E5F}] => (Allow) C:\ProgramData\TVersity\Media Server\MediaServer.exe
    FirewallRules: [{D4E5B098-C50F-4365-B580-83275A8F8379}] => (Allow) D:\Program Files (x86)\iTunes\iTunes.exe
    FirewallRules: [TCP Query User{BBF87688-E920-4ED0-81EA-802019D08965}C:\users\dadmin\appdata\local\temp\lmi6f27.tmp\logmein client.exe] => (Allow) C:\users\dadmin\appdata\local\temp\lmi6f27.tmp\logmein client.exe
    FirewallRules: [UDP Query User{A86794E2-6F47-4213-976C-B34D3D888772}C:\users\dadmin\appdata\local\temp\lmi6f27.tmp\logmein client.exe] => (Allow) C:\users\dadmin\appdata\local\temp\lmi6f27.tmp\logmein client.exe
    FirewallRules: [TCP Query User{7171F566-7E21-4157-A7E2-3EA62333E01B}C:\users\dadmin\appdata\local\logmein client\logmein client.exe] => (Allow) C:\users\dadmin\appdata\local\logmein client\logmein client.exe
    FirewallRules: [UDP Query User{7954DF23-FB4C-4B90-8C14-56D394C90FB0}C:\users\dadmin\appdata\local\logmein client\logmein client.exe] => (Allow) C:\users\dadmin\appdata\local\logmein client\logmein client.exe
    FirewallRules: [{0696A781-A821-4B26-A0D9-4F24D7594106}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{5DCC8635-E60B-495F-99F9-6EDBCA74A0AD}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{CF79165E-9B90-48D5-A2A2-13E1FDDD5804}] => (Allow) C:\Program Files (x86)\Sony\PlayMemories Home\PMBBrowser.exe
    FirewallRules: [{2A3FF434-B9E1-4F51-AB75-2C9BB747A3B9}] => (Allow) C:\Program Files (x86)\Sony\PlayMemories Home\PMBBrowser.exe
    FirewallRules: [TCP Query User{D5DC8CB6-9762-4FEA-AEBC-F3698A320BFE}C:\program files (x86)\logmein ignition\lmiignition.exe] => (Allow) C:\program files (x86)\logmein ignition\lmiignition.exe
    FirewallRules: [UDP Query User{8CE7BB61-C146-4D6C-8F93-AC6BFB7BC196}C:\program files (x86)\logmein ignition\lmiignition.exe] => (Allow) C:\program files (x86)\logmein ignition\lmiignition.exe
    FirewallRules: [TCP Query User{E01A3EA1-05F8-4FFB-B907-1F23340F02F9}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
    FirewallRules: [UDP Query User{73228900-ED58-4862-BF61-03DDD8AD85F9}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
    FirewallRules: [{F492966E-C2D3-499B-9472-1BDC660D5CE5}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{1C54A916-9311-453B-8EE2-16D13777BF74}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [TCP Query User{ADD77A77-F4BA-4DFE-B28E-CF2431FB1F91}C:\users\dadmin\appdata\local\temp\g2_1704\g2viewer.exe] => (Allow) C:\users\dadmin\appdata\local\temp\g2_1704\g2viewer.exe
    FirewallRules: [UDP Query User{2462AC2C-E9D0-499F-A6D4-FB15D64DEC11}C:\users\dadmin\appdata\local\temp\g2_1704\g2viewer.exe] => (Allow) C:\users\dadmin\appdata\local\temp\g2_1704\g2viewer.exe
    FirewallRules: [{61847205-38A4-45E0-9811-A7DFEDD08D5B}] => (Allow) C:\Program Files (x86)\Google\Chrome Remote Desktop\49.0.2623.40\remoting_host.exe
    FirewallRules: [{76516E18-FF7A-4F87-9C34-4D044BF32AF2}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    FirewallRules: [{1B0F748A-D329-42A7-A6CF-652B3767D7A2}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
    FirewallRules: [{292BD50F-B17D-4A6F-BB8A-CC70FE0CFA3A}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
    FirewallRules: [{5133605C-4614-4EE1-BA6D-F2CCA8D7DB3B}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
    FirewallRules: [{2FFA7445-B011-459B-A5AF-714F398AA0A0}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe

    ==================== Restore Points =========================

    18-02-2016 03:43:54 Windows Update
    22-02-2016 03:43:32 Windows Update
    24-02-2016 03:00:10 Windows Update
    26-02-2016 03:00:10 Windows Update
    29-02-2016 08:32:34 Windows Update

