TechSpot

PC infected

By ronaldo9_r9
Oct 9, 2014
  1. My PC seems infected by some virus. Malwarebytes stopped opening on startup so I uninstalled it. when I install malwarebytes it gave me runtime error and it wont let me install even with MB clean tool.

    I managed to make it work by using windows 8 files to windows 7 malwarebytes folder. I have scanned the pc with malwarebytes and superantimalware which showed few infected item

    I also had Advanced System care I could no longer open that it said (Access denied).

    I am using Windows 7 ultimate edition.

    Advanced system care stopped working and comodo started giving me security agent could not be started errors.

    I have managed to fix advanced systemcare by taking full owenership of the program folder even though I am admin.

    my worry is my pc still might be infected.

    any help would be appreciated.
     
    Last edited: Oct 9, 2014
  2. Broni

    Broni Malware Annihilator Posts: 52,915   +344

    Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
    Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
    Attached logs won't be reviewed.


    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ================================

    Uninstall Advanced System Care.
    Registry cleaners/optimizers are not recommended for several reasons:

    • Registry cleaners are extremely powerful applications that can damage the registry by using aggressive cleaning routines and cause your computer to become unbootable.

      The Windows registry is a central repository (database) for storing configuration data, user settings and machine-dependent settings, and options for the operating system. It contains information and settings for all hardware, software, users, and preferences. Whenever a user makes changes to settings, file associations, system policies, or installed software, the changes are reflected and stored in this repository. The registry is a crucial component because it is where Windows "remembers" all this information, how it works together, how Windows boots the system and what files it uses when it does. The registry is also a vulnerable subsystem, in that relatively small changes done incorrectly can render the system inoperable. For a more detailed explanation, read Understanding The Registry.
    • Not all registry cleaners are created equal. There are a number of them available but they do not all work entirely the same way. Each vendor uses different criteria as to what constitutes a "bad entry". One cleaner may find entries on your system that will not cause problems when removed, another may not find the same entries, and still another may want to remove entries required for a program to work.
    • Not all registry cleaners create a backup of the registry before making changes. If the changes prevent the system from booting up, then there is no backup available to restore it in order to regain functionality. A backup of the registry is essential BEFORE making any changes to the registry.
    • Improperly removing registry entries can hamper malware disinfection and make the removal process more difficult if your computer becomes infected. For example, removing malware related registry entries before the infection is properly identified can contribute to system instability and even make the malware undetectable to removal tools.
    • The usefulness of cleaning the registry is highly overrated and can be dangerous. In most cases, using a cleaner to remove obsolete, invalid, and erroneous entries does not affect system performance but it can result in "unpredictable results".
    Unless you have a particular problem that requires a registry edit to correct it, I would suggest you leave the registry alone. Using registry cleaning tools unnecessarily or incorrectly could lead to disastrous effects on your operating system such as preventing it from ever starting again. For routine use, the benefits to your computer are negligible while the potential risks are great.

     
  3. ronaldo9_r9

    ronaldo9_r9 TS Member Topic Starter Posts: 20

    Thanks for doing this Borni. Below are my results.

    Here are Malwarebytes results.

    Malwarebytes Anti-Malware
    www.malwarebytes.org

    Scan Date: 09/10/2014
    Scan Time: 20:08:10
    Logfile:
    Administrator: Yes

    Version: 2.00.2.1012
    Malware Database: v2014.10.09.09
    Rootkit Database: v2014.10.08.01
    License: Premium
    Malware Protection: Enabled
    Malicious Website Protection: Enabled
    Self-protection: Disabled

    OS: Windows 7 Service Pack 1
    CPU: x64
    File System: NTFS
    User: Asim Hussain

    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 311337
    Time Elapsed: 6 min, 43 sec

    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Enabled
    PUM: Enabled

    Processes: 0
    (No malicious items detected)

    Modules: 0
    (No malicious items detected)

    Registry Keys: 0
    (No malicious items detected)

    Registry Values: 0
    (No malicious items detected)

    Registry Data: 0
    (No malicious items detected)

    Folders: 0
    (No malicious items detected)

    Files: 0
    (No malicious items detected)

    Physical Sectors: 0
    (No malicious items detected)


    (end)

    DDS Log

    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 11.0.9600.17280 BrowserJavaVersion: 11.20.2
    Run by Asim Hussain at 11:39:42 on 2014-10-10
    Microsoft Windows 7 Ultimate 6.1.7601.1.1252.44.1033.18.16300.13344 [GMT 1:00]
    .
    AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
    SP: COMODO Antivirus *Disabled/Outdated* {0C2D2636-923D-EE52-2A83-E643204A8275}
    FW: COMODO Firewall *Disabled* {8F7746F7-FE68-E084-3B6C-7404A51E8FB3}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\atiesrxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\AUDIODG.EXE
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    C:\Windows\system32\atieclxx.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
    C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
    C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
    C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
    C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
    C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
    C:\Program Files\COMODO\COMODO Internet Security\CisTray.exe
    C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
    C:\Program Files (x86)\RocketDock\RocketDock.exe
    C:\Program Files\AVAST Software\Avast\avastui.exe
    C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
    C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\system32\taskeng.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\DAODx.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files\COMODO\COMODO Internet Security\cis.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\SLSTaskbar.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\SLSTaskbar64.exe
    C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe
    C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe
    C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe
    c:\program files\windows defender\MpCmdRun.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\SysWOW64\DllHost.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.com/
    mWinlogon: Userinit = userinit.exe,
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_20\bin\ssv.dll
    BHO: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
    BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL
    BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_20\bin\jp2ssv.dll
    uRun: [RocketDock] "C:\Program Files (x86)\RocketDock\RocketDock.exe"
    mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
    mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
    mRun: [TrueImageMonitor.exe] "C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe"
    mRun: [AcronisTibMounterMonitor] C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
    mPolicies-Explorer: NoActiveDesktop = dword:1
    mPolicies-Explorer: NoActiveDesktopChanges = dword:1
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office15\EXCEL.EXE/3000
    IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
    TCP: NameServer = 192.168.0.1
    TCP: Interfaces\{E0B00E84-0BAB-4350-8916-E0B0841B1B5D} : DHCPNameServer = 192.168.0.1
    Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
    Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
    SSODL: WebCheck - <orphaned>
    SSODL: IconPackager Repair - {1799460C-0BC8-4865-B9DF-4A36CD703FF0} - C:\Program Files (x86)\Stardock\Object Desktop\IconPackager\iprepair.dll
    mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
    x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
    x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
    x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL
    x64-Run: [RTHDVCPL] "C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s
    x64-Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
    x64-Run: [Acronis Scheduler2 Service] "C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe"
    x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
    x64-Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
    x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL
    x64-SSODL: WebCheck - <orphaned>
    Hosts: 0.0.0.0 fr.a2dfp.net
    Hosts: 0.0.0.0 m.fr.a2dfp.net
    Hosts: 0.0.0.0 mfr.a2dfp.net
    Hosts: 0.0.0.0 ad.a8.net
    Hosts: 0.0.0.0 asy.a8ww.net
    .
    Note: multiple HOSTS entries found. Please refer to Attach.txt
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Asim Hussain\AppData\Roaming\Mozilla\Firefox\Profiles\lq2s5scs.default-1412890638074\
    FF - prefs.js: browser.startup.homepage - www.google.com
    FF - plugin: C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL
    FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll
    FF - plugin: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_20\bin\dtplugin\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_20\bin\plugin2\npjp2.dll
    FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMeetingJoinPluginOC.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 aswRvrt;avast! Revert;C:\Windows\System32\drivers\aswRvrt.sys [2014-6-28 65776]
    R0 aswVmm;avast! VM Monitor;C:\Windows\System32\drivers\aswVmm.sys [2014-6-28 224896]
    R0 file_tracker;file_tracker;C:\Windows\System32\drivers\file_tracker.sys [2014-10-9 296736]
    R0 fltsrv;Acronis Storage Filter Management;C:\Windows\System32\drivers\fltsrv.sys [2014-10-9 126752]
    R0 tib;Acronis TIB Manager;C:\Windows\System32\drivers\tib.sys [2014-10-9 1328928]
    R0 tib_mounter;Acronis TIB Mounter;C:\Windows\System32\drivers\tib_mounter.sys [2014-10-9 248096]
    R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswsnx.sys [2014-6-28 1041168]
    R1 aswSP;aswSP;C:\Windows\System32\drivers\aswsp.sys [2014-6-28 427360]
    R1 cmderd;COMODO Internet Security Eradication Driver;C:\Windows\System32\drivers\cmderd.sys [2014-4-16 23168]
    R1 cmdGuard;COMODO Internet Security Sandbox Driver;C:\Windows\System32\drivers\cmdguard.sys [2014-4-16 738472]
    R1 cmdHlp;COMODO Internet Security Helper Driver;C:\Windows\System32\drivers\cmdhlp.sys [2014-4-16 48360]
    R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2014-6-28 283064]
    R2 afcdpsrv;Acronis Nonstop Backup Service;C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2014-10-9 3992568]
    R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2014-9-15 239616]
    R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2014-9-15 344064]
    R2 AODDriver4.3;AODDriver4.3;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2014-2-11 59616]
    R2 aswHwid;avast! HardwareID;C:\Windows\System32\drivers\aswHwid.sys [2014-6-28 29208]
    R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2014-6-28 79184]
    R2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Bluetooth Suite\AdminService.exe [2011-3-1 76448]
    R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-7-9 50344]
    R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-10-8 1809720]
    R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-10-8 860472]
    R2 syncagentsrv;Acronis Sync Agent Service;C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe [2014-8-20 6847712]
    R3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\System32\drivers\asmthub3.sys [2011-11-3 130536]
    R3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\System32\drivers\asmtxhci.sys [2011-11-3 395752]
    R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2014-6-21 94720]
    R3 BTATH_BUS;Atheros Bluetooth Bus;C:\Windows\System32\drivers\btath_bus.sys [2011-3-1 28832]
    R3 lvpopf64;Logitech POP Suppression Filter;C:\Windows\System32\drivers\lvpopf64.sys [2009-10-7 271640]
    R3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2009-10-7 327704]
    R3 LVUVC64;Logitech QuickCam Fusion(UVC);C:\Windows\System32\drivers\lvuvc64.sys [2009-10-7 6379288]
    R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2014-10-8 25816]
    R3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2014-10-8 122584]
    R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;C:\Windows\System32\drivers\MijXfilt.sys [2014-7-3 121416]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2014-7-20 901848]
    S2 aswStm;aswStm;C:\Windows\System32\drivers\aswstm.sys [2014-6-28 92008]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
    S3 AthBTPort;Atheros Virtual Bluetooth Class;C:\Windows\System32\drivers\btath_flt.sys [2011-3-1 36000]
    S3 ATHDFU;Atheros Valkyrie USB BootROM;C:\Windows\System32\drivers\AthDfu.sys [2011-3-1 51872]
    S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\Windows\System32\drivers\btath_a2dp.sys [2011-3-1 298656]
    S3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\Windows\System32\drivers\btath_hcrp.sys [2011-3-1 201376]
    S3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\Windows\System32\drivers\btath_lwflt.sys [2011-3-1 55456]
    S3 BTATH_RCP;Bluetooth AVRCP Device;C:\Windows\System32\drivers\btath_rcp.sys [2011-3-1 154272]
    S3 BtFilter;BtFilter;C:\Windows\System32\drivers\btfilter.sys [2011-3-1 280224]
    S3 cmdvirth;COMODO Virtual Service Manager;C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2014-3-25 2264280]
    S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2014-1-22 108800]
    S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2010-11-21 71168]
    S3 epmntdrv;epmntdrv;C:\Windows\System32\epmntdrv.sys [2014-7-6 17480]
    S3 EuGdiDrv;EuGdiDrv;C:\Windows\System32\EuGdiDrv.sys [2014-7-6 9800]
    S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-9-10 111616]
    S3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac.sys [2014-10-8 63704]
    S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2014-1-23 178760]
    S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2014-6-14 19456]
    S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2014-1-22 206080]
    S3 Synth3dVsc;Synth3dVsc;C:\Windows\System32\drivers\Synth3dVsc.sys [2010-11-21 88960]
    S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\System32\drivers\terminpt.sys [2014-6-14 29696]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-6-14 56832]
    S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2014-6-14 29696]
    S3 tsusbhub;tsusbhub;C:\Windows\System32\drivers\tsusbhub.sys [2010-11-21 117248]
    S3 wampapache64;wampapache64;C:\wamp\bin\apache\apache2.4.9\bin\httpd.exe [2014-6-28 24576]
    S3 wampmysqld64;wampmysqld64;c:\wamp\bin\mysql\mysql5.6.17\bin\mysqld.exe wampmysqld64 --> c:\wamp\bin\mysql\mysql5.6.17\bin\mysqld.exe wampmysqld64 [?]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2014-6-14 1255736]
    S4 LiveUpdateSvc;LiveUpdate;C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe --> C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [?]
    S4 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2014-4-3 315008]
    .
    =============== File Associations ===============
    .
    ShellExec: dreamweaver.exe: Open="C:\Program Files (x86)\Adobe\Adobe Dreamweaver CC 2014\dreamweaver.exe", "%1"
    .
    =============== Created Last 30 ================
    .
    2014-10-10 10:37:15 75888 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{302F20D5-BFDD-4A53-A22D-E3316E88D6D3}\offreg.dll
    2014-10-09 20:13:23 296736 ----a-w- C:\Windows\System32\drivers\file_tracker.sys
    2014-10-09 20:13:17 248096 ----a-w- C:\Windows\System32\drivers\tib_mounter.sys
    2014-10-09 20:13:16 1328928 ----a-w- C:\Windows\System32\drivers\tib.sys
    2014-10-09 20:13:14 319776 ----a-w- C:\Windows\System32\drivers\snapman.sys
    2014-10-09 20:13:14 126752 ----a-w- C:\Windows\System32\drivers\fltsrv.sys
    2014-10-08 21:37:17 122584 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
    2014-10-08 21:32:27 91352 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
    2014-10-08 21:32:27 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys
    2014-10-08 21:32:26 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2014-10-08 21:32:26 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
    2014-10-08 18:32:23 11578928 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{302F20D5-BFDD-4A53-A22D-E3316E88D6D3}\mpengine.dll
    2014-10-07 23:29:17 -------- d-----w- C:\Users\Asim Hussain\AppData\Local\Stardock
    2014-10-06 21:10:06 -------- d-----w- C:\Users\Asim Hussain\AppData\Roaming\Steam
    2014-10-04 20:36:13 -------- d-----w- C:\Users\Asim Hussain\VIDEO_TS
    2014-10-04 20:36:13 -------- d-----w- C:\Users\Asim Hussain\AUDIO_TS
    2014-10-04 20:34:55 -------- d-----w- C:\Program Files (x86)\WinAVI Video Converter
    2014-10-04 19:56:03 -------- d-----w- C:\Users\Asim Hussain\AppData\Roaming\AMD
    2014-10-04 19:24:52 -------- d-----w- C:\Program Files (x86)\FreeTime
    2014-10-04 18:45:13 -------- d-----w- C:\Program Files (x86)\MagicISO
    2014-10-04 18:43:25 -------- d-----w- C:\Program Files (x86)\MKVtoolnix
    2014-10-04 18:39:53 -------- d-----w- C:\Users\Asim Hussain\AppData\Local\www.doom9.net
    2014-10-04 18:38:51 -------- d-----w- C:\Program Files (x86)\megui
    2014-10-04 18:19:15 -------- d-----w- C:\Program Files (x86)\AviSynth 2.5
    2014-10-04 18:18:30 -------- d-----w- C:\Program Files (x86)\DVD Decrypter
    2014-10-04 17:39:32 -------- d-----w- C:\Users\Asim Hussain\AppData\Roaming\WinAVI
    2014-10-04 17:39:32 -------- d-----w- C:\Users\Asim Hussain\AppData\Local\WinAVI
    2014-10-04 17:39:22 -------- d-----w- C:\Program Files (x86)\WinAVI
    2014-10-04 09:41:02 -------- d-----w- C:\Program Files (x86)\AMD AVT
    2014-10-01 18:48:18 519680 ----a-w- C:\Windows\SysWow64\qdvd.dll
    2014-10-01 18:48:18 371712 ----a-w- C:\Windows\System32\qdvd.dll
    2014-09-25 20:50:25 -------- d-----w- C:\Program Files (x86)\SDA
    2014-09-24 21:18:13 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
    2014-09-24 21:18:13 2048 ----a-w- C:\Windows\System32\tzres.dll
    2014-09-20 19:02:42 -------- d-----w- C:\Users\Asim Hussain\AppData\Local\Ahead
    2014-09-15 22:32:00 78432 ----a-w- C:\Windows\System32\atimpc64.dll
    2014-09-15 22:32:00 78432 ----a-w- C:\Windows\System32\amdpcom64.dll
    2014-09-15 22:32:00 71704 ----a-w- C:\Windows\SysWow64\atimpc32.dll
    2014-09-15 22:32:00 71704 ----a-w- C:\Windows\SysWow64\amdpcom32.dll
    2014-09-15 22:31:48 126848 ----a-w- C:\Windows\SysWow64\atiuxpag.dll
    2014-09-15 22:31:46 118096 ----a-w- C:\Windows\System32\atiu9p64.dll
    2014-09-15 22:31:44 100032 ----a-w- C:\Windows\SysWow64\atiu9pag.dll
    2014-09-15 22:31:40 1113576 ----a-w- C:\Windows\SysWow64\aticfx32.dll
    2014-09-15 22:31:30 9254184 ----a-w- C:\Windows\SysWow64\atidxx32.dll
    2014-09-15 22:31:22 7207592 ----a-w- C:\Windows\SysWow64\atiumdva.dll
    2014-09-15 22:31:16 7028336 ----a-w- C:\Windows\SysWow64\atiumdag.dll
    2014-09-15 22:31:06 8044976 ----a-w- C:\Windows\System32\atiumd6a.dll
    2014-09-15 22:31:02 8296296 ----a-w- C:\Windows\System32\atiumd64.dll
    2014-09-15 22:29:04 293088 ----a-w- C:\Windows\System32\drivers\amdacpksd.sys
    2014-09-15 22:26:58 16750080 ----a-w- C:\Windows\System32\drivers\atikmdag.sys
    2014-09-15 22:18:06 235008 ----a-w- C:\Windows\System32\clinfo.exe
    2014-09-15 22:18:00 98816 ----a-w- C:\Windows\System32\OpenVideo64.dll
    2014-09-15 22:17:58 83456 ----a-w- C:\Windows\SysWow64\OpenVideo.dll
    2014-09-15 22:17:56 86528 ----a-w- C:\Windows\System32\OVDecode64.dll
    2014-09-15 22:17:56 73216 ----a-w- C:\Windows\SysWow64\OVDecode.dll
    2014-09-15 22:17:54 33867264 ----a-w- C:\Windows\System32\amdocl64.dll
    2014-09-15 22:17:04 28770304 ----a-w- C:\Windows\SysWow64\amdocl.dll
    2014-09-15 22:16:18 65024 ----a-w- C:\Windows\System32\OpenCL.dll
    2014-09-15 22:16:18 58880 ----a-w- C:\Windows\SysWow64\OpenCL.dll
    2014-09-15 22:13:24 27918336 ----a-w- C:\Windows\System32\atio6axx.dll
    2014-09-15 22:09:38 48128 ----a-w- C:\Windows\System32\amdmmcl6.dll
    2014-09-15 22:09:36 37888 ----a-w- C:\Windows\SysWow64\amdmmcl.dll
    2014-09-15 22:09:10 127488 ----a-w- C:\Windows\System32\mantle64.dll
    2014-09-15 22:09:04 113664 ----a-w- C:\Windows\SysWow64\mantle32.dll
    2014-09-15 22:09:00 5639168 ----a-w- C:\Windows\System32\amdmantle64.dll
    2014-09-15 22:08:08 23375360 ----a-w- C:\Windows\SysWow64\atioglxx.dll
    2014-09-15 22:07:48 367104 ----a-w- C:\Windows\System32\atiapfxx.exe
    2014-09-15 22:07:46 62464 ----a-w- C:\Windows\System32\aticalrt64.dll
    2014-09-15 22:07:44 52224 ----a-w- C:\Windows\SysWow64\aticalrt.dll
    2014-09-15 22:07:42 55808 ----a-w- C:\Windows\System32\aticalcl64.dll
    2014-09-15 22:07:42 49152 ----a-w- C:\Windows\SysWow64\aticalcl.dll
    2014-09-15 22:07:36 15716352 ----a-w- C:\Windows\System32\aticaldd64.dll
    2014-09-15 22:06:46 14302208 ----a-w- C:\Windows\SysWow64\aticaldd.dll
    2014-09-15 22:05:52 4480000 ----a-w- C:\Windows\SysWow64\amdmantle32.dll
    2014-09-15 22:03:28 442368 ----a-w- C:\Windows\System32\atidemgy.dll
    2014-09-15 22:03:26 31232 ----a-w- C:\Windows\System32\atimuixx.dll
    2014-09-15 22:03:24 619008 ----a-w- C:\Windows\System32\atieclxx.exe
    2014-09-15 22:03:18 239616 ----a-w- C:\Windows\System32\atiesrxx.exe
    2014-09-15 22:03:12 91648 ----a-w- C:\Windows\System32\mantleaxl64.dll
    2014-09-15 22:03:08 85504 ----a-w- C:\Windows\SysWow64\mantleaxl32.dll
    2014-09-15 22:03:04 190976 ----a-w- C:\Windows\System32\atitmm64.dll
    2014-09-15 21:59:40 827392 ----a-w- C:\Windows\System32\coinst_14.30.dll
    2014-09-15 21:59:20 1210880 ----a-w- C:\Windows\System32\atiadlxx.dll
    2014-09-15 21:59:16 900608 ----a-w- C:\Windows\SysWow64\atiadlxy.dll
    2014-09-15 21:59:14 75264 ----a-w- C:\Windows\System32\atig6pxx.dll
    2014-09-15 21:59:12 69632 ----a-w- C:\Windows\SysWow64\atiglpxx.dll
    2014-09-15 21:59:12 69632 ----a-w- C:\Windows\System32\atiglpxx.dll
    2014-09-15 21:59:12 146944 ----a-w- C:\Windows\System32\atig6txx.dll
    2014-09-15 21:59:08 133632 ----a-w- C:\Windows\SysWow64\atigktxx.dll
    2014-09-15 21:59:06 576000 ----a-w- C:\Windows\System32\drivers\atikmpag.sys
    2014-09-15 21:58:54 43520 ----a-w- C:\Windows\System32\drivers\ati2erec.dll
    2014-09-15 17:21:34 51200 ----a-w- C:\Windows\System32\kdbsdk64.dll
    2014-09-15 17:19:58 38912 ----a-w- C:\Windows\SysWow64\kdbsdk32.dll
    2014-09-12 21:18:33 3231696 ----a-w- C:\Program Files (x86)\Mozilla Firefox\d3dcompiler_46.dll
    2014-09-12 09:43:10 227728 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll
    2014-09-12 09:43:10 227728 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\nppdf32.dll
    2014-09-10 19:54:24 2777088 ----a-w- C:\Windows\System32\msmpeg2vdec.dll
    2014-09-10 19:54:24 2285056 ----a-w- C:\Windows\SysWow64\msmpeg2vdec.dll
    2014-09-10 19:52:06 793600 ----a-w- C:\Windows\SysWow64\TSWorkspace.dll
    2014-09-10 19:52:06 1031168 ----a-w- C:\Windows\System32\TSWorkspace.dll
    2014-09-10 19:51:55 728064 ----a-w- C:\Windows\System32\kerberos.dll
    2014-09-10 19:51:55 550912 ----a-w- C:\Windows\SysWow64\kerberos.dll
    2014-09-10 19:51:55 1460736 ----a-w- C:\Windows\System32\lsasrv.dll
    2014-09-10 19:51:54 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
    2014-09-10 19:51:54 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
    2014-09-10 19:51:38 2565120 ----a-w- C:\Windows\System32\d3d10warp.dll
    2014-09-10 19:51:38 1987584 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
    2014-09-10 19:50:32 578048 ----a-w- C:\Windows\System32\aepdu.dll
    2014-09-10 19:50:31 424448 ----a-w- C:\Windows\System32\aeinv.dll
    .
    ==================== Find3M ====================
    .
    2014-09-15 22:31:50 144328 ----a-w- C:\Windows\System32\atiuxp64.dll
    2014-09-15 22:31:42 1335544 ----a-w- C:\Windows\System32\aticfx64.dll
    2014-09-15 22:31:34 10826488 ----a-w- C:\Windows\System32\atidxx64.dll
    2014-09-15 08:06:02 278152 ------w- C:\Windows\System32\MpSigStub.exe
    2014-09-12 18:52:18 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2014-09-12 18:52:18 701104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2014-08-24 12:37:14 98216 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
    2014-08-23 02:07:00 404480 ----a-w- C:\Windows\System32\gdi32.dll
    2014-08-23 01:45:55 311808 ----a-w- C:\Windows\SysWow64\gdi32.dll
    2014-08-23 00:59:01 3163648 ----a-w- C:\Windows\System32\win32k.sys
    2014-08-18 22:29:49 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
    2014-08-18 22:29:35 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
    2014-08-18 22:19:53 5833728 ----a-w- C:\Windows\System32\jscript9.dll
    2014-08-18 22:15:34 547328 ----a-w- C:\Windows\System32\vbscript.dll
    2014-08-18 22:15:09 66048 ----a-w- C:\Windows\System32\iesetup.dll
    2014-08-18 22:14:38 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
    2014-08-18 22:14:10 83968 ----a-w- C:\Windows\System32\MshtmlDac.dll
    2014-08-18 22:08:55 4232704 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2014-08-18 22:03:47 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
    2014-08-18 22:03:37 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
    2014-08-18 22:03:01 758272 ----a-w- C:\Windows\System32\jscript9diag.dll
    2014-08-18 21:57:44 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2014-08-18 21:56:17 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
    2014-08-18 21:46:26 454656 ----a-w- C:\Windows\SysWow64\vbscript.dll
    2014-08-18 21:45:23 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
    2014-08-18 21:45:12 72704 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
    2014-08-18 21:44:44 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
    2014-08-18 21:44:09 61952 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
    2014-08-18 21:36:07 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
    2014-08-18 21:35:24 597504 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
    2014-08-18 21:23:17 2104832 ----a-w- C:\Windows\System32\inetcpl.cpl
    2014-08-18 21:23:16 1249280 ----a-w- C:\Windows\System32\mshtmlmedia.dll
    2014-08-18 21:22:48 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
    2014-08-18 21:15:13 2310656 ----a-w- C:\Windows\System32\wininet.dll
    2014-08-18 21:08:54 2014208 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
    2014-08-18 21:07:44 1068032 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
    2014-08-18 20:46:48 1812992 ----a-w- C:\Windows\SysWow64\wininet.dll
    2014-07-25 01:35:46 875688 ----a-w- C:\Windows\SysWow64\msvcr120_clr0400.dll
    2014-07-24 22:47:06 869544 ----a-w- C:\Windows\System32\msvcr120_clr0400.dll
    2014-07-19 23:10:45 901848 ----a-w- C:\Windows\System32\drivers\Rt64win7.sys
    2014-07-19 23:10:45 73800 ----a-w- C:\Windows\System32\RtNicProp64.dll
    2014-07-19 23:10:45 107552 ----a-w- C:\Windows\System32\RTNUninst64.dll
    2014-07-14 21:06:53 20521984 ----a-w- C:\Windows\System32\imageres.dll
    2014-07-14 02:02:45 1216000 ----a-w- C:\Windows\System32\rpcrt4.dll
    2014-07-14 01:40:58 664064 ----a-w- C:\Windows\SysWow64\rpcrt4.dll
    .
    ============= FINISH: 11:40:23.55 ===============
     
