Solved PC infected

ronaldo9_r9

Posts: 29   +0
My PC seems infected by some virus. Malwarebytes stopped opening on startup so I uninstalled it. when I install malwarebytes it gave me runtime error and it wont let me install even with MB clean tool.

I managed to make it work by using windows 8 files to windows 7 malwarebytes folder. I have scanned the pc with malwarebytes and superantimalware which showed few infected item

I also had Advanced System care I could no longer open that it said (Access denied).

I am using Windows 7 ultimate edition.

Advanced system care stopped working and comodo started giving me security agent could not be started errors.

I have managed to fix advanced systemcare by taking full owenership of the program folder even though I am admin.

my worry is my pc still might be infected.

any help would be appreciated.
 
Last edited:
Please, complete all steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.


Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

================================

Uninstall Advanced System Care.
Registry cleaners/optimizers are not recommended for several reasons:

  • Registry cleaners are extremely powerful applications that can damage the registry by using aggressive cleaning routines and cause your computer to become unbootable.

    The Windows registry is a central repository (database) for storing configuration data, user settings and machine-dependent settings, and options for the operating system. It contains information and settings for all hardware, software, users, and preferences. Whenever a user makes changes to settings, file associations, system policies, or installed software, the changes are reflected and stored in this repository. The registry is a crucial component because it is where Windows "remembers" all this information, how it works together, how Windows boots the system and what files it uses when it does. The registry is also a vulnerable subsystem, in that relatively small changes done incorrectly can render the system inoperable. For a more detailed explanation, read Understanding The Registry.
  • Not all registry cleaners are created equal. There are a number of them available but they do not all work entirely the same way. Each vendor uses different criteria as to what constitutes a "bad entry". One cleaner may find entries on your system that will not cause problems when removed, another may not find the same entries, and still another may want to remove entries required for a program to work.
  • Not all registry cleaners create a backup of the registry before making changes. If the changes prevent the system from booting up, then there is no backup available to restore it in order to regain functionality. A backup of the registry is essential BEFORE making any changes to the registry.
  • Improperly removing registry entries can hamper malware disinfection and make the removal process more difficult if your computer becomes infected. For example, removing malware related registry entries before the infection is properly identified can contribute to system instability and even make the malware undetectable to removal tools.
  • The usefulness of cleaning the registry is highly overrated and can be dangerous. In most cases, using a cleaner to remove obsolete, invalid, and erroneous entries does not affect system performance but it can result in "unpredictable results".
Unless you have a particular problem that requires a registry edit to correct it, I would suggest you leave the registry alone. Using registry cleaning tools unnecessarily or incorrectly could lead to disastrous effects on your operating system such as preventing it from ever starting again. For routine use, the benefits to your computer are negligible while the potential risks are great.

 
Thanks for doing this Borni. Below are my results.

Here are Malwarebytes results.

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 09/10/2014
Scan Time: 20:08:10
Logfile:
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.10.09.09
Rootkit Database: v2014.10.08.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Asim Hussain

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 311337
Time Elapsed: 6 min, 43 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

DDS Log

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17280 BrowserJavaVersion: 11.20.2
Run by Asim Hussain at 11:39:42 on 2014-10-10
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.44.1033.18.16300.13344 [GMT 1:00]
.
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: COMODO Antivirus *Disabled/Outdated* {0C2D2636-923D-EE52-2A83-E643204A8275}
FW: COMODO Firewall *Disabled* {8F7746F7-FE68-E084-3B6C-7404A51E8FB3}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Program Files\COMODO\COMODO Internet Security\CisTray.exe
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files (x86)\RocketDock\RocketDock.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\DAODx.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\COMODO\COMODO Internet Security\cis.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\SLSTaskbar.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\SLSTaskbar64.exe
C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe
C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe
c:\program files\windows defender\MpCmdRun.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
mWinlogon: Userinit = userinit.exe,
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_20\bin\ssv.dll
BHO: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL
BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_20\bin\jp2ssv.dll
uRun: [RocketDock] "C:\Program Files (x86)\RocketDock\RocketDock.exe"
mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
mRun: [TrueImageMonitor.exe] "C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe"
mRun: [AcronisTibMounterMonitor] C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office15\EXCEL.EXE/3000
IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{E0B00E84-0BAB-4350-8916-E0B0841B1B5D} : DHCPNameServer = 192.168.0.1
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
SSODL: WebCheck - <orphaned>
SSODL: IconPackager Repair - {1799460C-0BC8-4865-B9DF-4A36CD703FF0} - C:\Program Files (x86)\Stardock\Object Desktop\IconPackager\iprepair.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL
x64-Run: [RTHDVCPL] "C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s
x64-Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
x64-Run: [Acronis Scheduler2 Service] "C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe"
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
x64-Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL
x64-SSODL: WebCheck - <orphaned>
Hosts: 0.0.0.0 fr.a2dfp.net
Hosts: 0.0.0.0 m.fr.a2dfp.net
Hosts: 0.0.0.0 mfr.a2dfp.net
Hosts: 0.0.0.0 ad.a8.net
Hosts: 0.0.0.0 asy.a8ww.net
.
Note: multiple HOSTS entries found. Please refer to Attach.txt
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Asim Hussain\AppData\Roaming\Mozilla\Firefox\Profiles\lq2s5scs.default-1412890638074\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - plugin: C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll
FF - plugin: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_20\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_20\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMeetingJoinPluginOC.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;C:\Windows\System32\drivers\aswRvrt.sys [2014-6-28 65776]
R0 aswVmm;avast! VM Monitor;C:\Windows\System32\drivers\aswVmm.sys [2014-6-28 224896]
R0 file_tracker;file_tracker;C:\Windows\System32\drivers\file_tracker.sys [2014-10-9 296736]
R0 fltsrv;Acronis Storage Filter Management;C:\Windows\System32\drivers\fltsrv.sys [2014-10-9 126752]
R0 tib;Acronis TIB Manager;C:\Windows\System32\drivers\tib.sys [2014-10-9 1328928]
R0 tib_mounter;Acronis TIB Mounter;C:\Windows\System32\drivers\tib_mounter.sys [2014-10-9 248096]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswsnx.sys [2014-6-28 1041168]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswsp.sys [2014-6-28 427360]
R1 cmderd;COMODO Internet Security Eradication Driver;C:\Windows\System32\drivers\cmderd.sys [2014-4-16 23168]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;C:\Windows\System32\drivers\cmdguard.sys [2014-4-16 738472]
R1 cmdHlp;COMODO Internet Security Helper Driver;C:\Windows\System32\drivers\cmdhlp.sys [2014-4-16 48360]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2014-6-28 283064]
R2 afcdpsrv;Acronis Nonstop Backup Service;C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2014-10-9 3992568]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2014-9-15 239616]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2014-9-15 344064]
R2 AODDriver4.3;AODDriver4.3;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2014-2-11 59616]
R2 aswHwid;avast! HardwareID;C:\Windows\System32\drivers\aswHwid.sys [2014-6-28 29208]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2014-6-28 79184]
R2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Bluetooth Suite\AdminService.exe [2011-3-1 76448]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-7-9 50344]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-10-8 1809720]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-10-8 860472]
R2 syncagentsrv;Acronis Sync Agent Service;C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe [2014-8-20 6847712]
R3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\System32\drivers\asmthub3.sys [2011-11-3 130536]
R3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\System32\drivers\asmtxhci.sys [2011-11-3 395752]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2014-6-21 94720]
R3 BTATH_BUS;Atheros Bluetooth Bus;C:\Windows\System32\drivers\btath_bus.sys [2011-3-1 28832]
R3 lvpopf64;Logitech POP Suppression Filter;C:\Windows\System32\drivers\lvpopf64.sys [2009-10-7 271640]
R3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2009-10-7 327704]
R3 LVUVC64;Logitech QuickCam Fusion(UVC);C:\Windows\System32\drivers\lvuvc64.sys [2009-10-7 6379288]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2014-10-8 25816]
R3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2014-10-8 122584]
R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;C:\Windows\System32\drivers\MijXfilt.sys [2014-7-3 121416]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2014-7-20 901848]
S2 aswStm;aswStm;C:\Windows\System32\drivers\aswstm.sys [2014-6-28 92008]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S3 AthBTPort;Atheros Virtual Bluetooth Class;C:\Windows\System32\drivers\btath_flt.sys [2011-3-1 36000]
S3 ATHDFU;Atheros Valkyrie USB BootROM;C:\Windows\System32\drivers\AthDfu.sys [2011-3-1 51872]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\Windows\System32\drivers\btath_a2dp.sys [2011-3-1 298656]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\Windows\System32\drivers\btath_hcrp.sys [2011-3-1 201376]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\Windows\System32\drivers\btath_lwflt.sys [2011-3-1 55456]
S3 BTATH_RCP;Bluetooth AVRCP Device;C:\Windows\System32\drivers\btath_rcp.sys [2011-3-1 154272]
S3 BtFilter;BtFilter;C:\Windows\System32\drivers\btfilter.sys [2011-3-1 280224]
S3 cmdvirth;COMODO Virtual Service Manager;C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2014-3-25 2264280]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2014-1-22 108800]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2010-11-21 71168]
S3 epmntdrv;epmntdrv;C:\Windows\System32\epmntdrv.sys [2014-7-6 17480]
S3 EuGdiDrv;EuGdiDrv;C:\Windows\System32\EuGdiDrv.sys [2014-7-6 9800]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-9-10 111616]
S3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac.sys [2014-10-8 63704]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2014-1-23 178760]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2014-6-14 19456]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2014-1-22 206080]
S3 Synth3dVsc;Synth3dVsc;C:\Windows\System32\drivers\Synth3dVsc.sys [2010-11-21 88960]
S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\System32\drivers\terminpt.sys [2014-6-14 29696]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-6-14 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2014-6-14 29696]
S3 tsusbhub;tsusbhub;C:\Windows\System32\drivers\tsusbhub.sys [2010-11-21 117248]
S3 wampapache64;wampapache64;C:\wamp\bin\apache\apache2.4.9\bin\httpd.exe [2014-6-28 24576]
S3 wampmysqld64;wampmysqld64;c:\wamp\bin\mysql\mysql5.6.17\bin\mysqld.exe wampmysqld64 --> c:\wamp\bin\mysql\mysql5.6.17\bin\mysqld.exe wampmysqld64 [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2014-6-14 1255736]
S4 LiveUpdateSvc;LiveUpdate;C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe --> C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [?]
S4 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2014-4-3 315008]
.
=============== File Associations ===============
.
ShellExec: dreamweaver.exe: Open="C:\Program Files (x86)\Adobe\Adobe Dreamweaver CC 2014\dreamweaver.exe", "%1"
.
=============== Created Last 30 ================
.
2014-10-10 10:37:15 75888 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{302F20D5-BFDD-4A53-A22D-E3316E88D6D3}\offreg.dll
2014-10-09 20:13:23 296736 ----a-w- C:\Windows\System32\drivers\file_tracker.sys
2014-10-09 20:13:17 248096 ----a-w- C:\Windows\System32\drivers\tib_mounter.sys
2014-10-09 20:13:16 1328928 ----a-w- C:\Windows\System32\drivers\tib.sys
2014-10-09 20:13:14 319776 ----a-w- C:\Windows\System32\drivers\snapman.sys
2014-10-09 20:13:14 126752 ----a-w- C:\Windows\System32\drivers\fltsrv.sys
2014-10-08 21:37:17 122584 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-10-08 21:32:27 91352 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-10-08 21:32:27 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys
2014-10-08 21:32:26 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-10-08 21:32:26 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-10-08 18:32:23 11578928 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{302F20D5-BFDD-4A53-A22D-E3316E88D6D3}\mpengine.dll
2014-10-07 23:29:17 -------- d-----w- C:\Users\Asim Hussain\AppData\Local\Stardock
2014-10-06 21:10:06 -------- d-----w- C:\Users\Asim Hussain\AppData\Roaming\Steam
2014-10-04 20:36:13 -------- d-----w- C:\Users\Asim Hussain\VIDEO_TS
2014-10-04 20:36:13 -------- d-----w- C:\Users\Asim Hussain\AUDIO_TS
2014-10-04 20:34:55 -------- d-----w- C:\Program Files (x86)\WinAVI Video Converter
2014-10-04 19:56:03 -------- d-----w- C:\Users\Asim Hussain\AppData\Roaming\AMD
2014-10-04 19:24:52 -------- d-----w- C:\Program Files (x86)\FreeTime
2014-10-04 18:45:13 -------- d-----w- C:\Program Files (x86)\MagicISO
2014-10-04 18:43:25 -------- d-----w- C:\Program Files (x86)\MKVtoolnix
2014-10-04 18:39:53 -------- d-----w- C:\Users\Asim Hussain\AppData\Local\www.doom9.net
2014-10-04 18:38:51 -------- d-----w- C:\Program Files (x86)\megui
2014-10-04 18:19:15 -------- d-----w- C:\Program Files (x86)\AviSynth 2.5
2014-10-04 18:18:30 -------- d-----w- C:\Program Files (x86)\DVD Decrypter
2014-10-04 17:39:32 -------- d-----w- C:\Users\Asim Hussain\AppData\Roaming\WinAVI
2014-10-04 17:39:32 -------- d-----w- C:\Users\Asim Hussain\AppData\Local\WinAVI
2014-10-04 17:39:22 -------- d-----w- C:\Program Files (x86)\WinAVI
2014-10-04 09:41:02 -------- d-----w- C:\Program Files (x86)\AMD AVT
2014-10-01 18:48:18 519680 ----a-w- C:\Windows\SysWow64\qdvd.dll
2014-10-01 18:48:18 371712 ----a-w- C:\Windows\System32\qdvd.dll
2014-09-25 20:50:25 -------- d-----w- C:\Program Files (x86)\SDA
2014-09-24 21:18:13 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2014-09-24 21:18:13 2048 ----a-w- C:\Windows\System32\tzres.dll
2014-09-20 19:02:42 -------- d-----w- C:\Users\Asim Hussain\AppData\Local\Ahead
2014-09-15 22:32:00 78432 ----a-w- C:\Windows\System32\atimpc64.dll
2014-09-15 22:32:00 78432 ----a-w- C:\Windows\System32\amdpcom64.dll
2014-09-15 22:32:00 71704 ----a-w- C:\Windows\SysWow64\atimpc32.dll
2014-09-15 22:32:00 71704 ----a-w- C:\Windows\SysWow64\amdpcom32.dll
2014-09-15 22:31:48 126848 ----a-w- C:\Windows\SysWow64\atiuxpag.dll
2014-09-15 22:31:46 118096 ----a-w- C:\Windows\System32\atiu9p64.dll
2014-09-15 22:31:44 100032 ----a-w- C:\Windows\SysWow64\atiu9pag.dll
2014-09-15 22:31:40 1113576 ----a-w- C:\Windows\SysWow64\aticfx32.dll
2014-09-15 22:31:30 9254184 ----a-w- C:\Windows\SysWow64\atidxx32.dll
2014-09-15 22:31:22 7207592 ----a-w- C:\Windows\SysWow64\atiumdva.dll
2014-09-15 22:31:16 7028336 ----a-w- C:\Windows\SysWow64\atiumdag.dll
2014-09-15 22:31:06 8044976 ----a-w- C:\Windows\System32\atiumd6a.dll
2014-09-15 22:31:02 8296296 ----a-w- C:\Windows\System32\atiumd64.dll
2014-09-15 22:29:04 293088 ----a-w- C:\Windows\System32\drivers\amdacpksd.sys
2014-09-15 22:26:58 16750080 ----a-w- C:\Windows\System32\drivers\atikmdag.sys
2014-09-15 22:18:06 235008 ----a-w- C:\Windows\System32\clinfo.exe
2014-09-15 22:18:00 98816 ----a-w- C:\Windows\System32\OpenVideo64.dll
2014-09-15 22:17:58 83456 ----a-w- C:\Windows\SysWow64\OpenVideo.dll
2014-09-15 22:17:56 86528 ----a-w- C:\Windows\System32\OVDecode64.dll
2014-09-15 22:17:56 73216 ----a-w- C:\Windows\SysWow64\OVDecode.dll
2014-09-15 22:17:54 33867264 ----a-w- C:\Windows\System32\amdocl64.dll
2014-09-15 22:17:04 28770304 ----a-w- C:\Windows\SysWow64\amdocl.dll
2014-09-15 22:16:18 65024 ----a-w- C:\Windows\System32\OpenCL.dll
2014-09-15 22:16:18 58880 ----a-w- C:\Windows\SysWow64\OpenCL.dll
2014-09-15 22:13:24 27918336 ----a-w- C:\Windows\System32\atio6axx.dll
2014-09-15 22:09:38 48128 ----a-w- C:\Windows\System32\amdmmcl6.dll
2014-09-15 22:09:36 37888 ----a-w- C:\Windows\SysWow64\amdmmcl.dll
2014-09-15 22:09:10 127488 ----a-w- C:\Windows\System32\mantle64.dll
2014-09-15 22:09:04 113664 ----a-w- C:\Windows\SysWow64\mantle32.dll
2014-09-15 22:09:00 5639168 ----a-w- C:\Windows\System32\amdmantle64.dll
2014-09-15 22:08:08 23375360 ----a-w- C:\Windows\SysWow64\atioglxx.dll
2014-09-15 22:07:48 367104 ----a-w- C:\Windows\System32\atiapfxx.exe
2014-09-15 22:07:46 62464 ----a-w- C:\Windows\System32\aticalrt64.dll
2014-09-15 22:07:44 52224 ----a-w- C:\Windows\SysWow64\aticalrt.dll
2014-09-15 22:07:42 55808 ----a-w- C:\Windows\System32\aticalcl64.dll
2014-09-15 22:07:42 49152 ----a-w- C:\Windows\SysWow64\aticalcl.dll
2014-09-15 22:07:36 15716352 ----a-w- C:\Windows\System32\aticaldd64.dll
2014-09-15 22:06:46 14302208 ----a-w- C:\Windows\SysWow64\aticaldd.dll
2014-09-15 22:05:52 4480000 ----a-w- C:\Windows\SysWow64\amdmantle32.dll
2014-09-15 22:03:28 442368 ----a-w- C:\Windows\System32\atidemgy.dll
2014-09-15 22:03:26 31232 ----a-w- C:\Windows\System32\atimuixx.dll
2014-09-15 22:03:24 619008 ----a-w- C:\Windows\System32\atieclxx.exe
2014-09-15 22:03:18 239616 ----a-w- C:\Windows\System32\atiesrxx.exe
2014-09-15 22:03:12 91648 ----a-w- C:\Windows\System32\mantleaxl64.dll
2014-09-15 22:03:08 85504 ----a-w- C:\Windows\SysWow64\mantleaxl32.dll
2014-09-15 22:03:04 190976 ----a-w- C:\Windows\System32\atitmm64.dll
2014-09-15 21:59:40 827392 ----a-w- C:\Windows\System32\coinst_14.30.dll
2014-09-15 21:59:20 1210880 ----a-w- C:\Windows\System32\atiadlxx.dll
2014-09-15 21:59:16 900608 ----a-w- C:\Windows\SysWow64\atiadlxy.dll
2014-09-15 21:59:14 75264 ----a-w- C:\Windows\System32\atig6pxx.dll
2014-09-15 21:59:12 69632 ----a-w- C:\Windows\SysWow64\atiglpxx.dll
2014-09-15 21:59:12 69632 ----a-w- C:\Windows\System32\atiglpxx.dll
2014-09-15 21:59:12 146944 ----a-w- C:\Windows\System32\atig6txx.dll
2014-09-15 21:59:08 133632 ----a-w- C:\Windows\SysWow64\atigktxx.dll
2014-09-15 21:59:06 576000 ----a-w- C:\Windows\System32\drivers\atikmpag.sys
2014-09-15 21:58:54 43520 ----a-w- C:\Windows\System32\drivers\ati2erec.dll
2014-09-15 17:21:34 51200 ----a-w- C:\Windows\System32\kdbsdk64.dll
2014-09-15 17:19:58 38912 ----a-w- C:\Windows\SysWow64\kdbsdk32.dll
2014-09-12 21:18:33 3231696 ----a-w- C:\Program Files (x86)\Mozilla Firefox\d3dcompiler_46.dll
2014-09-12 09:43:10 227728 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2014-09-12 09:43:10 227728 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\nppdf32.dll
2014-09-10 19:54:24 2777088 ----a-w- C:\Windows\System32\msmpeg2vdec.dll
2014-09-10 19:54:24 2285056 ----a-w- C:\Windows\SysWow64\msmpeg2vdec.dll
2014-09-10 19:52:06 793600 ----a-w- C:\Windows\SysWow64\TSWorkspace.dll
2014-09-10 19:52:06 1031168 ----a-w- C:\Windows\System32\TSWorkspace.dll
2014-09-10 19:51:55 728064 ----a-w- C:\Windows\System32\kerberos.dll
2014-09-10 19:51:55 550912 ----a-w- C:\Windows\SysWow64\kerberos.dll
2014-09-10 19:51:55 1460736 ----a-w- C:\Windows\System32\lsasrv.dll
2014-09-10 19:51:54 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2014-09-10 19:51:54 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2014-09-10 19:51:38 2565120 ----a-w- C:\Windows\System32\d3d10warp.dll
2014-09-10 19:51:38 1987584 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2014-09-10 19:50:32 578048 ----a-w- C:\Windows\System32\aepdu.dll
2014-09-10 19:50:31 424448 ----a-w- C:\Windows\System32\aeinv.dll
.
==================== Find3M ====================
.
2014-09-15 22:31:50 144328 ----a-w- C:\Windows\System32\atiuxp64.dll
2014-09-15 22:31:42 1335544 ----a-w- C:\Windows\System32\aticfx64.dll
2014-09-15 22:31:34 10826488 ----a-w- C:\Windows\System32\atidxx64.dll
2014-09-15 08:06:02 278152 ------w- C:\Windows\System32\MpSigStub.exe
2014-09-12 18:52:18 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-09-12 18:52:18 701104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-08-24 12:37:14 98216 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2014-08-23 02:07:00 404480 ----a-w- C:\Windows\System32\gdi32.dll
2014-08-23 01:45:55 311808 ----a-w- C:\Windows\SysWow64\gdi32.dll
2014-08-23 00:59:01 3163648 ----a-w- C:\Windows\System32\win32k.sys
2014-08-18 22:29:49 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-08-18 22:29:35 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-08-18 22:19:53 5833728 ----a-w- C:\Windows\System32\jscript9.dll
2014-08-18 22:15:34 547328 ----a-w- C:\Windows\System32\vbscript.dll
2014-08-18 22:15:09 66048 ----a-w- C:\Windows\System32\iesetup.dll
2014-08-18 22:14:38 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-08-18 22:14:10 83968 ----a-w- C:\Windows\System32\MshtmlDac.dll
2014-08-18 22:08:55 4232704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-08-18 22:03:47 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-08-18 22:03:37 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-08-18 22:03:01 758272 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-08-18 21:57:44 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-08-18 21:56:17 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-08-18 21:46:26 454656 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-08-18 21:45:23 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-08-18 21:45:12 72704 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-08-18 21:44:44 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-08-18 21:44:09 61952 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2014-08-18 21:36:07 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-08-18 21:35:24 597504 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-08-18 21:23:17 2104832 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-08-18 21:23:16 1249280 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2014-08-18 21:22:48 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-08-18 21:15:13 2310656 ----a-w- C:\Windows\System32\wininet.dll
2014-08-18 21:08:54 2014208 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-08-18 21:07:44 1068032 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2014-08-18 20:46:48 1812992 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-07-25 01:35:46 875688 ----a-w- C:\Windows\SysWow64\msvcr120_clr0400.dll
2014-07-24 22:47:06 869544 ----a-w- C:\Windows\System32\msvcr120_clr0400.dll
2014-07-19 23:10:45 901848 ----a-w- C:\Windows\System32\drivers\Rt64win7.sys
2014-07-19 23:10:45 73800 ----a-w- C:\Windows\System32\RtNicProp64.dll
2014-07-19 23:10:45 107552 ----a-w- C:\Windows\System32\RTNUninst64.dll
2014-07-14 21:06:53 20521984 ----a-w- C:\Windows\System32\imageres.dll
2014-07-14 02:02:45 1216000 ----a-w- C:\Windows\System32\rpcrt4.dll
2014-07-14 01:40:58 664064 ----a-w- C:\Windows\SysWow64\rpcrt4.dll
.
============= FINISH: 11:40:23.55 ===============
 