    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (02/29/2016 02:02:56 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (02/29/2016 01:26:33 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (02/29/2016 12:23:31 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (02/29/2016 12:14:59 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: The program iTunes.exe version 11.4.0.18 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

    Process ID: 14c4

    Start Time: 01d16f219bc44bf6

    Termination Time: 22

    Application Path: D:\Program Files (x86)\iTunes\iTunes.exe

    Report Id:

    Error: (02/29/2016 06:51:35 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
    Description: 80004005

    Error: (02/28/2016 07:00:12 PM) (Source: Windows Backup) (EventID: 4103) (User: )
    Description: The backup did not complete because of an error writing to the backup location L:\. The error is: The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006).

    Error: (02/28/2016 11:24:01 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
    Description: 80004005

    Error: (02/27/2016 04:38:24 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
    Description: 80004005

    Error: (02/26/2016 09:17:21 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
    Description: 80004005

    Error: (02/26/2016 11:10:03 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Excessive update rate for Mah\032Music._home-sharing._tcp.local.; delaying announcement by 2 seconds


    System errors:
    =============
    Error: (02/29/2016 03:06:10 PM) (Source: Application Popup) (EventID: 1060) (User: )
    Description: \??\C:\Windows\System32\drivers\TrueSight.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

    Error: (02/29/2016 02:00:15 PM) (Source: DCOM) (EventID: 10010) (User: )
    Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

    Error: (02/29/2016 01:51:40 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The AtherosSvc service terminated unexpectedly. It has done this 1 time(s).

    Error: (02/29/2016 01:51:36 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

    Error: (02/29/2016 01:51:12 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The iPod Service service terminated unexpectedly. It has done this 1 time(s).

    Error: (02/29/2016 01:51:09 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The Intel® PROSet Monitoring Service service terminated unexpectedly. It has done this 1 time(s).

    Error: (02/29/2016 01:51:03 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The TVersity Media Server service terminated unexpectedly. It has done this 1 time(s).

    Error: (02/29/2016 01:50:56 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The SonicWALL NetExtender Service service terminated unexpectedly. It has done this 1 time(s).

    Error: (02/29/2016 01:50:51 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The PMBDeviceInfoProvider service terminated unexpectedly. It has done this 1 time(s).

    Error: (02/29/2016 01:50:09 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The TeamViewer 11 service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 2000 milliseconds: Restart the service.


    CodeIntegrity:
    ===================================
    Date: 2015-09-21 16:54:45.362
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

    Date: 2015-09-21 16:46:06.075
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

    Date: 2015-09-21 16:21:06.569
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

    Date: 2015-09-21 14:56:50.603
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

    Date: 2015-09-21 14:46:27.206
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

    Date: 2015-09-21 14:32:25.614
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

    Date: 2015-09-21 14:22:48.413
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

    Date: 2015-09-04 13:47:16.316
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

    Date: 2015-09-03 14:44:34.033
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

    Date: 2015-09-03 13:34:05.206
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.


    ==================== Memory info ===========================

    Processor: Intel(R) Core(TM) i7-2600K CPU @ 3.40GHz
    Percentage of memory in use: 22%
    Total physical RAM: 16089.14 MB
    Available physical RAM: 12485.77 MB
    Total Virtual: 32176.49 MB
    Available Virtual: 29504.79 MB

    ==================== Drives ================================

    Drive c: (Boot) (Fixed) (Total:180 GB) (Free:94.84 GB) NTFS
    Drive d: (New Volume) (Fixed) (Total:298.09 GB) (Free:256.61 GB) NTFS
    Drive e: (Programs) (Fixed) (Total:58.47 GB) (Free:49.98 GB) NTFS
    Drive h: (Pics and Music) (Fixed) (Total:464.99 GB) (Free:179.58 GB) NTFS
    Drive j: (Videos and Backup) (Fixed) (Total:1863.01 GB) (Free:545.98 GB) NTFS
    Drive k: (My Passport) (Fixed) (Total:1862.98 GB) (Free:248.8 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 2 (MBR Code: Windows XP) (Size: 298.1 GB) (Disk ID: A49FA9E2)
    Partition 1: (Not Active) - (Size=298.1 GB) - (Type=07 NTFS)

    ========================================================
    Disk: 3 (MBR Code: Windows XP) (Size: 1863 GB) (Disk ID: A2ED32E8)
    Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)