    Last edited: Oct 10, 2014
  4. ronaldo9_r9

    ronaldo9_r9 TS Member Topic Starter Posts: 20

    Attach.txt resuts
    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows 7 Ultimate
    Boot Device: \Device\HarddiskVolume1
    Install Date: 28/06/2014 20:05:05
    System Uptime: 10/10/2014 11:14:44 (0 hours ago)
    .
    Motherboard: ASUSTeK COMPUTER INC. | | M5A97 LE R2.0
    Processor: AMD FX(tm)-4100 Quad-Core Processor | Socket 942 | 4014/200mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 238 GiB total, 105.229 GiB free.
    D: is FIXED (NTFS) - 1863 GiB total, 163.468 GiB free.
    E: is FIXED (NTFS) - 81 GiB total, 38.342 GiB free.
    F: is FIXED (NTFS) - 508 GiB total, 187.759 GiB free.
    G: is FIXED (NTFS) - 342 GiB total, 123.711 GiB free.
    H: is CDROM ()
    I: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP72: 07/10/2014 18:37:19 - Windows Update
    RP73: 07/10/2014 20:43:35 - avast! antivirus system restore point
    RP74: 07/10/2014 20:44:22 - Restore Operation
    RP75: 07/10/2014 20:53:01 - Windows Update
    RP76: 07/10/2014 20:59:41 - Restore Operation
    RP77: 07/10/2014 21:04:03 - avast! antivirus system restore point
    RP78: 07/10/2014 22:17:22 - Restore Operation
    RP79: 07/10/2014 22:22:14 - avast! antivirus system restore point
    RP80: 07/10/2014 22:22:46 - Restore Operation
    RP81: 07/10/2014 22:34:54 - avast! antivirus system restore point
    RP82: 08/10/2014 01:11:21 - Windows Update
    RP83: 08/10/2014 18:11:01 - Restore Operation
    RP84: 08/10/2014 19:32:06 - Windows Update
    RP85: 09/10/2014 20:18:08 - Windows Restore 09102014
    RP86: 09/10/2014 20:44:06 - Installed Windows Resource Kit Tools - SubInAcl.exe
    .
    ==== Installed Programs ======================
    .
    7-Zip 9.22 (x64 edition)
    Acronis True Image 2015
    Adobe After Effects CC
    Adobe Dreamweaver CC 2014
    Adobe Flash Player 15 Plugin
    Adobe Photoshop CC 2014
    Adobe Reader XI (11.0.09)
    Alien Isolation
    AMD Accelerated Video Transcoding
    AMD Catalyst Control Center
    AMD Catalyst Install Manager
    AMD Drag and Drop Transcoding
    AMD Fuel
    AMD Wireless Display v3.0
    Apple Application Support
    Apple Software Update
    Asmedia ASM104x USB 3.0 Host Controller Driver
    ASUS Bluetooth Suite
    µTorrent
    avast! Free Antivirus
    AviSynth 2.5
    Catalyst Control Center - Branding
    Catalyst Control Center Graphics Previews Common
    Catalyst Control Center InstallProxy
    Catalyst Control Center Localization All
    ccc-utility64
    CCC Help Chinese Standard
    CCC Help Chinese Traditional
    CCC Help Czech
    CCC Help Danish
    CCC Help Dutch
    CCC Help English
    CCC Help Finnish
    CCC Help French
    CCC Help German
    CCC Help Greek
    CCC Help Hungarian
    CCC Help Italian
    CCC Help Japanese
    CCC Help Korean
    CCC Help Norwegian
    CCC Help Polish
    CCC Help Portuguese
    CCC Help Russian
    CCC Help Spanish
    CCC Help Swedish
    CCC Help Thai
    CCC Help Turkish
    CCleaner
    COMODO Firewall
    DAEMON Tools Lite
    Definition Update for Microsoft Office 2013 (KB2760587) 64-Bit Edition
    DreamStream E2
    Dropbox
    DVD Decrypter (Remove Only)
    EaseUS Partition Master 10.0
    FormatFactory 3.1.1
    Google Chrome
    Google Update Helper
    IconPackager
    Java 7 Update 67
    Java 8 Update 20
    Java Auto Updater
    K-Lite Mega Codec Pack 10.5.5
    Magic ISO Maker v5.5 (build 0265)
    Malwarebytes Anti-Malware version 2.0.2.1012
    MeGUI modern media encoder (remove only)
    Microsoft .NET Framework 4.5.1
    Microsoft Access MUI (English) 2013
    Microsoft Access Setup Metadata MUI (English) 2013
    Microsoft DCF MUI (English) 2013
    Microsoft Excel MUI (English) 2013
    Microsoft Groove MUI (English) 2013
    Microsoft InfoPath MUI (English) 2013
    Microsoft Lync MUI (English) 2013
    Microsoft Office 32-bit Components 2013
    Microsoft Office OSM MUI (English) 2013
    Microsoft Office OSM UX MUI (English) 2013
    Microsoft Office Professional Plus 2013
    Microsoft Office Proofing (English) 2013
    Microsoft Office Proofing Tools 2013 - English
    Microsoft Office Proofing Tools 2013 - Español
    Microsoft Office Shared 32-bit MUI (English) 2013
    Microsoft Office Shared MUI (English) 2013
    Microsoft Office Shared Setup Metadata MUI (English) 2013
    Microsoft OneNote MUI (English) 2013
    Microsoft Outlook MUI (English) 2013
    Microsoft PowerPoint MUI (English) 2013
    Microsoft Publisher MUI (English) 2013
    Microsoft Silverlight
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2005 Redistributable (x64)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030
    Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727
    Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030
    Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727
    Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030
    Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727
    Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030
    Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727
    Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030
    Microsoft Word MUI (English) 2013
    mIRC
    MKVtoolnix 2.8.0
    MotioninJoy Gamepad tool 0.7.1001
    Mozilla Firefox 32.0.3 (x86 en-GB)
    Mozilla Maintenance Service
    Mp3tag v2.60
    MSVCRT Redists
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Nero 8
    neroxml
    Notepad++
    Outils de vérification linguistique 2013 de Microsoft Office - Français
    Pro Evolution Soccer 2013
    Pro Evolution Soccer 6
    QuickPar 0.9
    QuickTime 7
    Raptr
    Realtek Ethernet Controller Driver
    Realtek High Definition Audio Driver
    RocketDock 1.3.5
    Samsung Kies
    SAMSUNG USB Driver for Mobile Phones
    SDFormatter
    Security Update for Microsoft .NET Framework 4.5.1 (KB2894854v2)
    Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
    Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
    Security Update for Microsoft .NET Framework 4.5.1 (KB2931368)
    Security Update for Microsoft .NET Framework 4.5.1 (KB2972216)
    Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition
    Skype™ 6.20
    System Requirements Lab CYRI
    TAP-Windows 9.9.2
    TechPowerUp GPU-Z
    TViXiE
    Update for Microsoft Excel 2013 (KB2889861) 64-Bit Edition
    Update for Microsoft Lync 2013 (KB2881083) 64-Bit Edition
    Update for Microsoft Lync 2013 (KB2889860) 64-Bit Edition
    Update for Microsoft Office 2013 (KB2760249) 64-Bit Edition
    Update for Microsoft Office 2013 (KB2760344) 64-Bit Edition
    Update for Microsoft Office 2013 (KB2760544) 64-Bit Edition
    Update for Microsoft Office 2013 (KB2768012) 64-Bit Edition
    Update for Microsoft Office 2013 (KB2817302) 64-Bit Edition
    Update for Microsoft Office 2013 (KB2837644) 64-Bit Edition
    Update for Microsoft Office 2013 (KB2863843) 64-Bit Edition
    Update for Microsoft Office 2013 (KB2880462) 64-Bit Edition
    Update for Microsoft Office 2013 (KB2880478) 64-Bit Edition
    Update for Microsoft Office 2013 (KB2881001) 64-Bit Edition
    Update for Microsoft Office 2013 (KB2881009) 64-Bit Edition
    Update for Microsoft Office 2013 (KB2881035) 64-Bit Edition
    Update for Microsoft Office 2013 (KB2881039) 64-Bit Edition
    Update for Microsoft Office 2013 (KB2881081) 64-Bit Edition
    Update for Microsoft Office 2013 (KB2883036) 64-Bit Edition
    Update for Microsoft Office 2013 (KB2883049) 64-Bit Edition
    Update for Microsoft Office 2013 (KB2883060) 64-Bit Edition
    Update for Microsoft Office 2013 (KB2889848) 64-Bit Edition
    Update for Microsoft Office 2013 (KB2889862) 64-Bit Edition
    Update for Microsoft OneDrive for Business (KB2889866) 64-Bit Edition
    Update for Microsoft OneNote 2013 (KB2881082) 64-Bit Edition
    Update for Microsoft Outlook 2013 (KB2880470) 64-Bit Edition
    Update for Microsoft PowerPoint 2013 (KB2889847) 64-Bit Edition
    Update for Microsoft Publisher 2013 (KB2880999) 64-Bit Edition
    Update for Microsoft Visio Viewer 2013 (KB2817301) 64-Bit Edition
    Update for Microsoft Word 2013 (KB2878319) 64-Bit Edition
    Update for Microsoft Word 2013 (KB2889852) 64-Bit Edition
    UseNeXT by Tangysoft
    VCRedistSetup
    Vegas Pro 13.0 (64-bit)
    VLC media player
    WampServer 2.5
    Winamp
    WinAVI Video Converter
    Windows Resource Kit Tools - SubInAcl.exe
    WinRAR archiver
    Xilisoft Video Converter Ultimate
    .
    ==== Event Viewer Messages From Past Week ========
    .
    09/10/2014 21:14:03, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Acronis Nonstop Backup Service service, but this action failed with the following error: An instance of the service is already running.
    09/10/2014 21:13:53, Error: Service Control Manager [7031] - The Acronis Nonstop Backup Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
    08/10/2014 22:58:57, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Advanced SystemCare Service 7 service to connect.
    08/10/2014 22:58:57, Error: Service Control Manager [7000] - The Advanced SystemCare Service 7 service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    .
    ==== End Of File ===========================
     
  5. Broni

    Broni Malware Annihilator Posts: 52,915   +344

    [​IMG] Download RogueKiller from one of the following links and save it to your Desktop:

    Link 1
    Link 2

    • Close all the running programs
    • Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    [​IMG] Create new restore point before proceeding with the next step....
    How to: http://www.smartestcomputing.us.com/topic/63983-how-to-create-new-restore-point-all-windows/

    Download [​IMG] Malwarebytes Anti-Rootkit to your desktop.
    • Warning! Malwarebytes Anti-Rootkit needs to be run from an account with administrator rights.
    • Double click on downloaded file. OK self extracting prompt.
    • MBAR will start. Click "Next" to continue.
    • Click in the following screen "Update" to obtain the latest malware definitions.
    • Once the update is complete select "Next" and click "Scan".
    • When the scan is finished and no malware has been found select "Exit".
    • If malware was detected, make sure to check all the items and click "Cleanup". Reboot your computer.
    • Open the MBAR folder located on your Desktop and paste the content of the following files in your next reply:
      • "mbar-log-{date} (xx-xx-xx).txt"
      • "system-log.txt"
     
    ronaldo9_r9 likes this.
  6. ronaldo9_r9

    ronaldo9_r9 TS Member Topic Starter Posts: 20

    Thanks Borini. Here are logs

    RogueKiller V10.0.1.0 [Oct 10 2014] by Adlice Software
    mail : http://www.adlice.com/contact/
    Feedback : http://forum.adlice.com
    Website : http://www.adlice.com/softwares/roguekiller/
    Blog : http://www.adlice.com

    Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User : Asim Hussain [Administrator]
    Mode : Delete -- Date : 10/11/2014 12:43:01

    ¤¤¤ Processes : 0 ¤¤¤

    ¤¤¤ Registry : 14 ¤¤¤
    [PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-3286673083-1926705729-2674503367-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyPics : 0 -> Not selected
    [PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-3286673083-1926705729-2674503367-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowVideos : 2 -> Not selected
    [PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-3286673083-1926705729-2674503367-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowDownloads : 0 -> Not selected
    [PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-3286673083-1926705729-2674503367-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyPics : 0 -> Not selected
    [PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-3286673083-1926705729-2674503367-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowVideos : 2 -> Not selected
    [PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-3286673083-1926705729-2674503367-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowDownloads : 0 -> Not selected
    [PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\RK_Software_ON_E_F687\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Not selected
    [PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\RK_Software_ON_E_F687\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Not selected
    [PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Not selected
    [PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Not selected
    [PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\RK_Software_ON_E_F687\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Not selected
    [PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\RK_Software_ON_E_F687\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Not selected
    [PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Not selected
    [PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Not selected

    ¤¤¤ Tasks : 0 ¤¤¤

    ¤¤¤ Files : 0 ¤¤¤

    ¤¤¤ Hosts File : 0 [Too big!] ¤¤¤

    ¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤

    ¤¤¤ Web browsers : 1 ¤¤¤
    [PUM.HomePage][FIREFX:Config] 1js4aggt.default : user_pref("browser.startup.homepage", "www.google.co.uk"); -> Not selected