Last edited:
Attach.txt resuts
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 28/06/2014 20:05:05
System Uptime: 10/10/2014 11:14:44 (0 hours ago)
.
Motherboard: ASUSTeK COMPUTER INC. | | M5A97 LE R2.0
Processor: AMD FX(tm)-4100 Quad-Core Processor | Socket 942 | 4014/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 238 GiB total, 105.229 GiB free.
D: is FIXED (NTFS) - 1863 GiB total, 163.468 GiB free.
E: is FIXED (NTFS) - 81 GiB total, 38.342 GiB free.
F: is FIXED (NTFS) - 508 GiB total, 187.759 GiB free.
G: is FIXED (NTFS) - 342 GiB total, 123.711 GiB free.
H: is CDROM ()
I: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP72: 07/10/2014 18:37:19 - Windows Update
RP73: 07/10/2014 20:43:35 - avast! antivirus system restore point
RP74: 07/10/2014 20:44:22 - Restore Operation
RP75: 07/10/2014 20:53:01 - Windows Update
RP76: 07/10/2014 20:59:41 - Restore Operation
RP77: 07/10/2014 21:04:03 - avast! antivirus system restore point
RP78: 07/10/2014 22:17:22 - Restore Operation
RP79: 07/10/2014 22:22:14 - avast! antivirus system restore point
RP80: 07/10/2014 22:22:46 - Restore Operation
RP81: 07/10/2014 22:34:54 - avast! antivirus system restore point
RP82: 08/10/2014 01:11:21 - Windows Update
RP83: 08/10/2014 18:11:01 - Restore Operation
RP84: 08/10/2014 19:32:06 - Windows Update
RP85: 09/10/2014 20:18:08 - Windows Restore 09102014
RP86: 09/10/2014 20:44:06 - Installed Windows Resource Kit Tools - SubInAcl.exe
.
==== Installed Programs ======================
.
7-Zip 9.22 (x64 edition)
Acronis True Image 2015
Adobe After Effects CC
Adobe Dreamweaver CC 2014
Adobe Flash Player 15 Plugin
Adobe Photoshop CC 2014
Adobe Reader XI (11.0.09)
Alien Isolation
AMD Accelerated Video Transcoding
AMD Catalyst Control Center
AMD Catalyst Install Manager
AMD Drag and Drop Transcoding
AMD Fuel
AMD Wireless Display v3.0
Apple Application Support
Apple Software Update
Asmedia ASM104x USB 3.0 Host Controller Driver
ASUS Bluetooth Suite
µTorrent
avast! Free Antivirus
AviSynth 2.5
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CCleaner
COMODO Firewall
DAEMON Tools Lite
Definition Update for Microsoft Office 2013 (KB2760587) 64-Bit Edition
DreamStream E2
Dropbox
DVD Decrypter (Remove Only)
EaseUS Partition Master 10.0
FormatFactory 3.1.1
Google Chrome
Google Update Helper
IconPackager
Java 7 Update 67
Java 8 Update 20
Java Auto Updater
K-Lite Mega Codec Pack 10.5.5
Magic ISO Maker v5.5 (build 0265)
Malwarebytes Anti-Malware version 2.0.2.1012
MeGUI modern media encoder (remove only)
Microsoft .NET Framework 4.5.1
Microsoft Access MUI (English) 2013
Microsoft Access Setup Metadata MUI (English) 2013
Microsoft DCF MUI (English) 2013
Microsoft Excel MUI (English) 2013
Microsoft Groove MUI (English) 2013
Microsoft InfoPath MUI (English) 2013
Microsoft Lync MUI (English) 2013
Microsoft Office 32-bit Components 2013
Microsoft Office OSM MUI (English) 2013
Microsoft Office OSM UX MUI (English) 2013
Microsoft Office Professional Plus 2013
Microsoft Office Proofing (English) 2013
Microsoft Office Proofing Tools 2013 - English
Microsoft Office Proofing Tools 2013 - Español
Microsoft Office Shared 32-bit MUI (English) 2013
Microsoft Office Shared MUI (English) 2013
Microsoft Office Shared Setup Metadata MUI (English) 2013
Microsoft OneNote MUI (English) 2013
Microsoft Outlook MUI (English) 2013
Microsoft PowerPoint MUI (English) 2013
Microsoft Publisher MUI (English) 2013
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030
Microsoft Word MUI (English) 2013
mIRC
MKVtoolnix 2.8.0
MotioninJoy Gamepad tool 0.7.1001
Mozilla Firefox 32.0.3 (x86 en-GB)
Mozilla Maintenance Service
Mp3tag v2.60
MSVCRT Redists
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero 8
neroxml
Notepad++
Outils de vérification linguistique 2013 de Microsoft Office - Français
Pro Evolution Soccer 2013
Pro Evolution Soccer 6
QuickPar 0.9
QuickTime 7
Raptr
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
RocketDock 1.3.5
Samsung Kies
SAMSUNG USB Driver for Mobile Phones
SDFormatter
Security Update for Microsoft .NET Framework 4.5.1 (KB2894854v2)
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Security Update for Microsoft .NET Framework 4.5.1 (KB2931368)
Security Update for Microsoft .NET Framework 4.5.1 (KB2972216)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition
Skype™ 6.20
System Requirements Lab CYRI
TAP-Windows 9.9.2
TechPowerUp GPU-Z
TViXiE
Update for Microsoft Excel 2013 (KB2889861) 64-Bit Edition
Update for Microsoft Lync 2013 (KB2881083) 64-Bit Edition
Update for Microsoft Lync 2013 (KB2889860) 64-Bit Edition
Update for Microsoft Office 2013 (KB2760249) 64-Bit Edition
Update for Microsoft Office 2013 (KB2760344) 64-Bit Edition
Update for Microsoft Office 2013 (KB2760544) 64-Bit Edition
Update for Microsoft Office 2013 (KB2768012) 64-Bit Edition
Update for Microsoft Office 2013 (KB2817302) 64-Bit Edition
Update for Microsoft Office 2013 (KB2837644) 64-Bit Edition
Update for Microsoft Office 2013 (KB2863843) 64-Bit Edition
Update for Microsoft Office 2013 (KB2880462) 64-Bit Edition
Update for Microsoft Office 2013 (KB2880478) 64-Bit Edition
Update for Microsoft Office 2013 (KB2881001) 64-Bit Edition
Update for Microsoft Office 2013 (KB2881009) 64-Bit Edition
Update for Microsoft Office 2013 (KB2881035) 64-Bit Edition
Update for Microsoft Office 2013 (KB2881039) 64-Bit Edition
Update for Microsoft Office 2013 (KB2881081) 64-Bit Edition
Update for Microsoft Office 2013 (KB2883036) 64-Bit Edition
Update for Microsoft Office 2013 (KB2883049) 64-Bit Edition
Update for Microsoft Office 2013 (KB2883060) 64-Bit Edition
Update for Microsoft Office 2013 (KB2889848) 64-Bit Edition
Update for Microsoft Office 2013 (KB2889862) 64-Bit Edition
Update for Microsoft OneDrive for Business (KB2889866) 64-Bit Edition
Update for Microsoft OneNote 2013 (KB2881082) 64-Bit Edition
Update for Microsoft Outlook 2013 (KB2880470) 64-Bit Edition
Update for Microsoft PowerPoint 2013 (KB2889847) 64-Bit Edition
Update for Microsoft Publisher 2013 (KB2880999) 64-Bit Edition
Update for Microsoft Visio Viewer 2013 (KB2817301) 64-Bit Edition
Update for Microsoft Word 2013 (KB2878319) 64-Bit Edition
Update for Microsoft Word 2013 (KB2889852) 64-Bit Edition
UseNeXT by Tangysoft
VCRedistSetup
Vegas Pro 13.0 (64-bit)
VLC media player
WampServer 2.5
Winamp
WinAVI Video Converter
Windows Resource Kit Tools - SubInAcl.exe
WinRAR archiver
Xilisoft Video Converter Ultimate
.
==== Event Viewer Messages From Past Week ========
.
09/10/2014 21:14:03, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Acronis Nonstop Backup Service service, but this action failed with the following error: An instance of the service is already running.
09/10/2014 21:13:53, Error: Service Control Manager [7031] - The Acronis Nonstop Backup Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
08/10/2014 22:58:57, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Advanced SystemCare Service 7 service to connect.
08/10/2014 22:58:57, Error: Service Control Manager [7000] - The Advanced SystemCare Service 7 service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
.
==== End Of File ===========================
 
redtarget.gif
Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2

  • Close all the running programs
  • Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator
  • Otherwise just double-click on RogueKiller.exe
  • Pre-scan will start. Let it finish.
  • Click on SCAN button.
  • Wait until the Status box shows Scan Finished
  • Click on Delete.
  • Wait until the Status box shows Deleting Finished.
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • RKreport.txt could also be found on your desktop.
  • If more than one log is produced post all logs.
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

redtarget.gif
Create new restore point before proceeding with the next step....
How to: http://www.smartestcomputing.us.com/topic/63983-how-to-create-new-restore-point-all-windows/

Download
51a5f31352b88-icon_MBAR.png
Malwarebytes Anti-Rootkit to your desktop.
  • Warning! Malwarebytes Anti-Rootkit needs to be run from an account with administrator rights.
  • Double click on downloaded file. OK self extracting prompt.
  • MBAR will start. Click "Next" to continue.
  • Click in the following screen "Update" to obtain the latest malware definitions.
  • Once the update is complete select "Next" and click "Scan".
  • When the scan is finished and no malware has been found select "Exit".
  • If malware was detected, make sure to check all the items and click "Cleanup". Reboot your computer.
  • Open the MBAR folder located on your Desktop and paste the content of the following files in your next reply:
    • "mbar-log-{date} (xx-xx-xx).txt"
    • "system-log.txt"
 
Thanks Borini. Here are logs

RogueKiller V10.0.1.0 [Oct 10 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Asim Hussain [Administrator]
Mode : Delete -- Date : 10/11/2014 12:43:01

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 14 ¤¤¤
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-3286673083-1926705729-2674503367-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyPics : 0 -> Not selected
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-3286673083-1926705729-2674503367-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowVideos : 2 -> Not selected
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-3286673083-1926705729-2674503367-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowDownloads : 0 -> Not selected
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-3286673083-1926705729-2674503367-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyPics : 0 -> Not selected
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-3286673083-1926705729-2674503367-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowVideos : 2 -> Not selected
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-3286673083-1926705729-2674503367-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowDownloads : 0 -> Not selected
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\RK_Software_ON_E_F687\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Not selected
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\RK_Software_ON_E_F687\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Not selected
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Not selected
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Not selected
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\RK_Software_ON_E_F687\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Not selected
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\RK_Software_ON_E_F687\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Not selected
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Not selected
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Not selected

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 0 [Too big!] ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤

¤¤¤ Web browsers : 1 ¤¤¤
[PUM.HomePage][FIREFX:Config] 1js4aggt.default : user_pref("browser.startup.homepage", "www.google.co.uk"); -> Not selected

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: WDC WD20EZRX-00D8PB0 ATA Device +++++
--- User ---
[MBR] 9e175bf1d6ef27da50250bf7ca0764cc
[BSP] c0d4d92c88998e83133ad6fa6165f8fd : Empty MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 1907726 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: SAMSUNG SSD PM800 2.5" 256GB ATA Device +++++
--- User ---
[MBR] dfe1ceec9854315827a3540162b50482
[BSP] c8b83d8f20dbb29025d134fb0b7ba099 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB
1 - [XXXXXX] EXTEN-LBA (0xf) [VISIBLE] Offset (sectors): 208848 | Size: 244089 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive2: MD10000-NSDW-RO ATA Device +++++
--- User ---
[MBR] ae105479c7b1455e0935f8d0d7b5a121
[BSP] 6066bd784c75cd8956778c56aea355e3 : Windows Vista/7/8 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 83315 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 170631168 | Size: 520521 MB
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 1236658176 | Size: 350032 MB
User = LL1 ... OK
User = LL2 ... OK


============================================
RKreport_DEL_10112014_123823.log - RKreport_DEL_10112014_123826.log - RKreport_DEL_10112014_123828.log - RKreport_DEL_10112014_123829.log
RKreport_DEL_10112014_123831.log - RKreport_DEL_10112014_123855.log - RKreport_DEL_10112014_123900.log - RKreport_DEL_10112014_123903.log
RKreport_DEL_10112014_123908.log - RKreport_DEL_10112014_123911.log - RKreport_DEL_10112014_123914.log - RKreport_DEL_10112014_123922.log
RKreport_SCN_10112014_123812.log - RKreport_SCN_10112014_124255.log

MBAR-Log

Malwarebytes Anti-Rootkit BETA 1.07.0.1012
www.malwarebytes.org

Database version: v2014.10.11.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.17280
Asim Hussain :: ASIMHUSSAIN-PC [administrator]

11/10/2014 12:47:45
mbar-log-2014-10-11 (12-47-45).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 315098
Time elapsed: 5 minute(s), 44 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)

MBAR System Log

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1012

(c) Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 11.0.9600.17280

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, E:\ DRIVE_FIXED, F:\ DRIVE_FIXED, G:\ DRIVE_FIXED
CPU speed: 4.013000 GHz
Memory total: 17092059136, free: 13443358720

Downloaded database version: v2014.10.11.04
Downloaded database version: v2014.10.08.01
=======================================
Initializing...
Done!
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: DFA2BF3

Partition information:

Partition 0 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 63 Numsec = 3907024002

Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 2000398934016 bytes
Sector size: 512 bytes

Done!
Drive 1
This is a System drive
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 9A12DD7A

Partition information:

Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 2048 Numsec = 204800
Partition file system is NTFS
Partition is bootable

Partition 1 type is Extended with LBA (0xf)
Partition is NOT ACTIVE.
Partition starts at LBA: 208848 Numsec = 499894602

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 256060514304 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 1 (1-2047-500098192-500118192)...
Done!
Drive 2
Scanning MBR on drive 2...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 9E438C40

Partition information:

Partition 0 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 2048 Numsec = 170629120

Partition 1 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 170631168 Numsec = 1066027008

Partition 2 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 1236658176 Numsec = 716865536

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 1000204886016 bytes
Sector size: 512 bytes

Done!
Scan finished
=======================================


Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-I.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-I.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-1-0-2048-I.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-r.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-2-I.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-2-r.mbam...
Removal finished
 
Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Never rename Combofix unless instructed.
  • Close any open browsers.
  • Very Important! Temporarily disable your anti-virus and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    If the connection is not there use restore point you created prior to running Combofix.
  • Double click on combofix.exe & follow the prompts.

  • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error Illegal operation attempted on a registery key that has been marked for deletion, restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try the following...

Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

Restart computer in safe mode

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

When the scan is done Notepad will open with rKill.txt log.
NOTE. rKill.txt log will also be present on your desktop.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
 
Here are the logs:

Combofix

ComboFix 14-10-04.01 - Asim Hussain 11/10/2014 18:21:19.1.4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.44.1033.18.16300.13932 [GMT 1:00]
Running from: c:\users\Asim Hussain\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
FW: COMODO Firewall *Disabled* {8F7746F7-FE68-E084-3B6C-7404A51E8FB3}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: COMODO Antivirus *Disabled/Outdated* {0C2D2636-923D-EE52-2A83-E643204A8275}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\SysWow64\tooldownloadreadme.htm
.
.
((((((((((((((((((((((((( Files Created from 2014-09-11 to 2014-10-11 )))))))))))))))))))))))))))))))
.
.
2014-10-11 17:31 . 2014-10-11 17:31 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-10-11 12:13 . 2014-10-11 12:13 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{5FA8E995-A473-4C1C-8CAE-06E0506FBC37}\offreg.dll
2014-10-11 11:47 . 2014-10-11 11:53 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2014-10-11 11:34 . 2014-10-11 11:40 34808 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2014-10-11 11:34 . 2014-10-11 11:34 -------- d-----w- c:\programdata\RogueKiller
2014-10-10 16:08 . 2014-09-15 01:08 11578928 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{5FA8E995-A473-4C1C-8CAE-06E0506FBC37}\mpengine.dll
2014-10-09 20:13 . 2014-10-09 20:13 296736 ----a-w- c:\windows\system32\drivers\file_tracker.sys
2014-10-09 20:13 . 2014-10-09 20:13 248096 ----a-w- c:\windows\system32\drivers\tib_mounter.sys
2014-10-09 20:13 . 2014-10-09 20:13 1328928 ----a-w- c:\windows\system32\drivers\tib.sys
2014-10-09 20:13 . 2014-10-09 20:13 319776 ----a-w- c:\windows\system32\drivers\snapman.sys
2014-10-09 20:13 . 2014-10-09 20:13 126752 ----a-w- c:\windows\system32\drivers\fltsrv.sys
2014-10-09 20:12 . 2014-10-09 20:13 -------- d-----w- c:\program files (x86)\Common Files\Acronis
2014-10-09 20:12 . 2014-10-09 20:12 -------- d-----w- c:\program files (x86)\Acronis
2014-10-08 21:37 . 2014-10-11 16:41 122584 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-10-08 21:32 . 2014-10-11 11:47 92888 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-10-08 21:32 . 2014-05-12 06:26 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-10-08 21:32 . 2014-10-08 21:37 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2014-10-08 21:32 . 2014-05-12 06:25 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-10-07 23:29 . 2014-10-07 23:29 -------- d-----w- c:\users\Asim Hussain\AppData\Local\Stardock
2014-10-06 21:10 . 2014-10-08 17:12 -------- d-----w- c:\users\Asim Hussain\AppData\Roaming\Steam
2014-10-04 20:34 . 2014-10-08 17:13 -------- d-----w- c:\program files (x86)\WinAVI Video Converter
2014-10-04 19:56 . 2014-10-04 19:56 -------- d-----w- c:\users\Asim Hussain\AppData\Roaming\AMD
2014-10-04 19:24 . 2014-10-08 17:12 -------- d-----w- c:\program files (x86)\FreeTime
2014-10-04 18:45 . 2014-10-08 17:12 -------- d-----w- c:\program files (x86)\MagicISO
2014-10-04 18:43 . 2014-10-08 17:13 -------- d-----w- c:\program files (x86)\MKVtoolnix
2014-10-04 18:39 . 2014-10-08 17:13 -------- d-----w- c:\users\Asim Hussain\AppData\Local\www.doom9.net
2014-10-04 18:38 . 2014-10-08 17:13 -------- d-----w- c:\program files (x86)\megui
2014-10-04 18:19 . 2014-10-08 17:12 -------- d-----w- c:\program files (x86)\AviSynth 2.5
2014-10-04 18:18 . 2014-10-08 17:12 -------- d-----w- c:\program files (x86)\DVD Decrypter
2014-10-04 17:39 . 2014-10-08 17:13 -------- d-----w- c:\users\Asim Hussain\AppData\Roaming\WinAVI
2014-10-04 17:39 . 2014-10-07 20:01 -------- d-----w- c:\users\Asim Hussain\AppData\Local\WinAVI
2014-10-04 17:39 . 2014-10-07 21:18 -------- d-----w- c:\program files (x86)\WinAVI
2014-10-04 09:41 . 2014-10-04 09:41 -------- d-----w- c:\programdata\ATI
2014-10-04 09:41 . 2014-10-08 17:12 -------- d-----w- c:\program files (x86)\AMD AVT
2014-10-01 18:48 . 2014-09-25 02:08 371712 ----a-w- c:\windows\system32\qdvd.dll
2014-10-01 18:48 . 2014-09-25 01:40 519680 ----a-w- c:\windows\SysWow64\qdvd.dll
2014-09-25 20:50 . 2014-09-25 20:50 -------- d-----w- c:\program files (x86)\SDA
2014-09-24 21:18 . 2014-09-09 22:11 2048 ----a-w- c:\windows\system32\tzres.dll
2014-09-24 21:18 . 2014-09-09 21:47 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2014-09-20 19:02 . 2014-09-20 19:02 -------- d-----w- c:\users\Asim Hussain\AppData\Local\Ahead
2014-09-15 22:32 . 2014-09-15 22:32 78432 ----a-w- c:\windows\system32\atimpc64.dll
2014-09-15 22:32 . 2014-09-15 22:32 78432 ----a-w- c:\windows\system32\amdpcom64.dll
2014-09-15 22:32 . 2014-09-15 22:32 71704 ----a-w- c:\windows\SysWow64\atimpc32.dll
2014-09-15 22:32 . 2014-09-15 22:32 71704 ----a-w- c:\windows\SysWow64\amdpcom32.dll
2014-09-15 22:31 . 2014-09-15 22:31 126848 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2014-09-15 22:31 . 2014-09-15 22:31 118096 ----a-w- c:\windows\system32\atiu9p64.dll
2014-09-15 22:31 . 2014-09-15 22:31 100032 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2014-09-15 22:31 . 2014-09-15 22:31 1113576 ----a-w- c:\windows\SysWow64\aticfx32.dll
2014-09-15 22:31 . 2014-09-15 22:31 9254184 ----a-w- c:\windows\SysWow64\atidxx32.dll
2014-09-15 22:31 . 2014-09-15 22:31 7207592 ----a-w- c:\windows\SysWow64\atiumdva.dll
2014-09-15 22:31 . 2014-09-15 22:31 7028336 ----a-w- c:\windows\SysWow64\atiumdag.dll
2014-09-15 22:31 . 2014-09-15 22:31 8044976 ----a-w- c:\windows\system32\atiumd6a.dll
2014-09-15 22:31 . 2014-09-15 22:31 8296296 ----a-w- c:\windows\system32\atiumd64.dll
2014-09-15 22:29 . 2014-09-15 22:29 293088 ----a-w- c:\windows\system32\drivers\amdacpksd.sys
2014-09-15 22:26 . 2014-09-15 22:26 16750080 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2014-09-15 22:18 . 2014-09-15 22:18 235008 ----a-w- c:\windows\system32\clinfo.exe
2014-09-15 22:18 . 2014-09-15 22:18 98816 ----a-w- c:\windows\system32\OpenVideo64.dll
2014-09-15 22:17 . 2014-09-15 22:17 83456 ----a-w- c:\windows\SysWow64\OpenVideo.dll
2014-09-15 22:17 . 2014-09-15 22:17 86528 ----a-w- c:\windows\system32\OVDecode64.dll
2014-09-15 22:17 . 2014-09-15 22:17 73216 ----a-w- c:\windows\SysWow64\OVDecode.dll
2014-09-15 22:17 . 2014-09-15 22:17 33867264 ----a-w- c:\windows\system32\amdocl64.dll
2014-09-15 22:17 . 2014-09-15 22:17 28770304 ----a-w- c:\windows\SysWow64\amdocl.dll
2014-09-15 22:16 . 2014-09-15 22:16 65024 ----a-w- c:\windows\system32\OpenCL.dll
2014-09-15 22:16 . 2014-09-15 22:16 58880 ----a-w- c:\windows\SysWow64\OpenCL.dll
2014-09-15 22:13 . 2014-09-15 22:13 27918336 ----a-w- c:\windows\system32\atio6axx.dll
2014-09-15 22:09 . 2014-09-15 22:09 48128 ----a-w- c:\windows\system32\amdmmcl6.dll
2014-09-15 22:09 . 2014-09-15 22:09 37888 ----a-w- c:\windows\SysWow64\amdmmcl.dll
2014-09-15 22:09 . 2014-09-15 22:09 127488 ----a-w- c:\windows\system32\mantle64.dll
2014-09-15 22:09 . 2014-09-15 22:09 113664 ----a-w- c:\windows\SysWow64\mantle32.dll
2014-09-15 22:09 . 2014-09-15 22:09 5639168 ----a-w- c:\windows\system32\amdmantle64.dll
2014-09-15 22:08 . 2014-09-15 22:08 23375360 ----a-w- c:\windows\SysWow64\atioglxx.dll
2014-09-15 22:07 . 2014-09-15 22:07 367104 ----a-w- c:\windows\system32\atiapfxx.exe
2014-09-15 22:07 . 2014-09-15 22:07 62464 ----a-w- c:\windows\system32\aticalrt64.dll
2014-09-15 22:07 . 2014-09-15 22:07 52224 ----a-w- c:\windows\SysWow64\aticalrt.dll
2014-09-15 22:07 . 2014-09-15 22:07 55808 ----a-w- c:\windows\system32\aticalcl64.dll
2014-09-15 22:07 . 2014-09-15 22:07 49152 ----a-w- c:\windows\SysWow64\aticalcl.dll
2014-09-15 22:07 . 2014-09-15 22:07 15716352 ----a-w- c:\windows\system32\aticaldd64.dll
2014-09-15 22:06 . 2014-09-15 22:06 14302208 ----a-w- c:\windows\SysWow64\aticaldd.dll
2014-09-15 22:05 . 2014-09-15 22:05 4480000 ----a-w- c:\windows\SysWow64\amdmantle32.dll
2014-09-15 22:03 . 2014-09-15 22:03 442368 ----a-w- c:\windows\system32\atidemgy.dll
2014-09-15 22:03 . 2014-09-15 22:03 31232 ----a-w- c:\windows\system32\atimuixx.dll
2014-09-15 22:03 . 2014-09-15 22:03 619008 ----a-w- c:\windows\system32\atieclxx.exe
2014-09-15 22:03 . 2014-09-15 22:03 239616 ----a-w- c:\windows\system32\atiesrxx.exe
2014-09-15 22:03 . 2014-09-15 22:03 91648 ----a-w- c:\windows\system32\mantleaxl64.dll
2014-09-15 22:03 . 2014-09-15 22:03 85504 ----a-w- c:\windows\SysWow64\mantleaxl32.dll
2014-09-15 22:03 . 2014-09-15 22:03 190976 ----a-w- c:\windows\system32\atitmm64.dll
2014-09-15 21:59 . 2014-09-15 21:59 827392 ----a-w- c:\windows\system32\coinst_14.30.dll
2014-09-15 21:59 . 2014-09-15 21:59 1210880 ----a-w- c:\windows\system32\atiadlxx.dll
2014-09-15 21:59 . 2014-09-15 21:59 900608 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2014-09-15 21:59 . 2014-09-15 21:59 75264 ----a-w- c:\windows\system32\atig6pxx.dll
2014-09-15 21:59 . 2014-09-15 21:59 69632 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2014-09-15 21:59 . 2014-09-15 21:59 69632 ----a-w- c:\windows\system32\atiglpxx.dll
2014-09-15 21:59 . 2014-09-15 21:59 146944 ----a-w- c:\windows\system32\atig6txx.dll
2014-09-15 21:59 . 2014-09-15 21:59 133632 ----a-w- c:\windows\SysWow64\atigktxx.dll
2014-09-15 21:59 . 2014-09-15 21:59 576000 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2014-09-15 21:58 . 2014-09-15 21:58 43520 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2014-09-15 17:21 . 2014-09-15 17:21 51200 ----a-w- c:\windows\system32\kdbsdk64.dll
2014-09-15 17:19 . 2014-09-15 17:19 38912 ----a-w- c:\windows\SysWow64\kdbsdk32.dll
2014-09-12 21:18 . 2014-09-12 21:18 3231696 ----a-w- c:\program files (x86)\Mozilla Firefox\d3dcompiler_46.dll
2014-09-12 09:43 . 2014-09-12 09:43 227728 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2014-09-12 09:43 . 2014-09-12 09:43 227728 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-09-15 22:31 . 2014-04-18 02:43 144328 ----a-w- c:\windows\system32\atiuxp64.dll
2014-09-15 22:31 . 2014-04-18 02:42 1335544 ----a-w- c:\windows\system32\aticfx64.dll
2014-09-15 22:31 . 2014-04-18 02:42 10826488 ----a-w- c:\windows\system32\atidxx64.dll
2014-09-15 08:06 . 2010-11-21 03:27 278152 ------w- c:\windows\system32\MpSigStub.exe
2014-09-12 18:52 . 2014-06-28 20:22 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-09-12 18:52 . 2014-06-28 20:22 701104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-09-10 19:55 . 2014-06-28 19:04 101694776 ----a-w- c:\windows\system32\MRT.exe
2014-09-05 02:10 . 2014-09-10 19:50 578048 ----a-w- c:\windows\system32\aepdu.dll
2014-09-05 02:05 . 2014-09-10 19:50 424448 ----a-w- c:\windows\system32\aeinv.dll
2014-08-24 12:37 . 2014-08-05 17:03 98216 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-08-23 02:07 . 2014-08-28 20:02 404480 ----a-w- c:\windows\system32\gdi32.dll
2014-08-23 01:45 . 2014-08-28 20:02 311808 ----a-w- c:\windows\SysWow64\gdi32.dll
2014-08-23 00:59 . 2014-08-28 20:02 3163648 ----a-w- c:\windows\system32\win32k.sys
2014-08-19 18:05 . 2014-09-10 20:06 374968 ----a-w- c:\windows\system32\iedkcs32.dll
2014-08-18 23:01 . 2014-09-10 20:06 23591424 ----a-w- c:\windows\system32\mshtml.dll
2014-08-18 22:29 . 2014-09-10 20:07 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2014-08-18 22:29 . 2014-09-10 20:06 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2014-08-18 22:20 . 2014-09-10 20:06 2793984 ----a-w- c:\windows\system32\iertutil.dll
2014-08-18 22:19 . 2014-09-10 20:06 5833728 ----a-w- c:\windows\system32\jscript9.dll
2014-08-18 22:15 . 2014-09-10 20:06 547328 ----a-w- c:\windows\system32\vbscript.dll
2014-08-18 22:15 . 2014-09-10 20:06 66048 ----a-w- c:\windows\system32\iesetup.dll
2014-08-18 22:14 . 2014-09-10 20:06 48640 ----a-w- c:\windows\system32\ieetwproxystub.dll
2014-08-18 22:14 . 2014-09-10 20:07 83968 ----a-w- c:\windows\system32\MshtmlDac.dll
2014-08-18 22:08 . 2014-09-10 20:06 51200 ----a-w- c:\windows\system32\jsproxy.dll
2014-08-18 22:08 . 2014-09-10 20:06 4232704 ----a-w- c:\windows\SysWow64\jscript9.dll
2014-08-18 22:08 . 2014-09-10 20:07 33792 ----a-w- c:\windows\system32\iernonce.dll
2014-08-18 22:05 . 2014-09-10 20:07 596480 ----a-w- c:\windows\system32\ieui.dll
2014-08-18 22:03 . 2014-09-10 20:06 139264 ----a-w- c:\windows\system32\ieUnatt.exe
2014-08-18 22:03 . 2014-09-10 20:06 111616 ----a-w- c:\windows\system32\ieetwcollector.exe
2014-08-18 22:03 . 2014-09-10 20:07 758272 ----a-w- c:\windows\system32\jscript9diag.dll
2014-08-18 21:57 . 2014-09-10 20:07 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb
2014-08-18 21:56 . 2014-09-10 20:06 940032 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2014-08-18 21:51 . 2014-09-10 20:06 446464 ----a-w- c:\windows\system32\dxtmsft.dll
2014-08-18 21:46 . 2014-09-10 20:06 454656 ----a-w- c:\windows\SysWow64\vbscript.dll
2014-08-18 21:45 . 2014-09-10 20:06 61952 ----a-w- c:\windows\SysWow64\iesetup.dll
2014-08-18 21:45 . 2014-09-10 20:07 72704 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2014-08-18 21:44 . 2014-09-10 20:06 51200 ----a-w- c:\windows\SysWow64\ieetwproxystub.dll
2014-08-18 21:44 . 2014-09-10 20:07 61952 ----a-w- c:\windows\SysWow64\MshtmlDac.dll
2014-08-18 21:40 . 2014-09-10 20:06 195584 ----a-w- c:\windows\system32\msrating.dll
2014-08-18 21:39 . 2014-09-10 20:06 85504 ----a-w- c:\windows\system32\mshtmled.dll
2014-08-18 21:38 . 2014-09-10 20:06 289280 ----a-w- c:\windows\system32\dxtrans.dll
2014-08-18 21:36 . 2014-09-10 20:06 112128 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2014-08-18 21:35 . 2014-09-10 20:06 597504 ----a-w- c:\windows\SysWow64\jscript9diag.dll
2014-08-18 21:25 . 2014-09-10 20:06 727040 ----a-w- c:\windows\system32\msfeeds.dll
2014-08-18 21:25 . 2014-09-10 20:06 707072 ----a-w- c:\windows\system32\ie4uinit.exe
2014-08-18 21:23 . 2014-09-10 20:06 2104832 ----a-w- c:\windows\system32\inetcpl.cpl
2014-08-18 21:23 . 2014-09-10 20:06 1249280 ----a-w- c:\windows\system32\mshtmlmedia.dll
2014-08-18 21:22 . 2014-09-10 20:06 60416 ----a-w- c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2014-08-18 21:16 . 2014-09-10 20:06 13588480 ----a-w- c:\windows\system32\ieframe.dll
2014-08-18 21:15 . 2014-09-10 20:06 2310656 ----a-w- c:\windows\system32\wininet.dll
2014-08-18 21:08 . 2014-09-10 20:06 2014208 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2014-08-18 21:07 . 2014-09-10 20:06 1068032 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2014-08-18 20:55 . 2014-09-10 20:06 1447424 ----a-w- c:\windows\system32\urlmon.dll
2014-08-18 20:46 . 2014-09-10 20:06 1812992 ----a-w- c:\windows\SysWow64\wininet.dll
2014-08-18 20:38 . 2014-09-10 20:06 775168 ----a-w- c:\windows\system32\ieapfltr.dll
2014-08-01 11:53 . 2014-09-10 19:52 1031168 ----a-w- c:\windows\system32\TSWorkspace.dll
2014-08-01 11:35 . 2014-09-10 19:52 793600 ----a-w- c:\windows\SysWow64\TSWorkspace.dll
2014-07-25 01:35 . 2014-07-25 01:35 875688 ----a-w- c:\windows\SysWow64\msvcr120_clr0400.dll
2014-07-24 22:47 . 2014-07-24 22:47 869544 ----a-w- c:\windows\system32\msvcr120_clr0400.dll
2014-07-19 23:10 . 2014-07-19 23:10 901848 ----a-w- c:\windows\system32\drivers\Rt64win7.sys
2014-07-19 23:10 . 2014-07-19 23:10 73800 ----a-w- c:\windows\system32\RtNicProp64.dll
2014-07-19 23:10 . 2014-06-28 19:15 107552 ----a-w- c:\windows\system32\RTNUninst64.dll
2014-07-19 23:08 . 2014-07-19 23:08 871856 ----a-w- c:\windows\system32\tossaeapo64.dll
2014-07-19 23:08 . 2014-07-19 23:08 2157704 ----a-w- c:\windows\system32\YamahaAE.dll
2014-07-19 23:08 . 2014-07-19 23:08 2101848 ----a-w- c:\windows\system32\WavesGUILib64.dll
2014-07-19 23:08 . 2014-07-19 23:08 162224 ----a-w- c:\windows\system32\toseaeapo64.dll
2014-07-19 23:08 . 2014-07-19 23:08 582056 ----a-w- c:\windows\system32\tosasfapo64.dll
2014-07-19 23:08 . 2014-07-19 23:08 947760 ----a-w- c:\windows\system32\SFSS_APO.dll
2014-07-19 23:08 . 2014-07-19 23:08 899320 ----a-w- c:\windows\system32\sl3apo64.dll
2014-07-19 23:08 . 2014-07-19 23:08 724728 ----a-w- c:\windows\system32\sltech64.dll
2014-07-19 23:08 . 2014-07-19 23:08 245496 ----a-w- c:\windows\system32\slprp64.dll
2014-07-19 23:08 . 2014-07-19 23:08 1045752 ----a-w- c:\windows\system32\slcnt64.dll
2014-07-19 23:08 . 2014-07-19 23:08 3872984 ----a-w- c:\windows\system32\drivers\RTKVHD64.sys
2014-07-19 23:08 . 2014-07-19 23:08 2825432 ----a-w- c:\windows\system32\RtPgEx64.dll
2014-07-19 23:08 . 2014-07-19 23:08 1958616 ----a-w- c:\windows\system32\RTSnMg64.cpl
2014-07-19 23:08 . 2014-07-19 23:08 624344 ----a-w- c:\windows\system32\RtDataProc64.dll
2014-07-19 23:08 . 2014-07-19 23:08 2792152 ----a-w- c:\windows\system32\RtkAPO64.dll
2014-07-19 23:08 . 2014-07-19 23:08 1286872 ----a-w- c:\windows\system32\RTCOM64.dll
2014-07-19 23:08 . 2014-07-19 23:08 1024216 ----a-w- c:\windows\system32\RtkApi64.dll
2014-07-19 23:08 . 2014-07-19 23:08 56270848 ----a-w- c:\windows\system32\RCoRes64.dat
2014-07-19 23:08 . 2014-07-19 23:08 946392 ----a-w- c:\windows\system32\RCoInstII64.dll
2014-07-19 23:08 . 2014-07-19 23:08 942384 ----a-w- c:\windows\system32\NAHIMICAPOSettingsIPC.dll
2014-07-19 23:08 . 2014-07-19 23:08 906800 ----a-w- c:\windows\system32\MISS_APO.dll
2014-07-19 23:08 . 2014-07-19 23:08 75024 ----a-w- c:\windows\system32\R4EEG64A.dll
2014-07-19 23:08 . 2014-07-19 23:08 7164176 ----a-w- c:\windows\system32\R4EEP64A.dll
2014-07-19 23:08 . 2014-07-19 23:08 662784 ----a-w- c:\windows\system32\MaxxVolumeSDAPO.dll
2014-07-19 23:08 . 2014-07-19 23:08 5752072 ----a-w- c:\windows\system32\NAHIMICAPOlfx.dll
2014-07-19 23:08 . 2014-07-19 23:08 434960 ----a-w- c:\windows\system32\R4EED64A.dll
2014-07-19 23:08 . 2014-07-19 23:08 141584 ----a-w- c:\windows\system32\R4EEL64A.dll
2014-07-19 23:08 . 2014-07-19 23:08 124176 ----a-w- c:\windows\system32\R4EEA64A.dll
2014-07-19 23:08 . 2014-07-19 23:08 12793944 ----a-w- c:\windows\system32\MaxxVoiceAPO3064.dll
2014-07-19 23:08 . 2014-07-19 23:08 938608 ----a-w- c:\windows\system32\MaxxVoiceAPO2064.dll
2014-07-19 23:08 . 2014-07-19 23:08 3923032 ----a-w- c:\windows\system32\MaxxAudioVnN64.dll
2014-07-19 23:08 . 2014-07-19 23:08 28310104 ----a-w- c:\windows\system32\MaxxAudioVnA64.dll
2014-07-19 23:08 . 2014-07-19 23:08 1313904 ----a-w- c:\windows\system32\MaxxSpeechAPO64.dll
2014-07-19 23:08 . 2014-07-19 23:08 14737496 ----a-w- c:\windows\system32\MaxxAudioRealtek64.dll
2014-07-19 23:08 . 2014-07-19 23:08 790272 ----a-w- c:\windows\SysWow64\MaxxAudioAPOShell.dll
2014-07-19 23:08 . 2014-07-19 23:08 663296 ----a-w- c:\windows\system32\MaxxAudioAPO30.dll
2014-07-19 23:08 . 2014-07-19 23:08 2319960 ----a-w- c:\windows\system32\MaxxAudioAPO6064.dll
2014-07-19 23:08 . 2014-07-19 23:08 2037336 ----a-w- c:\windows\system32\MaxxAudioEQ64.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2010-11-21 . FE70103391A64039A921DBFFF9C7AB1B . 1008128 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
[-] 2014-06-30 . 2C353B6CE0C8D03225CAA2AF33B68D79 . 1008640 . . [6.1.7601.17514] .. c:\windows\system32\user32.dll
.
[-] 2014-06-30 . 861C4346F9281DC0380DE72C8D55D6BE . 833024 . . [6.1.7601.17514] .. c:\windows\SysWOW64\user32.dll
[7] 2010-11-21 . 5E0DB2D8B2750543CD2EBB9EA8E6CDD3 . 833024 . . [6.1.7601.17514] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2014-08-12 08:58 1729232 ----a-w- c:\progra~2\MICROS~1\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2014-08-12 08:58 1729232 ----a-w- c:\progra~2\MICROS~1\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2014-08-12 08:58 1729232 ----a-w- c:\progra~2\MICROS~1\Office15\GROOVEEX.DLL
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="c:\program files (x86)\RocketDock\RocketDock.exe" [2007-09-02 495616]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-07-31 4085896]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" [2014-09-15 767200]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_flt.sys [x]
R3 ATHDFU;Atheros Valkyrie USB BootROM;c:\windows\system32\Drivers\AthDfu.sys;c:\windows\SYSNATIVE\Drivers\AthDfu.sys [x]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys;c:\windows\SYSNATIVE\drivers\btath_a2dp.sys [x]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_hcrp.sys [x]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_lwflt.sys [x]
R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_rcp.sys [x]
R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x]
R3 cmdvirth;COMODO Virtual Service Manager;c:\program files\COMODO\COMODO Internet Security\cmdvirth.exe;c:\program files\COMODO\COMODO Internet Security\cmdvirth.exe [x]
R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys;c:\windows\SYSNATIVE\DRIVERS\dc3d.sys [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys;c:\windows\SYSNATIVE\epmntdrv.sys [x]
R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys;c:\windows\SYSNATIVE\EuGdiDrv.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
R3 wampapache64;wampapache64;c:\wamp\bin\apache\apache2.4.9\bin\httpd.exe;c:\wamp\bin\apache\apache2.4.9\bin\httpd.exe [x]
R3 wampmysqld64;wampmysqld64;c:\wamp\bin\mysql\mysql5.6.17\bin\mysqld.exe wampmysqld64;c:\wamp\bin\mysql\mysql5.6.17\bin\mysqld.exe wampmysqld64 [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 afcdpsrv;Acronis Nonstop Backup Service;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [x]
R4 LiveUpdateSvc;LiveUpdate;c:\program files (x86)\IObit\LiveUpdate\LiveUpdate.exe;c:\program files (x86)\IObit\LiveUpdate\LiveUpdate.exe [x]
R4 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R4 syncagentsrv;Acronis Sync Agent Service;c:\program files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe;c:\program files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 file_tracker;file_tracker;c:\windows\system32\DRIVERS\file_tracker.sys;c:\windows\SYSNATIVE\DRIVERS\file_tracker.sys [x]
S0 fltsrv;Acronis Storage Filter Management;c:\windows\system32\DRIVERS\fltsrv.sys;c:\windows\SYSNATIVE\DRIVERS\fltsrv.sys [x]
S0 tib;Acronis TIB Manager;c:\windows\system32\DRIVERS\tib.sys;c:\windows\SYSNATIVE\DRIVERS\tib.sys [x]
S0 tib_mounter;Acronis TIB Mounter;c:\windows\system32\DRIVERS\tib_mounter.sys;c:\windows\SYSNATIVE\DRIVERS\tib_mounter.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\DRIVERS\cmderd.sys;c:\windows\SYSNATIVE\DRIVERS\cmderd.sys [x]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys;c:\windows\SYSNATIVE\DRIVERS\cmdguard.sys [x]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys;c:\windows\SYSNATIVE\DRIVERS\cmdhlp.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]
S2 AODDriver4.3;AODDriver4.3;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe;c:\program files (x86)\Bluetooth Suite\adminservice.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys;c:\windows\SYSNATIVE\DRIVERS\asmthub3.sys [x]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys;c:\windows\SYSNATIVE\DRIVERS\asmtxhci.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys;c:\windows\SYSNATIVE\DRIVERS\btath_bus.sys [x]
S3 lvpopf64;Logitech POP Suppression Filter;c:\windows\system32\DRIVERS\lvpopf64.sys;c:\windows\SYSNATIVE\DRIVERS\lvpopf64.sys [x]
S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys;c:\windows\SYSNATIVE\DRIVERS\lvrs64.sys [x]
S3 LVUVC64;Logitech QuickCam Fusion(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys;c:\windows\SYSNATIVE\DRIVERS\lvuvc64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys;c:\windows\SYSNATIVE\DRIVERS\MijXfilt.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MBAMSWISSARMY
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-09-25 20:02 1096520 ----a-w- c:\program files (x86)\Google\Chrome\Application\37.0.2062.124\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-10-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-06-30 21:56]
.
2014-10-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-06-30 21:56]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08 164760 ----a-w- c:\users\Asim Hussain\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08 164760 ----a-w- c:\users\Asim Hussain\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08 164760 ----a-w- c:\users\Asim Hussain\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08 164760 ----a-w- c:\users\Asim Hussain\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08 164760 ----a-w- c:\users\Asim Hussain\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08 164760 ----a-w- c:\users\Asim Hussain\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08 164760 ----a-w- c:\users\Asim Hussain\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08 164760 ----a-w- c:\users\Asim Hussain\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-07-09 19:30 634872 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AcronisSyncError]
@="{934BC6C0-FEC2-4df5-A100-961DE2C8A0ED}"
[HKEY_CLASSES_ROOT\CLSID\{934BC6C0-FEC2-4df5-A100-961DE2C8A0ED}]
2014-09-09 12:00 2825312 ----a-w- c:\program files (x86)\Acronis\TrueImageHome\tishell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AcronisSyncInProgress]
@="{00F848DC-B1D4-4892-9C25-CAADC86A215D}"
[HKEY_CLASSES_ROOT\CLSID\{00F848DC-B1D4-4892-9C25-CAADC86A215D}]
2014-09-09 12:00 2825312 ----a-w- c:\program files (x86)\Acronis\TrueImageHome\tishell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AcronisSyncOk]
@="{71573297-552E-46fc-BE3D-3DFAF88D47B7}"
[HKEY_CLASSES_ROOT\CLSID\{71573297-552E-46fc-BE3D-3DFAF88D47B7}]
2014-09-09 12:00 2825312 ----a-w- c:\program files (x86)\Acronis\TrueImageHome\tishell64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2014-07-19 7541976]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cistray.exe" [2014-03-25 1275608]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office15\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - c:\program files (x86)\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL
FF - ProfilePath - c:\users\Asim Hussain\AppData\Roaming\Mozilla\Firefox\Profiles\lq2s5scs.default-1412890638074\
FF - prefs.js: browser.startup.homepage - www.google.com
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-07416159.sys
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\COMODO\CIS\Installer\Sym_Cam\CIS]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\services\CmdAgent\Mode\Configurations]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,59,00,53,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\services\CmdAgent\Mode\Data]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\services\CmdAgent\Mode\Options]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Cam]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,59,00,53,00,\
.
Completion time: 2014-10-11 18:36:15
ComboFix-quarantined-files.txt 2014-10-11 17:36
.
Pre-Run: 124,730,638,336 bytes free
Post-Run: 124,236,443,648 bytes free
.
- - End Of File - - 3F2481CE86CBD4A8D90EBAF67B6DEE96
5FB38429D5D77768867C76DCBDB35194