    ========================================================
    Disk: 4 (MBR Code: Windows XP) (Size: 1863 GB) (Disk ID: EE109927)
    Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)

    ==================== End of Addition.txt ============================
     
  5. Broni

    Broni Malware Annihilator Posts: 52,884   +344

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ==================================

    [​IMG] Download RogueKiller from one of the following links and save it to your Desktop:

    Link 1
    Link 2
    • Close all the running programs
    • Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again
    [​IMG] Please download Malwarebytes Anti-Malware (MBAM) to your desktop.
    NOTE. If you already have MBAM 2.0 installed scroll down.
    • Double-click mbam-setup-2.0.0.1000.exe and follow the prompts to install the program.
    • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
    • Click Finish.
    • On the Dashboard, click the 'Update Now >>' link
    • After the update completes, click the 'Scan Now >>' button.
    • Or, on the Dashboard, click the Scan Now >> button.
    • If an update is available, click the Update Now button.
    • A Threat Scan will begin.
    • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
    • In most cases, a restart will be required.
    • Wait for the prompt to restart the computer to appear, then click on Yes.
    If you already have MBAM 2.0 installed:
    • On the Dashboard, click the 'Update Now >>' link
    • After the update completes, click the 'Scan Now >>' button.
    • Or, on the Dashboard, click the Scan Now >> button.
    • If an update is available, click the Update Now button.
    • A Threat Scan will begin.
    • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
    • In most cases, a restart will be required.
    • Wait for the prompt to restart the computer to appear, then click on Yes.
    How to get logs:
    (Export log to save as txt)
    • After the restart once you are back at your desktop, open MBAM once more.
    • Click on the History tab > Application Logs.
    • Double click on the Scan Log which shows the Date and time of the scan just performed.
    • Click 'Export'.
    • Click 'Text file (*.txt)'
    • In the Save File dialog box which appears, click on Desktop.
    • In the File name: box type a name for your scan log.
    • A message box named 'File Saved' should appear stating "Your file has been successfully exported".
    • Click Ok
    • Attach that saved log to your next reply.
    (Copy to clipboard for pasting into forum replies or tickets)
    • After the restart once you are back at your desktop, open MBAM once more.
    • Click on the History tab > Application Logs.
    • Double click on the Scan Log which shows the Date and time of the scan just performed.
    • Click 'Copy to Clipboard'
    • Paste the contents of the clipboard into your reply.
    [​IMG] Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Scan button.
    • When the scan has finished click on Clean button.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the contents of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.
    [​IMG] Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.
     
  6. David Armstrong

    David Armstrong TS Rookie Topic Starter

    From combofix, because I'm doing it out of order. I will download and run all the others right now.