    ¤¤¤ MBR Check : ¤¤¤
    +++++ PhysicalDrive0: WDC WD20EZRX-00D8PB0 ATA Device +++++
    --- User ---
    [MBR] 9e175bf1d6ef27da50250bf7ca0764cc
    [BSP] c0d4d92c88998e83133ad6fa6165f8fd : Empty MBR Code
    Partition table:
    0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 1907726 MB
    User = LL1 ... OK
    User = LL2 ... OK

    +++++ PhysicalDrive1: SAMSUNG SSD PM800 2.5" 256GB ATA Device +++++
    --- User ---
    [MBR] dfe1ceec9854315827a3540162b50482
    [BSP] c8b83d8f20dbb29025d134fb0b7ba099 : Windows Vista/7/8 MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB
    1 - [XXXXXX] EXTEN-LBA (0xf) [VISIBLE] Offset (sectors): 208848 | Size: 244089 MB
    User = LL1 ... OK
    User = LL2 ... OK

    +++++ PhysicalDrive2: MD10000-NSDW-RO ATA Device +++++
    --- User ---
    [MBR] ae105479c7b1455e0935f8d0d7b5a121
    [BSP] 6066bd784c75cd8956778c56aea355e3 : Windows Vista/7/8 MBR Code
    Partition table:
    0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 83315 MB
    1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 170631168 | Size: 520521 MB
    2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 1236658176 | Size: 350032 MB
    User = LL1 ... OK
    User = LL2 ... OK


    ============================================
    RKreport_DEL_10112014_123823.log - RKreport_DEL_10112014_123826.log - RKreport_DEL_10112014_123828.log - RKreport_DEL_10112014_123829.log
    RKreport_DEL_10112014_123831.log - RKreport_DEL_10112014_123855.log - RKreport_DEL_10112014_123900.log - RKreport_DEL_10112014_123903.log
    RKreport_DEL_10112014_123908.log - RKreport_DEL_10112014_123911.log - RKreport_DEL_10112014_123914.log - RKreport_DEL_10112014_123922.log
    RKreport_SCN_10112014_123812.log - RKreport_SCN_10112014_124255.log

    MBAR-Log

    Malwarebytes Anti-Rootkit BETA 1.07.0.1012
    www.malwarebytes.org

    Database version: v2014.10.11.04

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 11.0.9600.17280
    Asim Hussain :: ASIMHUSSAIN-PC [administrator]

    11/10/2014 12:47:45
    mbar-log-2014-10-11 (12-47-45).txt

    Scan type: Quick scan
    Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
    Scan options disabled:
    Objects scanned: 315098
    Time elapsed: 5 minute(s), 44 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    Physical Sectors Detected: 0
    (No malicious items detected)

    (end)

    MBAR System Log

    ---------------------------------------
    Malwarebytes Anti-Rootkit BETA 1.07.0.1012

    (c) Malwarebytes Corporation 2011-2012

    OS version: 6.1.7601 Windows 7 Service Pack 1 x64

    Account is Administrative

    Internet Explorer version: 11.0.9600.17280

    File system is: NTFS
    Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, E:\ DRIVE_FIXED, F:\ DRIVE_FIXED, G:\ DRIVE_FIXED
    CPU speed: 4.013000 GHz
    Memory total: 17092059136, free: 13443358720

    Downloaded database version: v2014.10.11.04
    Downloaded database version: v2014.10.08.01
    =======================================
    Initializing...
    Done!
    Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
    Done!
    Drive 0
    Scanning MBR on drive 0...
    Inspecting partition table:
    MBR Signature: 55AA
    Disk Signature: DFA2BF3

    Partition information:

    Partition 0 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 63 Numsec = 3907024002

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Disk Size: 2000398934016 bytes
    Sector size: 512 bytes

    Done!
    Drive 1
    This is a System drive
    Scanning MBR on drive 1...
    Inspecting partition table:
    MBR Signature: 55AA
    Disk Signature: 9A12DD7A

    Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048 Numsec = 204800
    Partition file system is NTFS
    Partition is bootable

    Partition 1 type is Extended with LBA (0xf)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 208848 Numsec = 499894602

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Disk Size: 256060514304 bytes
    Sector size: 512 bytes

    Scanning physical sectors of unpartitioned space on drive 1 (1-2047-500098192-500118192)...
    Done!
    Drive 2
    Scanning MBR on drive 2...
    Inspecting partition table:
    MBR Signature: 55AA
    Disk Signature: 9E438C40

    Partition information:

    Partition 0 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 2048 Numsec = 170629120

    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 170631168 Numsec = 1066027008

    Partition 2 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 1236658176 Numsec = 716865536

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Disk Size: 1000204886016 bytes
    Sector size: 512 bytes

    Done!
    Scan finished
    =======================================


    Removal queue found; removal started
    Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-I.mbam...
    Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
    Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-I.mbam...
    Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-1-0-2048-I.mbam...
    Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-r.mbam...
    Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-2-I.mbam...
    Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-2-r.mbam...
    Removal finished
     
  7. Broni

    Broni Malware Annihilator Posts: 52,915   +344

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Very Important! Temporarily disable your anti-virus and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
      If the connection is not there use restore point you created prior to running Combofix.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error Illegal operation attempted on a registery key that has been marked for deletion, restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try the following...

    Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Download Rkill (courtesy of BleepingComputer.com) to your desktop.
    There are 2 different versions. If one of them won't run then download and try to run the other one.
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
    iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

    Restart computer in safe mode

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    When the scan is done Notepad will open with rKill.txt log.
    NOTE. rKill.txt log will also be present on your desktop.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
     
  8. ronaldo9_r9

    ronaldo9_r9 TS Member Topic Starter Posts: 20

    Here are the logs:

    Combofix

    ComboFix 14-10-04.01 - Asim Hussain 11/10/2014 18:21:19.1.4 - x64
    Microsoft Windows 7 Ultimate 6.1.7601.1.1252.44.1033.18.16300.13932 [GMT 1:00]
    Running from: c:\users\Asim Hussain\Desktop\ComboFix.exe
    AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
    FW: COMODO Firewall *Disabled* {8F7746F7-FE68-E084-3B6C-7404A51E8FB3}
    SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
    SP: COMODO Antivirus *Disabled/Outdated* {0C2D2636-923D-EE52-2A83-E643204A8275}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\windows\SysWow64\tooldownloadreadme.htm
    .
    .
    ((((((((((((((((((((((((( Files Created from 2014-09-11 to 2014-10-11 )))))))))))))))))))))))))))))))
    .
    .
    2014-10-11 17:31 . 2014-10-11 17:31 -------- d-----w- c:\users\Default\AppData\Local\temp
    2014-10-11 12:13 . 2014-10-11 12:13 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{5FA8E995-A473-4C1C-8CAE-06E0506FBC37}\offreg.dll
    2014-10-11 11:47 . 2014-10-11 11:53 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
    2014-10-11 11:34 . 2014-10-11 11:40 34808 ----a-w- c:\windows\system32\drivers\TrueSight.sys
    2014-10-11 11:34 . 2014-10-11 11:34 -------- d-----w- c:\programdata\RogueKiller
    2014-10-10 16:08 . 2014-09-15 01:08 11578928 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{5FA8E995-A473-4C1C-8CAE-06E0506FBC37}\mpengine.dll
    2014-10-09 20:13 . 2014-10-09 20:13 296736 ----a-w- c:\windows\system32\drivers\file_tracker.sys
    2014-10-09 20:13 . 2014-10-09 20:13 248096 ----a-w- c:\windows\system32\drivers\tib_mounter.sys
    2014-10-09 20:13 . 2014-10-09 20:13 1328928 ----a-w- c:\windows\system32\drivers\tib.sys
    2014-10-09 20:13 . 2014-10-09 20:13 319776 ----a-w- c:\windows\system32\drivers\snapman.sys
    2014-10-09 20:13 . 2014-10-09 20:13 126752 ----a-w- c:\windows\system32\drivers\fltsrv.sys
    2014-10-09 20:12 . 2014-10-09 20:13 -------- d-----w- c:\program files (x86)\Common Files\Acronis
    2014-10-09 20:12 . 2014-10-09 20:12 -------- d-----w- c:\program files (x86)\Acronis
    2014-10-08 21:37 . 2014-10-11 16:41 122584 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
    2014-10-08 21:32 . 2014-10-11 11:47 92888 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
    2014-10-08 21:32 . 2014-05-12 06:26 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
    2014-10-08 21:32 . 2014-10-08 21:37 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
    2014-10-08 21:32 . 2014-05-12 06:25 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
    2014-10-07 23:29 . 2014-10-07 23:29 -------- d-----w- c:\users\Asim Hussain\AppData\Local\Stardock
    2014-10-06 21:10 . 2014-10-08 17:12 -------- d-----w- c:\users\Asim Hussain\AppData\Roaming\Steam
    2014-10-04 20:34 . 2014-10-08 17:13 -------- d-----w- c:\program files (x86)\WinAVI Video Converter
    2014-10-04 19:56 . 2014-10-04 19:56 -------- d-----w- c:\users\Asim Hussain\AppData\Roaming\AMD
    2014-10-04 19:24 . 2014-10-08 17:12 -------- d-----w- c:\program files (x86)\FreeTime
    2014-10-04 18:45 . 2014-10-08 17:12 -------- d-----w- c:\program files (x86)\MagicISO
    2014-10-04 18:43 . 2014-10-08 17:13 -------- d-----w- c:\program files (x86)\MKVtoolnix
    2014-10-04 18:39 . 2014-10-08 17:13 -------- d-----w- c:\users\Asim Hussain\AppData\Local\www.doom9.net
    2014-10-04 18:38 . 2014-10-08 17:13 -------- d-----w- c:\program files (x86)\megui
    2014-10-04 18:19 . 2014-10-08 17:12 -------- d-----w- c:\program files (x86)\AviSynth 2.5
    2014-10-04 18:18 . 2014-10-08 17:12 -------- d-----w- c:\program files (x86)\DVD Decrypter
    2014-10-04 17:39 . 2014-10-08 17:13 -------- d-----w- c:\users\Asim Hussain\AppData\Roaming\WinAVI
    2014-10-04 17:39 . 2014-10-07 20:01 -------- d-----w- c:\users\Asim Hussain\AppData\Local\WinAVI
    2014-10-04 17:39 . 2014-10-07 21:18 -------- d-----w- c:\program files (x86)\WinAVI
    2014-10-04 09:41 . 2014-10-04 09:41 -------- d-----w- c:\programdata\ATI
    2014-10-04 09:41 . 2014-10-08 17:12 -------- d-----w- c:\program files (x86)\AMD AVT
    2014-10-01 18:48 . 2014-09-25 02:08 371712 ----a-w- c:\windows\system32\qdvd.dll
    2014-10-01 18:48 . 2014-09-25 01:40 519680 ----a-w- c:\windows\SysWow64\qdvd.dll
    2014-09-25 20:50 . 2014-09-25 20:50 -------- d-----w- c:\program files (x86)\SDA
    2014-09-24 21:18 . 2014-09-09 22:11 2048 ----a-w- c:\windows\system32\tzres.dll
    2014-09-24 21:18 . 2014-09-09 21:47 2048 ----a-w- c:\windows\SysWow64\tzres.dll
    2014-09-20 19:02 . 2014-09-20 19:02 -------- d-----w- c:\users\Asim Hussain\AppData\Local\Ahead
    2014-09-15 22:32 . 2014-09-15 22:32 78432 ----a-w- c:\windows\system32\atimpc64.dll
    2014-09-15 22:32 . 2014-09-15 22:32 78432 ----a-w- c:\windows\system32\amdpcom64.dll
    2014-09-15 22:32 . 2014-09-15 22:32 71704 ----a-w- c:\windows\SysWow64\atimpc32.dll
    2014-09-15 22:32 . 2014-09-15 22:32 71704 ----a-w- c:\windows\SysWow64\amdpcom32.dll
    2014-09-15 22:31 . 2014-09-15 22:31 126848 ----a-w- c:\windows\SysWow64\atiuxpag.dll
    2014-09-15 22:31 . 2014-09-15 22:31 118096 ----a-w- c:\windows\system32\atiu9p64.dll
    2014-09-15 22:31 . 2014-09-15 22:31 100032 ----a-w- c:\windows\SysWow64\atiu9pag.dll
    2014-09-15 22:31 . 2014-09-15 22:31 1113576 ----a-w- c:\windows\SysWow64\aticfx32.dll
    2014-09-15 22:31 . 2014-09-15 22:31 9254184 ----a-w- c:\windows\SysWow64\atidxx32.dll
    2014-09-15 22:31 . 2014-09-15 22:31 7207592 ----a-w- c:\windows\SysWow64\atiumdva.dll
    2014-09-15 22:31 . 2014-09-15 22:31 7028336 ----a-w- c:\windows\SysWow64\atiumdag.dll
    2014-09-15 22:31 . 2014-09-15 22:31 8044976 ----a-w- c:\windows\system32\atiumd6a.dll
    2014-09-15 22:31 . 2014-09-15 22:31 8296296 ----a-w- c:\windows\system32\atiumd64.dll
    2014-09-15 22:29 . 2014-09-15 22:29 293088 ----a-w- c:\windows\system32\drivers\amdacpksd.sys
    2014-09-15 22:26 . 2014-09-15 22:26 16750080 ----a-w- c:\windows\system32\drivers\atikmdag.sys
    2014-09-15 22:18 . 2014-09-15 22:18 235008 ----a-w- c:\windows\system32\clinfo.exe
    2014-09-15 22:18 . 2014-09-15 22:18 98816 ----a-w- c:\windows\system32\OpenVideo64.dll
    2014-09-15 22:17 . 2014-09-15 22:17 83456 ----a-w- c:\windows\SysWow64\OpenVideo.dll
    2014-09-15 22:17 . 2014-09-15 22:17 86528 ----a-w- c:\windows\system32\OVDecode64.dll
    2014-09-15 22:17 . 2014-09-15 22:17 73216 ----a-w- c:\windows\SysWow64\OVDecode.dll
    2014-09-15 22:17 . 2014-09-15 22:17 33867264 ----a-w- c:\windows\system32\amdocl64.dll
    2014-09-15 22:17 . 2014-09-15 22:17 28770304 ----a-w- c:\windows\SysWow64\amdocl.dll
    2014-09-15 22:16 . 2014-09-15 22:16 65024 ----a-w- c:\windows\system32\OpenCL.dll
    2014-09-15 22:16 . 2014-09-15 22:16 58880 ----a-w- c:\windows\SysWow64\OpenCL.dll
    2014-09-15 22:13 . 2014-09-15 22:13 27918336 ----a-w- c:\windows\system32\atio6axx.dll
    2014-09-15 22:09 . 2014-09-15 22:09 48128 ----a-w- c:\windows\system32\amdmmcl6.dll
    2014-09-15 22:09 . 2014-09-15 22:09 37888 ----a-w- c:\windows\SysWow64\amdmmcl.dll
    2014-09-15 22:09 . 2014-09-15 22:09 127488 ----a-w- c:\windows\system32\mantle64.dll
    2014-09-15 22:09 . 2014-09-15 22:09 113664 ----a-w- c:\windows\SysWow64\mantle32.dll
    2014-09-15 22:09 . 2014-09-15 22:09 5639168 ----a-w- c:\windows\system32\amdmantle64.dll
    2014-09-15 22:08 . 2014-09-15 22:08 23375360 ----a-w- c:\windows\SysWow64\atioglxx.dll
    2014-09-15 22:07 . 2014-09-15 22:07 367104 ----a-w- c:\windows\system32\atiapfxx.exe
    2014-09-15 22:07 . 2014-09-15 22:07 62464 ----a-w- c:\windows\system32\aticalrt64.dll
    2014-09-15 22:07 . 2014-09-15 22:07 52224 ----a-w- c:\windows\SysWow64\aticalrt.dll
    2014-09-15 22:07 . 2014-09-15 22:07 55808 ----a-w- c:\windows\system32\aticalcl64.dll
    2014-09-15 22:07 . 2014-09-15 22:07 49152 ----a-w- c:\windows\SysWow64\aticalcl.dll
    2014-09-15 22:07 . 2014-09-15 22:07 15716352 ----a-w- c:\windows\system32\aticaldd64.dll
    2014-09-15 22:06 . 2014-09-15 22:06 14302208 ----a-w- c:\windows\SysWow64\aticaldd.dll
    2014-09-15 22:05 . 2014-09-15 22:05 4480000 ----a-w- c:\windows\SysWow64\amdmantle32.dll
    2014-09-15 22:03 . 2014-09-15 22:03 442368 ----a-w- c:\windows\system32\atidemgy.dll
    2014-09-15 22:03 . 2014-09-15 22:03 31232 ----a-w- c:\windows\system32\atimuixx.dll
    2014-09-15 22:03 . 2014-09-15 22:03 619008 ----a-w- c:\windows\system32\atieclxx.exe
    2014-09-15 22:03 . 2014-09-15 22:03 239616 ----a-w- c:\windows\system32\atiesrxx.exe
    2014-09-15 22:03 . 2014-09-15 22:03 91648 ----a-w- c:\windows\system32\mantleaxl64.dll
    2014-09-15 22:03 . 2014-09-15 22:03 85504 ----a-w- c:\windows\SysWow64\mantleaxl32.dll
    2014-09-15 22:03 . 2014-09-15 22:03 190976 ----a-w- c:\windows\system32\atitmm64.dll
    2014-09-15 21:59 . 2014-09-15 21:59 827392 ----a-w- c:\windows\system32\coinst_14.30.dll
    2014-09-15 21:59 . 2014-09-15 21:59 1210880 ----a-w- c:\windows\system32\atiadlxx.dll
    2014-09-15 21:59 . 2014-09-15 21:59 900608 ----a-w- c:\windows\SysWow64\atiadlxy.dll
    2014-09-15 21:59 . 2014-09-15 21:59 75264 ----a-w- c:\windows\system32\atig6pxx.dll
    2014-09-15 21:59 . 2014-09-15 21:59 69632 ----a-w- c:\windows\SysWow64\atiglpxx.dll
    2014-09-15 21:59 . 2014-09-15 21:59 69632 ----a-w- c:\windows\system32\atiglpxx.dll
    2014-09-15 21:59 . 2014-09-15 21:59 146944 ----a-w- c:\windows\system32\atig6txx.dll
    2014-09-15 21:59 . 2014-09-15 21:59 133632 ----a-w- c:\windows\SysWow64\atigktxx.dll
    2014-09-15 21:59 . 2014-09-15 21:59 576000 ----a-w- c:\windows\system32\drivers\atikmpag.sys
    2014-09-15 21:58 . 2014-09-15 21:58 43520 ----a-w- c:\windows\system32\drivers\ati2erec.dll
    2014-09-15 17:21 . 2014-09-15 17:21 51200 ----a-w- c:\windows\system32\kdbsdk64.dll
    2014-09-15 17:19 . 2014-09-15 17:19 38912 ----a-w- c:\windows\SysWow64\kdbsdk32.dll
    2014-09-12 21:18 . 2014-09-12 21:18 3231696 ----a-w- c:\program files (x86)\Mozilla Firefox\d3dcompiler_46.dll
    2014-09-12 09:43 . 2014-09-12 09:43 227728 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nppdf32.dll
    2014-09-12 09:43 . 2014-09-12 09:43 227728 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2014-09-15 22:31 . 2014-04-18 02:43 144328 ----a-w- c:\windows\system32\atiuxp64.dll
    2014-09-15 22:31 . 2014-04-18 02:42 1335544 ----a-w- c:\windows\system32\aticfx64.dll
    2014-09-15 22:31 . 2014-04-18 02:42 10826488 ----a-w- c:\windows\system32\atidxx64.dll
    2014-09-15 08:06 . 2010-11-21 03:27 278152 ------w- c:\windows\system32\MpSigStub.exe
    2014-09-12 18:52 . 2014-06-28 20:22 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2014-09-12 18:52 . 2014-06-28 20:22 701104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2014-09-10 19:55 . 2014-06-28 19:04 101694776 ----a-w- c:\windows\system32\MRT.exe
    2014-09-05 02:10 . 2014-09-10 19:50 578048 ----a-w- c:\windows\system32\aepdu.dll
    2014-09-05 02:05 . 2014-09-10 19:50 424448 ----a-w- c:\windows\system32\aeinv.dll
    2014-08-24 12:37 . 2014-08-05 17:03 98216 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
    2014-08-23 02:07 . 2014-08-28 20:02 404480 ----a-w- c:\windows\system32\gdi32.dll
    2014-08-23 01:45 . 2014-08-28 20:02 311808 ----a-w- c:\windows\SysWow64\gdi32.dll
    2014-08-23 00:59 . 2014-08-28 20:02 3163648 ----a-w- c:\windows\system32\win32k.sys
    2014-08-19 18:05 . 2014-09-10 20:06 374968 ----a-w- c:\windows\system32\iedkcs32.dll
    2014-08-18 23:01 . 2014-09-10 20:06 23591424 ----a-w- c:\windows\system32\mshtml.dll
    2014-08-18 22:29 . 2014-09-10 20:07 2724864 ----a-w- c:\windows\system32\mshtml.tlb
    2014-08-18 22:29 . 2014-09-10 20:06 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
    2014-08-18 22:20 . 2014-09-10 20:06 2793984 ----a-w- c:\windows\system32\iertutil.dll
    2014-08-18 22:19 . 2014-09-10 20:06 5833728 ----a-w- c:\windows\system32\jscript9.dll
    2014-08-18 22:15 . 2014-09-10 20:06 547328 ----a-w- c:\windows\system32\vbscript.dll
    2014-08-18 22:15 . 2014-09-10 20:06 66048 ----a-w- c:\windows\system32\iesetup.dll
    2014-08-18 22:14 . 2014-09-10 20:06 48640 ----a-w- c:\windows\system32\ieetwproxystub.dll
    2014-08-18 22:14 . 2014-09-10 20:07 83968 ----a-w- c:\windows\system32\MshtmlDac.dll
    2014-08-18 22:08 . 2014-09-10 20:06 51200 ----a-w- c:\windows\system32\jsproxy.dll
    2014-08-18 22:08 . 2014-09-10 20:06 4232704 ----a-w- c:\windows\SysWow64\jscript9.dll
    2014-08-18 22:08 . 2014-09-10 20:07 33792 ----a-w- c:\windows\system32\iernonce.dll
    2014-08-18 22:05 . 2014-09-10 20:07 596480 ----a-w- c:\windows\system32\ieui.dll
    2014-08-18 22:03 . 2014-09-10 20:06 139264 ----a-w- c:\windows\system32\ieUnatt.exe
    2014-08-18 22:03 . 2014-09-10 20:06 111616 ----a-w- c:\windows\system32\ieetwcollector.exe
    2014-08-18 22:03 . 2014-09-10 20:07 758272 ----a-w- c:\windows\system32\jscript9diag.dll
    2014-08-18 21:57 . 2014-09-10 20:07 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb
    2014-08-18 21:56 . 2014-09-10 20:06 940032 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
    2014-08-18 21:51 . 2014-09-10 20:06 446464 ----a-w- c:\windows\system32\dxtmsft.dll
    2014-08-18 21:46 . 2014-09-10 20:06 454656 ----a-w- c:\windows\SysWow64\vbscript.dll
    2014-08-18 21:45 . 2014-09-10 20:06 61952 ----a-w- c:\windows\SysWow64\iesetup.dll
    2014-08-18 21:45 . 2014-09-10 20:07 72704 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
    2014-08-18 21:44 . 2014-09-10 20:06 51200 ----a-w- c:\windows\SysWow64\ieetwproxystub.dll
    2014-08-18 21:44 . 2014-09-10 20:07 61952 ----a-w- c:\windows\SysWow64\MshtmlDac.dll
    2014-08-18 21:40 . 2014-09-10 20:06 195584 ----a-w- c:\windows\system32\msrating.dll
    2014-08-18 21:39 . 2014-09-10 20:06 85504 ----a-w- c:\windows\system32\mshtmled.dll
    2014-08-18 21:38 . 2014-09-10 20:06 289280 ----a-w- c:\windows\system32\dxtrans.dll
    2014-08-18 21:36 . 2014-09-10 20:06 112128 ----a-w- c:\windows\SysWow64\ieUnatt.exe
    2014-08-18 21:35 . 2014-09-10 20:06 597504 ----a-w- c:\windows\SysWow64\jscript9diag.dll
    2014-08-18 21:25 . 2014-09-10 20:06 727040 ----a-w- c:\windows\system32\msfeeds.dll
    2014-08-18 21:25 . 2014-09-10 20:06 707072 ----a-w- c:\windows\system32\ie4uinit.exe
    2014-08-18 21:23 . 2014-09-10 20:06 2104832 ----a-w- c:\windows\system32\inetcpl.cpl
    2014-08-18 21:23 . 2014-09-10 20:06 1249280 ----a-w- c:\windows\system32\mshtmlmedia.dll
    2014-08-18 21:22 . 2014-09-10 20:06 60416 ----a-w- c:\windows\SysWow64\JavaScriptCollectionAgent.dll
    2014-08-18 21:16 . 2014-09-10 20:06 13588480 ----a-w- c:\windows\system32\ieframe.dll
    2014-08-18 21:15 . 2014-09-10 20:06 2310656 ----a-w- c:\windows\system32\wininet.dll
    2014-08-18 21:08 . 2014-09-10 20:06 2014208 ----a-w- c:\windows\SysWow64\inetcpl.cpl
    2014-08-18 21:07 . 2014-09-10 20:06 1068032 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
    2014-08-18 20:55 . 2014-09-10 20:06 1447424 ----a-w- c:\windows\system32\urlmon.dll
    2014-08-18 20:46 . 2014-09-10 20:06 1812992 ----a-w- c:\windows\SysWow64\wininet.dll
    2014-08-18 20:38 . 2014-09-10 20:06 775168 ----a-w- c:\windows\system32\ieapfltr.dll
    2014-08-01 11:53 . 2014-09-10 19:52 1031168 ----a-w- c:\windows\system32\TSWorkspace.dll
    2014-08-01 11:35 . 2014-09-10 19:52 793600 ----a-w- c:\windows\SysWow64\TSWorkspace.dll
    2014-07-25 01:35 . 2014-07-25 01:35 875688 ----a-w- c:\windows\SysWow64\msvcr120_clr0400.dll
    2014-07-24 22:47 . 2014-07-24 22:47 869544 ----a-w- c:\windows\system32\msvcr120_clr0400.dll
    2014-07-19 23:10 . 2014-07-19 23:10 901848 ----a-w- c:\windows\system32\drivers\Rt64win7.sys
    2014-07-19 23:10 . 2014-07-19 23:10 73800 ----a-w- c:\windows\system32\RtNicProp64.dll
    2014-07-19 23:10 . 2014-06-28 19:15 107552 ----a-w- c:\windows\system32\RTNUninst64.dll
    2014-07-19 23:08 . 2014-07-19 23:08 871856 ----a-w- c:\windows\system32\tossaeapo64.dll
    2014-07-19 23:08 . 2014-07-19 23:08 2157704 ----a-w- c:\windows\system32\YamahaAE.dll
    2014-07-19 23:08 . 2014-07-19 23:08 2101848 ----a-w- c:\windows\system32\WavesGUILib64.dll
    2014-07-19 23:08 . 2014-07-19 23:08 162224 ----a-w- c:\windows\system32\toseaeapo64.dll
    2014-07-19 23:08 . 2014-07-19 23:08 582056 ----a-w- c:\windows\system32\tosasfapo64.dll
    2014-07-19 23:08 . 2014-07-19 23:08 947760 ----a-w- c:\windows\system32\SFSS_APO.dll
    2014-07-19 23:08 . 2014-07-19 23:08 899320 ----a-w- c:\windows\system32\sl3apo64.dll
    2014-07-19 23:08 . 2014-07-19 23:08 724728 ----a-w- c:\windows\system32\sltech64.dll
    2014-07-19 23:08 . 2014-07-19 23:08 245496 ----a-w- c:\windows\system32\slprp64.dll
    2014-07-19 23:08 . 2014-07-19 23:08 1045752 ----a-w- c:\windows\system32\slcnt64.dll
    2014-07-19 23:08 . 2014-07-19 23:08 3872984 ----a-w- c:\windows\system32\drivers\RTKVHD64.sys
    2014-07-19 23:08 . 2014-07-19 23:08 2825432 ----a-w- c:\windows\system32\RtPgEx64.dll
    2014-07-19 23:08 . 2014-07-19 23:08 1958616 ----a-w- c:\windows\system32\RTSnMg64.cpl
    2014-07-19 23:08 . 2014-07-19 23:08 624344 ----a-w- c:\windows\system32\RtDataProc64.dll
    2014-07-19 23:08 . 2014-07-19 23:08 2792152 ----a-w- c:\windows\system32\RtkAPO64.dll
    2014-07-19 23:08 . 2014-07-19 23:08 1286872 ----a-w- c:\windows\system32\RTCOM64.dll
    2014-07-19 23:08 . 2014-07-19 23:08 1024216 ----a-w- c:\windows\system32\RtkApi64.dll
    2014-07-19 23:08 . 2014-07-19 23:08 56270848 ----a-w- c:\windows\system32\RCoRes64.dat
    2014-07-19 23:08 . 2014-07-19 23:08 946392 ----a-w- c:\windows\system32\RCoInstII64.dll
    2014-07-19 23:08 . 2014-07-19 23:08 942384 ----a-w- c:\windows\system32\NAHIMICAPOSettingsIPC.dll
    2014-07-19 23:08 . 2014-07-19 23:08 906800 ----a-w- c:\windows\system32\MISS_APO.dll
    2014-07-19 23:08 . 2014-07-19 23:08 75024 ----a-w- c:\windows\system32\R4EEG64A.dll
    2014-07-19 23:08 . 2014-07-19 23:08 7164176 ----a-w- c:\windows\system32\R4EEP64A.dll
    2014-07-19 23:08 . 2014-07-19 23:08 662784 ----a-w- c:\windows\system32\MaxxVolumeSDAPO.dll
    2014-07-19 23:08 . 2014-07-19 23:08 5752072 ----a-w- c:\windows\system32\NAHIMICAPOlfx.dll
    2014-07-19 23:08 . 2014-07-19 23:08 434960 ----a-w- c:\windows\system32\R4EED64A.dll
    2014-07-19 23:08 . 2014-07-19 23:08 141584 ----a-w- c:\windows\system32\R4EEL64A.dll
    2014-07-19 23:08 . 2014-07-19 23:08 124176 ----a-w- c:\windows\system32\R4EEA64A.dll
    2014-07-19 23:08 . 2014-07-19 23:08 12793944 ----a-w- c:\windows\system32\MaxxVoiceAPO3064.dll
    2014-07-19 23:08 . 2014-07-19 23:08 938608 ----a-w- c:\windows\system32\MaxxVoiceAPO2064.dll
    2014-07-19 23:08 . 2014-07-19 23:08 3923032 ----a-w- c:\windows\system32\MaxxAudioVnN64.dll
    2014-07-19 23:08 . 2014-07-19 23:08 28310104 ----a-w- c:\windows\system32\MaxxAudioVnA64.dll
    2014-07-19 23:08 . 2014-07-19 23:08 1313904 ----a-w- c:\windows\system32\MaxxSpeechAPO64.dll
    2014-07-19 23:08 . 2014-07-19 23:08 14737496 ----a-w- c:\windows\system32\MaxxAudioRealtek64.dll
    2014-07-19 23:08 . 2014-07-19 23:08 790272 ----a-w- c:\windows\SysWow64\MaxxAudioAPOShell.dll
    2014-07-19 23:08 . 2014-07-19 23:08 663296 ----a-w- c:\windows\system32\MaxxAudioAPO30.dll
    2014-07-19 23:08 . 2014-07-19 23:08 2319960 ----a-w- c:\windows\system32\MaxxAudioAPO6064.dll
    2014-07-19 23:08 . 2014-07-19 23:08 2037336 ----a-w- c:\windows\system32\MaxxAudioEQ64.dll
    .
    .
    ------- Sigcheck -------
    Note: Unsigned files aren't necessarily malware.
    .
    [7] 2010-11-21 . FE70103391A64039A921DBFFF9C7AB1B . 1008128 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
    [-] 2014-06-30 . 2C353B6CE0C8D03225CAA2AF33B68D79 . 1008640 . . [6.1.7601.17514] .. c:\windows\system32\user32.dll
    .
    [-] 2014-06-30 . 861C4346F9281DC0380DE72C8D55D6BE . 833024 . . [6.1.7601.17514] .. c:\windows\SysWOW64\user32.dll
    [7] 2010-11-21 . 5E0DB2D8B2750543CD2EBB9EA8E6CDD3 . 833024 . . [6.1.7601.17514] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
    @="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
    [HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
    2014-08-12 08:58 1729232 ----a-w- c:\progra~2\MICROS~1\Office15\GROOVEEX.DLL
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
    @="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
    [HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
    2014-08-12 08:58 1729232 ----a-w- c:\progra~2\MICROS~1\Office15\GROOVEEX.DLL
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
    @="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
    [HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
    2014-08-12 08:58 1729232 ----a-w- c:\progra~2\MICROS~1\Office15\GROOVEEX.DLL
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RocketDock"="c:\program files (x86)\RocketDock\RocketDock.exe" [2007-09-02 495616]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-07-31 4085896]
    "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" [2014-09-15 767200]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    "EnableLinkedConnections"= 1 (0x1)
    .
    R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
    R3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_flt.sys [x]
    R3 ATHDFU;Atheros Valkyrie USB BootROM;c:\windows\system32\Drivers\AthDfu.sys;c:\windows\SYSNATIVE\Drivers\AthDfu.sys [x]
    R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys;c:\windows\SYSNATIVE\drivers\btath_a2dp.sys [x]
    R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_hcrp.sys [x]
    R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_lwflt.sys [x]
    R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_rcp.sys [x]
    R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x]
    R3 cmdvirth;COMODO Virtual Service Manager;c:\program files\COMODO\COMODO Internet Security\cmdvirth.exe;c:\program files\COMODO\COMODO Internet Security\cmdvirth.exe [x]
    R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys;c:\windows\SYSNATIVE\DRIVERS\dc3d.sys [x]
    R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
    R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
    R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys;c:\windows\SYSNATIVE\epmntdrv.sys [x]
    R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys;c:\windows\SYSNATIVE\EuGdiDrv.sys [x]
    R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
    R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
    R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
    R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
    R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
    R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
    R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
    R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
    R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
    R3 wampapache64;wampapache64;c:\wamp\bin\apache\apache2.4.9\bin\httpd.exe;c:\wamp\bin\apache\apache2.4.9\bin\httpd.exe [x]
    R3 wampmysqld64;wampmysqld64;c:\wamp\bin\mysql\mysql5.6.17\bin\mysqld.exe wampmysqld64;c:\wamp\bin\mysql\mysql5.6.17\bin\mysqld.exe wampmysqld64 [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
    R4 afcdpsrv;Acronis Nonstop Backup Service;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [x]
    R4 LiveUpdateSvc;LiveUpdate;c:\program files (x86)\IObit\LiveUpdate\LiveUpdate.exe;c:\program files (x86)\IObit\LiveUpdate\LiveUpdate.exe [x]
    R4 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
    R4 syncagentsrv;Acronis Sync Agent Service;c:\program files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe;c:\program files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe [x]
    S0 aswRvrt;avast! Revert; [x]
    S0 aswVmm;avast! VM Monitor; [x]
    S0 file_tracker;file_tracker;c:\windows\system32\DRIVERS\file_tracker.sys;c:\windows\SYSNATIVE\DRIVERS\file_tracker.sys [x]
    S0 fltsrv;Acronis Storage Filter Management;c:\windows\system32\DRIVERS\fltsrv.sys;c:\windows\SYSNATIVE\DRIVERS\fltsrv.sys [x]
    S0 tib;Acronis TIB Manager;c:\windows\system32\DRIVERS\tib.sys;c:\windows\SYSNATIVE\DRIVERS\tib.sys [x]
    S0 tib_mounter;Acronis TIB Mounter;c:\windows\system32\DRIVERS\tib_mounter.sys;c:\windows\SYSNATIVE\DRIVERS\tib_mounter.sys [x]
    S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
    S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
    S1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\DRIVERS\cmderd.sys;c:\windows\SYSNATIVE\DRIVERS\cmderd.sys [x]
    S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys;c:\windows\SYSNATIVE\DRIVERS\cmdguard.sys [x]
    S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys;c:\windows\SYSNATIVE\DRIVERS\cmdhlp.sys [x]
    S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
    S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]
    S2 AODDriver4.3;AODDriver4.3;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]
    S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
    S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
    S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe;c:\program files (x86)\Bluetooth Suite\adminservice.exe [x]
    S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]
    S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
    S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys;c:\windows\SYSNATIVE\DRIVERS\asmthub3.sys [x]
    S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys;c:\windows\SYSNATIVE\DRIVERS\asmtxhci.sys [x]
    S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
    S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys;c:\windows\SYSNATIVE\DRIVERS\btath_bus.sys [x]
    S3 lvpopf64;Logitech POP Suppression Filter;c:\windows\system32\DRIVERS\lvpopf64.sys;c:\windows\SYSNATIVE\DRIVERS\lvpopf64.sys [x]
    S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys;c:\windows\SYSNATIVE\DRIVERS\lvrs64.sys [x]
    S3 LVUVC64;Logitech QuickCam Fusion(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys;c:\windows\SYSNATIVE\DRIVERS\lvuvc64.sys [x]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
    S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
    S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys;c:\windows\SYSNATIVE\DRIVERS\MijXfilt.sys [x]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - MBAMSWISSARMY
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
    2014-09-25 20:02 1096520 ----a-w- c:\program files (x86)\Google\Chrome\Application\37.0.2062.124\Installer\chrmstp.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2014-10-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-06-30 21:56]
    .
    2014-10-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-06-30 21:56]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2014-06-24 21:08 164760 ----a-w- c:\users\Asim Hussain\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2014-06-24 21:08 164760 ----a-w- c:\users\Asim Hussain\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
    @="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
    2014-06-24 21:08 164760 ----a-w- c:\users\Asim Hussain\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
    @="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
    2014-06-24 21:08 164760 ----a-w- c:\users\Asim Hussain\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2014-06-24 21:08 164760 ----a-w- c:\users\Asim Hussain\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
    @="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
    2014-06-24 21:08 164760 ----a-w- c:\users\Asim Hussain\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2014-06-24 21:08 164760 ----a-w- c:\users\Asim Hussain\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
    @="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
    2014-06-24 21:08 164760 ----a-w- c:\users\Asim Hussain\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2014-07-09 19:30 634872 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AcronisSyncError]
    @="{934BC6C0-FEC2-4df5-A100-961DE2C8A0ED}"
    [HKEY_CLASSES_ROOT\CLSID\{934BC6C0-FEC2-4df5-A100-961DE2C8A0ED}]
    2014-09-09 12:00 2825312 ----a-w- c:\program files (x86)\Acronis\TrueImageHome\tishell64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AcronisSyncInProgress]
    @="{00F848DC-B1D4-4892-9C25-CAADC86A215D}"
    [HKEY_CLASSES_ROOT\CLSID\{00F848DC-B1D4-4892-9C25-CAADC86A215D}]
    2014-09-09 12:00 2825312 ----a-w- c:\program files (x86)\Acronis\TrueImageHome\tishell64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AcronisSyncOk]
    @="{71573297-552E-46fc-BE3D-3DFAF88D47B7}"
    [HKEY_CLASSES_ROOT\CLSID\{71573297-552E-46fc-BE3D-3DFAF88D47B7}]
    2014-09-09 12:00 2825312 ----a-w- c:\program files (x86)\Acronis\TrueImageHome\tishell64.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2014-07-19 7541976]
    "COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cistray.exe" [2014-03-25 1275608]
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://www.google.com/
    mLocal Page = c:\windows\SysWOW64\blank.htm
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office15\EXCEL.EXE/3000
    TCP: DhcpNameServer = 192.168.0.1
    Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - c:\program files (x86)\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL
    FF - ProfilePath - c:\users\Asim Hussain\AppData\Roaming\Mozilla\Firefox\Profiles\lq2s5scs.default-1412890638074\
    FF - prefs.js: browser.startup.homepage - www.google.com
    .
    - - - - ORPHANS REMOVED - - - -
    .
    SafeBoot-07416159.sys
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\COMODO\CIS\Installer\Sym_Cam\CIS]
    "SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
    00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\services\CmdAgent\Mode\Configurations]
    "SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
    00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,59,00,53,00,\
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\services\CmdAgent\Mode\Data]
    "SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
    00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\services\CmdAgent\Mode\Options]
    "SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
    00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Cam]
    "SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
    00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro]
    "SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
    00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,59,00,53,00,\
    .
    Completion time: 2014-10-11 18:36:15
    ComboFix-quarantined-files.txt 2014-10-11 17:36
    .
    Pre-Run: 124,730,638,336 bytes free
    Post-Run: 124,236,443,648 bytes free
    .
    - - End Of File - - 3F2481CE86CBD4A8D90EBAF67B6DEE96
    5FB38429D5D77768867C76DCBDB35194

    Rkill 2.6.8 by Lawrence Abrams (Grinler)
    http://www.bleepingcomputer.com/
    Copyright 2008-2014 BleepingComputer.com
    More Information about Rkill can be found at this link:
    http://www.bleepingcomputer.com/forums/topic308364.html

    Program started at: 10/11/2014 06:42:36 PM in x64 mode.
    Windows Version: Windows 7 Ultimate Service Pack 1

    Checking for Windows services to stop:

    * No malware services found to stop.