Rkill 2.6.8 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2014 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 10/11/2014 06:42:36 PM in x64 mode.
Windows Version: Windows 7 Ultimate Service Pack 1

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware processes found to kill.

Checking Registry for malware related settings:

* Advanced Explorer Setting Removed: HideIcons [HKCU]

Backup Registry file created at:
C:\Users\Asim Hussain\Desktop\rkill\rkill-10-11-2014-06-42-37.reg

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* Windows Firewall Disabled

[HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = dword:00000000

Checking Windows Service Integrity:

* No issues found.

Searching for Missing Digital Signatures:

* C:\Windows\System32\user32.dll : 1,008,640 : 06/30/2014 09:43 PM : 2c353b6ce0c8d03225caa2af33b68d79 [NoSig]
+-> C:\Windows\SysWOW64\user32.dll : 833,024 : 06/30/2014 09:43 PM : 861c4346f9281dc0380de72c8d55d6be [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll : 1,008,128 : 11/21/2010 04:24 AM : fe70103391a64039a921dbfff9c7ab1b [Pos Repl]
+-> C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll : 833,024 : 11/21/2010 04:24 AM : 5e0db2d8b2750543cd2ebb9ea8e6cdd3 [Pos Repl]

Checking HOSTS File:

* HOSTS file entries found:

127.0.0.1 localhost

Program finished at: 10/11/2014 06:42:55 PM
Execution time: 0 hours(s), 0 minute(s), and 19 seconds(s)
 
Looks good.

redtarget.gif
Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

redtarget.gif
Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

redtarget.gif
Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please copy and paste it to your reply.
 
Sorry about delay. Here are logs.

# AdwCleaner v3.311 - Report created 11/10/2014 at 23:42:48
# Updated 30/09/2014 by Xplode
# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)
# Username : Asim Hussain - ASIMHUSSAIN-PC
# Running from : C:\Users\Asim Hussain\Desktop\adwcleaner_3.311.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17280


-\\ Mozilla Firefox v32.0.3 (x86 en-GB)

[ File : C:\Users\Asim Hussain\AppData\Roaming\Mozilla\Firefox\Profiles\1js4aggt.default\prefs.js ]


[ File : C:\Users\Asim Hussain\AppData\Roaming\Mozilla\Firefox\Profiles\lq2s5scs.default-1412890638074\prefs.js ]


-\\ Google Chrome v37.0.2062.124

[ File : C:\Users\Asim Hussain\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [1923 octets] - [11/10/2014 20:35:39]
AdwCleaner[R1].txt - [1216 octets] - [11/10/2014 23:41:31]
AdwCleaner[S0].txt - [2004 octets] - [11/10/2014 20:37:00]
AdwCleaner[S1].txt - [1137 octets] - [11/10/2014 23:42:48]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1197 octets] ##########

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.2 (10.09.2014:1)
OS: Windows 7 Ultimate x64
Ran by Asim Hussain on 11/10/2014 at 23:45:17.16
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 12/10/2014 at 0:07:41.45
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-10-2014
Ran by Asim Hussain (administrator) on ASIMHUSSAIN-PC on 12-10-2014 00:10:06
Running from C:\Users\Asim Hussain\Desktop
Loaded Profile: Asim Hussain (Available profiles: Asim Hussain)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\CisTray.exe
() C:\Program Files (x86)\RocketDock\RocketDock.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cis.exe
(Advanced Micro Devices, Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\SLSTaskbar.exe
(Advanced Micro Devices, Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\SLSTaskbar64.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\audiodg.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7541976 2014-07-20] (Realtek Semiconductor)
HKLM\...\Run: [COMODO Internet Security] => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1275608 2014-03-25] (COMODO)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-07-31] (AVAST Software)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-09-15] (Advanced Micro Devices, Inc.)
HKU\S-1-5-21-3286673083-1926705729-2674503367-1000\...\Run: [RocketDock] => C:\Program Files (x86)\RocketDock\RocketDock.exe [495616 2007-09-02] ()
SSODL-x32: IconPackager Repair - {1799460C-0BC8-4865-B9DF-4A36CD703FF0} - C:\Program Files (x86)\Stardock\Object Desktop\IconPackager\iprepair.dll (Stardock.net, Inc)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers: [AcronisSyncError] -> {934BC6C0-FEC2-4df5-A100-961DE2C8A0ED} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll (Acronis)
ShellIconOverlayIdentifiers: [AcronisSyncInProgress] -> {00F848DC-B1D4-4892-9C25-CAADC86A215D} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll (Acronis)
ShellIconOverlayIdentifiers: [AcronisSyncOk] -> {71573297-552E-46fc-BE3D-3DFAF88D47B7} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll (Acronis)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xF00EC7980593CF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-GB
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_20\bin\ssv.dll (Oracle Corporation)
BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_20\bin\jp2ssv.dll (Oracle Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Asim Hussain\AppData\Roaming\Mozilla\Firefox\Profiles\lq2s5scs.default-1412890638074
FF Homepage: www.google.com
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=11.20.2 -> C:\Program Files (x86)\Java\jre1.8.0_20\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.20.2 -> C:\Program Files (x86)\Java\jre1.8.0_20\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazon-en-GB.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\chambers-en-GB.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-en-GB.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-en-GB.xml
FF Extension: NASA Night Launch - C:\Users\Asim Hussain\AppData\Roaming\Mozilla\Firefox\Profiles\lq2s5scs.default-1412890638074\Extensions\nasanightlaunch@example.com.xpi [2014-10-09]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-06-28]