    ComboFix 16-02-29.01 - DADMIN 29/02/2016 15:44:41.1.8 - x64
    Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.16089.13390 [GMT -5:00]
    Running from: c:\users\DADMIN\Downloads\ComboFix.exe
    AV: Microsoft Security Essentials *Disabled/Updated* {768124D7-F5F7-6D2F-DDC2-94DFA4017C95}
    SP: Microsoft Security Essentials *Disabled/Updated* {CDE0C533-D3CD-62A1-E772-AFADDF863628}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((( Files Created from 2016-01-28 to 2016-02-29 )))))))))))))))))))))))))))))))
    .
    .
    2016-02-29 20:47 . 2016-02-29 20:47 -------- d-----w- c:\users\Default\AppData\Local\temp
    2016-02-29 20:16 . 2016-02-29 20:18 -------- d-----w- C:\FRST
    2016-02-29 20:06 . 2016-02-29 20:06 24688 ----a-w- c:\windows\system32\drivers\TrueSight.sys
    2016-02-29 20:05 . 2016-02-29 20:22 -------- d-----w- c:\programdata\RogueKiller
    2016-02-29 18:54 . 2016-02-29 18:54 192216 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
    2016-02-29 18:53 . 2016-02-29 18:53 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
    2016-02-29 18:53 . 2016-02-29 18:53 -------- d-----w- c:\programdata\Malwarebytes
    2016-02-29 18:53 . 2015-10-05 14:50 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
    2016-02-29 18:53 . 2015-10-05 14:50 109272 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
    2016-02-29 18:53 . 2015-10-05 14:50 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
    2016-02-29 13:32 . 2015-11-25 11:02 11154520 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8E8F3A4E-F317-436C-9AA1-11967C62EF0D}\mpengine.dll
    2016-02-28 06:38 . 2015-11-25 11:02 11154520 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2016-02-15 21:23 . 2016-02-16 05:18 -------- d-----w- c:\users\DADMIN\AppData\Roaming\TeamViewer
    2016-02-15 16:11 . 2016-02-15 16:11 -------- d-----w- c:\users\DADMIN\AppData\Local\TeamViewer
    2016-02-15 16:10 . 2016-02-24 17:22 -------- d-----w- c:\program files (x86)\TeamViewer
    2016-02-09 20:18 . 2016-01-16 19:01 2085888 ----a-w- c:\windows\system32\ole32.dll
    2016-02-08 04:16 . 2015-07-01 08:09 1190000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{218241E0-7674-4CF6-8882-0504DFA58982}\gapaengine.dll
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2016-02-10 08:11 . 2014-07-27 21:35 146614896 ----a-w- c:\windows\system32\MRT.exe
    2016-02-10 06:24 . 2014-08-08 05:18 796864 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2016-02-10 06:24 . 2014-08-08 05:18 142528 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2016-01-22 05:59 . 2016-02-09 20:18 44032 ----a-w- c:\windows\apppatch\acwow64.dll
    2015-12-09 03:39 . 2010-11-21 03:27 301728 ------w- c:\windows\system32\MpSigStub.exe
    2015-12-08 21:54 . 2016-01-13 07:34 902144 ----a-w- c:\windows\SysWow64\WMADMOD.DLL
    2015-12-08 21:54 . 2016-01-13 07:34 815616 ----a-w- c:\windows\SysWow64\WMADMOE.DLL
    2015-12-08 21:54 . 2016-01-13 07:34 739328 ----a-w- c:\windows\SysWow64\WMSPDMOD.DLL
    2015-12-08 21:54 . 2016-01-13 07:34 541184 ----a-w- c:\windows\SysWow64\WMVSDECD.DLL
    2015-12-08 21:54 . 2016-01-13 07:34 1620992 ----a-w- c:\windows\SysWow64\WMVDECOD.DLL
    2015-12-08 21:54 . 2016-01-13 07:34 740352 ----a-w- c:\windows\SysWow64\wmpmde.dll
    2015-12-08 21:54 . 2016-01-13 07:34 665088 ----a-w- c:\windows\SysWow64\WMVXENCD.DLL
    2015-12-08 21:54 . 2016-01-13 07:34 1568768 ----a-w- c:\windows\SysWow64\WMVENCOD.DLL
    2015-12-08 21:54 . 2016-01-13 07:34 358400 ----a-w- c:\windows\SysWow64\WMVSENCD.DLL
    2015-12-08 21:54 . 2016-01-13 07:34 1325056 ----a-w- c:\windows\SysWow64\WMSPDMOE.DLL
    2015-12-08 21:54 . 2016-01-13 07:34 2285056 ----a-w- c:\windows\SysWow64\msmpeg2vdec.dll
    2015-12-08 21:54 . 2016-01-13 07:34 154112 ----a-w- c:\windows\SysWow64\VIDRESZR.DLL
    2015-12-08 21:53 . 2016-01-13 07:34 206848 ----a-w- c:\windows\SysWow64\RESAMPLEDMO.DLL
    2015-12-08 21:53 . 2016-01-13 07:34 509952 ----a-w- c:\windows\SysWow64\qedit.dll
    2015-12-08 21:53 . 2016-01-13 07:34 1329664 ----a-w- c:\windows\SysWow64\quartz.dll
    2015-12-08 21:53 . 2016-01-13 07:34 519680 ----a-w- c:\windows\SysWow64\qdvd.dll
    2015-12-08 21:53 . 2016-01-13 07:34 206848 ----a-w- c:\windows\SysWow64\qasf.dll
    2015-12-08 21:53 . 2016-01-13 07:34 970240 ----a-w- c:\windows\SysWow64\msmpeg2adec.dll
    2015-12-08 21:53 . 2016-01-13 07:34 829952 ----a-w- c:\windows\SysWow64\MSMPEG2ENC.DLL
    2015-12-08 21:53 . 2016-01-13 07:34 241152 ----a-w- c:\windows\SysWow64\MPG4DECD.DLL
    2015-12-08 21:53 . 2016-01-13 07:34 79872 ----a-w- c:\windows\SysWow64\MP3DMOD.DLL
    2015-12-08 21:53 . 2016-01-13 07:34 415744 ----a-w- c:\windows\SysWow64\MP4SDECD.DLL
    2015-12-08 21:53 . 2016-01-13 07:34 241152 ----a-w- c:\windows\SysWow64\MP43DECD.DLL
    2015-12-08 21:53 . 2016-01-13 07:34 3209728 ----a-w- c:\windows\SysWow64\mf.dll
    2015-12-08 21:53 . 2016-01-13 07:34 609280 ----a-w- c:\windows\SysWow64\MFWMAAEC.DLL
    2015-12-08 21:53 . 2016-01-13 07:34 53248 ----a-w- c:\windows\SysWow64\mfvdsp.dll
    2015-12-08 21:53 . 2016-01-13 07:34 354816 ----a-w- c:\windows\SysWow64\mfplat.dll
    2015-12-08 21:53 . 2016-01-13 07:34 4608 ----a-w- c:\windows\SysWow64\ksuser.dll