    Checking for processes to terminate:

    * No malware processes found to kill.

    Checking Registry for malware related settings:

    * Advanced Explorer Setting Removed: HideIcons [HKCU]

    Backup Registry file created at:
    C:\Users\Asim Hussain\Desktop\rkill\rkill-10-11-2014-06-42-37.reg

    Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

    Performing miscellaneous checks:

    * Windows Firewall Disabled

    [HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = dword:00000000

    Checking Windows Service Integrity:

    * No issues found.

    Searching for Missing Digital Signatures:

    * C:\Windows\System32\user32.dll : 1,008,640 : 06/30/2014 09:43 PM : 2c353b6ce0c8d03225caa2af33b68d79 [NoSig]
    +-> C:\Windows\SysWOW64\user32.dll : 833,024 : 06/30/2014 09:43 PM : 861c4346f9281dc0380de72c8d55d6be [Pos Repl]
    +-> C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll : 1,008,128 : 11/21/2010 04:24 AM : fe70103391a64039a921dbfff9c7ab1b [Pos Repl]
    +-> C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll : 833,024 : 11/21/2010 04:24 AM : 5e0db2d8b2750543cd2ebb9ea8e6cdd3 [Pos Repl]

    Checking HOSTS File:

    * HOSTS file entries found:

    127.0.0.1 localhost

    Program finished at: 10/11/2014 06:42:55 PM
    Execution time: 0 hours(s), 0 minute(s), and 19 seconds(s)
     
  9. Broni

    Broni Malware Annihilator Posts: 52,915   +344

    Looks good.

    [​IMG] Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Scan button.
    • When the scan has finished click on Clean button.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the contents of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.

    [​IMG] Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.

    [​IMG] Please download Farbar Recovery Scan Tool and save it to your Desktop.

    Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
    • Double-click to run it. When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
    • The first time the tool is run, it makes also another log (Addition.txt). Please copy and paste it to your reply.
     
  10. ronaldo9_r9

    ronaldo9_r9 TS Member Topic Starter Posts: 20

    Sorry about delay. Here are logs.

    # AdwCleaner v3.311 - Report created 11/10/2014 at 23:42:48
    # Updated 30/09/2014 by Xplode
    # Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)
    # Username : Asim Hussain - ASIMHUSSAIN-PC
    # Running from : C:\Users\Asim Hussain\Desktop\adwcleaner_3.311.exe
    # Option : Clean

    ***** [ Services ] *****


    ***** [ Files / Folders ] *****


    ***** [ Scheduled Tasks ] *****


    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****


    ***** [ Browsers ] *****

    -\\ Internet Explorer v11.0.9600.17280


    -\\ Mozilla Firefox v32.0.3 (x86 en-GB)

    [ File : C:\Users\Asim Hussain\AppData\Roaming\Mozilla\Firefox\Profiles\1js4aggt.default\prefs.js ]


    [ File : C:\Users\Asim Hussain\AppData\Roaming\Mozilla\Firefox\Profiles\lq2s5scs.default-1412890638074\prefs.js ]


    -\\ Google Chrome v37.0.2062.124

    [ File : C:\Users\Asim Hussain\AppData\Local\Google\Chrome\User Data\Default\preferences ]


    *************************

    AdwCleaner[R0].txt - [1923 octets] - [11/10/2014 20:35:39]
    AdwCleaner[R1].txt - [1216 octets] - [11/10/2014 23:41:31]
    AdwCleaner[S0].txt - [2004 octets] - [11/10/2014 20:37:00]
    AdwCleaner[S1].txt - [1137 octets] - [11/10/2014 23:42:48]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1197 octets] ##########

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 6.3.2 (10.09.2014:1)
    OS: Windows 7 Ultimate x64
    Ran by Asim Hussain on 11/10/2014 at 23:45:17.16
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    ~~~ Services



    ~~~ Registry Values



    ~~~ Registry Keys



    ~~~ Files



    ~~~ Folders



    ~~~ Event Viewer Logs were cleared





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on 12/10/2014 at 0:07:41.45
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     
  11. ronaldo9_r9

    ronaldo9_r9 TS Member Topic Starter Posts: 20

    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-10-2014
    Ran by Asim Hussain (administrator) on ASIMHUSSAIN-PC on 12-10-2014 00:10:06
    Running from C:\Users\Asim Hussain\Desktop
    Loaded Profile: Asim Hussain (Available profiles: Asim Hussain)
    Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)
    Internet Explorer Version 11
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
    (AMD) C:\Windows\System32\atiesrxx.exe
    (AMD) C:\Windows\System32\atieclxx.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    (Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
    (Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
    (COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
    (COMODO) C:\Program Files\COMODO\COMODO Internet Security\CisTray.exe
    () C:\Program Files (x86)\RocketDock\RocketDock.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
    (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    (COMODO) C:\Program Files\COMODO\COMODO Internet Security\cis.exe
    (Advanced Micro Devices, Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\SLSTaskbar.exe
    (Advanced Micro Devices, Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\SLSTaskbar64.exe
    (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    (Microsoft Corporation) C:\Windows\System32\audiodg.exe


    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7541976 2014-07-20] (Realtek Semiconductor)
    HKLM\...\Run: [COMODO Internet Security] => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1275608 2014-03-25] (COMODO)
    HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-07-31] (AVAST Software)
    HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-09-15] (Advanced Micro Devices, Inc.)
    HKU\S-1-5-21-3286673083-1926705729-2674503367-1000\...\Run: [RocketDock] => C:\Program Files (x86)\RocketDock\RocketDock.exe [495616 2007-09-02] ()
    SSODL-x32: IconPackager Repair - {1799460C-0BC8-4865-B9DF-4A36CD703FF0} - C:\Program Files (x86)\Stardock\Object Desktop\IconPackager\iprepair.dll (Stardock.net, Inc)
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
    ShellIconOverlayIdentifiers: [AcronisSyncError] -> {934BC6C0-FEC2-4df5-A100-961DE2C8A0ED} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll (Acronis)
    ShellIconOverlayIdentifiers: [AcronisSyncInProgress] -> {00F848DC-B1D4-4892-9C25-CAADC86A215D} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll (Acronis)
    ShellIconOverlayIdentifiers: [AcronisSyncOk] -> {71573297-552E-46fc-BE3D-3DFAF88D47B7} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll (Acronis)

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xF00EC7980593CF01
    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-GB
    StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
    BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
    BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
    BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
    BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_20\bin\ssv.dll (Oracle Corporation)
    BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
    BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
    BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
    BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_20\bin\jp2ssv.dll (Oracle Corporation)
    Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
    Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

    FireFox:
    ========
    FF ProfilePath: C:\Users\Asim Hussain\AppData\Roaming\Mozilla\Firefox\Profiles\lq2s5scs.default-1412890638074
    FF Homepage: www.google.com
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
    FF Plugin: @microsoft.com/GENUINE -> disabled No File
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation)
    FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
    FF Plugin-x32: @java.com/DTPlugin,version=11.20.2 -> C:\Program Files (x86)\Java\jre1.8.0_20\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=11.20.2 -> C:\Program Files (x86)\Java\jre1.8.0_20\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
    FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
    FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazon-en-GB.xml
    FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\chambers-en-GB.xml
    FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-en-GB.xml
    FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-en-GB.xml
    FF Extension: NASA Night Launch - C:\Users\Asim Hussain\AppData\Roaming\Mozilla\Firefox\Profiles\lq2s5scs.default-1412890638074\Extensions\nasanightlaunch@example.com.xpi [2014-10-09]
    FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
    FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-06-28]

    Chrome:
    =======
    CHR StartupUrls: Default -> "hxxp://www.google.co.uk/"
    CHR Profile: C:\Users\Asim Hussain\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Google Docs) - C:\Users\Asim Hussain\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-06-30]
    CHR Extension: (Google Drive) - C:\Users\Asim Hussain\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-06-30]
    CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Asim Hussain\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-05]
    CHR Extension: (MEGA) - C:\Users\Asim Hussain\AppData\Local\Google\Chrome\User Data\Default\Extensions\bigefpfhnfcobdlfbedofhhaibnlghod [2014-09-06]
    CHR Extension: (YouTube) - C:\Users\Asim Hussain\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-06-30]
    CHR Extension: (Adblock Plus) - C:\Users\Asim Hussain\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-06-30]
    CHR Extension: (Google Search) - C:\Users\Asim Hussain\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-06-30]
    CHR Extension: (Lamborghini) - C:\Users\Asim Hussain\AppData\Local\Google\Chrome\User Data\Default\Extensions\fiefegoncbfdemobfpaldfapbfiinmeo [2014-06-30]
    CHR Extension: (avast! Online Security) - C:\Users\Asim Hussain\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-07-01]
    CHR Extension: (Hangouts) - C:\Users\Asim Hussain\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2014-07-10]
    CHR Extension: (Google Wallet) - C:\Users\Asim Hussain\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-06-30]
    CHR Extension: (Gmail) - C:\Users\Asim Hussain\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-06-30]
    CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-07-09]

    ==================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-09-15] (Advanced Micro Devices, Inc.) [File not signed]
    R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [76448 2011-03-01] (Atheros Commnucations) [File not signed]
    R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-07-09] (AVAST Software)
    R2 CmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [6817544 2014-04-16] (COMODO)
    S3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2264280 2014-03-25] (COMODO)
    R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
    R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
    S4 NMIndexingService; C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe [382248 2007-09-20] (Nero AG)
    S3 wampapache64; c:\wamp\bin\apache\apache2.4.9\bin\httpd.exe [24576 2014-05-01] (Apache Software Foundation) [File not signed]
    S3 wampmysqld64; c:\wamp\bin\mysql\mysql5.6.17\bin\mysqld.exe [12942848 2014-05-01] () [File not signed]
    S4 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [X]

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R2 AODDriver4.3; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
    R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-07-09] ()
    R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-07-09] (AVAST Software)
    R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-07-09] (AVAST Software)
    R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-07-09] ()
    R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-07-09] (AVAST Software)
    R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-07-09] (AVAST Software)
    S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-07-09] (AVAST Software)
    R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-07-09] ()
    R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [23168 2014-04-16] (COMODO)
    R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [738472 2014-04-16] (COMODO)
    R1 cmdHlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [48360 2014-04-16] (COMODO)
    R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-06-28] (Disc Soft Ltd)
    S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [17480 2013-03-07] () [File not signed]
    S3 epmntdrv; C:\Windows\SysWOW64\epmntdrv.sys [13896 2013-03-07] () [File not signed]
    S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [9800 2013-03-07] () [File not signed]
    S3 EuGdiDrv; C:\Windows\SysWOW64\EuGdiDrv.sys [9160 2013-03-07] () [File not signed]
    R0 file_tracker; C:\Windows\System32\DRIVERS\file_tracker.sys [296736 2014-10-09] (Acronis International GmbH)
    R1 inspect; C:\Windows\System32\DRIVERS\inspect.sys [105552 2014-04-16] (COMODO)
    R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
    R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-10-11] (Malwarebytes Corporation)
    S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
    R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
    R0 tib; C:\Windows\System32\DRIVERS\tib.sys [1328928 2014-10-09] (Acronis International GmbH)
    R0 tib_mounter; C:\Windows\System32\DRIVERS\tib_mounter.sys [248096 2014-10-09] (Acronis International GmbH)
    U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [34808 2014-10-11] ()
    S3 catchme; \??\C:\ComboFix\catchme.sys [X]
    S3 VGPU; System32\drivers\rdvgkmd.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