Chrome:
=======
CHR StartupUrls: Default -> "hxxp://www.google.co.uk/"
CHR Profile: C:\Users\Asim Hussain\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Asim Hussain\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-06-30]
CHR Extension: (Google Drive) - C:\Users\Asim Hussain\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-06-30]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Asim Hussain\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-05]
CHR Extension: (MEGA) - C:\Users\Asim Hussain\AppData\Local\Google\Chrome\User Data\Default\Extensions\bigefpfhnfcobdlfbedofhhaibnlghod [2014-09-06]
CHR Extension: (YouTube) - C:\Users\Asim Hussain\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-06-30]
CHR Extension: (Adblock Plus) - C:\Users\Asim Hussain\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-06-30]
CHR Extension: (Google Search) - C:\Users\Asim Hussain\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-06-30]
CHR Extension: (Lamborghini) - C:\Users\Asim Hussain\AppData\Local\Google\Chrome\User Data\Default\Extensions\fiefegoncbfdemobfpaldfapbfiinmeo [2014-06-30]
CHR Extension: (avast! Online Security) - C:\Users\Asim Hussain\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-07-01]
CHR Extension: (Hangouts) - C:\Users\Asim Hussain\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2014-07-10]
CHR Extension: (Google Wallet) - C:\Users\Asim Hussain\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-06-30]
CHR Extension: (Gmail) - C:\Users\Asim Hussain\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-06-30]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-07-09]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-09-15] (Advanced Micro Devices, Inc.) [File not signed]
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [76448 2011-03-01] (Atheros Commnucations) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-07-09] (AVAST Software)
R2 CmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [6817544 2014-04-16] (COMODO)
S3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2264280 2014-03-25] (COMODO)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
S4 NMIndexingService; C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe [382248 2007-09-20] (Nero AG)
S3 wampapache64; c:\wamp\bin\apache\apache2.4.9\bin\httpd.exe [24576 2014-05-01] (Apache Software Foundation) [File not signed]
S3 wampmysqld64; c:\wamp\bin\mysql\mysql5.6.17\bin\mysqld.exe [12942848 2014-05-01] () [File not signed]
S4 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AODDriver4.3; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-07-09] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-07-09] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-07-09] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-07-09] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-07-09] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-07-09] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-07-09] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-07-09] ()
R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [23168 2014-04-16] (COMODO)
R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [738472 2014-04-16] (COMODO)
R1 cmdHlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [48360 2014-04-16] (COMODO)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-06-28] (Disc Soft Ltd)
S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [17480 2013-03-07] () [File not signed]
S3 epmntdrv; C:\Windows\SysWOW64\epmntdrv.sys [13896 2013-03-07] () [File not signed]
S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [9800 2013-03-07] () [File not signed]
S3 EuGdiDrv; C:\Windows\SysWOW64\EuGdiDrv.sys [9160 2013-03-07] () [File not signed]
R0 file_tracker; C:\Windows\System32\DRIVERS\file_tracker.sys [296736 2014-10-09] (Acronis International GmbH)
R1 inspect; C:\Windows\System32\DRIVERS\inspect.sys [105552 2014-04-16] (COMODO)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-10-11] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
R0 tib; C:\Windows\System32\DRIVERS\tib.sys [1328928 2014-10-09] (Acronis International GmbH)
R0 tib_mounter; C:\Windows\System32\DRIVERS\tib_mounter.sys [248096 2014-10-09] (Acronis International GmbH)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [34808 2014-10-11] ()
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-12 00:10 - 2014-10-12 00:10 - 00016229 _____ () C:\Users\Asim Hussain\Desktop\FRST.txt
2014-10-12 00:09 - 2014-10-12 00:10 - 00000000 ____D () C:\FRST
2014-10-12 00:08 - 2014-10-12 00:08 - 00000628 _____ () C:\Users\Asim Hussain\Documents\JRT.txt
2014-10-12 00:07 - 2014-10-12 00:07 - 00000628 _____ () C:\Users\Asim Hussain\Desktop\JRT.txt
2014-10-11 23:44 - 2014-10-11 23:44 - 00001277 _____ () C:\Users\Asim Hussain\Documents\AdwCleaner[S1].txt
2014-10-11 23:40 - 2014-10-11 23:40 - 00037945 _____ () C:\ComboFix.txt
2014-10-11 23:17 - 2014-10-11 23:23 - 00000000 ____D () C:\Users\Asim Hussain\Desktop\mbar
2014-10-11 23:10 - 2014-10-11 12:33 - 15677528 _____ () C:\Users\Asim Hussain\Desktop\RogueKiller.exe
2014-10-11 23:09 - 2014-10-11 23:09 - 15677528 _____ () C:\Users\Asim Hussain\Downloads\RogueKiller(1).exe
2014-10-11 20:45 - 2014-10-11 20:45 - 00000000 ____D () C:\Windows\ERUNT
2014-10-11 20:35 - 2014-10-11 23:42 - 00000000 ____D () C:\AdwCleaner
2014-10-11 20:34 - 2014-10-11 20:34 - 02109952 _____ (Farbar) C:\Users\Asim Hussain\Desktop\FRST64.exe
2014-10-11 20:34 - 2014-10-11 20:34 - 01705755 _____ (Thisisu) C:\Users\Asim Hussain\Desktop\JRT.exe
2014-10-11 20:33 - 2014-10-11 20:33 - 01375089 _____ () C:\Users\Asim Hussain\Desktop\adwcleaner_3.311.exe
2014-10-11 18:49 - 2014-10-11 23:43 - 00001638 _____ () C:\Windows\PFRO.log
2014-10-11 18:49 - 2014-10-11 23:43 - 00000224 _____ () C:\Windows\setupact.log
2014-10-11 18:49 - 2014-10-11 18:49 - 00000000 _____ () C:\Windows\setuperr.log
2014-10-11 18:42 - 2014-10-11 18:42 - 00003868 _____ () C:\Users\Asim Hussain\Desktop\Rkill.txt
2014-10-11 18:42 - 2014-10-11 18:42 - 00000000 ____D () C:\Users\Asim Hussain\Desktop\rkill
2014-10-11 18:41 - 2014-10-11 18:41 - 01944824 _____ (Bleeping Computer, LLC) C:\Users\Asim Hussain\Desktop\rkill(1).exe
2014-10-11 18:19 - 2014-10-11 23:41 - 00000000 ____D () C:\Qoobox
2014-10-11 18:19 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-10-11 18:19 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-10-11 18:19 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-10-11 18:19 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-10-11 18:19 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-10-11 18:19 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2014-10-11 18:19 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2014-10-11 18:19 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2014-10-11 18:18 - 2014-10-11 18:32 - 00000000 ____D () C:\Windows\erdnt
2014-10-11 18:17 - 2014-10-11 18:15 - 05582481 ____R (Swearware) C:\Users\Asim Hussain\Desktop\ComboFix.exe
2014-10-11 18:15 - 2014-10-11 18:15 - 05582481 _____ (Swearware) C:\Users\Asim Hussain\Downloads\ComboFix.exe
2014-10-11 12:47 - 2014-10-11 23:23 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-10-11 12:46 - 2014-10-11 12:46 - 14349744 _____ (Malwarebytes Corp.) C:\Users\Asim Hussain\Desktop\mbar-1.07.0.1012.exe
2014-10-11 12:43 - 2014-10-11 12:43 - 00005191 _____ () C:\Users\Asim Hussain\Documents\RKreport_DEL_10112014_124301.log
2014-10-11 12:34 - 2014-10-11 23:10 - 00034808 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2014-10-11 12:34 - 2014-10-11 12:34 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-10-11 12:33 - 2014-10-11 12:33 - 15677528 _____ () C:\Users\Asim Hussain\Downloads\RogueKiller.exe
2014-10-10 18:46 - 2014-10-10 18:47 - 905593193 _____ () C:\Users\Asim Hussain\Downloads\Finger Family _ More Nursery Rhymes! _ 1 hour! _ 33 Videos! _ 3D Animation in HD.mp4
2014-10-10 11:38 - 2014-10-10 11:38 - 00688992 _____ (Swearware) C:\Users\Asim Hussain\Downloads\dds.com
2014-10-10 11:26 - 2014-10-10 11:26 - 00001063 _____ () C:\Users\Asim Hussain\Documents\MBAM.txt
2014-10-10 11:19 - 2014-10-10 11:19 - 00000000 ____D () C:\Windows\Tasks\ImCleanDisabled
2014-10-09 22:46 - 2014-10-09 22:46 - 00000000 ____D () C:\Users\Asim Hussain\Documents\My Cheat Tables
2014-10-09 22:45 - 2014-10-07 20:04 - 04244992 _____ () C:\Users\Asim Hussain\Downloads\Alien Isolation V1.00 Trainer +4 MrAntiFun B.EXE
2014-10-09 22:37 - 2014-10-09 22:37 - 00159993 _____ () C:\Users\Asim Hussain\Documents\bookmarks-2014-10-09.json
2014-10-09 22:37 - 2014-10-09 22:37 - 00000000 ____D () C:\Users\Asim Hussain\Desktop\Old Firefox Data
2014-10-09 22:35 - 2014-10-09 22:35 - 04088554 _____ () C:\Users\Asim Hussain\Downloads\Alien Isolation V1.00 Trainer +4 MrAntiFun B.zip
2014-10-09 21:17 - 2014-10-09 21:18 - 521338880 _____ () C:\Users\Asim Hussain\Downloads\AcronisBootableMedia.iso
2014-10-09 21:16 - 2014-10-09 21:16 - 00000000 ____D () C:\Users\Asim Hussain\AppData\Roaming\Acronis
2014-10-09 21:13 - 2014-10-09 21:13 - 01328928 _____ (Acronis International GmbH) C:\Windows\system32\Drivers\tib.sys
2014-10-09 21:13 - 2014-10-09 21:13 - 00319776 _____ (Acronis International GmbH) C:\Windows\system32\Drivers\snapman.sys
2014-10-09 21:13 - 2014-10-09 21:13 - 00296736 _____ (Acronis International GmbH) C:\Windows\system32\Drivers\file_tracker.sys
2014-10-09 21:13 - 2014-10-09 21:13 - 00248096 _____ (Acronis International GmbH) C:\Windows\system32\Drivers\tib_mounter.sys
2014-10-09 21:13 - 2014-10-09 21:13 - 00126752 _____ (Acronis International GmbH) C:\Windows\system32\Drivers\fltsrv.sys
2014-10-09 21:13 - 2014-10-09 21:13 - 00001226 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acronis True Image 2015.lnk
2014-10-09 21:13 - 2014-10-09 21:13 - 00001214 _____ () C:\Users\Public\Desktop\Acronis True Image 2015.lnk
2014-10-09 21:13 - 2014-10-09 21:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acronis
2014-10-09 21:12 - 2014-10-09 21:29 - 00000000 ____D () C:\ProgramData\Acronis
2014-10-09 21:12 - 2014-10-09 21:12 - 00000000 ____D () C:\Program Files (x86)\Acronis
2014-10-09 20:46 - 2014-10-09 20:46 - 02409186 _____ () C:\Users\Asim Hussain\Documents\AccessEnum.txt
2014-10-09 20:44 - 2014-10-09 20:44 - 00051139 _____ () C:\Users\Asim Hussain\Downloads\AccessEnum.zip
2014-10-09 20:44 - 2006-11-01 13:06 - 00174968 _____ (Sysinternals - www.sysinternals.com) C:\Users\Asim Hussain\Desktop\AccessEnum.exe
2014-10-09 20:37 - 2014-10-09 20:37 - 01056768 _____ () C:\Windows\system32\defltbase.sdb
2014-10-08 22:37 - 2014-10-11 23:43 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-08 22:32 - 2014-10-11 23:17 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-10-08 22:32 - 2014-10-08 22:37 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-10-08 22:32 - 2014-10-08 22:32 - 00001115 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-10-08 22:32 - 2014-10-08 22:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-10-08 22:32 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-10-08 22:32 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-10-08 22:29 - 2014-10-08 22:30 - 07747104 _____ (Malwarebytes Corporation ) C:\Users\Asim Hussain\Downloads\stopzilla2.exe
2014-10-08 22:29 - 2014-10-08 18:58 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Asim Hussain\Downloads\stopzilla.exe
2014-10-08 21:43 - 2014-10-08 21:43 - 02347384 _____ (ESET) C:\Users\Asim Hussain\Downloads\esetsmartinstaller_enu.exe
2014-10-08 19:27 - 2014-10-08 19:27 - 00004800 _____ () C:\Users\Asim Hussain\Documents\Rkill2.txt
2014-10-08 19:25 - 2014-10-08 19:25 - 01944824 _____ (Bleeping Computer, LLC) C:\Users\Asim Hussain\Downloads\rkill.exe
2014-10-08 19:23 - 2014-10-08 19:23 - 00005560 _____ () C:\Users\Asim Hussain\Documents\Rkill.txt
2014-10-08 19:20 - 2014-10-08 19:20 - 00000806 _____ () C:\Users\Asim Hussain\Downloads\FixExe.reg
2014-10-08 18:57 - 2014-10-08 18:57 - 04872677 _____ () C:\Users\Asim Hussain\Downloads\mbam-chameleon-3.1.4.0.zip
2014-10-08 18:17 - 2014-10-08 18:17 - 19814952 _____ (SUPERAntiSpyware) C:\Users\Asim Hussain\Downloads\SUPERAntiSpyware.exe
2014-10-08 00:57 - 2014-10-08 00:57 - 00321848 _____ (Malwarebytes Corporation) C:\Users\Asim Hussain\Downloads\mbam-clean-2.1.1.1001(1).exe
2014-10-08 00:53 - 2014-10-08 00:54 - 304410624 _____ () C:\Users\Asim Hussain\Downloads\kav_rescue_10.iso
2014-10-08 00:38 - 2014-10-08 00:39 - 00197412 _____ () C:\Users\Asim Hussain\Downloads\mbam-setup-2.0.1.1004.rar
2014-10-08 00:29 - 2014-10-08 00:29 - 00000000 ____D () C:\Users\Asim Hussain\AppData\Local\Stardock
2014-10-07 20:51 - 2014-10-11 23:47 - 00337205 _____ () C:\Windows\WindowsUpdate.log
2014-10-07 20:14 - 2014-10-07 20:14 - 00000000 ____H () C:\Users\Asim Hussain\Documents\Default.rdp
2014-10-06 22:10 - 2014-10-08 18:12 - 00000000 ____D () C:\Users\Asim Hussain\AppData\Roaming\Steam
2014-10-06 22:08 - 2014-10-08 18:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Alien Isolation
2014-10-06 22:08 - 2014-10-06 22:08 - 00000658 _____ () C:\Users\Asim Hussain\Desktop\Alien Isolation.lnk
2014-10-06 15:18 - 2014-10-06 15:18 - 230181365 _____ () C:\Users\Asim Hussain\Downloads\PlayStation 3 Slim Reassembly.mp4
2014-10-06 14:36 - 2014-10-06 14:37 - 335988774 _____ () C:\Users\Asim Hussain\Downloads\How To Open A PS3 Slim.mp4
2014-10-04 21:34 - 2014-10-08 18:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinAVI Video Converter
2014-10-04 21:34 - 2014-10-08 18:13 - 00000000 ____D () C:\Program Files (x86)\WinAVI Video Converter
2014-10-04 21:34 - 2014-10-04 21:34 - 00001014 _____ () C:\Users\Asim Hussain\Desktop\WinAVI Video Converter.lnk
2014-10-04 20:56 - 2014-10-04 20:56 - 00000000 ____D () C:\Users\Asim Hussain\AppData\Roaming\AMD
2014-10-04 20:25 - 2014-10-08 18:13 - 00000000 ____D () C:\Users\Asim Hussain\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FormatFactory
2014-10-04 20:25 - 2014-10-04 20:25 - 00001211 _____ () C:\Users\Asim Hussain\Desktop\Format Factory.lnk
2014-10-04 20:24 - 2014-10-08 18:12 - 00000000 ____D () C:\Program Files (x86)\FreeTime
2014-10-04 19:45 - 2014-10-08 18:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MagicISO
2014-10-04 19:45 - 2014-10-08 18:12 - 00000000 ____D () C:\Program Files (x86)\MagicISO
2014-10-04 19:45 - 2014-10-04 19:45 - 00001812 _____ () C:\Users\Asim Hussain\Desktop\MagicISO.lnk
2014-10-04 19:45 - 2014-10-04 19:45 - 00000000 ____D () C:\Users\Asim Hussain\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MagicISO
2014-10-04 19:43 - 2014-10-08 18:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MKVtoolnix
2014-10-04 19:43 - 2014-10-08 18:13 - 00000000 ____D () C:\Program Files (x86)\MKVtoolnix
2014-10-04 19:43 - 2014-10-04 19:43 - 00001901 _____ () C:\Users\Public\Desktop\mkvmerge GUI.lnk
2014-10-04 19:40 - 2014-10-04 19:40 - 00000000 ____D () C:\Users\Asim Hussain\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MeGUI
2014-10-04 19:39 - 2014-10-08 18:13 - 00000000 ____D () C:\Users\Asim Hussain\AppData\Local\www.doom9.net
2014-10-04 19:38 - 2014-10-08 18:13 - 00000000 ____D () C:\Program Files (x86)\megui
2014-10-04 19:19 - 2014-10-08 18:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MeGUI
2014-10-04 19:19 - 2014-10-08 18:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AviSynth 2.5
2014-10-04 19:19 - 2014-10-08 18:12 - 00000000 ____D () C:\Program Files (x86)\AviSynth 2.5
2014-10-04 19:19 - 2014-10-04 19:19 - 00000000 ____D () C:\Users\Asim Hussain\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AviSynth 2.5
2014-10-04 19:18 - 2014-10-08 18:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVD Decrypter
2014-10-04 19:18 - 2014-10-08 18:12 - 00000000 ____D () C:\Program Files (x86)\DVD Decrypter
2014-10-04 19:18 - 2014-10-04 19:18 - 00001985 _____ () C:\Users\Public\Desktop\DVD Decrypter.lnk
2014-10-04 18:43 - 2014-10-07 22:18 - 00000000 ____D () C:\Users\Asim Hussain\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinAVI All-in-One Converter
2014-10-04 18:39 - 2014-10-08 18:13 - 00000000 ____D () C:\Users\Asim Hussain\AppData\Roaming\WinAVI
2014-10-04 18:39 - 2014-10-07 22:18 - 00000000 ____D () C:\Program Files (x86)\WinAVI
2014-10-04 18:39 - 2014-10-07 21:01 - 00000000 ____D () C:\Users\Asim Hussain\AppData\Local\WinAVI
2014-10-04 13:00 - 2014-10-04 13:00 - 50649660 _____ () C:\Users\Asim Hussain\Downloads\How to create a Time Lapse in all versions Sony Vegas!.mp4
2014-10-04 12:21 - 2014-10-04 12:21 - 07561216 _____ () C:\Users\Asim Hussain\Downloads\jeboo_kernel_i9100_v1-2a.tar
2014-10-04 10:41 - 2014-10-08 18:13 - 00000000 ____D () C:\Users\Asim Hussain\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
2014-10-04 10:41 - 2014-10-08 18:12 - 00000000 ____D () C:\Program Files (x86)\AMD AVT
2014-10-04 10:41 - 2014-10-04 10:41 - 00000000 ____D () C:\ProgramData\ATI
2014-10-04 10:40 - 2014-10-08 18:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
2014-10-04 10:40 - 2014-10-04 10:40 - 00061880 _____ () C:\Windows\SysWOW64\CCCInstall_201410041040513503.log
2014-10-04 01:10 - 2014-10-04 01:10 - 145432164 _____ () C:\Users\Asim Hussain\Downloads\MUST SEE! The World's BIGGEST KILLER - Alcohol.mp4
2014-10-04 00:59 - 2014-10-04 00:59 - 217680841 _____ () C:\Users\Asim Hussain\Downloads\SHOCKING MUST SEE! WHY Eating PORK is BAD For HUMANS - Pork.mp4
2014-10-03 23:32 - 2014-10-03 23:32 - 80227266 _____ () C:\Users\Asim Hussain\Downloads\How I came to Islam - Anthony became Abdurraheem Green.mp4
2014-10-02 19:34 - 2014-10-02 19:34 - 29560000 _____ () C:\Users\Asim Hussain\Downloads\Pes_2015_New_Skill_-_Control_Dummy_Tutorial.mp4
2014-10-01 20:52 - 2014-10-01 20:52 - 04965896 _____ (Piriform Ltd) C:\Users\Asim Hussain\Downloads\ccsetup418(1).exe
2014-10-01 19:48 - 2014-09-25 03:08 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-10-01 19:48 - 2014-09-25 02:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2014-09-28 22:20 - 2014-09-28 22:20 - 04427806 _____ () C:\Users\Asim Hussain\Downloads\Bruteforce_Save_Data_v4.4.2.rar
2014-09-28 22:13 - 2014-09-15 11:49 - 00000000 ____D () C:\Users\Asim Hussain\Downloads\PS3
2014-09-28 22:12 - 2014-09-28 22:13 - 52460304 _____ () C:\Users\Asim Hussain\Downloads\PS3.rar
2014-09-28 19:14 - 2014-09-28 19:16 - 52459266 _____ () C:\Users\Asim Hussain\Downloads\PES_2015_-_Play_Like_Messi.mp4
2014-09-28 17:41 - 2014-06-07 19:45 - 00000616 _____ () C:\Users\Asim Hussain\Documents\phpmyadmin.conf
2014-09-28 17:26 - 2014-09-28 17:26 - 45743183 _____ () C:\Users\Asim Hussain\Downloads\PES 2014 New Skills Tutorial (Advanced)(1).mp4
2014-09-27 18:45 - 2014-09-27 18:45 - 820773845 _____ () C:\Users\Asim Hussain\Downloads\I9300XXUGMK6.zip
2014-09-27 18:43 - 2014-09-27 18:44 - 06214085 _____ () C:\Users\Asim Hussain\Downloads\XXUGMK6_Stock_Kernel_CWM.zip
2014-09-27 18:42 - 2014-09-27 18:45 - 25312730 _____ () C:\Users\Asim Hussain\Downloads\update.zip
2014-09-27 18:42 - 2014-09-27 18:43 - 05022536 _____ () C:\Users\Asim Hussain\Downloads\modem_I9300XXUGMK6.zip
2014-09-27 16:15 - 2014-09-27 16:15 - 45743183 _____ () C:\Users\Asim Hussain\Downloads\PES 2014 New Skills Tutorial (Advanced).mp4
2014-09-27 15:12 - 2014-09-27 15:12 - 28552839 _____ () C:\Users\Asim Hussain\Downloads\The Wheels On The Bus _ Nursery Rhymes _ HD Version.mp4
2014-09-27 11:47 - 2014-09-27 11:47 - 04964488 _____ (Piriform Ltd) C:\Users\Asim Hussain\Downloads\ccsetup418.exe
2014-09-25 23:05 - 2014-09-25 23:05 - 34703431 _____ () C:\Users\Asim Hussain\Documents\PES and Fifa Youtube Art Channel Template.psd
2014-09-25 22:13 - 2014-09-25 22:14 - 16601549 _____ () C:\Users\Asim Hussain\Downloads\PES and Fifa Youtube Art Channel Template.rar
2014-09-25 21:50 - 2014-09-25 21:50 - 00002095 _____ () C:\Users\Public\Desktop\SDFormatter.lnk
2014-09-25 21:50 - 2014-09-25 21:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SDFormatter
2014-09-25 21:50 - 2014-09-25 21:50 - 00000000 ____D () C:\Program Files (x86)\SDA
2014-09-25 21:49 - 2014-09-25 21:49 - 06286748 _____ () C:\Users\Asim Hussain\Downloads\SDFormatterv4.zip
2014-09-24 22:18 - 2014-09-09 23:11 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-09-24 22:18 - 2014-09-09 22:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-09-21 16:05 - 2014-09-21 16:11 - 640084978 _____ () C:\Users\Asim Hussain\Downloads\Final patch.rar
2014-09-21 15:29 - 2014-09-21 15:30 - 778960307 _____ () C:\Users\Asim Hussain\Downloads\ABC Song _ ABC Songs and More Nursery Rhymes! _ 30 Videos _ 51 Minutes Long _ 3D Animations in HD.mp4
2014-09-20 20:02 - 2014-09-20 20:02 - 00000000 ____D () C:\Users\Asim Hussain\AppData\Local\Ahead
2014-09-19 22:36 - 2014-09-19 22:36 - 107363934 _____ () C:\Users\Asim Hussain\Downloads\PES_2015_-_Gameplay_Compilation_2.mp4
2014-09-19 22:30 - 2014-09-19 22:30 - 75840979 _____ () C:\Users\Asim Hussain\Downloads\PES 2014 - Best Goals Compilation 2.mp4
2014-09-15 23:32 - 2014-09-15 23:32 - 00078432 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atimpc64.dll
2014-09-15 23:32 - 2014-09-15 23:32 - 00078432 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdpcom64.dll
2014-09-15 23:32 - 2014-09-15 23:32 - 00071704 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atimpc32.dll
2014-09-15 23:32 - 2014-09-15 23:32 - 00071704 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdpcom32.dll
2014-09-15 23:31 - 2014-09-15 23:31 - 09254184 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atidxx32.dll
2014-09-15 23:31 - 2014-09-15 23:31 - 08296296 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiumd64.dll
2014-09-15 23:31 - 2014-09-15 23:31 - 08044976 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiumd6a.dll
2014-09-15 23:31 - 2014-09-15 23:31 - 07207592 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdva.dll
2014-09-15 23:31 - 2014-09-15 23:31 - 07028336 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdag.dll
2014-09-15 23:31 - 2014-09-15 23:31 - 01113576 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\aticfx32.dll
2014-09-15 23:31 - 2014-09-15 23:31 - 00126848 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiuxpag.dll
2014-09-15 23:31 - 2014-09-15 23:31 - 00118096 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiu9p64.dll
2014-09-15 23:31 - 2014-09-15 23:31 - 00100032 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiu9pag.dll
2014-09-15 23:29 - 2014-09-15 23:29 - 00293088 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\amdacpksd.sys
2014-09-15 23:26 - 2014-09-15 23:26 - 16750080 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\atikmdag.sys
2014-09-15 23:18 - 2014-09-15 23:18 - 00235008 _____ () C:\Windows\system32\clinfo.exe
2014-09-15 23:18 - 2014-09-15 23:18 - 00098816 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\OpenVideo64.dll
2014-09-15 23:17 - 2014-09-15 23:17 - 33867264 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\amdocl64.dll
2014-09-15 23:17 - 2014-09-15 23:17 - 28770304 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\amdocl.dll
2014-09-15 23:17 - 2014-09-15 23:17 - 00086528 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\OVDecode64.dll
2014-09-15 23:17 - 2014-09-15 23:17 - 00083456 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\OpenVideo.dll
2014-09-15 23:17 - 2014-09-15 23:17 - 00073216 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\OVDecode.dll
2014-09-15 23:16 - 2014-09-15 23:16 - 00065024 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2014-09-15 23:16 - 2014-09-15 23:16 - 00058880 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2014-09-15 23:13 - 2014-09-15 23:13 - 27918336 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atio6axx.dll
2014-09-15 23:09 - 2014-09-15 23:09 - 05639168 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdmantle64.dll
2014-09-15 23:09 - 2014-09-15 23:09 - 00127488 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\mantle64.dll
2014-09-15 23:09 - 2014-09-15 23:09 - 00113664 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\mantle32.dll
2014-09-15 23:09 - 2014-09-15 23:09 - 00048128 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdmmcl6.dll
2014-09-15 23:09 - 2014-09-15 23:09 - 00037888 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdmmcl.dll
2014-09-15 23:08 - 2014-09-15 23:08 - 23375360 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atioglxx.dll
2014-09-15 23:07 - 2014-09-15 23:07 - 15716352 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\aticaldd64.dll
2014-09-15 23:07 - 2014-09-15 23:07 - 03437632 _____ () C:\Windows\system32\atiumd6a.cap
2014-09-15 23:07 - 2014-09-15 23:07 - 00609272 _____ () C:\Windows\SysWOW64\atiapfxx.blb
2014-09-15 23:07 - 2014-09-15 23:07 - 00609272 _____ () C:\Windows\system32\atiapfxx.blb
2014-09-15 23:07 - 2014-09-15 23:07 - 00367104 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atiapfxx.exe
2014-09-15 23:07 - 2014-09-15 23:07 - 00062464 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\aticalrt64.dll
2014-09-15 23:07 - 2014-09-15 23:07 - 00055808 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\aticalcl64.dll
2014-09-15 23:07 - 2014-09-15 23:07 - 00052224 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalrt.dll
2014-09-15 23:07 - 2014-09-15 23:07 - 00049152 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalcl.dll
2014-09-15 23:06 - 2014-09-15 23:06 - 14302208 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticaldd.dll
2014-09-15 23:05 - 2014-09-15 23:05 - 04480000 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdmantle32.dll
2014-09-15 23:03 - 2014-09-15 23:03 - 03471376 _____ () C:\Windows\SysWOW64\atiumdva.cap
2014-09-15 23:03 - 2014-09-15 23:03 - 00619008 _____ (AMD) C:\Windows\system32\atieclxx.exe
2014-09-15 23:03 - 2014-09-15 23:03 - 00442368 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atidemgy.dll
2014-09-15 23:03 - 2014-09-15 23:03 - 00239616 _____ (AMD) C:\Windows\system32\atiesrxx.exe
2014-09-15 23:03 - 2014-09-15 23:03 - 00190976 _____ (AMD) C:\Windows\system32\atitmm64.dll
2014-09-15 23:03 - 2014-09-15 23:03 - 00091648 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\mantleaxl64.dll
2014-09-15 23:03 - 2014-09-15 23:03 - 00085504 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\mantleaxl32.dll
2014-09-15 23:03 - 2014-09-15 23:03 - 00031232 _____ (AMD) C:\Windows\system32\atimuixx.dll
2014-09-15 22:59 - 2014-09-15 22:59 - 01210880 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atiadlxx.dll
2014-09-15 22:59 - 2014-09-15 22:59 - 00900608 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atiadlxy.dll
2014-09-15 22:59 - 2014-09-15 22:59 - 00827392 _____ (AMD) C:\Windows\system32\coinst_14.30.dll
2014-09-15 22:59 - 2014-09-15 22:59 - 00576000 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\atikmpag.sys
2014-09-15 22:59 - 2014-09-15 22:59 - 00146944 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atig6txx.dll
2014-09-15 22:59 - 2014-09-15 22:59 - 00133632 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atigktxx.dll
2014-09-15 22:59 - 2014-09-15 22:59 - 00075264 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atig6pxx.dll
2014-09-15 22:59 - 2014-09-15 22:59 - 00069632 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiglpxx.dll
2014-09-15 22:59 - 2014-09-15 22:59 - 00069632 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiglpxx.dll
2014-09-15 22:58 - 2014-09-15 22:58 - 00043520 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\ati2erec.dll
2014-09-15 18:21 - 2014-09-15 18:21 - 00051200 _____ () C:\Windows\system32\kdbsdk64.dll
2014-09-15 18:19 - 2014-09-15 18:19 - 00038912 _____ () C:\Windows\SysWOW64\kdbsdk32.dll
2014-09-14 14:47 - 2014-09-14 14:47 - 550994685 _____ () C:\Users\Asim Hussain\Downloads\Destiny Walkthrough Part 3 - The Moon The Dark Beyond (Let's Play Commentary).mp4
2014-09-14 14:19 - 2014-09-14 14:20 - 546829050 _____ () C:\Users\Asim Hussain\Downloads\Destiny Walkthrough Part 2 - The Last Array (Let's Play Commentary).mp4
2014-09-12 21:19 - 2014-09-12 21:20 - 239717062 _____ () C:\Users\Asim Hussain\Downloads\Playtest PES 2015 Humano vs CPU WinningElevenblog.es.mp4
2014-09-12 19:59 - 2014-09-12 19:59 - 398626790 _____ () C:\Users\Asim Hussain\Downloads\Football's Greatest - Andres Iniesta (HD).mp4
2014-09-12 19:50 - 2014-09-12 19:50 - 70064607 _____ () C:\Users\Asim Hussain\Downloads\FIFA_15_-_Official_TV_Commercial.mp4