    2015-12-08 21:53 . 2016-01-13 07:34 103424 ----a-w- c:\windows\SysWow64\mfps.dll
    2015-12-08 21:53 . 2016-01-13 07:34 489984 ----a-w- c:\windows\SysWow64\evr.dll
    2015-12-08 21:53 . 2016-01-13 07:34 67584 ----a-w- c:\windows\SysWow64\devenum.dll
    2015-12-08 21:53 . 2016-01-13 07:34 153600 ----a-w- c:\windows\SysWow64\COLORCNV.DLL
    2015-12-08 21:53 . 2016-01-13 07:34 50176 ----a-w- c:\windows\SysWow64\rrinstaller.exe
    2015-12-08 21:53 . 2016-01-13 07:34 23040 ----a-w- c:\windows\SysWow64\mfpmp.exe
    2015-12-08 21:53 . 2016-01-13 07:34 193536 ----a-w- c:\windows\SysWow64\ksproxy.ax
    2015-12-08 21:52 . 2016-01-13 07:32 312320 ----a-w- c:\windows\SysWow64\gdi32.dll
    2015-12-08 21:50 . 2016-01-13 07:34 2048 ----a-w- c:\windows\SysWow64\mferror.dll
    2015-12-08 19:07 . 2016-01-13 07:34 978944 ----a-w- c:\windows\system32\WMSPDMOD.DLL
    2015-12-08 19:07 . 2016-01-13 07:34 666112 ----a-w- c:\windows\system32\WMVSDECD.DLL
    2015-12-08 19:07 . 2016-01-13 07:34 1888768 ----a-w- c:\windows\system32\WMVDECOD.DLL
    2015-12-08 19:07 . 2016-01-13 07:34 1232896 ----a-w- c:\windows\system32\WMADMOD.DLL
    2015-12-08 19:07 . 2016-01-13 07:34 1153024 ----a-w- c:\windows\system32\WMADMOE.DLL
    2015-12-08 19:07 . 2016-01-13 07:34 642048 ----a-w- c:\windows\system32\WMVXENCD.DLL
    2015-12-08 19:07 . 2016-01-13 07:34 447488 ----a-w- c:\windows\system32\WMVSENCD.DLL
    2015-12-08 19:07 . 2016-01-13 07:34 1955328 ----a-w- c:\windows\system32\WMVENCOD.DLL
    2015-12-08 19:07 . 2016-01-13 07:34 1575424 ----a-w- c:\windows\system32\WMSPDMOE.DLL
    2015-12-08 19:07 . 2016-01-13 07:34 1026048 ----a-w- c:\windows\system32\wmpmde.dll
    2015-12-08 19:07 . 2009-07-14 00:22 1393152 ----a-w- c:\windows\system32\WMALFXGFXDSP.dll
    2015-12-08 19:07 . 2016-01-13 07:34 2777088 ----a-w- c:\windows\system32\msmpeg2vdec.dll
    2015-12-08 19:07 . 2016-01-13 07:34 292352 ----a-w- c:\windows\system32\VIDRESZR.DLL
    2015-12-08 19:07 . 2016-01-13 07:34 378880 ----a-w- c:\windows\system32\SysFxUI.dll
    2015-12-08 19:07 . 2016-01-13 07:34 225792 ----a-w- c:\windows\system32\RESAMPLEDMO.DLL
    2015-12-08 19:07 . 2016-01-13 07:34 624640 ----a-w- c:\windows\system32\qedit.dll
    2015-12-08 19:07 . 2016-01-13 07:34 1573888 ----a-w- c:\windows\system32\quartz.dll
    2015-12-08 19:07 . 2016-01-13 07:34 371712 ----a-w- c:\windows\system32\qdvd.dll
    2015-12-08 19:07 . 2016-01-13 07:34 254464 ----a-w- c:\windows\system32\qasf.dll
    2015-12-08 19:07 . 2016-01-13 07:34 1307136 ----a-w- c:\windows\system32\msmpeg2adec.dll
    2015-12-08 19:07 . 2016-01-13 07:34 1160192 ----a-w- c:\windows\system32\MSMPEG2ENC.DLL
    2015-12-08 19:07 . 2016-01-13 07:34 4121600 ----a-w- c:\windows\system32\mf.dll
    2015-12-08 19:07 . 2016-01-13 07:34 484864 ----a-w- c:\windows\system32\MFWMAAEC.DLL
    2015-12-08 19:07 . 2016-01-13 07:34 432128 ----a-w- c:\windows\system32\mfplat.dll
    2015-12-08 19:07 . 2016-01-13 07:34 1010688 ----a-w- c:\windows\system32\mcmde.dll
    2015-12-08 19:07 . 2016-01-13 07:34 70144 ----a-w- c:\windows\system32\mfvdsp.dll
    2015-12-08 19:07 . 2016-01-13 07:34 653824 ----a-w- c:\windows\system32\MP4SDECD.DLL
    2015-12-08 19:07 . 2016-01-13 07:34 224768 ----a-w- c:\windows\system32\MPG4DECD.DLL
    2015-12-08 19:07 . 2016-01-13 07:34 223744 ----a-w- c:\windows\system32\MP43DECD.DLL
    2015-12-08 19:07 . 2016-01-13 07:34 100864 ----a-w- c:\windows\system32\MP3DMOD.DLL
    2015-12-08 19:07 . 2016-01-13 07:34 206848 ----a-w- c:\windows\system32\mfps.dll
    2015-12-08 19:07 . 2016-01-13 07:34 5120 ----a-w- c:\windows\system32\ksuser.dll
    2015-12-08 19:07 . 2016-01-13 07:34 632320 ----a-w- c:\windows\system32\evr.dll
    2015-12-08 19:07 . 2016-01-13 07:32 405504 ----a-w- c:\windows\system32\gdi32.dll
    2015-12-08 19:07 . 2016-01-13 07:34 189952 ----a-w- c:\windows\system32\COLORCNV.DLL
    2015-12-08 19:07 . 2016-01-13 07:34 76288 ----a-w- c:\windows\system32\devenum.dll
    2015-12-08 19:07 . 2016-01-13 07:34 55808 ----a-w- c:\windows\system32\rrinstaller.exe
    2015-12-08 19:06 . 2016-01-13 07:34 24576 ----a-w- c:\windows\system32\mfpmp.exe
    2015-12-08 19:06 . 2016-01-13 07:34 250880 ----a-w- c:\windows\system32\ksproxy.ax
    2015-12-08 19:04 . 2016-01-13 07:34 2048 ----a-w- c:\windows\system32\mferror.dll
    2015-12-08 18:54 . 2016-01-13 07:34 116736 ----a-w- c:\windows\system32\drivers\drmk.sys
    2015-12-08 18:12 . 2016-01-13 07:34 230400 ----a-w- c:\windows\system32\drivers\portcls.sys
    2015-12-08 18:11 . 2016-01-13 07:34 5632 ----a-w- c:\windows\system32\drivers\drmkaud.sys
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "DAEMON Tools Lite"="d:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2013-03-14 3672640]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-05-20 284440]
    "JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2010-01-19 43632]
    "SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
    "AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]
    "iTunesHelper"="d:\program files (x86)\iTunes\iTunesHelper.exe" [2014-09-01 152392]
    "PMBVolumeWatcher"="c:\program files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe" [2015-06-01 2670592]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2015-12-14 1085656]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