    ==================== One Month Created Files and Folders ========

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2014-10-12 00:10 - 2014-10-12 00:10 - 00016229 _____ () C:\Users\Asim Hussain\Desktop\FRST.txt
    2014-10-12 00:09 - 2014-10-12 00:10 - 00000000 ____D () C:\FRST
    2014-10-12 00:08 - 2014-10-12 00:08 - 00000628 _____ () C:\Users\Asim Hussain\Documents\JRT.txt
    2014-10-12 00:07 - 2014-10-12 00:07 - 00000628 _____ () C:\Users\Asim Hussain\Desktop\JRT.txt
    2014-10-11 23:44 - 2014-10-11 23:44 - 00001277 _____ () C:\Users\Asim Hussain\Documents\AdwCleaner[S1].txt
    2014-10-11 23:40 - 2014-10-11 23:40 - 00037945 _____ () C:\ComboFix.txt
    2014-10-11 23:17 - 2014-10-11 23:23 - 00000000 ____D () C:\Users\Asim Hussain\Desktop\mbar
    2014-10-11 23:10 - 2014-10-11 12:33 - 15677528 _____ () C:\Users\Asim Hussain\Desktop\RogueKiller.exe
    2014-10-11 23:09 - 2014-10-11 23:09 - 15677528 _____ () C:\Users\Asim Hussain\Downloads\RogueKiller(1).exe
    2014-10-11 20:45 - 2014-10-11 20:45 - 00000000 ____D () C:\Windows\ERUNT
    2014-10-11 20:35 - 2014-10-11 23:42 - 00000000 ____D () C:\AdwCleaner
    2014-10-11 20:34 - 2014-10-11 20:34 - 02109952 _____ (Farbar) C:\Users\Asim Hussain\Desktop\FRST64.exe
    2014-10-11 20:34 - 2014-10-11 20:34 - 01705755 _____ (Thisisu) C:\Users\Asim Hussain\Desktop\JRT.exe
    2014-10-11 20:33 - 2014-10-11 20:33 - 01375089 _____ () C:\Users\Asim Hussain\Desktop\adwcleaner_3.311.exe
    2014-10-11 18:49 - 2014-10-11 23:43 - 00001638 _____ () C:\Windows\PFRO.log
    2014-10-11 18:49 - 2014-10-11 23:43 - 00000224 _____ () C:\Windows\setupact.log
    2014-10-11 18:49 - 2014-10-11 18:49 - 00000000 _____ () C:\Windows\setuperr.log
    2014-10-11 18:42 - 2014-10-11 18:42 - 00003868 _____ () C:\Users\Asim Hussain\Desktop\Rkill.txt
    2014-10-11 18:42 - 2014-10-11 18:42 - 00000000 ____D () C:\Users\Asim Hussain\Desktop\rkill
    2014-10-11 18:41 - 2014-10-11 18:41 - 01944824 _____ (Bleeping Computer, LLC) C:\Users\Asim Hussain\Desktop\rkill(1).exe
    2014-10-11 18:19 - 2014-10-11 23:41 - 00000000 ____D () C:\Qoobox
    2014-10-11 18:19 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
    2014-10-11 18:19 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
    2014-10-11 18:19 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
    2014-10-11 18:19 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
    2014-10-11 18:19 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
    2014-10-11 18:19 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
    2014-10-11 18:19 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
    2014-10-11 18:19 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
    2014-10-11 18:18 - 2014-10-11 18:32 - 00000000 ____D () C:\Windows\erdnt
    2014-10-11 18:17 - 2014-10-11 18:15 - 05582481 ____R (Swearware) C:\Users\Asim Hussain\Desktop\ComboFix.exe
    2014-10-11 18:15 - 2014-10-11 18:15 - 05582481 _____ (Swearware) C:\Users\Asim Hussain\Downloads\ComboFix.exe
    2014-10-11 12:47 - 2014-10-11 23:23 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
    2014-10-11 12:46 - 2014-10-11 12:46 - 14349744 _____ (Malwarebytes Corp.) C:\Users\Asim Hussain\Desktop\mbar-1.07.0.1012.exe
    2014-10-11 12:43 - 2014-10-11 12:43 - 00005191 _____ () C:\Users\Asim Hussain\Documents\RKreport_DEL_10112014_124301.log
    2014-10-11 12:34 - 2014-10-11 23:10 - 00034808 _____ () C:\Windows\system32\Drivers\TrueSight.sys
    2014-10-11 12:34 - 2014-10-11 12:34 - 00000000 ____D () C:\ProgramData\RogueKiller
    2014-10-11 12:33 - 2014-10-11 12:33 - 15677528 _____ () C:\Users\Asim Hussain\Downloads\RogueKiller.exe
    2014-10-10 18:46 - 2014-10-10 18:47 - 905593193 _____ () C:\Users\Asim Hussain\Downloads\Finger Family _ More Nursery Rhymes! _ 1 hour! _ 33 Videos! _ 3D Animation in HD.mp4
    2014-10-10 11:38 - 2014-10-10 11:38 - 00688992 _____ (Swearware) C:\Users\Asim Hussain\Downloads\dds.com
    2014-10-10 11:26 - 2014-10-10 11:26 - 00001063 _____ () C:\Users\Asim Hussain\Documents\MBAM.txt
    2014-10-10 11:19 - 2014-10-10 11:19 - 00000000 ____D () C:\Windows\Tasks\ImCleanDisabled
    2014-10-09 22:46 - 2014-10-09 22:46 - 00000000 ____D () C:\Users\Asim Hussain\Documents\My Cheat Tables
    2014-10-09 22:45 - 2014-10-07 20:04 - 04244992 _____ () C:\Users\Asim Hussain\Downloads\Alien Isolation V1.00 Trainer +4 MrAntiFun B.EXE
    2014-10-09 22:37 - 2014-10-09 22:37 - 00159993 _____ () C:\Users\Asim Hussain\Documents\bookmarks-2014-10-09.json
    2014-10-09 22:37 - 2014-10-09 22:37 - 00000000 ____D () C:\Users\Asim Hussain\Desktop\Old Firefox Data
    2014-10-09 22:35 - 2014-10-09 22:35 - 04088554 _____ () C:\Users\Asim Hussain\Downloads\Alien Isolation V1.00 Trainer +4 MrAntiFun B.zip
    2014-10-09 21:17 - 2014-10-09 21:18 - 521338880 _____ () C:\Users\Asim Hussain\Downloads\AcronisBootableMedia.iso
    2014-10-09 21:16 - 2014-10-09 21:16 - 00000000 ____D () C:\Users\Asim Hussain\AppData\Roaming\Acronis
    2014-10-09 21:13 - 2014-10-09 21:13 - 01328928 _____ (Acronis International GmbH) C:\Windows\system32\Drivers\tib.sys
    2014-10-09 21:13 - 2014-10-09 21:13 - 00319776 _____ (Acronis International GmbH) C:\Windows\system32\Drivers\snapman.sys
    2014-10-09 21:13 - 2014-10-09 21:13 - 00296736 _____ (Acronis International GmbH) C:\Windows\system32\Drivers\file_tracker.sys
    2014-10-09 21:13 - 2014-10-09 21:13 - 00248096 _____ (Acronis International GmbH) C:\Windows\system32\Drivers\tib_mounter.sys
    2014-10-09 21:13 - 2014-10-09 21:13 - 00126752 _____ (Acronis International GmbH) C:\Windows\system32\Drivers\fltsrv.sys
    2014-10-09 21:13 - 2014-10-09 21:13 - 00001226 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acronis True Image 2015.lnk
    2014-10-09 21:13 - 2014-10-09 21:13 - 00001214 _____ () C:\Users\Public\Desktop\Acronis True Image 2015.lnk
    2014-10-09 21:13 - 2014-10-09 21:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acronis
    2014-10-09 21:12 - 2014-10-09 21:29 - 00000000 ____D () C:\ProgramData\Acronis
    2014-10-09 21:12 - 2014-10-09 21:12 - 00000000 ____D () C:\Program Files (x86)\Acronis
    2014-10-09 20:46 - 2014-10-09 20:46 - 02409186 _____ () C:\Users\Asim Hussain\Documents\AccessEnum.txt
    2014-10-09 20:44 - 2014-10-09 20:44 - 00051139 _____ () C:\Users\Asim Hussain\Downloads\AccessEnum.zip
    2014-10-09 20:44 - 2006-11-01 13:06 - 00174968 _____ (Sysinternals - www.sysinternals.com) C:\Users\Asim Hussain\Desktop\AccessEnum.exe
    2014-10-09 20:37 - 2014-10-09 20:37 - 01056768 _____ () C:\Windows\system32\defltbase.sdb
    2014-10-08 22:37 - 2014-10-11 23:43 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2014-10-08 22:32 - 2014-10-11 23:17 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
    2014-10-08 22:32 - 2014-10-08 22:37 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
    2014-10-08 22:32 - 2014-10-08 22:32 - 00001115 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2014-10-08 22:32 - 2014-10-08 22:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    2014-10-08 22:32 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
    2014-10-08 22:32 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
    2014-10-08 22:29 - 2014-10-08 22:30 - 07747104 _____ (Malwarebytes Corporation ) C:\Users\Asim Hussain\Downloads\stopzilla2.exe
    2014-10-08 22:29 - 2014-10-08 18:58 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Asim Hussain\Downloads\stopzilla.exe
    2014-10-08 21:43 - 2014-10-08 21:43 - 02347384 _____ (ESET) C:\Users\Asim Hussain\Downloads\esetsmartinstaller_enu.exe
    2014-10-08 19:27 - 2014-10-08 19:27 - 00004800 _____ () C:\Users\Asim Hussain\Documents\Rkill2.txt
    2014-10-08 19:25 - 2014-10-08 19:25 - 01944824 _____ (Bleeping Computer, LLC) C:\Users\Asim Hussain\Downloads\rkill.exe
    2014-10-08 19:23 - 2014-10-08 19:23 - 00005560 _____ () C:\Users\Asim Hussain\Documents\Rkill.txt
    2014-10-08 19:20 - 2014-10-08 19:20 - 00000806 _____ () C:\Users\Asim Hussain\Downloads\FixExe.reg
    2014-10-08 18:57 - 2014-10-08 18:57 - 04872677 _____ () C:\Users\Asim Hussain\Downloads\mbam-chameleon-3.1.4.0.zip
    2014-10-08 18:17 - 2014-10-08 18:17 - 19814952 _____ (SUPERAntiSpyware) C:\Users\Asim Hussain\Downloads\SUPERAntiSpyware.exe
    2014-10-08 00:57 - 2014-10-08 00:57 - 00321848 _____ (Malwarebytes Corporation) C:\Users\Asim Hussain\Downloads\mbam-clean-2.1.1.1001(1).exe
    2014-10-08 00:53 - 2014-10-08 00:54 - 304410624 _____ () C:\Users\Asim Hussain\Downloads\kav_rescue_10.iso
    2014-10-08 00:38 - 2014-10-08 00:39 - 00197412 _____ () C:\Users\Asim Hussain\Downloads\mbam-setup-2.0.1.1004.rar
    2014-10-08 00:29 - 2014-10-08 00:29 - 00000000 ____D () C:\Users\Asim Hussain\AppData\Local\Stardock
    2014-10-07 20:51 - 2014-10-11 23:47 - 00337205 _____ () C:\Windows\WindowsUpdate.log
    2014-10-07 20:14 - 2014-10-07 20:14 - 00000000 ____H () C:\Users\Asim Hussain\Documents\Default.rdp
    2014-10-06 22:10 - 2014-10-08 18:12 - 00000000 ____D () C:\Users\Asim Hussain\AppData\Roaming\Steam
    2014-10-06 22:08 - 2014-10-08 18:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Alien Isolation
    2014-10-06 22:08 - 2014-10-06 22:08 - 00000658 _____ () C:\Users\Asim Hussain\Desktop\Alien Isolation.lnk
    2014-10-06 15:18 - 2014-10-06 15:18 - 230181365 _____ () C:\Users\Asim Hussain\Downloads\PlayStation 3 Slim Reassembly.mp4
    2014-10-06 14:36 - 2014-10-06 14:37 - 335988774 _____ () C:\Users\Asim Hussain\Downloads\How To Open A PS3 Slim.mp4
    2014-10-04 21:34 - 2014-10-08 18:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinAVI Video Converter
    2014-10-04 21:34 - 2014-10-08 18:13 - 00000000 ____D () C:\Program Files (x86)\WinAVI Video Converter
    2014-10-04 21:34 - 2014-10-04 21:34 - 00001014 _____ () C:\Users\Asim Hussain\Desktop\WinAVI Video Converter.lnk
    2014-10-04 20:56 - 2014-10-04 20:56 - 00000000 ____D () C:\Users\Asim Hussain\AppData\Roaming\AMD
    2014-10-04 20:25 - 2014-10-08 18:13 - 00000000 ____D () C:\Users\Asim Hussain\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FormatFactory
    2014-10-04 20:25 - 2014-10-04 20:25 - 00001211 _____ () C:\Users\Asim Hussain\Desktop\Format Factory.lnk
    2014-10-04 20:24 - 2014-10-08 18:12 - 00000000 ____D () C:\Program Files (x86)\FreeTime
    2014-10-04 19:45 - 2014-10-08 18:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MagicISO
    2014-10-04 19:45 - 2014-10-08 18:12 - 00000000 ____D () C:\Program Files (x86)\MagicISO
    2014-10-04 19:45 - 2014-10-04 19:45 - 00001812 _____ () C:\Users\Asim Hussain\Desktop\MagicISO.lnk
    2014-10-04 19:45 - 2014-10-04 19:45 - 00000000 ____D () C:\Users\Asim Hussain\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MagicISO
    2014-10-04 19:43 - 2014-10-08 18:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MKVtoolnix
    2014-10-04 19:43 - 2014-10-08 18:13 - 00000000 ____D () C:\Program Files (x86)\MKVtoolnix
    2014-10-04 19:43 - 2014-10-04 19:43 - 00001901 _____ () C:\Users\Public\Desktop\mkvmerge GUI.lnk
    2014-10-04 19:40 - 2014-10-04 19:40 - 00000000 ____D () C:\Users\Asim Hussain\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MeGUI
    2014-10-04 19:39 - 2014-10-08 18:13 - 00000000 ____D () C:\Users\Asim Hussain\AppData\Local\www.doom9.net
    2014-10-04 19:38 - 2014-10-08 18:13 - 00000000 ____D () C:\Program Files (x86)\megui
    2014-10-04 19:19 - 2014-10-08 18:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MeGUI
    2014-10-04 19:19 - 2014-10-08 18:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AviSynth 2.5
    2014-10-04 19:19 - 2014-10-08 18:12 - 00000000 ____D () C:\Program Files (x86)\AviSynth 2.5
    2014-10-04 19:19 - 2014-10-04 19:19 - 00000000 ____D () C:\Users\Asim Hussain\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AviSynth 2.5
    2014-10-04 19:18 - 2014-10-08 18:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVD Decrypter
    2014-10-04 19:18 - 2014-10-08 18:12 - 00000000 ____D () C:\Program Files (x86)\DVD Decrypter
    2014-10-04 19:18 - 2014-10-04 19:18 - 00001985 _____ () C:\Users\Public\Desktop\DVD Decrypter.lnk
    2014-10-04 18:43 - 2014-10-07 22:18 - 00000000 ____D () C:\Users\Asim Hussain\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinAVI All-in-One Converter
    2014-10-04 18:39 - 2014-10-08 18:13 - 00000000 ____D () C:\Users\Asim Hussain\AppData\Roaming\WinAVI
    2014-10-04 18:39 - 2014-10-07 22:18 - 00000000 ____D () C:\Program Files (x86)\WinAVI
    2014-10-04 18:39 - 2014-10-07 21:01 - 00000000 ____D () C:\Users\Asim Hussain\AppData\Local\WinAVI
    2014-10-04 13:00 - 2014-10-04 13:00 - 50649660 _____ () C:\Users\Asim Hussain\Downloads\How to create a Time Lapse in all versions Sony Vegas!.mp4
    2014-10-04 12:21 - 2014-10-04 12:21 - 07561216 _____ () C:\Users\Asim Hussain\Downloads\jeboo_kernel_i9100_v1-2a.tar
    2014-10-04 10:41 - 2014-10-08 18:13 - 00000000 ____D () C:\Users\Asim Hussain\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
    2014-10-04 10:41 - 2014-10-08 18:12 - 00000000 ____D () C:\Program Files (x86)\AMD AVT
    2014-10-04 10:41 - 2014-10-04 10:41 - 00000000 ____D () C:\ProgramData\ATI
    2014-10-04 10:40 - 2014-10-08 18:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
    2014-10-04 10:40 - 2014-10-04 10:40 - 00061880 _____ () C:\Windows\SysWOW64\CCCInstall_201410041040513503.log
    2014-10-04 01:10 - 2014-10-04 01:10 - 145432164 _____ () C:\Users\Asim Hussain\Downloads\MUST SEE! The World's BIGGEST KILLER - Alcohol.mp4
    2014-10-04 00:59 - 2014-10-04 00:59 - 217680841 _____ () C:\Users\Asim Hussain\Downloads\SHOCKING MUST SEE! WHY Eating PORK is BAD For HUMANS - Pork.mp4
    2014-10-03 23:32 - 2014-10-03 23:32 - 80227266 _____ () C:\Users\Asim Hussain\Downloads\How I came to Islam - Anthony became Abdurraheem Green.mp4
    2014-10-02 19:34 - 2014-10-02 19:34 - 29560000 _____ () C:\Users\Asim Hussain\Downloads\Pes_2015_New_Skill_-_Control_Dummy_Tutorial.mp4
    2014-10-01 20:52 - 2014-10-01 20:52 - 04965896 _____ (Piriform Ltd) C:\Users\Asim Hussain\Downloads\ccsetup418(1).exe
    2014-10-01 19:48 - 2014-09-25 03:08 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
    2014-10-01 19:48 - 2014-09-25 02:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
    2014-09-28 22:20 - 2014-09-28 22:20 - 04427806 _____ () C:\Users\Asim Hussain\Downloads\Bruteforce_Save_Data_v4.4.2.rar
    2014-09-28 22:13 - 2014-09-15 11:49 - 00000000 ____D () C:\Users\Asim Hussain\Downloads\PS3
    2014-09-28 22:12 - 2014-09-28 22:13 - 52460304 _____ () C:\Users\Asim Hussain\Downloads\PS3.rar
    2014-09-28 19:14 - 2014-09-28 19:16 - 52459266 _____ () C:\Users\Asim Hussain\Downloads\PES_2015_-_Play_Like_Messi.mp4
    2014-09-28 17:41 - 2014-06-07 19:45 - 00000616 _____ () C:\Users\Asim Hussain\Documents\phpmyadmin.conf
    2014-09-28 17:26 - 2014-09-28 17:26 - 45743183 _____ () C:\Users\Asim Hussain\Downloads\PES 2014 New Skills Tutorial (Advanced)(1).mp4
    2014-09-27 18:45 - 2014-09-27 18:45 - 820773845 _____ () C:\Users\Asim Hussain\Downloads\I9300XXUGMK6.zip
    2014-09-27 18:43 - 2014-09-27 18:44 - 06214085 _____ () C:\Users\Asim Hussain\Downloads\XXUGMK6_Stock_Kernel_CWM.zip
    2014-09-27 18:42 - 2014-09-27 18:45 - 25312730 _____ () C:\Users\Asim Hussain\Downloads\update.zip
    2014-09-27 18:42 - 2014-09-27 18:43 - 05022536 _____ () C:\Users\Asim Hussain\Downloads\modem_I9300XXUGMK6.zip
    2014-09-27 16:15 - 2014-09-27 16:15 - 45743183 _____ () C:\Users\Asim Hussain\Downloads\PES 2014 New Skills Tutorial (Advanced).mp4
    2014-09-27 15:12 - 2014-09-27 15:12 - 28552839 _____ () C:\Users\Asim Hussain\Downloads\The Wheels On The Bus _ Nursery Rhymes _ HD Version.mp4
    2014-09-27 11:47 - 2014-09-27 11:47 - 04964488 _____ (Piriform Ltd) C:\Users\Asim Hussain\Downloads\ccsetup418.exe
    2014-09-25 23:05 - 2014-09-25 23:05 - 34703431 _____ () C:\Users\Asim Hussain\Documents\PES and Fifa Youtube Art Channel Template.psd
    2014-09-25 22:13 - 2014-09-25 22:14 - 16601549 _____ () C:\Users\Asim Hussain\Downloads\PES and Fifa Youtube Art Channel Template.rar
    2014-09-25 21:50 - 2014-09-25 21:50 - 00002095 _____ () C:\Users\Public\Desktop\SDFormatter.lnk
    2014-09-25 21:50 - 2014-09-25 21:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SDFormatter
    2014-09-25 21:50 - 2014-09-25 21:50 - 00000000 ____D () C:\Program Files (x86)\SDA
    2014-09-25 21:49 - 2014-09-25 21:49 - 06286748 _____ () C:\Users\Asim Hussain\Downloads\SDFormatterv4.zip
    2014-09-24 22:18 - 2014-09-09 23:11 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
    2014-09-24 22:18 - 2014-09-09 22:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
    2014-09-21 16:05 - 2014-09-21 16:11 - 640084978 _____ () C:\Users\Asim Hussain\Downloads\Final patch.rar
    2014-09-21 15:29 - 2014-09-21 15:30 - 778960307 _____ () C:\Users\Asim Hussain\Downloads\ABC Song _ ABC Songs and More Nursery Rhymes! _ 30 Videos _ 51 Minutes Long _ 3D Animations in HD.mp4
    2014-09-20 20:02 - 2014-09-20 20:02 - 00000000 ____D () C:\Users\Asim Hussain\AppData\Local\Ahead
    2014-09-19 22:36 - 2014-09-19 22:36 - 107363934 _____ () C:\Users\Asim Hussain\Downloads\PES_2015_-_Gameplay_Compilation_2.mp4
    2014-09-19 22:30 - 2014-09-19 22:30 - 75840979 _____ () C:\Users\Asim Hussain\Downloads\PES 2014 - Best Goals Compilation 2.mp4
    2014-09-15 23:32 - 2014-09-15 23:32 - 00078432 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atimpc64.dll
    2014-09-15 23:32 - 2014-09-15 23:32 - 00078432 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdpcom64.dll
    2014-09-15 23:32 - 2014-09-15 23:32 - 00071704 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atimpc32.dll
    2014-09-15 23:32 - 2014-09-15 23:32 - 00071704 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdpcom32.dll
    2014-09-15 23:31 - 2014-09-15 23:31 - 09254184 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atidxx32.dll
    2014-09-15 23:31 - 2014-09-15 23:31 - 08296296 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiumd64.dll
    2014-09-15 23:31 - 2014-09-15 23:31 - 08044976 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiumd6a.dll
    2014-09-15 23:31 - 2014-09-15 23:31 - 07207592 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdva.dll
    2014-09-15 23:31 - 2014-09-15 23:31 - 07028336 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdag.dll
    2014-09-15 23:31 - 2014-09-15 23:31 - 01113576 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\aticfx32.dll
    2014-09-15 23:31 - 2014-09-15 23:31 - 00126848 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiuxpag.dll
    2014-09-15 23:31 - 2014-09-15 23:31 - 00118096 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiu9p64.dll
    2014-09-15 23:31 - 2014-09-15 23:31 - 00100032 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiu9pag.dll
    2014-09-15 23:29 - 2014-09-15 23:29 - 00293088 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\amdacpksd.sys
    2014-09-15 23:26 - 2014-09-15 23:26 - 16750080 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\atikmdag.sys
    2014-09-15 23:18 - 2014-09-15 23:18 - 00235008 _____ () C:\Windows\system32\clinfo.exe
    2014-09-15 23:18 - 2014-09-15 23:18 - 00098816 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\OpenVideo64.dll
    2014-09-15 23:17 - 2014-09-15 23:17 - 33867264 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\amdocl64.dll
    2014-09-15 23:17 - 2014-09-15 23:17 - 28770304 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\amdocl.dll
    2014-09-15 23:17 - 2014-09-15 23:17 - 00086528 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\OVDecode64.dll
    2014-09-15 23:17 - 2014-09-15 23:17 - 00083456 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\OpenVideo.dll
    2014-09-15 23:17 - 2014-09-15 23:17 - 00073216 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\OVDecode.dll
    2014-09-15 23:16 - 2014-09-15 23:16 - 00065024 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
    2014-09-15 23:16 - 2014-09-15 23:16 - 00058880 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
    2014-09-15 23:13 - 2014-09-15 23:13 - 27918336 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atio6axx.dll
    2014-09-15 23:09 - 2014-09-15 23:09 - 05639168 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdmantle64.dll
    2014-09-15 23:09 - 2014-09-15 23:09 - 00127488 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\mantle64.dll
    2014-09-15 23:09 - 2014-09-15 23:09 - 00113664 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\mantle32.dll
    2014-09-15 23:09 - 2014-09-15 23:09 - 00048128 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdmmcl6.dll
    2014-09-15 23:09 - 2014-09-15 23:09 - 00037888 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdmmcl.dll
    2014-09-15 23:08 - 2014-09-15 23:08 - 23375360 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atioglxx.dll
    2014-09-15 23:07 - 2014-09-15 23:07 - 15716352 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\aticaldd64.dll
    2014-09-15 23:07 - 2014-09-15 23:07 - 03437632 _____ () C:\Windows\system32\atiumd6a.cap
    2014-09-15 23:07 - 2014-09-15 23:07 - 00609272 _____ () C:\Windows\SysWOW64\atiapfxx.blb
    2014-09-15 23:07 - 2014-09-15 23:07 - 00609272 _____ () C:\Windows\system32\atiapfxx.blb
    2014-09-15 23:07 - 2014-09-15 23:07 - 00367104 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atiapfxx.exe
    2014-09-15 23:07 - 2014-09-15 23:07 - 00062464 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\aticalrt64.dll
    2014-09-15 23:07 - 2014-09-15 23:07 - 00055808 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\aticalcl64.dll
    2014-09-15 23:07 - 2014-09-15 23:07 - 00052224 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalrt.dll
    2014-09-15 23:07 - 2014-09-15 23:07 - 00049152 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalcl.dll
    2014-09-15 23:06 - 2014-09-15 23:06 - 14302208 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticaldd.dll
    2014-09-15 23:05 - 2014-09-15 23:05 - 04480000 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdmantle32.dll
    2014-09-15 23:03 - 2014-09-15 23:03 - 03471376 _____ () C:\Windows\SysWOW64\atiumdva.cap
    2014-09-15 23:03 - 2014-09-15 23:03 - 00619008 _____ (AMD) C:\Windows\system32\atieclxx.exe
    2014-09-15 23:03 - 2014-09-15 23:03 - 00442368 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atidemgy.dll
    2014-09-15 23:03 - 2014-09-15 23:03 - 00239616 _____ (AMD) C:\Windows\system32\atiesrxx.exe
    2014-09-15 23:03 - 2014-09-15 23:03 - 00190976 _____ (AMD) C:\Windows\system32\atitmm64.dll
    2014-09-15 23:03 - 2014-09-15 23:03 - 00091648 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\mantleaxl64.dll
    2014-09-15 23:03 - 2014-09-15 23:03 - 00085504 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\mantleaxl32.dll
    2014-09-15 23:03 - 2014-09-15 23:03 - 00031232 _____ (AMD) C:\Windows\system32\atimuixx.dll
    2014-09-15 22:59 - 2014-09-15 22:59 - 01210880 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atiadlxx.dll
    2014-09-15 22:59 - 2014-09-15 22:59 - 00900608 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atiadlxy.dll
    2014-09-15 22:59 - 2014-09-15 22:59 - 00827392 _____ (AMD) C:\Windows\system32\coinst_14.30.dll
    2014-09-15 22:59 - 2014-09-15 22:59 - 00576000 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\atikmpag.sys
    2014-09-15 22:59 - 2014-09-15 22:59 - 00146944 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atig6txx.dll
    2014-09-15 22:59 - 2014-09-15 22:59 - 00133632 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atigktxx.dll
    2014-09-15 22:59 - 2014-09-15 22:59 - 00075264 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atig6pxx.dll
    2014-09-15 22:59 - 2014-09-15 22:59 - 00069632 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiglpxx.dll
    2014-09-15 22:59 - 2014-09-15 22:59 - 00069632 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiglpxx.dll
    2014-09-15 22:58 - 2014-09-15 22:58 - 00043520 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\ati2erec.dll
    2014-09-15 18:21 - 2014-09-15 18:21 - 00051200 _____ () C:\Windows\system32\kdbsdk64.dll
    2014-09-15 18:19 - 2014-09-15 18:19 - 00038912 _____ () C:\Windows\SysWOW64\kdbsdk32.dll
    2014-09-14 14:47 - 2014-09-14 14:47 - 550994685 _____ () C:\Users\Asim Hussain\Downloads\Destiny Walkthrough Part 3 - The Moon The Dark Beyond (Let's Play Commentary).mp4
    2014-09-14 14:19 - 2014-09-14 14:20 - 546829050 _____ () C:\Users\Asim Hussain\Downloads\Destiny Walkthrough Part 2 - The Last Array (Let's Play Commentary).mp4
    2014-09-12 21:19 - 2014-09-12 21:20 - 239717062 _____ () C:\Users\Asim Hussain\Downloads\Playtest PES 2015 Humano vs CPU WinningElevenblog.es.mp4
    2014-09-12 19:59 - 2014-09-12 19:59 - 398626790 _____ () C:\Users\Asim Hussain\Downloads\Football's Greatest - Andres Iniesta (HD).mp4
    2014-09-12 19:50 - 2014-09-12 19:50 - 70064607 _____ () C:\Users\Asim Hussain\Downloads\FIFA_15_-_Official_TV_Commercial.mp4