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-12 00:01 - 2014-06-30 22:56 - 00000910 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-11 23:50 - 2009-07-14 06:13 - 00781782 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-11 23:44 - 2014-06-30 22:56 - 00000906 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-11 23:43 - 2014-06-28 20:29 - 00000000 _____ () C:\Windows\system32\Drivers\lvuvc.hs
2014-10-11 23:43 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-11 23:36 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini
2014-10-11 22:57 - 2014-06-28 21:00 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-10-11 18:36 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Default
2014-10-11 12:38 - 2014-06-28 20:13 - 00000000 ____D () C:\Windows\System32\Tasks\ASUS
2014-10-10 18:23 - 2014-06-28 22:04 - 00000000 ____D () C:\Users\Asim Hussain\AppData\Roaming\Winamp
2014-10-10 12:42 - 2014-06-28 20:05 - 00000000 ____D () C:\Users\Asim Hussain
2014-10-10 12:15 - 2014-06-28 21:06 - 00000000 ____D () C:\Users\Asim Hussain\AppData\Roaming\uTorrent
2014-10-10 12:14 - 2014-09-09 21:48 - 00000000 ____D () C:\Users\Asim Hussain\AppData\Roaming\Skype
2014-10-09 19:41 - 2014-07-19 23:28 - 00000000 ____D () C:\Users\Asim Hussain\AppData\Roaming\IObit
2014-10-09 19:31 - 2014-06-29 14:10 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-10-09 18:48 - 2014-07-04 21:40 - 00000000 ____D () C:\Users\Asim Hussain\Downloads\Every 4 Years Patch
2014-10-08 22:35 - 2014-06-28 23:58 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-10-08 18:13 - 2014-07-19 23:42 - 00000000 ____D () C:\Users\Asim Hussain\AppData\Roaming\ProductData
2014-10-08 18:13 - 2014-07-19 23:29 - 00000000 ____D () C:\ProgramData\ProductData
2014-10-08 18:13 - 2014-07-19 23:29 - 00000000 ____D () C:\ProgramData\IObit
2014-10-08 18:13 - 2014-06-29 16:32 - 00000000 ____D () C:\Users\Asim Hussain\AppData\Roaming\mIRC
2014-10-08 18:13 - 2014-06-28 23:31 - 00000000 ____D () C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform
2014-10-08 18:13 - 2014-06-28 22:51 - 00000000 ____D () C:\ProgramData\DAEMON Tools Lite
2014-10-08 18:13 - 2014-06-28 21:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
2014-10-08 18:13 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-10-08 18:12 - 2014-06-28 20:58 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-10-08 18:12 - 2014-06-28 20:53 - 00000000 ____D () C:\ProgramData\Comodo Downloader
2014-10-08 18:12 - 2014-06-28 20:52 - 00000000 ____D () C:\ProgramData\Comodo
2014-10-08 18:12 - 2014-06-28 20:21 - 00000000 ____D () C:\Program Files\ATI Technologies
2014-10-08 18:12 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\registration
2014-10-08 01:09 - 2014-07-03 23:17 - 00000000 ____D () C:\Users\Asim Hussain\AppData\Local\CrashDumps
2014-10-07 22:24 - 2014-06-28 20:50 - 00000000 ____D () C:\Users\Asim Hussain\AppData\Local\Mozilla
2014-10-07 20:50 - 2014-06-28 22:56 - 00000000 ____D () C:\Users\Asim Hussain\AppData\Roaming\DAEMON Tools Lite
2014-10-07 20:08 - 2009-07-14 05:45 - 00026576 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-07 20:08 - 2009-07-14 05:45 - 00026576 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-04 10:41 - 2014-06-28 20:25 - 00000000 ____D () C:\ProgramData\AMD
2014-10-04 10:36 - 2014-06-28 20:24 - 00000000 ____D () C:\ProgramData\Package Cache
2014-10-04 10:34 - 2014-06-28 20:20 - 00000000 ____D () C:\AMD
2014-10-03 16:47 - 2014-06-29 19:01 - 00000000 ____D () C:\Users\Asim Hussain\.dreamstream
2014-10-02 22:43 - 2014-06-28 21:55 - 00002788 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-10-01 20:52 - 2014-06-28 21:55 - 00000791 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-10-01 20:52 - 2014-06-28 21:55 - 00000000 ____D () C:\Program Files\CCleaner
2014-09-26 21:16 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-09-26 19:49 - 2014-06-28 20:50 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-09-26 19:49 - 2009-07-14 05:45 - 05267600 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-09-25 22:24 - 2014-07-13 19:27 - 00001456 _____ () C:\Users\Asim Hussain\AppData\Local\Adobe Save for Web 13.0 Prefs
2014-09-25 22:15 - 2014-06-28 20:26 - 00151072 _____ () C:\Users\Asim Hussain\AppData\Local\GDIPFONTCACHEV1.DAT
2014-09-25 21:49 - 2014-07-20 12:55 - 00000000 ____D () C:\Users\Asim Hussain\AppData\Local\Downloaded Installations
2014-09-25 21:04 - 2014-06-30 22:56 - 00002192 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-09-25 20:34 - 2014-06-28 20:50 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-21 13:18 - 2014-08-01 21:20 - 00000000 ____D () C:\Users\Asim Hussain\AppData\Roaming\UseNeXT
2014-09-21 13:17 - 2014-08-01 21:20 - 00000000 ____D () C:\Users\Asim Hussain\Documents\UseNeXT
2014-09-20 20:26 - 2014-08-17 17:00 - 00000000 ___RD () C:\Users\Asim Hussain\Dropbox
2014-09-20 20:09 - 2014-07-10 19:43 - 00000000 ____D () C:\Users\Asim Hussain\AppData\Roaming\Dropbox
2014-09-20 20:08 - 2014-08-17 17:00 - 00001052 _____ () C:\Users\Asim Hussain\Desktop\Dropbox.lnk
2014-09-20 20:08 - 2014-07-10 19:43 - 00000000 ____D () C:\Users\Asim Hussain\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-09-15 23:31 - 2014-04-18 03:43 - 00144328 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiuxp64.dll
2014-09-15 23:31 - 2014-04-18 03:42 - 10826488 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atidxx64.dll
2014-09-15 23:31 - 2014-04-18 03:42 - 01335544 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\aticfx64.dll
2014-09-15 09:06 - 2010-11-21 04:27 - 00278152 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-09-14 00:02 - 2014-08-30 19:32 - 00000000 ____D () C:\Users\Asim Hussain\AppData\Local\Adobe
2014-09-12 19:52 - 2014-06-28 21:22 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-12 19:52 - 2014-06-28 21:22 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

Some content of TEMP:
====================
C:\Users\Asim Hussain\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-10-06 15:46

==================== End Of Log ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-10-2014
Ran by Asim Hussain at 2014-10-12 00:10:40
Running from C:\Users\Asim Hussain\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
AS: COMODO Antivirus (Disabled - Out of date) {0C2D2636-923D-EE52-2A83-E643204A8275}
FW: COMODO Firewall (Disabled) {8F7746F7-FE68-E084-3B6C-7404A51E8FB3}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKCU\...\uTorrent) (Version: 3.4.2.34309 - BitTorrent Inc.)
7-Zip 9.22 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0922-000001000000}) (Version: 9.22.00.0 - Igor Pavlov)
Acronis True Image 2015 (HKLM-x32\...\{860998A8-3FAE-4589-A974-CE3199F64758}Visible) (Version: 18.0.5539 - Acronis)
Acronis True Image 2015 (x32 Version: 18.0.5539 - Acronis) Hidden
Adobe After Effects CC (HKLM-x32\...\{317243C1-6580-4F43-AED7-37D4438C3DD5}) (Version: 12.2.0 - Adobe Systems Incorporated)
Adobe Dreamweaver CC 2014 (HKLM-x32\...\{766255CE-D156-11E3-8DBC-A136EB52ACCF}) (Version: 14.0.0 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Photoshop CC 2014 (HKLM-x32\...\{D7A4F897-B20A-42D0-862D-CB5F6DB7391D}) (Version: 15.0 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Alien Isolation (HKLM-x32\...\Alien Isolation_is1) (Version: - )
AMD Accelerated Video Transcoding (Version: 13.30.100.40915 - Advanced Micro Devices, Inc.) Hidden
AMD Catalyst Control Center (x32 Version: 2014.0915.1813.30937 - Advanced Micro Devices, Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{C2956908-53A3-88FC-B795-B16508296FC4}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
AMD Drag and Drop Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.) Hidden
AMD Fuel (Version: 2014.0915.1813.30937 - Advanced Micro Devices, Inc.) Hidden
AMD Wireless Display v3.0 (Version: 1.0.0.15 - Advanced Micro Devices, Inc.) Hidden
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.14.3.0 - Asmedia Technology)
ASUS Bluetooth Suite (HKLM\...\{230D1595-57DA-4933-8C4E-375797EBB7E1}) (Version: 7.02.000.60 - ASUS Communications)
avast! Free Antivirus (HKLM-x32\...\Avast) (Version: 9.0.2021 - AVAST Software)
AviSynth 2.5 (HKLM-x32\...\AviSynth) (Version: - )
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2014.0915.1813.30937 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2014.0915.1813.30937 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2014.0915.1813.30937 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2014.0915.1812.30937 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2014.0915.1812.30937 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2014.0915.1812.30937 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2014.0915.1812.30937 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2014.0915.1812.30937 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2014.0915.1812.30937 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2014.0915.1812.30937 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2014.0915.1812.30937 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2014.0915.1812.30937 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2014.0915.1812.30937 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2014.0915.1812.30937 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2014.0915.1812.30937 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2014.0915.1812.30937 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2014.0915.1812.30937 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2014.0915.1812.30937 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2014.0915.1812.30937 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2014.0915.1812.30937 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2014.0915.1812.30937 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2014.0915.1812.30937 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2014.0915.1812.30937 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2014.0915.1812.30937 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2014.0915.1812.30937 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2014.0915.1813.30937 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.18 - Piriform)
COMODO Firewall (HKLM\...\{2736B6BD-31EC-4FC8-A48C-F0A5C914C0B6}) (Version: 7.0.55655.4142 - COMODO Security Solutions Inc.)
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
Definition Update for Microsoft Office 2013 (KB2760587) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{9719DFA1-7CB0-422E-98AE-C77FD3426BE8}) (Version: - Microsoft)
DreamStream E2 (HKLM-x32\...\845CCCCA-B77C-43EA-9A43-62DACEA4F902) (Version: 0.4.0 (Beta 14a) - Thomas "LazyT" Löwe)
Dropbox (HKCU\...\Dropbox) (Version: 2.10.30 - Dropbox, Inc.)
DVD Decrypter (Remove Only) (HKLM-x32\...\DVD Decrypter) (Version: - )
EaseUS Partition Master 10.0 (HKLM-x32\...\EaseUS Partition Master_is1) (Version: - EaseUS)
FormatFactory 3.1.1 (HKLM-x32\...\FormatFactory) (Version: 3.1.1 - Free Time)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 37.0.2062.124 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
IconPackager (HKLM-x32\...\IconPackager) (Version: - Stardock Corporation)
IconPackager (x32 Version: 5.00 - Stardock Corporation) Hidden
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java 8 Update 20 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218020F0}) (Version: 8.0.200 - Oracle Corporation)
Java Auto Updater (x32 Version: 2.8.20.26 - Oracle Corporation) Hidden
K-Lite Mega Codec Pack 10.5.5 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 10.5.5 - )
Magic ISO Maker v5.5 (build 0265) (HKLM-x32\...\Magic ISO Maker v5.5 (build 0265)) (Version: - )
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
MeGUI modern media encoder (remove only) (HKLM-x32\...\MeGUI modern media encoder) (Version: 0.3.1.1028 - )
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Access MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Access Setup Metadata MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft DCF MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Excel MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Groove MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft InfoPath MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Lync MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office 32-bit Components 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office OSM MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office OSM UX MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2013 - English (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2013 - Español (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Shared 32-bit MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft OneNote MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Outlook MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft PowerPoint MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Publisher MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (x32 Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (x32 Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Word MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
mIRC (HKLM-x32\...\mIRC) (Version: 7.32 - mIRC Co. Ltd.)
MKVtoolnix 2.8.0 (HKLM-x32\...\MKVtoolnix) (Version: 2.8.0 - Moritz Bunkus)
MotioninJoy Gamepad tool 0.7.1001 (HKLM\...\{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1) (Version: 0.7.1001 - www.motioninjoy.com)
Mozilla Firefox 32.0.3 (x86 en-GB) (HKLM-x32\...\Mozilla Firefox 32.0.3 (x86 en-GB)) (Version: 32.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
Mp3tag v2.60 (HKLM-x32\...\Mp3tag) (Version: v2.60 - Florian Heidenreich)
MSVCRT Redists (Version: 1.0 - Sony Creative Software Inc.) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nero 8 (HKLM-x32\...\{B944FA21-81AF-4A77-8328-CE4F4CC51033}) (Version: 8.10.21 - Nero AG)
neroxml (x32 Version: 1.0.0 - Nero AG) Hidden
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.6.7 - Notepad++ Team)
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Pro Evolution Soccer 2013 (HKLM-x32\...\{C2523AE6-F335-4D0B-BC15-1C07E4ACE629}) (Version: 1.00.0000 - KONAMI)
Pro Evolution Soccer 6 (HKLM-x32\...\InstallShield_{EBB794ED-D282-4334-92FB-254481EFF514}) (Version: 1.00.0000 - KONAMI)
Pro Evolution Soccer 6 (x32 Version: 1.00.0000 - KONAMI) Hidden
QuickPar 0.9 (HKLM-x32\...\QuickPar) (Version: 0.9 - Peter B. Clements)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Raptr (HKLM-x32\...\Raptr) (Version: - )
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.61.612.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7183 - Realtek Semiconductor Corp.)
RocketDock 1.3.5 (HKLM-x32\...\RocketDock_is1) (Version: - Punk Software)
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.0.13064_2 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.6.0.13064_2 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.27.0 - SAMSUNG Electronics Co., Ltd.)
SDFormatter (HKLM-x32\...\{179324FF-7B16-4BA8-9836-055CAAEE4F08}) (Version: 4.0.0 - SD Association)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version: - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version: - Microsoft) Hidden
Skype™ 6.20 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.20.104 - Skype Technologies S.A.)
System Requirements Lab CYRI (HKLM-x32\...\{705216C1-BA52-4B16-AFE4-4143B340D62D}) (Version: 6.0.12.6 - Husdawg, LLC)
TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - )
TechPowerUp GPU-Z (HKLM-x32\...\TechPowerUp GPU-Z) (Version: - TechPowerUp)
TViXiE (HKLM-x32\...\{D3011DCB-8E76-46DC-B643-97DFA381DBB3}) (Version: 1.3.3 - Mathias Johansson)
Update for Microsoft Excel 2013 (KB2889861) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{6A34D28A-A780-405D-BF1A-F054542A37C8}) (Version: - Microsoft)
Update for Microsoft Excel 2013 (KB2889861) 64-Bit Edition (HKLM\...\{90150000-0016-0409-1000-0000000FF1CE}_Office15.PROPLUS_{6A34D28A-A780-405D-BF1A-F054542A37C8}) (Version: - Microsoft)
Update for Microsoft Excel 2013 (KB2889861) 64-Bit Edition (HKLM\...\{90150000-0018-0409-1000-0000000FF1CE}_Office15.PROPLUS_{6A34D28A-A780-405D-BF1A-F054542A37C8}) (Version: - Microsoft)
Update for Microsoft Excel 2013 (KB2889861) 64-Bit Edition (HKLM\...\{90150000-001B-0409-1000-0000000FF1CE}_Office15.PROPLUS_{6A34D28A-A780-405D-BF1A-F054542A37C8}) (Version: - Microsoft)
Update for Microsoft Lync 2013 (KB2881083) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUS_{8260F0BF-F234-41FC-AB11-218A9925F77B}) (Version: - Microsoft)
Update for Microsoft Lync 2013 (KB2889860) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{75FECCEB-66B8-4376-8A25-6137D30D3C93}) (Version: - Microsoft)
Update for Microsoft Lync 2013 (KB2889860) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{75FECCEB-66B8-4376-8A25-6137D30D3C93}) (Version: - Microsoft)
Update for Microsoft Lync 2013 (KB2889860) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUS_{75FECCEB-66B8-4376-8A25-6137D30D3C93}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2760249) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{7A4AB8E1-C091-4BD3-B308-844BA6EE752A}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2760344) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{EF77B4A6-DFEC-4010-A87D-9B6BF87FABEC}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2760544) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{62857CDD-2985-4939-91BA-19ED0B0031A5}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2768012) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{0814662C-FD28-4DE0-ACE5-EE50D1D6C8FB}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2817302) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{E79EFFDB-192A-4D9E-A2DB-C0F774E6EC32}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2817302) 64-Bit Edition (HKLM\...\{90150000-0016-0409-1000-0000000FF1CE}_Office15.PROPLUS_{E79EFFDB-192A-4D9E-A2DB-C0F774E6EC32}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2837644) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D692E9FF-84BF-4F44-A0EA-D58ECE0D538E}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2863843) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{290D80DE-03AB-47EC-9402-108AF4CE4F66}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2880462) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{24584DD4-C680-4FEB-A464-D760C7A5B041}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2880462) 64-Bit Edition (HKLM\...\{90150000-006E-0409-1000-0000000FF1CE}_Office15.PROPLUS_{24584DD4-C680-4FEB-A464-D760C7A5B041}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2880462) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{24584DD4-C680-4FEB-A464-D760C7A5B041}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2880478) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{8116ED50-F1E7-49E1-9D8D-421497D34B0F}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2881001) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{DF1B7B95-4A86-4605-A628-556394B5580A}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2881009) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{3033838D-15E0-4199-8CBD-A7F2057AE653}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2881035) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{885C981B-F1E3-430A-A099-31CA9D28C251}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2881035) 64-Bit Edition (HKLM\...\{90150000-0016-0409-1000-0000000FF1CE}_Office15.PROPLUS_{885C981B-F1E3-430A-A099-31CA9D28C251}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2881035) 64-Bit Edition (HKLM\...\{90150000-0090-0409-1000-0000000FF1CE}_Office15.PROPLUS_{885C981B-F1E3-430A-A099-31CA9D28C251}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2881039) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{C675FC43-E413-49A7-B3DC-44967B4FE22D}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2881081) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{3BE27413-9FFE-4AB1-9013-344E111E718F}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2883036) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{E919ACF4-A1D7-4CAA-A103-5EB115563721}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2883049) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{39D9DAC1-16A7-430A-B2F3-4D3D000454D0}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2883060) 64-Bit Edition (HKLM\...\{90150000-001F-0409-1000-0000000FF1CE}_Office15.PROPLUS_{F9C35D99-CA8E-4D17-B785-66AC654D5664}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2883060) 64-Bit Edition (HKLM\...\{90150000-001F-040C-1000-0000000FF1CE}_Office15.PROPLUS_{18C53DCB-FA98-4A7B-BC2E-6DA30D4E4901}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2883060) 64-Bit Edition (HKLM\...\{90150000-001F-0C0A-1000-0000000FF1CE}_Office15.PROPLUS_{6E2862B8-C10A-4FD0-9B82-8D9761301AAA}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2889848) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{A9D59DD4-0591-447A-AEEB-DC1FEE5502BF}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2889848) 64-Bit Edition (HKLM\...\{90150000-006E-0409-1000-0000000FF1CE}_Office15.PROPLUS_{A9D59DD4-0591-447A-AEEB-DC1FEE5502BF}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2889848) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{A9D59DD4-0591-447A-AEEB-DC1FEE5502BF}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2889862) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{CC0535B0-340B-4740-A63D-DBBE389DC83A}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2889862) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{CC0535B0-340B-4740-A63D-DBBE389DC83A}) (Version: - Microsoft)
Update for Microsoft OneDrive for Business (KB2889866) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{6666C6C6-4AC6-4475-887E-5874B69EB414}) (Version: - Microsoft)
Update for Microsoft OneDrive for Business (KB2889866) 64-Bit Edition (HKLM\...\{90150000-00BA-0409-1000-0000000FF1CE}_Office15.PROPLUS_{6666C6C6-4AC6-4475-887E-5874B69EB414}) (Version: - Microsoft)
Update for Microsoft OneDrive for Business (KB2889866) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{6666C6C6-4AC6-4475-887E-5874B69EB414}) (Version: - Microsoft)
Update for Microsoft OneDrive for Business (KB2889866) 64-Bit Edition (HKLM\...\{90150000-00C1-0409-1000-0000000FF1CE}_Office15.PROPLUS_{6666C6C6-4AC6-4475-887E-5874B69EB414}) (Version: - Microsoft)
Update for Microsoft OneNote 2013 (KB2881082) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{BFD66A5D-F608-441E-9282-41E13F5E7412}) (Version: - Microsoft)
Update for Microsoft OneNote 2013 (KB2881082) 64-Bit Edition (HKLM\...\{90150000-00A1-0409-1000-0000000FF1CE}_Office15.PROPLUS_{BFD66A5D-F608-441E-9282-41E13F5E7412}) (Version: - Microsoft)
Update for Microsoft OneNote 2013 (KB2881082) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{BFD66A5D-F608-441E-9282-41E13F5E7412}) (Version: - Microsoft)
Update for Microsoft Outlook 2013 (KB2880470) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{34A169EC-990A-4DAE-AC65-9F981158B7DB}) (Version: - Microsoft)
Update for Microsoft Outlook 2013 (KB2880470) 64-Bit Edition (HKLM\...\{90150000-001A-0409-1000-0000000FF1CE}_Office15.PROPLUS_{34A169EC-990A-4DAE-AC65-9F981158B7DB}) (Version: - Microsoft)
Update for Microsoft PowerPoint 2013 (KB2889847) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{7F1008C2-8C87-497F-B6D8-56B53DA0FAB3}) (Version: - Microsoft)
Update for Microsoft PowerPoint 2013 (KB2889847) 64-Bit Edition (HKLM\...\{90150000-0018-0409-1000-0000000FF1CE}_Office15.PROPLUS_{7F1008C2-8C87-497F-B6D8-56B53DA0FAB3}) (Version: - Microsoft)
Update for Microsoft Publisher 2013 (KB2880999) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{C07147B9-CC0B-4CC1-A107-A705889A54F2}) (Version: - Microsoft)
Update for Microsoft Publisher 2013 (KB2880999) 64-Bit Edition (HKLM\...\{90150000-0019-0409-1000-0000000FF1CE}_Office15.PROPLUS_{C07147B9-CC0B-4CC1-A107-A705889A54F2}) (Version: - Microsoft)
Update for Microsoft Visio Viewer 2013 (KB2817301) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{8E5CD68A-CDF8-4930-88DF-B7778B1871A9}) (Version: - Microsoft)
Update for Microsoft Visio Viewer 2013 (KB2817301) 64-Bit Edition (HKLM\...\{90150000-006E-0409-1000-0000000FF1CE}_Office15.PROPLUS_{8E5CD68A-CDF8-4930-88DF-B7778B1871A9}) (Version: - Microsoft)
Update for Microsoft Word 2013 (KB2878319) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{BC51FE30-3A56-4802-8D9E-E9BC05B56B49}) (Version: - Microsoft)
Update for Microsoft Word 2013 (KB2889852) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{01839F84-E94C-4E47-BEBE-95DF9CAE5FF3}) (Version: - Microsoft)
Update for Microsoft Word 2013 (KB2889852) 64-Bit Edition (HKLM\...\{90150000-001A-0409-1000-0000000FF1CE}_Office15.PROPLUS_{01839F84-E94C-4E47-BEBE-95DF9CAE5FF3}) (Version: - Microsoft)
Update for Microsoft Word 2013 (KB2889852) 64-Bit Edition (HKLM\...\{90150000-001B-0409-1000-0000000FF1CE}_Office15.PROPLUS_{01839F84-E94C-4E47-BEBE-95DF9CAE5FF3}) (Version: - Microsoft)
Update for Microsoft Word 2013 (KB2889852) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUS_{01839F84-E94C-4E47-BEBE-95DF9CAE5FF3}) (Version: - Microsoft)
UseNeXT by Tangysoft (HKLM-x32\...\UseNeXT by Tangysoft_is1) (Version: - Tangysoft Ltd.)
VCRedistSetup (x32 Version: 1.0.0 - Nero AG) Hidden
Vegas Pro 13.0 (64-bit) (HKLM\...\{CDA02BF0-BFBC-11E3-AFA0-F04DA23A5C58}) (Version: 13.0.290 - Sony)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WampServer 2.5 (HKLM-x32\...\WampServer 2_is1) (Version: - Hervé Leclerc (HeL))
Winamp (HKLM-x32\...\Winamp) (Version: 5.5 - Nullsoft, Inc)
WinAVI Video Converter (HKLM-x32\...\WinAVI Video Converter 10.0_is1) (Version: - ZJ Computing,Inc.)
Windows Resource Kit Tools - SubInAcl.exe (HKLM-x32\...\{D3EE034D-5B92-4A55-AA02-2E6D0A6A96EE}) (Version: 5.2.3790.1164 - Microsoft Corporation)
WinRAR archiver (HKLM-x32\...\WinRAR archiver) (Version: - )
Xilisoft Video Converter Ultimate (HKLM-x32\...\Xilisoft Video Converter Ultimate) (Version: 7.7.2.20130217 - Xilisoft)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3286673083-1926705729-2674503367-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Asim Hussain\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3286673083-1926705729-2674503367-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Asim Hussain\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3286673083-1926705729-2674503367-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Asim Hussain\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3286673083-1926705729-2674503367-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Asim Hussain\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3286673083-1926705729-2674503367-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Asim Hussain\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3286673083-1926705729-2674503367-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Asim Hussain\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3286673083-1926705729-2674503367-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Asim Hussain\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3286673083-1926705729-2674503367-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Asim Hussain\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3286673083-1926705729-2674503367-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Asim Hussain\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