    R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
    R3 ATHDFU;Atheros Valkyrie USB BootROM;c:\windows\system32\Drivers\AthDfu.sys;c:\windows\SYSNATIVE\Drivers\AthDfu.sys [x]
    R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
    R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
    R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
    R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys;c:\windows\SYSNATIVE\DRIVERS\netaapl64.sys [x]
    R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
    R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
    R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
    R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
    S0 mv91xx;mv91xx;c:\windows\system32\DRIVERS\mv91xx.sys;c:\windows\SYSNATIVE\DRIVERS\mv91xx.sys [x]
    S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
    S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe;c:\program files (x86)\Bluetooth Suite\adminservice.exe [x]
    S2 chromoting;Chrome Remote Desktop Service;c:\program files (x86)\Google\Chrome Remote Desktop\49.0.2623.40\remoting_host.exe;c:\program files (x86)\Google\Chrome Remote Desktop\49.0.2623.40\remoting_host.exe [x]
    S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
    S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
    S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
    S2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe;c:\windows\SYSNATIVE\IProsetMonitor.exe [x]
    S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe;c:\program files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [x]
    S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
    S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys;c:\windows\SYSNATIVE\DRIVERS\asmthub3.sys [x]
    S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys;c:\windows\SYSNATIVE\DRIVERS\asmtxhci.sys [x]
    S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_flt.sys [x]
    S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys;c:\windows\SYSNATIVE\drivers\btath_a2dp.sys [x]
    S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys;c:\windows\SYSNATIVE\DRIVERS\btath_bus.sys [x]
    S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_hcrp.sys [x]
    S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_lwflt.sys [x]
    S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_rcp.sys [x]
    S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x]
    S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
    S3 NxDrv;SonicWALL NetExtender Adapter;c:\windows\system32\DRIVERS\NxDrv.sys;c:\windows\SYSNATIVE\DRIVERS\NxDrv.sys [x]
    S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfswin7.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfswin7.sys [x]
    S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaywin7.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaywin7.sys [x]
    S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirwin7.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirwin7.sys [x]
    S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvolwin7.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvolwin7.sys [x]
    S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
    S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - MBAMPROTECTOR
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
    2016-02-19 22:26 1088664 ----a-w- c:\program files (x86)\Google\Chrome\Application\48.0.2564.116\Installer\chrmstp.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2016-02-29 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-08-08 06:24]
    .
    2016-02-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-06-02 16:53]
    .
    2016-02-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-06-02 16:53]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2011-03-13 617120]
    "AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2011-03-13 379552]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-11-19 11613288]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2014-01-30 171992]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2014-01-30 399832]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2014-01-30 442328]
    "Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2012-09-20 1832760]
    "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392]
    "SonicWALLNetExtender"="d:\program files (x86)\SonicWALL\SSL-VPN\NetExtender\NEGui.exe" [2013-03-05 1285632]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2016-01-30 1340192]
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    TCP: DhcpNameServer = 192.168.110.1
    FF - ProfilePath - c:\users\DADMIN\AppData\Roaming\Mozilla\Firefox\Profiles\r7srbn1e.default-1456775264902\
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Wow6432Node-HKCU-Run-AdobeBridge - (no file)
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2016-02-29 15:49:10
    ComboFix-quarantined-files.txt 2016-02-29 20:49
    .
    Pre-Run: 101,404,106,752 bytes free
    Post-Run: 104,148,262,912 bytes free
    .
    - - End Of File - - 2E67E5CF5EF8D211094020EC8EDBEEE3
     