    ==================== One Month Modified Files and Folders =======

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2014-10-12 00:01 - 2014-06-30 22:56 - 00000910 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2014-10-11 23:50 - 2009-07-14 06:13 - 00781782 _____ () C:\Windows\system32\PerfStringBackup.INI
    2014-10-11 23:44 - 2014-06-30 22:56 - 00000906 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2014-10-11 23:43 - 2014-06-28 20:29 - 00000000 _____ () C:\Windows\system32\Drivers\lvuvc.hs
    2014-10-11 23:43 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
    2014-10-11 23:36 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini
    2014-10-11 22:57 - 2014-06-28 21:00 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
    2014-10-11 18:36 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Default
    2014-10-11 12:38 - 2014-06-28 20:13 - 00000000 ____D () C:\Windows\System32\Tasks\ASUS
    2014-10-10 18:23 - 2014-06-28 22:04 - 00000000 ____D () C:\Users\Asim Hussain\AppData\Roaming\Winamp
    2014-10-10 12:42 - 2014-06-28 20:05 - 00000000 ____D () C:\Users\Asim Hussain
    2014-10-10 12:15 - 2014-06-28 21:06 - 00000000 ____D () C:\Users\Asim Hussain\AppData\Roaming\uTorrent
    2014-10-10 12:14 - 2014-09-09 21:48 - 00000000 ____D () C:\Users\Asim Hussain\AppData\Roaming\Skype
    2014-10-09 19:41 - 2014-07-19 23:28 - 00000000 ____D () C:\Users\Asim Hussain\AppData\Roaming\IObit
    2014-10-09 19:31 - 2014-06-29 14:10 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
    2014-10-09 18:48 - 2014-07-04 21:40 - 00000000 ____D () C:\Users\Asim Hussain\Downloads\Every 4 Years Patch
    2014-10-08 22:35 - 2014-06-28 23:58 - 00000000 ____D () C:\ProgramData\Malwarebytes
    2014-10-08 18:13 - 2014-07-19 23:42 - 00000000 ____D () C:\Users\Asim Hussain\AppData\Roaming\ProductData
    2014-10-08 18:13 - 2014-07-19 23:29 - 00000000 ____D () C:\ProgramData\ProductData
    2014-10-08 18:13 - 2014-07-19 23:29 - 00000000 ____D () C:\ProgramData\IObit
    2014-10-08 18:13 - 2014-06-29 16:32 - 00000000 ____D () C:\Users\Asim Hussain\AppData\Roaming\mIRC
    2014-10-08 18:13 - 2014-06-28 23:31 - 00000000 ____D () C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform
    2014-10-08 18:13 - 2014-06-28 22:51 - 00000000 ____D () C:\ProgramData\DAEMON Tools Lite
    2014-10-08 18:13 - 2014-06-28 21:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
    2014-10-08 18:13 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF
    2014-10-08 18:12 - 2014-06-28 20:58 - 00000000 ____D () C:\ProgramData\AVAST Software
    2014-10-08 18:12 - 2014-06-28 20:53 - 00000000 ____D () C:\ProgramData\Comodo Downloader
    2014-10-08 18:12 - 2014-06-28 20:52 - 00000000 ____D () C:\ProgramData\Comodo
    2014-10-08 18:12 - 2014-06-28 20:21 - 00000000 ____D () C:\Program Files\ATI Technologies
    2014-10-08 18:12 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\registration
    2014-10-08 01:09 - 2014-07-03 23:17 - 00000000 ____D () C:\Users\Asim Hussain\AppData\Local\CrashDumps
    2014-10-07 22:24 - 2014-06-28 20:50 - 00000000 ____D () C:\Users\Asim Hussain\AppData\Local\Mozilla
    2014-10-07 20:50 - 2014-06-28 22:56 - 00000000 ____D () C:\Users\Asim Hussain\AppData\Roaming\DAEMON Tools Lite
    2014-10-07 20:08 - 2009-07-14 05:45 - 00026576 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2014-10-07 20:08 - 2009-07-14 05:45 - 00026576 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2014-10-04 10:41 - 2014-06-28 20:25 - 00000000 ____D () C:\ProgramData\AMD
    2014-10-04 10:36 - 2014-06-28 20:24 - 00000000 ____D () C:\ProgramData\Package Cache
    2014-10-04 10:34 - 2014-06-28 20:20 - 00000000 ____D () C:\AMD
    2014-10-03 16:47 - 2014-06-29 19:01 - 00000000 ____D () C:\Users\Asim Hussain\.dreamstream
    2014-10-02 22:43 - 2014-06-28 21:55 - 00002788 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
    2014-10-01 20:52 - 2014-06-28 21:55 - 00000791 _____ () C:\Users\Public\Desktop\CCleaner.lnk
    2014-10-01 20:52 - 2014-06-28 21:55 - 00000000 ____D () C:\Program Files\CCleaner
    2014-09-26 21:16 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
    2014-09-26 19:49 - 2014-06-28 20:50 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
    2014-09-26 19:49 - 2009-07-14 05:45 - 05267600 _____ () C:\Windows\system32\FNTCACHE.DAT
    2014-09-25 22:24 - 2014-07-13 19:27 - 00001456 _____ () C:\Users\Asim Hussain\AppData\Local\Adobe Save for Web 13.0 Prefs
    2014-09-25 22:15 - 2014-06-28 20:26 - 00151072 _____ () C:\Users\Asim Hussain\AppData\Local\GDIPFONTCACHEV1.DAT
    2014-09-25 21:49 - 2014-07-20 12:55 - 00000000 ____D () C:\Users\Asim Hussain\AppData\Local\Downloaded Installations
    2014-09-25 21:04 - 2014-06-30 22:56 - 00002192 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
    2014-09-25 20:34 - 2014-06-28 20:50 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
    2014-09-21 13:18 - 2014-08-01 21:20 - 00000000 ____D () C:\Users\Asim Hussain\AppData\Roaming\UseNeXT
    2014-09-21 13:17 - 2014-08-01 21:20 - 00000000 ____D () C:\Users\Asim Hussain\Documents\UseNeXT
    2014-09-20 20:26 - 2014-08-17 17:00 - 00000000 ___RD () C:\Users\Asim Hussain\Dropbox
    2014-09-20 20:09 - 2014-07-10 19:43 - 00000000 ____D () C:\Users\Asim Hussain\AppData\Roaming\Dropbox
    2014-09-20 20:08 - 2014-08-17 17:00 - 00001052 _____ () C:\Users\Asim Hussain\Desktop\Dropbox.lnk
    2014-09-20 20:08 - 2014-07-10 19:43 - 00000000 ____D () C:\Users\Asim Hussain\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
    2014-09-15 23:31 - 2014-04-18 03:43 - 00144328 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiuxp64.dll
    2014-09-15 23:31 - 2014-04-18 03:42 - 10826488 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atidxx64.dll
    2014-09-15 23:31 - 2014-04-18 03:42 - 01335544 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\aticfx64.dll
    2014-09-15 09:06 - 2010-11-21 04:27 - 00278152 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
    2014-09-14 00:02 - 2014-08-30 19:32 - 00000000 ____D () C:\Users\Asim Hussain\AppData\Local\Adobe
    2014-09-12 19:52 - 2014-06-28 21:22 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2014-09-12 19:52 - 2014-06-28 21:22 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

    Some content of TEMP:
    ====================
    C:\Users\Asim Hussain\AppData\Local\Temp\Quarantine.exe


    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\System32\winlogon.exe => File is digitally signed
    C:\Windows\System32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\System32\services.exe => File is digitally signed
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed
    C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2014-10-06 15:46

    ==================== End Of Log ============================
     
  12. ronaldo9_r9

    ronaldo9_r9 TS Member Topic Starter Posts: 20

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-10-2014
    Ran by Asim Hussain at 2014-10-12 00:10:40
    Running from C:\Users\Asim Hussain\Desktop
    Boot Mode: Normal
    ==========================================================


    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
    AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
    AS: COMODO Antivirus (Disabled - Out of date) {0C2D2636-923D-EE52-2A83-E643204A8275}
    FW: COMODO Firewall (Disabled) {8F7746F7-FE68-E084-3B6C-7404A51E8FB3}