==================== Restore Points =========================

07-10-2014 21:17:22 Restore Operation
07-10-2014 21:22:14 avast! antivirus system restore point
07-10-2014 21:22:46 Restore Operation
07-10-2014 21:34:54 avast! antivirus system restore point
08-10-2014 00:11:21 Windows Update
08-10-2014 17:11:01 Restore Operation
08-10-2014 18:32:06 Windows Update
09-10-2014 19:18:08 Windows Restore 09102014
09-10-2014 19:44:06 Installed Windows Resource Kit Tools - SubInAcl.exe
11-10-2014 11:45:38 Before Malwarebytes Rootkit
11-10-2014 22:16:28 Anti Malware Rootkit scan

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2014-10-11 18:31 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {01765A31-5E83-48EC-B196-1696CB62DC48} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [2014-06-28] ()
Task: {463F6942-3BF7-45CB-99C0-D972430E0590} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-06-30] (Google Inc.)
Task: {52265CCA-BCEA-43A8-BF38-DFB55AB874AB} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-06-30] (Google Inc.)
Task: {65597A06-D396-4BCD-A904-F7373DE19960} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {A67869CC-6D39-4A5D-B79B-D31872FF28F0} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-07-09] (AVAST Software)
Task: {C4AD1EA3-0C77-4C8C-8F1C-2E7A4FCCB5A4} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {EE245385-6C1F-4190-B1DB-99C72FE1404C} - System32\Tasks\AdobeAAMUpdater-1.0-AsimHussain-PC-Asim Hussain => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2014-02-27] (Adobe Systems Incorporated)
Task: {F1B193E3-2E94-4B39-AFCE-BE370B8D2A78} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-09-26] (Piriform Ltd)
Task: {F3C0002E-6065-49F4-8533-87E6C3D27F9C} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2014-04-16] (COMODO)
Task: {F696BB44-AD48-4F52-8132-81DEB4A3C2D3} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2014-04-16] (COMODO)
Task: {F787BA60-B3BD-4D97-91AB-83DDE4E308CF} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-09-15 18:13 - 2014-09-15 18:13 - 00214528 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll
2014-02-11 07:08 - 2014-02-11 07:08 - 00817152 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll
2014-02-11 07:08 - 2014-02-11 07:08 - 03650560 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Platform.dll
2014-06-29 14:18 - 2007-09-02 14:58 - 00495616 _____ () C:\Program Files (x86)\RocketDock\RocketDock.exe
2014-09-15 18:13 - 2014-09-15 18:13 - 00102400 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2014-06-28 21:32 - 2008-06-20 00:41 - 00062464 _____ () C:\Program Files (x86)\WinRAR\rarext64.dll
2014-07-09 20:30 - 2014-07-09 20:30 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll
2014-10-11 20:38 - 2014-10-11 20:38 - 02873856 _____ () C:\Program Files\AVAST Software\Avast\defs\14101101\algo.dll
2014-08-12 09:55 - 2014-08-12 09:55 - 08894120 _____ () C:\Program Files (x86)\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2014-06-29 14:18 - 2007-09-02 14:57 - 00069632 _____ () C:\Program Files (x86)\RocketDock\RocketDock.dll
2014-07-09 20:30 - 2014-07-09 20:30 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-06-28 20:50 - 2014-09-25 20:34 - 03715184 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-09-09 13:00 - 2014-09-09 13:00 - 00023576 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\ti_managers_proxy_stub.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: AcrSch2Svc => 2
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdvancedSystemCareService7 => 2
MSCONFIG\Services: afcdpsrv => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: IMFservice => 2
MSCONFIG\Services: KMSServerService => 2
MSCONFIG\Services: LiveUpdateSvc => 2
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: NMIndexingService => 3
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: syncagentsrv => 2
MSCONFIG\Services: TunMirror => 2
MSCONFIG\startupreg: Acronis Scheduler2 Service => "C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe"
MSCONFIG\startupreg: AcronisTibMounterMonitor => C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: Advanced SystemCare 7 => "C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe" /Auto
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: AthBtTray => "C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe"
MSCONFIG\startupreg: AtherosBtStack => "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"
MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: EaseUS EPM tray => C:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.0\bin\EpmNews.exe
MSCONFIG\startupreg: EaseUS EPM Tray Agent => "C:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.0\bin\TrayPopupE\TrayTipAgentE.exe"
MSCONFIG\startupreg: GoogleChromeAutoLaunch_8AB6A447ACEFAE8847B8C9E0EF8772DA => "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
MSCONFIG\startupreg: IObit Malware Fighter => "C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe" /autostart
MSCONFIG\startupreg: KiesAirMessage => C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup
MSCONFIG\startupreg: KiesPreload => C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload
MSCONFIG\startupreg: KiesTrayAgent => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: Raptr => C:\PROGRA~2\Raptr\raptrstub.exe --startup
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: TrueImageMonitor.exe => "C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe"
MSCONFIG\startupreg: uTorrent => "C:\Users\Asim Hussain\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED

========================= Accounts: ==========================

Administrator (S-1-5-21-3286673083-1926705729-2674503367-500 - Administrator - Disabled)
Asim Hussain (S-1-5-21-3286673083-1926705729-2674503367-1000 - Administrator - Enabled) => C:\Users\Asim Hussain
Guest (S-1-5-21-3286673083-1926705729-2674503367-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3286673083-1926705729-2674503367-1002 - Limited - Enabled)

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============

Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
Date: 2014-10-11 18:30:37.571
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-10-11 18:30:37.509
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: AMD FX(tm)-4100 Quad-Core Processor
Percentage of memory in use: 14%
Total physical RAM: 16300.26 MB
Available physical RAM: 13885.87 MB
Total Pagefile: 32598.7 MB
Available Pagefile: 29939.09 MB
Total Virtual: 8192 MB
Available Virtual: 8191.8 MB

==================== Drives ================================

Drive c: (Windows 7) (Fixed) (Total:238.37 GB) (Free:115.91 GB) NTFS
Drive d: (2TB Drive) (Fixed) (Total:1863.01 GB) (Free:163.47 GB) NTFS
Drive e: (Windows 8) (Fixed) (Total:81.36 GB) (Free:38.34 GB) NTFS
Drive f: (Video Editing) (Fixed) (Total:508.32 GB) (Free:187.76 GB) NTFS
Drive g: (Programs & Pictures) (Fixed) (Total:341.83 GB) (Free:123.71 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 1863 GB) (Disk ID: 0DFA2BF3)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 238.5 GB) (Disk ID: 9A12DD7A)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=238.4 GB) - (Type=OF Extended)

========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 9E438C40)
Partition 1: (Not Active) - (Size=81.4 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=508.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=341.8 GB) - (Type=07 NTFS)

==================== End Of Log ============================
 
Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST(FRST64) and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
 

Attachments

  • fixlist.txt
    268 bytes · Views: 5
Here you go mate.

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-10-2014
Ran by Asim Hussain at 2014-10-12 11:04:33 Run:1
Running from C:\Users\Asim Hussain\Desktop
Loaded Profile: Asim Hussain (Available profiles: Asim Hussain)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
S4 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
C:\Users\Asim Hussain\AppData\Local\Temp\Quarantine.exe
RemoveDirectory: C:\Program Files (x86)\IObit
*****************

LiveUpdateSvc => Service deleted successfully.
catchme => Service deleted successfully.
VGPU => Service deleted successfully.
C:\Users\Asim Hussain\AppData\Local\Temp\Quarantine.exe => Moved successfully.
"C:\Program Files (x86)\IObit" => File/Directory not found.

==== End of Fixlog ====

I have uninstalled Advanced system care after you asked me to remove in your first post.
 
Broni I am facing this same problem as before. I have to give permission to certain folder in program files (admin right) even though I am admin.

For e.g. IOBIT folder in program data was not deleted after uninstalling all advanced system care programs. For me to uninstall ASC I had to give full permission to the folder before uninstall.

I am seeing $Recyclebin folder on all my hardrives and Program data is also visible I thought both of these were hidden.

It looks like permission were tempered with after I had this Virus/Malware/Trojen attack.

How can I fix all these issues. I appreciate you helping surely I will donate for ur efforts.
 
Both folders are hidden system folders and as such they WILL need special permissions in order to make any changes there.
Open Windows Explorer. Go Tools>Folder Options>View tab , put a checkmark next to Don't show hidden files, and folders, checkmark Hide protected operating system files.
Restart Windows Explorer.

How is computer doing?

Last scans...

redtarget.gif
Download Security Check from here or here and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run


redtarget.gif
Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

redtarget.gif
Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.

redtarget.gif
Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Internet Explorer users - Click on this link to open ESET OnlineScan.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on ESET Smart Installer to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the http://www.bleepstatic.com/fhost/uploads/0/esetsmartinstaller_enu.png][/url] icon on your desktop.
      [/LIST]
      [*]Check [I]"YES, I accept the Terms of Use."[/I]
      [*]Click the [b]Start[/b] button.
      [*]Accept any security warnings from your browser.[/*]
      [*]Check [I]"Enable detection of potentially unwanted applications"[/I].
      [*]Click [I]Advanced settings[/I] and make sure all 4 boxes are checkmarked (two of them are already checkmarked by default).
      Do NOT checkmark [I]"Use custom proxy settings"[/I]
      [*]Click the [b]Start[/b] button.
      [*]ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
      [*]When the scan completes, click [b]List Threats[/b][/*]
      [*]Click [b]Export[/b], and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
      [*]Click the [b]Back[/b] button.
      [*]Click the [b]Finish[/b] button.
      [/LIST]
 
System is stable now. Its just these issues now I am facing.

Problem with recycle bin showing and program data showing even thorugh "Hide protected operating system files" was ticked I dont understand why they are not hidden. I have manaully hidden them now. Is that okay? I will post logs when ESET scanner finishes its scan.
 
Hi Baroni. I have left my pc on overnight to let est to finish its scan. I am at work now. Est is finished scanning all my drive and has posted 159 infected items. I have asked my mrs to save txt file of the scan. Do I delete quarantine? Not sure what to do.
IMG-20141013-WA0002.jpg
I will post logs when I am at home 7pm uk time.
 
Here you go.

Results of screen317's Security Check version 0.99.88
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Disabled!
avast! Antivirus
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
MVPS Hosts File
Java 7 Update 67
Java 8 Update 20
Adobe Flash Player 15.0.0.152
Adobe Reader XI
Mozilla Firefox (32.0.3)
Google Chrome 37.0.2062.120
Google Chrome 37.0.2062.124
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbam.exe
Comodo Firewall cmdagent.exe
Malwarebytes Anti-Malware mbamscheduler.exe
AVAST Software Avast AvastSvc.exe
AVAST Software Avast avastui.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 17% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````

Farbar Service Scanner Version: 21-07-2014
Ran by Asim Hussain (administrator) on 12-10-2014 at 22:20:48
Running from "C:\Users\Asim Hussain\Desktop"
Microsoft Windows 7 Ultimate Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============

Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed


**** End of log ****

ESET Log

D:\PC Storage\Solid State Drive Files\Others\My Backup\blackmart\downloads\org.greenlie.livesportstv.6.apk a variant of Android/Plankton.I trojan
D:\PC Storage\Solid State Drive Files\Others\My Backup\Download\awraw5117.apk a variant of Android/TrojanSMS.Agent.KA trojan
D:\PC Storage\Solid State Drive Files\Others\My Backup\Download\b2mddddddd-1.apk a variant of Android/TrojanSMS.Agent.KA trojan
D:\PC Storage\Solid State Drive Files\Others\My Backup\Download\b2mddddddd.apk a variant of Android/TrojanSMS.Agent.KA trojan
D:\PC Storage\Solid State Drive Files\Others\My Backup\Download\b2m_c_2769.apk a variant of Android/TrojanSMS.Agent.KA trojan
D:\PC Storage\Solid State Drive Files\Others\My Backup\Download\Black Market Alpha Pro.apk multiple threats
D:\PC Storage\Solid State Drive Files\Others\My Backup\Download\Black Market Alpha-1.apk a variant of Android/Plankton.I trojan
D:\PC Storage\Solid State Drive Files\Others\My Backup\Download\black market alpha.apk a variant of Android/Plankton.I trojan
D:\PC Storage\Solid State Drive Files\Others\My Backup\Download\Black Market Alpha_1.apk a variant of Android/Plankton.I trojan
D:\PC Storage\Solid State Drive Files\Others\My Backup\Download\Blackmart Alpha 0.49.93-2.apk a variant of Android/Plankton.I trojan
D:\PC Storage\Solid State Drive Files\Others\My Backup\Download\Blackmart Alpha 0.49.93_2.apk a variant of Android/Plankton.I trojan
D:\PC Storage\Solid State Drive Files\Others\My Backup\Download\Blackmart Alpha full Edition-1.apk a variant of Android/Plankton.I trojan
D:\PC Storage\Solid State Drive Files\Others\My Backup\Download\Blackmart Alpha full Edition.apk a variant of Android/Plankton.I trojan
D:\PC Storage\Solid State Drive Files\Others\My Backup\Download\Blackmart Alpha Pro-1.apk a variant of Android/Leadbolt.E potentially unwanted application
D:\PC Storage\Solid State Drive Files\Others\My Backup\Download\Blackmart Alpha Pro.apk a variant of Android/Leadbolt.E potentially unwanted application
D:\PC Storage\Solid State Drive Files\Others\My Backup\Download\Blackmart Alpha-51-1.apk a variant of Android/Plankton.I trojan
D:\PC Storage\Solid State Drive Files\Others\My Backup\Download\Blackmart Alpha-51-2.apk a variant of Android/Plankton.I trojan
D:\PC Storage\Solid State Drive Files\Others\My Backup\Download\Blackmart Alpha-51.apk a variant of Android/Plankton.I trojan
D:\PC Storage\Solid State Drive Files\Others\My Backup\Download\cb44432.apk a variant of Android/TrojanSMS.Agent.KA trojan
D:\PC Storage\Solid State Drive Files\Others\My Backup\Download\ctb7389-1.apk a variant of Android/TrojanSMS.Agent.KA trojan
D:\PC Storage\Solid State Drive Files\Others\My Backup\Download\ctb7389-2.apk a variant of Android/TrojanSMS.Agent.KA trojan
D:\PC Storage\Solid State Drive Files\Others\My Backup\Download\ctb7389.apk a variant of Android/TrojanSMS.Agent.KA trojan
D:\PC Storage\Solid State Drive Files\Others\My Backup\Download\gb317gr.apk a variant of Android/TrojanSMS.Agent.KA trojan
D:\PC Storage\Solid State Drive Files\Others\My Backup\Download\glm211sx-1.apk a variant of Android/TrojanSMS.Agent.KA trojan
D:\PC Storage\Solid State Drive Files\Others\My Backup\Download\glm211sx.apk a variant of Android/TrojanSMS.Agent.KA trojan
D:\PC Storage\Solid State Drive Files\Others\My Backup\Download\mub2342asdf.apk a variant of Android/TrojanSMS.Agent.KA trojan
D:\PC Storage\Solid State Drive Files\Others\My Backup\Download\Playporn_1390951089_888995-1.apk Android/TrojanSMS.Agent.ABK trojan
D:\PC Storage\Solid State Drive Files\Others\My Backup\Download\Playporn_1390951089_888995.apk Android/TrojanSMS.Agent.ABK trojan
D:\PC Storage\Solid State Drive Files\Others\My Backup\Download\Scan-For-Viruses-Now-1.apk a variant of Android/AndroidArmour.D potentially unwanted application
D:\PC Storage\Solid State Drive Files\Others\My Backup\Download\Scan-For-Viruses-Now.apk a variant of Android/AndroidArmour.D potentially unwanted application
D:\PC Storage\Solid State Drive Files\Others\My Backup\KingsoftOffice\file\download\attachment.txt Win32/DownWare.V potentially unwanted application
D:\PC Storage\Solid State Drive Files\Programs Files\Pro Evolution Soccer 2013\rld_100.dll Win32/HackTool.Crack.BB potentially unsafe application
E:\Users\Asim\Downloads\ccsetup412.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
E:\Users\Asim\Downloads\KMSpico Install\KMSpico_setup.exe a variant of MSIL/HackTool.IdleKMS.C potentially unsafe application
E:\Windows\SECOH-QAD.exe Win64/HackKMS.C potentially unsafe application
F:\C Drive\Docs\Battlefield 3\Battlefield_3_[Update_10].rar a variant of Win32/HackTool.CheatEngine.AF potentially unsafe application
F:\C Drive\Docs\Battlefield 3\Trainer Battlefield 3 [Update 10].exe a variant of Win32/HackTool.CheatEngine.AF potentially unsafe application
F:\C Drive\Downloads\Pro Evolution Soccer Tools\PES2013 Tools\rld.dll Win32/HackTool.Crack.BB potentially unsafe application
F:\C Drive\Downloads\Pro Evolution Soccer Tools\PES2013 Tools\PES 2013 Game Directory\Pro Evolution Soccer 2013\rld.dll Win32/HackTool.Crack.BB potentially unsafe application
F:\C Drive\Downloads\Pro Evolution Soccer Tools\PES2013 Tools\PES 2013 Game Directory\Pro Evolution Soccer 2013\rld_100.dll Win32/HackTool.Crack.BB potentially unsafe application
F:\C Drive\Downloads\Pro Evolution Soccer Tools\PES2013 Tools\PES2013 Worldcup 2014 Patch\AIO V2\V2.AIO.WC14. for pes13\Installer.exe Win32/HackTool.Crack.BB potentially unsafe application
F:\C Drive\Downloads\Pro Evolution Soccer Tools\PES2013 Tools\PES2013 Worldcup 2014 Patch\PESModders\PESModders Mundial Brasil 2014.exe Win32/HackTool.Crack.BB potentially unsafe application
F:\C Drive\Downloads\Pro Evolution Soccer Tools\PES2013 Tools\PESEDIT Patch 6\Installer.exe Win32/HackTool.Crack.BB potentially unsafe application
F:\C Drive\Downloads\Pro Evolution Soccer Tools\PES2014 Tools\PES 2014 Option Files\PC\PESEdit.com 2014 Patch 0.2\Installer.exe Win32/HackTool.Crack.BB potentially unsafe application
F:\C Drive\Downloads\Pro Evolution Soccer Tools\PES2014 Tools\PTE Patch\[PES14] PTE PATCH 1.1\setup.exe Win32/HackTool.Crack.BB potentially unsafe application
F:\Video Editing\Editing Tutorials\Sony Vegas\Sony Vegas 11 Presets\Zlargo114's Plugin Pack!\Zlargo114's Plugin Pack!.rar a variant of Win32/HackTool.Patcher.T potentially unsafe application
G:\PC Programs\Programs\cbsidlm-tr1_13-Simple_HTML_To_Text_Converter-ORG-10587330.exe Win32/DownloadAdmin.G potentially unwanted application
G:\PC Programs\Programs\ccsetup322.exe Win32/Bundled.Toolbar.Google.E potentially unsafe application
G:\PC Programs\Programs\ccsetup324.exe Win32/Bundled.Toolbar.Google.E potentially unsafe application
G:\PC Programs\Programs\ccsetup325.exe Win32/Bundled.Toolbar.Google.E potentially unsafe application
G:\PC Programs\Programs\ccsetup401.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
G:\PC Programs\Programs\ccsetup405.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
G:\PC Programs\Programs\ccsetup406.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
G:\PC Programs\Programs\ccsetup409.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
G:\PC Programs\Programs\ccsetup410.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
G:\PC Programs\Programs\ccsetup413.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
G:\PC Programs\Programs\ccsetup415.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
G:\PC Programs\Programs\cpu-z_1.61-setup-en.exe a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application
G:\PC Programs\Programs\FerrariFiller_1_3_3_7FSE.exe a variant of Win32/Packed.Themida potentially unwanted application
G:\PC Programs\Programs\FFSetup280(1).exe a variant of Win32/ELEX.AG potentially unwanted application
G:\PC Programs\Programs\FFSetupMultilingual3-1-1.exe a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application
G:\PC Programs\Programs\FreeAVIMP4WMVMPEGVideoJoiner.exe a variant of Win32/Toolbar.Conduit.B potentially unwanted application
G:\PC Programs\Programs\Mipony-Installer.exe a variant of Win32/InstallCore.BY potentially unwanted application
G:\PC Programs\Programs\MP4Joiner-1.0-win32(1).exe Win32/DownWare.W potentially unwanted application
G:\PC Programs\Programs\MP4Joiner-1.0-win32.exe Win32/DownWare.W potentially unwanted application
G:\PC Programs\Programs\Pes2014.All.Version.tr28-3DMGAME.exe a variant of Win32/FlyStudio potentially unwanted application
G:\PC Programs\Programs\rcsetup146.exe Win32/Bundled.Toolbar.Google.E potentially unsafe application
G:\PC Programs\Programs\Setup-SopCast-3.4.0-2011-6-9.exe a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
G:\PC Programs\Programs\SFInstaller_SFFZ_filezilla_8992693_.exe a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application
G:\PC Programs\Programs Folder\Adobe CS6 Master Collection\CS6 Master Collection\KEYGEN-XFORCE [WIN OSX]\Crack-OSX\xf-amcs6.dmg OSX/Keygen.AA potentially unsafe application
G:\PC Programs\Programs Folder\Adobe CS6 Master Collection\CS6 Master Collection\KEYGEN-XFORCE [WIN OSX]\Crack-Windows\disable_activation.cmd BAT/HostsChanger.A potentially unsafe application
G:\PC Programs\Programs Folder\Adobe Dreamweaver CC 2014 14 Build 6733 [ChingLiu]\Crack\xf-adobecc.exe a variant of Win32/Keygen.HA potentially unsafe application
G:\PC Programs\Programs Folder\Adobe.Creative.Suite.5.5.Master.Collection.EN.ESD-WZT\ADOBE.CS5.5.MC_KEYGEN_WIN_OSX-XFORCE\WIN\disable_activation.cmd BAT/HostsChanger.A potentially unsafe application
G:\PC Programs\Programs Folder\Advanced SystemCare Pro 7.3.0.457 [ChingLiu]\Advanced-SystemCare.exe a variant of Win32/Toolbar.Widgi.B potentially unwanted application
G:\PC Programs\Programs Folder\Dreambox Files\DreamBox Files\DM800S\Rar Files\DreamBox-OptiFlasher-Ev1.0.4.rar a variant of Win32/Packed.Themida potentially unwanted application
G:\PC Programs\Programs Folder\Dreambox Files\DreamBox Files\DM800SE HD\FerrariFiller_1_3_3_7FSE.rar a variant of Win32/Packed.Themida potentially unwanted application
G:\PC Programs\Programs Folder\Dreambox Files\DreamBox Files\DM800SE HD\FFSetup3.0.1.zip a variant of Win32/Hao123.A potentially unwanted application
G:\PC Programs\Programs Folder\Hiren's BootCD 15.2 Rebuild All in One Bootable CD\12.Hiren.s.Boot.CD.15.2.iso a variant of Win32/Toolbar.Conduit.H potentially unwanted application
G:\PC Programs\Programs Folder\MAGIX Audio Cleaning Lab 2013 19.0.0.10 English [ChingLiu]\Audio_Cleaning_Lab_2013_DLV_en-II_121001_10-52_19_0_0_10.exe a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
G:\PC Programs\Programs Folder\Nero 8.1.1.0 Ultra Edition + Keygen [h33t] [CaZoR]\Nero 8.1.1.0 Ultra Edition + Keygen [h33t] [CaZoR].rar a variant of Win32/Keygen.DS potentially unsafe application
G:\PC Programs\Programs Folder\Nitro PDF Professional Enterprise 8 (32-bit+64-bit) v8.1.1.12 + Key + Keygen - {Cyclonoid}\Nitro PDF Professional Enterprise 8 (64-bit-x64) v8.1.1.12 + Keygen - {Cyclonoid}.rar a variant of Win32/Keygen.AN potentially unsafe application
G:\PC Programs\Programs Folder\Nitro PDF Professional Enterprise 8 (32-bit+64-bit) v8.1.1.12 + Key + Keygen - {Cyclonoid}\Nitro PDF Professional Enterprise 8 (64-bit-x64) v8.1.1.12 + Keygen - {Cyclonoid}\keygen_np8.exe a variant of Win32/Keygen.AN potentially unsafe application
G:\PC Programs\Programs Folder\Sony Vegas Pro 13.0 build 290 (64 bit) Multilingual [ChingLiu]\Patch KHG\vegas.pro.13.0.(64-bit)-patch.exe a variant of Win32/HackTool.Patcher.AD potentially unsafe application
G:\PC Programs\Zip Files\FFSetup3.0.1.zip a variant of Win32/Hao123.A potentially unwanted application
C:\Users\Asim Hussain\Downloads\Alien Isolation V1.00 Trainer +4 MrAntiFun B.EXE a variant of Win32/HackTool.CheatEngine.AF potentially unsafe application deleted - quarantined
D:\PC Storage\Downloads Folder\batmanarkhamoriginstrainer_+2.rar a variant of Win32/HackTool.CheatEngine.AF potentially unsafe application deleted - quarantined
D:\PC Storage\Downloads Folder\ccsetup407.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined
D:\PC Storage\Downloads Folder\ccsetup408.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined
D:\PC Storage\Downloads Folder\ccsetup409.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined
D:\PC Storage\Downloads Folder\CrystalDiskInfo6_0_4ShizukuUltimate-en.exe Win32/OpenCandy potentially unsafe application deleted - quarantined
D:\PC Storage\Downloads Folder\dfsetup216.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined
D:\PC Storage\Mobile Phones\Imran Backup\Internal Backup\blackmart\downloads\com.allsports.live.390.apk a variant of Android/Leadbolt.E potentially unwanted application deleted - quarantined
D:\PC Storage\Mobile Phones\Imran Backup\Internal Backup\blackmart\downloads\com.celebrities.wwefannation.2.apk a variant of Android/AdDisplay.AirPush.G potentially unwanted application deleted - quarantined
D:\PC Storage\Mobile Phones\Imran Backup\Internal Backup\blackmart\downloads\com.DSquareAndroid.hindimovies.5.apk a variant of Android/Plankton.I trojan deleted - quarantined
D:\PC Storage\Mobile Phones\Imran Backup\Internal Backup\blackmart\downloads\com.kii.im.hd.4.apk a variant of Android/AdDisplay.AirPush.G potentially unwanted application deleted - quarantined
D:\PC Storage\Mobile Phones\Imran Backup\Internal Backup\blackmart\downloads\com.kt.boxoffice.hd.7.apk a variant of Android/AdDisplay.AirPush.G potentially unwanted application deleted - quarantined
D:\PC Storage\Mobile Phones\Imran Backup\Internal Backup\blackmart\downloads\com.nk.bwdmvs.26.apk a variant of Android/AdDisplay.AirPush.G potentially unwanted application deleted - quarantined
D:\PC Storage\Mobile Phones\Imran Backup\Internal Backup\blackmart\downloads\com.robotsandpencils.minecraftWEent.2147483641.apk a variant of Android/AdDisplay.AirPush.G potentially unwanted application deleted - quarantined
D:\PC Storage\Mobile Phones\Imran Backup\Internal Backup\blackmart\downloads\flash_player.flash.player.free.574.apk a variant of Android/Plankton.I trojan deleted - quarantined
D:\PC Storage\Mobile Phones\Imran Backup\Internal Backup\blackmart\downloads\in.droidstore.freehindimovies.29.apk a variant of Android/AdDisplay.AirPush.G potentially unwanted application deleted - quarantined
D:\PC Storage\Mobile Phones\Imran Backup\Internal Backup\blackmart\downloads\live.wtchtv.pro.4.apk a variant of Android/Plankton.I trojan deleted - quarantined
D:\PC Storage\Mobile Phones\Imran Backup\Internal Backup\blackmart\downloads\net.tv.watch.free.300000000.apk a variant of Android/Plankton.I trojan deleted - quarantined
D:\PC Storage\Mobile Phones\Imran Backup\Internal Backup\blackmart\downloads\online.livetv2g3g.6.apk a variant of Android/AdDisplay.AirPush.G potentially unwanted application deleted - quarantined
D:\PC Storage\Mobile Phones\Imran Backup\Internal Backup\blackmart\downloads\org.greenlie.livesportstv.6.apk a variant of Android/Plankton.I trojan deleted - quarantined
D:\PC Storage\Mobile Phones\Imran Backup\Internal Backup\Download\awraw5117.apk a variant of Android/TrojanSMS.Agent.KA trojan deleted - quarantined
D:\PC Storage\Mobile Phones\Imran Backup\Internal Backup\Download\b2mddddddd-1.apk a variant of Android/TrojanSMS.Agent.KA trojan deleted - quarantined
D:\PC Storage\Mobile Phones\Imran Backup\Internal Backup\Download\b2mddddddd.apk a variant of Android/TrojanSMS.Agent.KA trojan deleted - quarantined
D:\PC Storage\Mobile Phones\Imran Backup\Internal Backup\Download\b2m_c_2769.apk a variant of Android/TrojanSMS.Agent.KA trojan deleted - quarantined
D:\PC Storage\Mobile Phones\Imran Backup\Internal Backup\Download\Black Market Alpha Pro.apk multiple threats deleted - quarantined
D:\PC Storage\Mobile Phones\Imran Backup\Internal Backup\Download\Black Market Alpha-1.apk a variant of Android/Plankton.I trojan deleted - quarantined
D:\PC Storage\Mobile Phones\Imran Backup\Internal Backup\Download\black market alpha.apk a variant of Android/Plankton.I trojan deleted - quarantined
D:\PC Storage\Mobile Phones\Imran Backup\Internal Backup\Download\Black Market Alpha_1.apk a variant of Android/Plankton.I trojan deleted - quarantined
D:\PC Storage\Mobile Phones\Imran Backup\Internal Backup\Download\Blackmart Alpha 0.49.93-2.apk a variant of Android/Plankton.I trojan deleted - quarantined
D:\PC Storage\Mobile Phones\Imran Backup\Internal Backup\Download\Blackmart Alpha 0.49.93_2.apk a variant of Android/Plankton.I trojan deleted - quarantined
D:\PC Storage\Mobile Phones\Imran Backup\Internal Backup\Download\Blackmart Alpha full Edition-1.apk a variant of Android/Plankton.I trojan deleted - quarantined
D:\PC Storage\Mobile Phones\Imran Backup\Internal Backup\Download\Blackmart Alpha full Edition.apk a variant of Android/Plankton.I trojan deleted - quarantined
D:\PC Storage\Mobile Phones\Imran Backup\Internal Backup\Download\Blackmart Alpha Pro-1.apk a variant of Android/Leadbolt.E potentially unwanted application deleted - quarantined
D:\PC Storage\Mobile Phones\Imran Backup\Internal Backup\Download\Blackmart Alpha Pro.apk a variant of Android/Leadbolt.E potentially unwanted application deleted - quarantined
D:\PC Storage\Mobile Phones\Imran Backup\Internal Backup\Download\Blackmart Alpha-51-1.apk a variant of Android/Plankton.I trojan deleted - quarantined
D:\PC Storage\Mobile Phones\Imran Backup\Internal Backup\Download\Blackmart Alpha-51-2.apk a variant of Android/Plankton.I trojan deleted - quarantined
D:\PC Storage\Mobile Phones\Imran Backup\Internal Backup\Download\Blackmart Alpha-51.apk a variant of Android/Plankton.I trojan deleted - quarantined
D:\PC Storage\Mobile Phones\Imran Backup\Internal Backup\Download\cb44432.apk a variant of Android/TrojanSMS.Agent.KA trojan deleted - quarantined
D:\PC Storage\Mobile Phones\Imran Backup\Internal Backup\Download\ctb7389-1.apk a variant of Android/TrojanSMS.Agent.KA trojan deleted - quarantined
D:\PC Storage\Mobile Phones\Imran Backup\Internal Backup\Download\ctb7389-2.apk a variant of Android/TrojanSMS.Agent.KA trojan deleted - quarantined
D:\PC Storage\Mobile Phones\Imran Backup\Internal Backup\Download\ctb7389.apk a variant of Android/TrojanSMS.Agent.KA trojan deleted - quarantined
D:\PC Storage\Mobile Phones\Imran Backup\Internal Backup\Download\gb317gr.apk a variant of Android/TrojanSMS.Agent.KA trojan deleted - quarantined
D:\PC Storage\Mobile Phones\Imran Backup\Internal Backup\Download\glm211sx-1.apk a variant of Android/TrojanSMS.Agent.KA trojan deleted - quarantined
D:\PC Storage\Mobile Phones\Imran Backup\Internal Backup\Download\glm211sx.apk a variant of Android/TrojanSMS.Agent.KA trojan deleted - quarantined
D:\PC Storage\Mobile Phones\Imran Backup\Internal Backup\Download\mub2342asdf.apk a variant of Android/TrojanSMS.Agent.KA trojan deleted - quarantined
D:\PC Storage\Mobile Phones\Imran Backup\Internal Backup\Download\Playporn_1390951089_888995-1.apk Android/TrojanSMS.Agent.ABK trojan deleted - quarantined
D:\PC Storage\Mobile Phones\Imran Backup\Internal Backup\Download\Playporn_1390951089_888995.apk Android/TrojanSMS.Agent.ABK trojan deleted - quarantined
D:\PC Storage\Mobile Phones\Imran Backup\Internal Backup\Download\Scan-For-Viruses-Now-1.apk a variant of Android/AndroidArmour.D potentially unwanted application deleted - quarantined
D:\PC Storage\Mobile Phones\Imran Backup\Internal Backup\Download\Scan-For-Viruses-Now.apk a variant of Android/AndroidArmour.D potentially unwanted application deleted - quarantined
D:\PC Storage\Mobile Phones\Imran Backup\Internal Backup\KingsoftOffice\file\download\attachment.txt Win32/DownWare.V potentially unwanted application deleted - quarantined
D:\PC Storage\Mobile Phones\Imran Backup\Internal Backup\TitaniumBackup\com.fggpx189.chlsf326-36d9624ebfac0af37312291d986e5c36.apk.gz a variant of Android/AdDisplay.RevMob.A potentially unwanted application deleted - quarantined
D:\PC Storage\Mobile Phones\Imran Backup\Internal Backup\TitaniumBackup\org.blackmart.market-b733a2fbea55a224702f6bbcc04cfec9.apk.gz a variant of Android/AdDisplay.AirPush.M potentially unwanted application deleted - quarantined
D:\PC Storage\Mobile Phones\JXD S7800B\Inaaya\Android\data\org.blackmart.market\cache\blackmart\updates\blackmart.apk a variant of Android/AdDisplay.AirPush.M potentially unwanted application deleted - quarantined
D:\PC Storage\Mobile Phones\JXD S7800B\Inaaya\apks\4_3\Lost Levels.apk a variant of Android/AdDisplay.Kuguo.F potentially unwanted application deleted - quarantined
D:\PC Storage\Mobile Phones\JXD S7800B\Inaaya\TitaniumBackup\com.onetech.barbie.hair.salon-5a7e2b4b83c58bfcce846b6d2fed7293.apk.gz a variant of Android/AdDisplay.AirPush.M potentially unwanted application deleted - quarantined
D:\PC Storage\Mobile Phones\JXD S7800B\Inaaya\TitaniumBackup\org.blackmart.market-20131226-145254.tar.gz a variant of Android/AdDisplay.AirPush.M potentially unwanted application deleted - quarantined
D:\PC Storage\Mobile Phones\JXD S7800B\Inaaya\TitaniumBackup\org.blackmart.market-b733a2fbea55a224702f6bbcc04cfec9.apk.gz a variant of Android/AdDisplay.AirPush.M potentially unwanted application deleted - quarantined
D:\PC Storage\Mobile Phones\JXD S7800B\Moeeze\Internal Backup\apks\4_3\Lost Levels.apk a variant of Android/AdDisplay.Kuguo.F potentially unwanted application deleted - quarantined
D:\PC Storage\Mobile Phones\Samsung Galaxy SIII\Backups\CWM\clockworkmod\backup\2013-05-06.17.58.23\data.ext4.tar a variant of Android/AdDisplay.Viser.A potentially unwanted application deleted - quarantined
D:\PC Storage\Mobile Phones\Samsung Galaxy SIII\Backups\CWM\clockworkmod\backup\2013-05-14.13.21.16_Omega_v43.3_-_XXEMC3\data.ext4.tar.a a variant of Android/AdDisplay.Viser.A potentially unwanted application deleted - quarantined
D:\PC Storage\Mobile Phones\Samsung Galaxy SIII\TitaniumBackup\com.gameloft.android.ANMP.GloftAMHM-520c7bf2f09de91575eabd37bae74243.apk.gz a variant of Android/AdDisplay.Viser.A potentially unwanted application deleted - quarantined
D:\PC Storage\Mobile Phones\Samsung Galaxy SIII\TitaniumBackup\org.blackmart.market-b733a2fbea55a224702f6bbcc04cfec9.apk.gz a variant of Android/AdDisplay.AirPush.M potentially unwanted application deleted - quarantined
D:\PC Storage\Mobile Phones\Samsung Galaxy SIV\Backup\2014-06-05.20.08.24_Omega_v30_-_XXUGNE5\data.ext4.tar.a a variant of Android/AdDisplay.AirPush.M potentially unwanted application deleted - quarantined
D:\PC Storage\Mobile Phones\Samsung Galaxy SIV\Backup\2014-06-11.09.22.54_Omega_v30_-_XXUGNE5\data.ext4.tar.a a variant of Android/AdDisplay.AirPush.M potentially unwanted application deleted - quarantined
D:\PC Storage\Mobile Phones\Samsung Galaxy SIV\Backup\2014-06-20.19.45.59_Omega_v31_-_VJUGNE2\data.ext4.tar.a a variant of Android/AdDisplay.AirPush.M potentially unwanted application deleted - quarantined
D:\PC Storage\PC Games\Ashes Cricket 2013\rld-ascr13.iso a variant of Win32/HackTool.Crack.BL potentially unsafe application deleted - quarantined
D:\PC Storage\PC Games\Batman Arkham Origins\rld-baaror.iso a variant of Win32/HackTool.Crack.BL potentially unsafe application deleted - quarantined
D:\PC Storage\PC Games\Dirt 3\sr-dirt3.iso Win32/HackTool.Crack.O potentially unsafe application deleted - quarantined
D:\PC Storage\PC Games\F1 2013\rld-f12013.iso a variant of Win32/HackTool.Crack.BL potentially unsafe application deleted - quarantined
D:\PC Storage\Solid State Drive Files\Documents Folders\Battlefield 3\Battlefield_3_[Update_10].rar a variant of Win32/HackTool.CheatEngine.AF potentially unsafe application deleted - quarantined
D:\PC Storage\Solid State Drive Files\Documents Folders\Battlefield 3\Trainer Battlefield 3 [Update 10].exe a variant of Win32/HackTool.CheatEngine.AF potentially unsafe application deleted - quarantined
D:\PC Storage\Solid State Drive Files\Downloads Folder\ccsetup414.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined
D:\PC Storage\Solid State Drive Files\Downloads Folder\FreeVideoToJPGConverter.exe Win32/OpenCandy potentially unsafe application deleted - quarantined
D:\PC Storage\Solid State Drive Files\Others\My Backup\blackmart\downloads\com.allsports.live.390.apk a variant of Android/Leadbolt.E potentially unwanted application deleted - quarantined
D:\PC Storage\Solid State Drive Files\Others\My Backup\blackmart\downloads\com.celebrities.wwefannation.2.apk a variant of Android/AdDisplay.AirPush.G potentially unwanted application deleted - quarantined
D:\PC Storage\Solid State Drive Files\Others\My Backup\blackmart\downloads\com.DSquareAndroid.hindimovies.5.apk a variant of Android/Plankton.I trojan deleted - quarantined
D:\PC Storage\Solid State Drive Files\Others\My Backup\blackmart\downloads\com.kii.im.hd.4.apk a variant of Android/AdDisplay.AirPush.G potentially unwanted application deleted - quarantined
D:\PC Storage\Solid State Drive Files\Others\My Backup\blackmart\downloads\com.kt.boxoffice.hd.7.apk a variant of Android/AdDisplay.AirPush.G potentially unwanted application deleted - quarantined
D:\PC Storage\Solid State Drive Files\Others\My Backup\blackmart\downloads\com.nk.bwdmvs.26.apk a variant of Android/AdDisplay.AirPush.G potentially unwanted application deleted - quarantined
D:\PC Storage\Solid State Drive Files\Others\My Backup\blackmart\downloads\com.robotsandpencils.minecraftWEent.2147483641.apk a variant of Android/AdDisplay.AirPush.G potentially unwanted application deleted - quarantined
D:\PC Storage\Solid State Drive Files\Others\My Backup\blackmart\downloads\flash_player.flash.player.free.574.apk a variant of Android/Plankton.I trojan deleted - quarantined
D:\PC Storage\Solid State Drive Files\Others\My Backup\blackmart\downloads\in.droidstore.freehindimovies.29.apk a variant of Android/AdDisplay.AirPush.G potentially unwanted application deleted - quarantined
D:\PC Storage\Solid State Drive Files\Others\My Backup\blackmart\downloads\live.wtchtv.pro.4.apk a variant of Android/Plankton.I trojan deleted - quarantined
D:\PC Storage\Solid State Drive Files\Others\My Backup\blackmart\downloads\net.tv.watch.free.300000000.apk a variant of Android/Plankton.I trojan deleted - quarantined
D:\PC Storage\Solid State Drive Files\Others\My Backup\blackmart\downloads\online.livetv2g3g.6.apk a variant of Android/AdDisplay.AirPush.G potentially unwanted application deleted - quarantined
 
Your computer is clean

1. This step will remove all cleaning tools we used, it'll reset restore points (so you won't get reinfected by accidentally using some older restore point) and it'll make some other minor adjustments...
This is a very crucial step so make sure you don't skip it.
Download
51a5ce45263de-delfix.png
DelFix by Xplode to your desktop. Delfix will delete all the used tools and logfiles.

Double-click Delfix.exe to start the tool.
Make sure the following items are checked:
  • Activate UAC (optional; some users prefer to keep it off)
  • Remove disinfection tools
  • Create registry backup
  • Purge System Restore
  • Reset system settings
Now click "Run" and wait patiently.
Once finished a logfile will be created. You don't have to attach it to your next reply.

2. Make sure Windows Updates are current.

3. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

4. Check if your browser plugins are up to date.
Firefox - https://www.mozilla.org/en-US/plugincheck/
other browsers: https://browsercheck.qualys.com/ (click on "Launch a quick scan now" link)

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC), AdwCleaner and Junkware Removal Tool (JRT) weekly (you need to redownload these tools since they were removed by DelFix).

8. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

11. Read:
How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
About those Toolbars and Add-ons - Potentially Unwanted Programs (PUPs) which change your browser settings: http://www.bleepingcomputer.com/for...curity-questions-best-practices/#entry3187642

12. Please, let me know, how your computer is doing.
 
I would like to Thank you for help. I will donate once I am home from work. PC is running fine but I need to scan my other drives with avg and malwarebytes to make sure all infection fount by ESET online scanner are wiped. Other than that everything stable. This can be marked as resolved. Thanks once again Baroni.
 
Back