  7. David Armstrong

    David Armstrong TS Rookie Topic Starter

    Malwarebytes Anti-Malware
    www.malwarebytes.org

    Scan Date: 29/02/2016
    Scan Time: 1:54 PM
    Logfile: Malwarebytesfeb26.txt
    Administrator: Yes

    Version: 2.2.0.1024
    Malware Database: v2016.02.29.04
    Rootkit Database: v2016.02.27.01
    License: Free
    Malware Protection: Disabled
    Malicious Website Protection: Disabled
    Self-protection: Disabled

    OS: Windows 7 Service Pack 1
    CPU: x64
    File System: NTFS
    User: DADMIN

    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 370645
    Time Elapsed: 5 min, 16 sec

    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Enabled
    PUM: Enabled

    Processes: 0
    (No malicious items detected)

    Modules: 0
    (No malicious items detected)

    Registry Keys: 0
    (No malicious items detected)

    Registry Values: 0
    (No malicious items detected)

    Registry Data: 0
    (No malicious items detected)

    Folders: 0
    (No malicious items detected)

    Files: 2
    PUP.Optional.Somoto, C:\Users\DADMIN\AppData\Local\Temp\nshA92D.tmp, Quarantined, [c4b4a2c47128be7814a7c00f3ac6c53b],
    PUP.Optional.RelevantKnowledge, C:\Users\DADMIN\AppData\Local\Temp\CSM2795.tmp, Quarantined, [ee8a60061386c571b05dcd3a9471ed13],

    Physical Sectors: 0
    (No malicious items detected)


    (end)
     
  8. David Armstrong

    David Armstrong TS Rookie Topic Starter

    It is now showing up as "Host Process" in volume mixer... ADWcleaner and Junk Remover next.

    Thanks for the help.
     
  9. Broni

    Broni Malware Annihilator Posts: 52,884   +344

    Go on...
     
  10. David Armstrong

    David Armstrong TS Rookie Topic Starter

    # AdwCleaner v5.037 - Logfile created 29/02/2016 at 16:06:27
    # Updated 28/02/2016 by Xplode
    # Database : 2016-02-28.2 [Local]
    # Operating system : Windows 7 Professional Service Pack 1 (x64)
    # Username : DADMIN - BEASTLY
    # Running from : C:\Users\DADMIN\Downloads\adwcleaner_5.037.exe
    # Option : Clean
    # Support : http://toolslib.net/forum

    ***** [ Services ] *****


    ***** [ Folders ] *****

    [-] Folder Deleted : C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69

    ***** [ Files ] *****


    ***** [ DLLs ] *****


    ***** [ Shortcuts ] *****


    ***** [ Scheduled tasks ] *****


    ***** [ Registry ] *****

    [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3CCC052E-BDEE-408A-BEA7-90914EF2964B}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{61F47056-E400-43D3-AF1E-AB7DFFD4C4AD}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E2B98EEA-EE55-4E9B-A8C1-6E5288DF785A}

    ***** [ Web browsers ] *****

    [-] [C:\Users\DADMIN\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com
    [-] [C:\Users\DADMIN\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : websearch.ask.com
    [-] [C:\Users\DADMIN\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : search.sweetim.com
    [-] [C:\Users\DADMIN\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : mysearch.avg.com

    *************************

    :: "Tracing" keys removed
    :: Winsock settings cleared

    *************************

    C:\AdwCleaner\AdwCleaner[C1].txt - [1528 bytes] - [29/02/2016 16:06:27]
    C:\AdwCleaner\AdwCleaner[S1].txt - [1543 bytes] - [29/02/2016 16:03:47]

    ########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [1674 bytes] ##########
     
  11. David Armstrong

    David Armstrong TS Rookie Topic Starter

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Malwarebytes
    Version: 8.0.3 (02.09.2016)
    Operating System: Windows 7 Professional x64
    Ran by DADMIN (Administrator) on 02/03/2016 at 11:30:20.07
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    File System: 16

    Successfully deleted: C:\Users\DADMIN\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\DADMIN\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0UBAINE0 (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\DADMIN\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5KRGHJM7 (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\DADMIN\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\DADMIN\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\DADMIN\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GYYNGB2M (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\DADMIN\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\DADMIN\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W2XPL0SI (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0UBAINE0 (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5KRGHJM7 (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GYYNGB2M (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W2XPL0SI (Temporary Internet Files Folder)



    Registry: 0





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on 02/03/2016 at 11:31:39.28
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     
  12. David Armstrong

    David Armstrong TS Rookie Topic Starter

    Everything seems to be running well at this point, didn't catch anything in particular still lingering from the scans.

    Any further steps you'd recommend? If not, thanks for the help.
     
  13. David Armstrong

    David Armstrong TS Rookie Topic Starter

    I take it back... after running Junkware I appear to have lost sound again. Let me see if I can find out why.

    Fixed. Uninstalled usb audio device and rebooted/reinstalled. Problem solved. Thanks again.
     
    Last edited: Mar 2, 2016
  14. Broni

    Broni Malware Annihilator Posts: 52,884   +344

    Cool :)

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Very Important! Temporarily disable your anti-virus and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
      If the connection is not there use restore point you created prior to running Combofix.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error Illegal operation attempted on a registery key that has been marked for deletion, restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try the following...

    Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Download Rkill (courtesy of BleepingComputer.com) to your desktop.
    There are 2 different versions. If one of them won't run then download and try to run the other one.
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
    iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

    Restart computer in safe mode

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Windows Vista, 7 or 8 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    When the scan is done Notepad will open with rKill.txt log.
    NOTE. rKill.txt log will also be present on your desktop.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
     
  15. Broni

    Broni Malware Annihilator Posts: 52,884   +344

    Still with me?
     
  16. Broni

    Broni Malware Annihilator Posts: 52,884   +344

    This topic is marked as abandoned and closed due to inactivity.

    This member will NOT be eligible to receive any more help in malware removal forum.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...