    ==================== Installed Programs ======================

    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    µTorrent (HKCU\...\uTorrent) (Version: 3.4.2.34309 - BitTorrent Inc.)
    7-Zip 9.22 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0922-000001000000}) (Version: 9.22.00.0 - Igor Pavlov)
    Acronis True Image 2015 (HKLM-x32\...\{860998A8-3FAE-4589-A974-CE3199F64758}Visible) (Version: 18.0.5539 - Acronis)
    Acronis True Image 2015 (x32 Version: 18.0.5539 - Acronis) Hidden
    Adobe After Effects CC (HKLM-x32\...\{317243C1-6580-4F43-AED7-37D4438C3DD5}) (Version: 12.2.0 - Adobe Systems Incorporated)
    Adobe Dreamweaver CC 2014 (HKLM-x32\...\{766255CE-D156-11E3-8DBC-A136EB52ACCF}) (Version: 14.0.0 - Adobe Systems Incorporated)
    Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
    Adobe Photoshop CC 2014 (HKLM-x32\...\{D7A4F897-B20A-42D0-862D-CB5F6DB7391D}) (Version: 15.0 - Adobe Systems Incorporated)
    Adobe Reader XI (11.0.09) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
    Alien Isolation (HKLM-x32\...\Alien Isolation_is1) (Version: - )
    AMD Accelerated Video Transcoding (Version: 13.30.100.40915 - Advanced Micro Devices, Inc.) Hidden
    AMD Catalyst Control Center (x32 Version: 2014.0915.1813.30937 - Advanced Micro Devices, Inc.) Hidden
    AMD Catalyst Install Manager (HKLM\...\{C2956908-53A3-88FC-B795-B16508296FC4}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
    AMD Drag and Drop Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.) Hidden
    AMD Fuel (Version: 2014.0915.1813.30937 - Advanced Micro Devices, Inc.) Hidden
    AMD Wireless Display v3.0 (Version: 1.0.0.15 - Advanced Micro Devices, Inc.) Hidden
    Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
    Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.14.3.0 - Asmedia Technology)
    ASUS Bluetooth Suite (HKLM\...\{230D1595-57DA-4933-8C4E-375797EBB7E1}) (Version: 7.02.000.60 - ASUS Communications)
    avast! Free Antivirus (HKLM-x32\...\Avast) (Version: 9.0.2021 - AVAST Software)
    AviSynth 2.5 (HKLM-x32\...\AviSynth) (Version: - )
    Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Graphics Previews Common (x32 Version: 2014.0915.1813.30937 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center InstallProxy (x32 Version: 2014.0915.1813.30937 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Localization All (x32 Version: 2014.0915.1813.30937 - Advanced Micro Devices, Inc.) Hidden
    CCC Help Chinese Standard (x32 Version: 2014.0915.1812.30937 - Advanced Micro Devices, Inc.) Hidden
    CCC Help Chinese Traditional (x32 Version: 2014.0915.1812.30937 - Advanced Micro Devices, Inc.) Hidden
    CCC Help Czech (x32 Version: 2014.0915.1812.30937 - Advanced Micro Devices, Inc.) Hidden
    CCC Help Danish (x32 Version: 2014.0915.1812.30937 - Advanced Micro Devices, Inc.) Hidden
    CCC Help Dutch (x32 Version: 2014.0915.1812.30937 - Advanced Micro Devices, Inc.) Hidden
    CCC Help English (x32 Version: 2014.0915.1812.30937 - Advanced Micro Devices, Inc.) Hidden
    CCC Help Finnish (x32 Version: 2014.0915.1812.30937 - Advanced Micro Devices, Inc.) Hidden
    CCC Help French (x32 Version: 2014.0915.1812.30937 - Advanced Micro Devices, Inc.) Hidden
    CCC Help German (x32 Version: 2014.0915.1812.30937 - Advanced Micro Devices, Inc.) Hidden
    CCC Help Greek (x32 Version: 2014.0915.1812.30937 - Advanced Micro Devices, Inc.) Hidden
    CCC Help Hungarian (x32 Version: 2014.0915.1812.30937 - Advanced Micro Devices, Inc.) Hidden
    CCC Help Italian (x32 Version: 2014.0915.1812.30937 - Advanced Micro Devices, Inc.) Hidden
    CCC Help Japanese (x32 Version: 2014.0915.1812.30937 - Advanced Micro Devices, Inc.) Hidden
    CCC Help Korean (x32 Version: 2014.0915.1812.30937 - Advanced Micro Devices, Inc.) Hidden
    CCC Help Norwegian (x32 Version: 2014.0915.1812.30937 - Advanced Micro Devices, Inc.) Hidden
    CCC Help Polish (x32 Version: 2014.0915.1812.30937 - Advanced Micro Devices, Inc.) Hidden
    CCC Help Portuguese (x32 Version: 2014.0915.1812.30937 - Advanced Micro Devices, Inc.) Hidden
    CCC Help Russian (x32 Version: 2014.0915.1812.30937 - Advanced Micro Devices, Inc.) Hidden
    CCC Help Spanish (x32 Version: 2014.0915.1812.30937 - Advanced Micro Devices, Inc.) Hidden
    CCC Help Swedish (x32 Version: 2014.0915.1812.30937 - Advanced Micro Devices, Inc.) Hidden
    CCC Help Thai (x32 Version: 2014.0915.1812.30937 - Advanced Micro Devices, Inc.) Hidden
    CCC Help Turkish (x32 Version: 2014.0915.1812.30937 - Advanced Micro Devices, Inc.) Hidden
    ccc-utility64 (Version: 2014.0915.1813.30937 - Advanced Micro Devices, Inc.) Hidden
    CCleaner (HKLM\...\CCleaner) (Version: 4.18 - Piriform)
    COMODO Firewall (HKLM\...\{2736B6BD-31EC-4FC8-A48C-F0A5C914C0B6}) (Version: 7.0.55655.4142 - COMODO Security Solutions Inc.)
    DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
    Definition Update for Microsoft Office 2013 (KB2760587) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{9719DFA1-7CB0-422E-98AE-C77FD3426BE8}) (Version: - Microsoft)
    DreamStream E2 (HKLM-x32\...\845CCCCA-B77C-43EA-9A43-62DACEA4F902) (Version: 0.4.0 (Beta 14a) - Thomas "LazyT" Löwe)
    Dropbox (HKCU\...\Dropbox) (Version: 2.10.30 - Dropbox, Inc.)
    DVD Decrypter (Remove Only) (HKLM-x32\...\DVD Decrypter) (Version: - )
    EaseUS Partition Master 10.0 (HKLM-x32\...\EaseUS Partition Master_is1) (Version: - EaseUS)
    FormatFactory 3.1.1 (HKLM-x32\...\FormatFactory) (Version: 3.1.1 - Free Time)
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 37.0.2062.124 - Google Inc.)
    Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
    IconPackager (HKLM-x32\...\IconPackager) (Version: - Stardock Corporation)
    IconPackager (x32 Version: 5.00 - Stardock Corporation) Hidden
    Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
    Java 8 Update 20 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218020F0}) (Version: 8.0.200 - Oracle Corporation)
    Java Auto Updater (x32 Version: 2.8.20.26 - Oracle Corporation) Hidden
    K-Lite Mega Codec Pack 10.5.5 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 10.5.5 - )
    Magic ISO Maker v5.5 (build 0265) (HKLM-x32\...\Magic ISO Maker v5.5 (build 0265)) (Version: - )
    Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
    MeGUI modern media encoder (remove only) (HKLM-x32\...\MeGUI modern media encoder) (Version: 0.3.1.1028 - )
    Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
    Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
    Microsoft Access MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
    Microsoft Access Setup Metadata MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
    Microsoft DCF MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
    Microsoft Excel MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
    Microsoft Groove MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
    Microsoft InfoPath MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
    Microsoft Lync MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
    Microsoft Office 32-bit Components 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
    Microsoft Office OSM MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
    Microsoft Office OSM UX MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
    Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
    Microsoft Office Professional Plus 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
    Microsoft Office Proofing (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
    Microsoft Office Proofing Tools 2013 - English (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
    Microsoft Office Proofing Tools 2013 - Español (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
    Microsoft Office Shared 32-bit MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
    Microsoft Office Shared MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
    Microsoft Office Shared Setup Metadata MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
    Microsoft OneNote MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
    Microsoft Outlook MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
    Microsoft PowerPoint MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
    Microsoft Publisher MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
    Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (Version: 11.0.61030 - Microsoft Corporation) Hidden
    Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
    Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (Version: 11.0.61030 - Microsoft Corporation) Hidden
    Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
    Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (x32 Version: 11.0.61030 - Microsoft Corporation) Hidden
    Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
    Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (x32 Version: 11.0.61030 - Microsoft Corporation) Hidden
    Microsoft Word MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
    mIRC (HKLM-x32\...\mIRC) (Version: 7.32 - mIRC Co. Ltd.)
    MKVtoolnix 2.8.0 (HKLM-x32\...\MKVtoolnix) (Version: 2.8.0 - Moritz Bunkus)
    MotioninJoy Gamepad tool 0.7.1001 (HKLM\...\{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1) (Version: 0.7.1001 - www.motioninjoy.com)
    Mozilla Firefox 32.0.3 (x86 en-GB) (HKLM-x32\...\Mozilla Firefox 32.0.3 (x86 en-GB)) (Version: 32.0.3 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
    Mp3tag v2.60 (HKLM-x32\...\Mp3tag) (Version: v2.60 - Florian Heidenreich)
    MSVCRT Redists (Version: 1.0 - Sony Creative Software Inc.) Hidden
    MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
    Nero 8 (HKLM-x32\...\{B944FA21-81AF-4A77-8328-CE4F4CC51033}) (Version: 8.10.21 - Nero AG)
    neroxml (x32 Version: 1.0.0 - Nero AG) Hidden
    Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.6.7 - Notepad++ Team)
    Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
    Pro Evolution Soccer 2013 (HKLM-x32\...\{C2523AE6-F335-4D0B-BC15-1C07E4ACE629}) (Version: 1.00.0000 - KONAMI)
    Pro Evolution Soccer 6 (HKLM-x32\...\InstallShield_{EBB794ED-D282-4334-92FB-254481EFF514}) (Version: 1.00.0000 - KONAMI)
    Pro Evolution Soccer 6 (x32 Version: 1.00.0000 - KONAMI) Hidden
    QuickPar 0.9 (HKLM-x32\...\QuickPar) (Version: 0.9 - Peter B. Clements)
    QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
    Raptr (HKLM-x32\...\Raptr) (Version: - )
    Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.61.612.2012 - Realtek)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7183 - Realtek Semiconductor Corp.)
    RocketDock 1.3.5 (HKLM-x32\...\RocketDock_is1) (Version: - Punk Software)
    Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.0.13064_2 - Samsung Electronics Co., Ltd.)
    Samsung Kies (x32 Version: 2.6.0.13064_2 - Samsung Electronics Co., Ltd.) Hidden
    SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.27.0 - SAMSUNG Electronics Co., Ltd.)
    SDFormatter (HKLM-x32\...\{179324FF-7B16-4BA8-9836-055CAAEE4F08}) (Version: 4.0.0 - SD Association)
    Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version: - Microsoft)
    Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version: - Microsoft) Hidden
    Skype™ 6.20 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.20.104 - Skype Technologies S.A.)
    System Requirements Lab CYRI (HKLM-x32\...\{705216C1-BA52-4B16-AFE4-4143B340D62D}) (Version: 6.0.12.6 - Husdawg, LLC)
    TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - )
    TechPowerUp GPU-Z (HKLM-x32\...\TechPowerUp GPU-Z) (Version: - TechPowerUp)
    TViXiE (HKLM-x32\...\{D3011DCB-8E76-46DC-B643-97DFA381DBB3}) (Version: 1.3.3 - Mathias Johansson)
    Update for Microsoft Excel 2013 (KB2889861) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{6A34D28A-A780-405D-BF1A-F054542A37C8}) (Version: - Microsoft)
    Update for Microsoft Excel 2013 (KB2889861) 64-Bit Edition (HKLM\...\{90150000-0016-0409-1000-0000000FF1CE}_Office15.PROPLUS_{6A34D28A-A780-405D-BF1A-F054542A37C8}) (Version: - Microsoft)
    Update for Microsoft Excel 2013 (KB2889861) 64-Bit Edition (HKLM\...\{90150000-0018-0409-1000-0000000FF1CE}_Office15.PROPLUS_{6A34D28A-A780-405D-BF1A-F054542A37C8}) (Version: - Microsoft)
    Update for Microsoft Excel 2013 (KB2889861) 64-Bit Edition (HKLM\...\{90150000-001B-0409-1000-0000000FF1CE}_Office15.PROPLUS_{6A34D28A-A780-405D-BF1A-F054542A37C8}) (Version: - Microsoft)
    Update for Microsoft Lync 2013 (KB2881083) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUS_{8260F0BF-F234-41FC-AB11-218A9925F77B}) (Version: - Microsoft)
    Update for Microsoft Lync 2013 (KB2889860) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{75FECCEB-66B8-4376-8A25-6137D30D3C93}) (Version: - Microsoft)
    Update for Microsoft Lync 2013 (KB2889860) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{75FECCEB-66B8-4376-8A25-6137D30D3C93}) (Version: - Microsoft)
    Update for Microsoft Lync 2013 (KB2889860) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUS_{75FECCEB-66B8-4376-8A25-6137D30D3C93}) (Version: - Microsoft)
    Update for Microsoft Office 2013 (KB2760249) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{7A4AB8E1-C091-4BD3-B308-844BA6EE752A}) (Version: - Microsoft)
    Update for Microsoft Office 2013 (KB2760344) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{EF77B4A6-DFEC-4010-A87D-9B6BF87FABEC}) (Version: - Microsoft)
    Update for Microsoft Office 2013 (KB2760544) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{62857CDD-2985-4939-91BA-19ED0B0031A5}) (Version: - Microsoft)
    Update for Microsoft Office 2013 (KB2768012) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{0814662C-FD28-4DE0-ACE5-EE50D1D6C8FB}) (Version: - Microsoft)
    Update for Microsoft Office 2013 (KB2817302) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{E79EFFDB-192A-4D9E-A2DB-C0F774E6EC32}) (Version: - Microsoft)
    Update for Microsoft Office 2013 (KB2817302) 64-Bit Edition (HKLM\...\{90150000-0016-0409-1000-0000000FF1CE}_Office15.PROPLUS_{E79EFFDB-192A-4D9E-A2DB-C0F774E6EC32}) (Version: - Microsoft)
    Update for Microsoft Office 2013 (KB2837644) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D692E9FF-84BF-4F44-A0EA-D58ECE0D538E}) (Version: - Microsoft)
    Update for Microsoft Office 2013 (KB2863843) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{290D80DE-03AB-47EC-9402-108AF4CE4F66}) (Version: - Microsoft)
    Update for Microsoft Office 2013 (KB2880462) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{24584DD4-C680-4FEB-A464-D760C7A5B041}) (Version: - Microsoft)
    Update for Microsoft Office 2013 (KB2880462) 64-Bit Edition (HKLM\...\{90150000-006E-0409-1000-0000000FF1CE}_Office15.PROPLUS_{24584DD4-C680-4FEB-A464-D760C7A5B041}) (Version: - Microsoft)
    Update for Microsoft Office 2013 (KB2880462) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{24584DD4-C680-4FEB-A464-D760C7A5B041}) (Version: - Microsoft)
    Update for Microsoft Office 2013 (KB2880478) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{8116ED50-F1E7-49E1-9D8D-421497D34B0F}) (Version: - Microsoft)
    Update for Microsoft Office 2013 (KB2881001) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{DF1B7B95-4A86-4605-A628-556394B5580A}) (Version: - Microsoft)
    Update for Microsoft Office 2013 (KB2881009) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{3033838D-15E0-4199-8CBD-A7F2057AE653}) (Version: - Microsoft)
    Update for Microsoft Office 2013 (KB2881035) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{885C981B-F1E3-430A-A099-31CA9D28C251}) (Version: - Microsoft)
    Update for Microsoft Office 2013 (KB2881035) 64-Bit Edition (HKLM\...\{90150000-0016-0409-1000-0000000FF1CE}_Office15.PROPLUS_{885C981B-F1E3-430A-A099-31CA9D28C251}) (Version: - Microsoft)
    Update for Microsoft Office 2013 (KB2881035) 64-Bit Edition (HKLM\...\{90150000-0090-0409-1000-0000000FF1CE}_Office15.PROPLUS_{885C981B-F1E3-430A-A099-31CA9D28C251}) (Version: - Microsoft)
    Update for Microsoft Office 2013 (KB2881039) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{C675FC43-E413-49A7-B3DC-44967B4FE22D}) (Version: - Microsoft)
    Update for Microsoft Office 2013 (KB2881081) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{3BE27413-9FFE-4AB1-9013-344E111E718F}) (Version: - Microsoft)
    Update for Microsoft Office 2013 (KB2883036) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{E919ACF4-A1D7-4CAA-A103-5EB115563721}) (Version: - Microsoft)
    Update for Microsoft Office 2013 (KB2883049) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{39D9DAC1-16A7-430A-B2F3-4D3D000454D0}) (Version: - Microsoft)
    Update for Microsoft Office 2013 (KB2883060) 64-Bit Edition (HKLM\...\{90150000-001F-0409-1000-0000000FF1CE}_Office15.PROPLUS_{F9C35D99-CA8E-4D17-B785-66AC654D5664}) (Version: - Microsoft)
    Update for Microsoft Office 2013 (KB2883060) 64-Bit Edition (HKLM\...\{90150000-001F-040C-1000-0000000FF1CE}_Office15.PROPLUS_{18C53DCB-FA98-4A7B-BC2E-6DA30D4E4901}) (Version: - Microsoft)
    Update for Microsoft Office 2013 (KB2883060) 64-Bit Edition (HKLM\...\{90150000-001F-0C0A-1000-0000000FF1CE}_Office15.PROPLUS_{6E2862B8-C10A-4FD0-9B82-8D9761301AAA}) (Version: - Microsoft)
    Update for Microsoft Office 2013 (KB2889848) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{A9D59DD4-0591-447A-AEEB-DC1FEE5502BF}) (Version: - Microsoft)
    Update for Microsoft Office 2013 (KB2889848) 64-Bit Edition (HKLM\...\{90150000-006E-0409-1000-0000000FF1CE}_Office15.PROPLUS_{A9D59DD4-0591-447A-AEEB-DC1FEE5502BF}) (Version: - Microsoft)
    Update for Microsoft Office 2013 (KB2889848) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{A9D59DD4-0591-447A-AEEB-DC1FEE5502BF}) (Version: - Microsoft)
    Update for Microsoft Office 2013 (KB2889862) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{CC0535B0-340B-4740-A63D-DBBE389DC83A}) (Version: - Microsoft)
    Update for Microsoft Office 2013 (KB2889862) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{CC0535B0-340B-4740-A63D-DBBE389DC83A}) (Version: - Microsoft)
    Update for Microsoft OneDrive for Business (KB2889866) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{6666C6C6-4AC6-4475-887E-5874B69EB414}) (Version: - Microsoft)
    Update for Microsoft OneDrive for Business (KB2889866) 64-Bit Edition (HKLM\...\{90150000-00BA-0409-1000-0000000FF1CE}_Office15.PROPLUS_{6666C6C6-4AC6-4475-887E-5874B69EB414}) (Version: - Microsoft)
    Update for Microsoft OneDrive for Business (KB2889866) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{6666C6C6-4AC6-4475-887E-5874B69EB414}) (Version: - Microsoft)
    Update for Microsoft OneDrive for Business (KB2889866) 64-Bit Edition (HKLM\...\{90150000-00C1-0409-1000-0000000FF1CE}_Office15.PROPLUS_{6666C6C6-4AC6-4475-887E-5874B69EB414}) (Version: - Microsoft)
    Update for Microsoft OneNote 2013 (KB2881082) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{BFD66A5D-F608-441E-9282-41E13F5E7412}) (Version: - Microsoft)
    Update for Microsoft OneNote 2013 (KB2881082) 64-Bit Edition (HKLM\...\{90150000-00A1-0409-1000-0000000FF1CE}_Office15.PROPLUS_{BFD66A5D-F608-441E-9282-41E13F5E7412}) (Version: - Microsoft)
    Update for Microsoft OneNote 2013 (KB2881082) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{BFD66A5D-F608-441E-9282-41E13F5E7412}) (Version: - Microsoft)
    Update for Microsoft Outlook 2013 (KB2880470) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{34A169EC-990A-4DAE-AC65-9F981158B7DB}) (Version: - Microsoft)
    Update for Microsoft Outlook 2013 (KB2880470) 64-Bit Edition (HKLM\...\{90150000-001A-0409-1000-0000000FF1CE}_Office15.PROPLUS_{34A169EC-990A-4DAE-AC65-9F981158B7DB}) (Version: - Microsoft)
    Update for Microsoft PowerPoint 2013 (KB2889847) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{7F1008C2-8C87-497F-B6D8-56B53DA0FAB3}) (Version: - Microsoft)
    Update for Microsoft PowerPoint 2013 (KB2889847) 64-Bit Edition (HKLM\...\{90150000-0018-0409-1000-0000000FF1CE}_Office15.PROPLUS_{7F1008C2-8C87-497F-B6D8-56B53DA0FAB3}) (Version: - Microsoft)
    Update for Microsoft Publisher 2013 (KB2880999) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{C07147B9-CC0B-4CC1-A107-A705889A54F2}) (Version: - Microsoft)
    Update for Microsoft Publisher 2013 (KB2880999) 64-Bit Edition (HKLM\...\{90150000-0019-0409-1000-0000000FF1CE}_Office15.PROPLUS_{C07147B9-CC0B-4CC1-A107-A705889A54F2}) (Version: - Microsoft)
    Update for Microsoft Visio Viewer 2013 (KB2817301) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{8E5CD68A-CDF8-4930-88DF-B7778B1871A9}) (Version: - Microsoft)
    Update for Microsoft Visio Viewer 2013 (KB2817301) 64-Bit Edition (HKLM\...\{90150000-006E-0409-1000-0000000FF1CE}_Office15.PROPLUS_{8E5CD68A-CDF8-4930-88DF-B7778B1871A9}) (Version: - Microsoft)
    Update for Microsoft Word 2013 (KB2878319) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{BC51FE30-3A56-4802-8D9E-E9BC05B56B49}) (Version: - Microsoft)
    Update for Microsoft Word 2013 (KB2889852) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{01839F84-E94C-4E47-BEBE-95DF9CAE5FF3}) (Version: - Microsoft)
    Update for Microsoft Word 2013 (KB2889852) 64-Bit Edition (HKLM\...\{90150000-001A-0409-1000-0000000FF1CE}_Office15.PROPLUS_{01839F84-E94C-4E47-BEBE-95DF9CAE5FF3}) (Version: - Microsoft)
    Update for Microsoft Word 2013 (KB2889852) 64-Bit Edition (HKLM\...\{90150000-001B-0409-1000-0000000FF1CE}_Office15.PROPLUS_{01839F84-E94C-4E47-BEBE-95DF9CAE5FF3}) (Version: - Microsoft)
    Update for Microsoft Word 2013 (KB2889852) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUS_{01839F84-E94C-4E47-BEBE-95DF9CAE5FF3}) (Version: - Microsoft)
    UseNeXT by Tangysoft (HKLM-x32\...\UseNeXT by Tangysoft_is1) (Version: - Tangysoft Ltd.)
    VCRedistSetup (x32 Version: 1.0.0 - Nero AG) Hidden
    Vegas Pro 13.0 (64-bit) (HKLM\...\{CDA02BF0-BFBC-11E3-AFA0-F04DA23A5C58}) (Version: 13.0.290 - Sony)
    VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
    WampServer 2.5 (HKLM-x32\...\WampServer 2_is1) (Version: - Hervé Leclerc (HeL))
    Winamp (HKLM-x32\...\Winamp) (Version: 5.5 - Nullsoft, Inc)
    WinAVI Video Converter (HKLM-x32\...\WinAVI Video Converter 10.0_is1) (Version: - ZJ Computing,Inc.)
    Windows Resource Kit Tools - SubInAcl.exe (HKLM-x32\...\{D3EE034D-5B92-4A55-AA02-2E6D0A6A96EE}) (Version: 5.2.3790.1164 - Microsoft Corporation)
    WinRAR archiver (HKLM-x32\...\WinRAR archiver) (Version: - )
    Xilisoft Video Converter Ultimate (HKLM-x32\...\Xilisoft Video Converter Ultimate) (Version: 7.7.2.20130217 - Xilisoft)

    ==================== Custom CLSID (selected items): ==========================

    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

    CustomCLSID: HKU\S-1-5-21-3286673083-1926705729-2674503367-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Asim Hussain\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-3286673083-1926705729-2674503367-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Asim Hussain\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-3286673083-1926705729-2674503367-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Asim Hussain\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-3286673083-1926705729-2674503367-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Asim Hussain\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-3286673083-1926705729-2674503367-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Asim Hussain\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-3286673083-1926705729-2674503367-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Asim Hussain\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-3286673083-1926705729-2674503367-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Asim Hussain\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-3286673083-1926705729-2674503367-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Asim Hussain\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-3286673083-1926705729-2674503367-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Asim Hussain\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

    ==================== Restore Points =========================

    07-10-2014 21:17:22 Restore Operation
    07-10-2014 21:22:14 avast! antivirus system restore point
    07-10-2014 21:22:46 Restore Operation
    07-10-2014 21:34:54 avast! antivirus system restore point
    08-10-2014 00:11:21 Windows Update
    08-10-2014 17:11:01 Restore Operation
    08-10-2014 18:32:06 Windows Update
    09-10-2014 19:18:08 Windows Restore 09102014
    09-10-2014 19:44:06 Installed Windows Resource Kit Tools - SubInAcl.exe
    11-10-2014 11:45:38 Before Malwarebytes Rootkit
    11-10-2014 22:16:28 Anti Malware Rootkit scan

    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2009-07-14 03:34 - 2014-10-11 18:31 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
    127.0.0.1 localhost

    ==================== Scheduled Tasks (whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

    Task: {01765A31-5E83-48EC-B196-1696CB62DC48} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [2014-06-28] ()
    Task: {463F6942-3BF7-45CB-99C0-D972430E0590} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-06-30] (Google Inc.)
    Task: {52265CCA-BCEA-43A8-BF38-DFB55AB874AB} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-06-30] (Google Inc.)
    Task: {65597A06-D396-4BCD-A904-F7373DE19960} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
    Task: {A67869CC-6D39-4A5D-B79B-D31872FF28F0} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-07-09] (AVAST Software)
    Task: {C4AD1EA3-0C77-4C8C-8F1C-2E7A4FCCB5A4} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
    Task: {EE245385-6C1F-4190-B1DB-99C72FE1404C} - System32\Tasks\AdobeAAMUpdater-1.0-AsimHussain-PC-Asim Hussain => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2014-02-27] (Adobe Systems Incorporated)
    Task: {F1B193E3-2E94-4B39-AFCE-BE370B8D2A78} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-09-26] (Piriform Ltd)
    Task: {F3C0002E-6065-49F4-8533-87E6C3D27F9C} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2014-04-16] (COMODO)
    Task: {F696BB44-AD48-4F52-8132-81DEB4A3C2D3} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2014-04-16] (COMODO)
    Task: {F787BA60-B3BD-4D97-91AB-83DDE4E308CF} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

    ==================== Loaded Modules (whitelisted) =============

    2014-09-15 18:13 - 2014-09-15 18:13 - 00214528 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll
    2014-02-11 07:08 - 2014-02-11 07:08 - 00817152 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll
    2014-02-11 07:08 - 2014-02-11 07:08 - 03650560 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Platform.dll
    2014-06-29 14:18 - 2007-09-02 14:58 - 00495616 _____ () C:\Program Files (x86)\RocketDock\RocketDock.exe
    2014-09-15 18:13 - 2014-09-15 18:13 - 00102400 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
    2014-06-28 21:32 - 2008-06-20 00:41 - 00062464 _____ () C:\Program Files (x86)\WinRAR\rarext64.dll
    2014-07-09 20:30 - 2014-07-09 20:30 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll
    2014-10-11 20:38 - 2014-10-11 20:38 - 02873856 _____ () C:\Program Files\AVAST Software\Avast\defs\14101101\algo.dll
    2014-08-12 09:55 - 2014-08-12 09:55 - 08894120 _____ () C:\Program Files (x86)\Microsoft Office\Office15\1033\GrooveIntlResource.dll
    2014-06-29 14:18 - 2007-09-02 14:57 - 00069632 _____ () C:\Program Files (x86)\RocketDock\RocketDock.dll
    2014-07-09 20:30 - 2014-07-09 20:30 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
    2014-06-28 20:50 - 2014-09-25 20:34 - 03715184 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
    2014-09-09 13:00 - 2014-09-09 13:00 - 00023576 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\ti_managers_proxy_stub.dll

    ==================== Alternate Data Streams (whitelisted) =========

    (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


    ==================== Safe Mode (whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


    ==================== EXE Association (whitelisted) =============

    (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


    ==================== MSCONFIG/TASK MANAGER disabled items =========

    (Currently there is no automatic fix for this section.)

    MSCONFIG\Services: AcrSch2Svc => 2
    MSCONFIG\Services: AdobeARMservice => 2
    MSCONFIG\Services: AdvancedSystemCareService7 => 2
    MSCONFIG\Services: afcdpsrv => 2
    MSCONFIG\Services: gupdate => 2
    MSCONFIG\Services: gupdatem => 3
    MSCONFIG\Services: IMFservice => 2
    MSCONFIG\Services: KMSServerService => 2
    MSCONFIG\Services: LiveUpdateSvc => 2
    MSCONFIG\Services: MozillaMaintenance => 3
    MSCONFIG\Services: NMIndexingService => 3
    MSCONFIG\Services: SkypeUpdate => 2
    MSCONFIG\Services: syncagentsrv => 2
    MSCONFIG\Services: TunMirror => 2
    MSCONFIG\startupreg: Acronis Scheduler2 Service => "C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe"
    MSCONFIG\startupreg: AcronisTibMounterMonitor => C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
    MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
    MSCONFIG\startupreg: Advanced SystemCare 7 => "C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe" /Auto
    MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    MSCONFIG\startupreg: AthBtTray => "C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe"
    MSCONFIG\startupreg: AtherosBtStack => "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"
    MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
    MSCONFIG\startupreg: EaseUS EPM tray => C:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.0\bin\EpmNews.exe
    MSCONFIG\startupreg: EaseUS EPM Tray Agent => "C:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.0\bin\TrayPopupE\TrayTipAgentE.exe"
    MSCONFIG\startupreg: GoogleChromeAutoLaunch_8AB6A447ACEFAE8847B8C9E0EF8772DA => "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
    MSCONFIG\startupreg: IObit Malware Fighter => "C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe" /autostart
    MSCONFIG\startupreg: KiesAirMessage => C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup
    MSCONFIG\startupreg: KiesPreload => C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload
    MSCONFIG\startupreg: KiesTrayAgent => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
    MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    MSCONFIG\startupreg: Raptr => C:\PROGRA~2\Raptr\raptrstub.exe --startup
    MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    MSCONFIG\startupreg: TrueImageMonitor.exe => "C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe"
    MSCONFIG\startupreg: uTorrent => "C:\Users\Asim Hussain\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED

    ========================= Accounts: ==========================

    Administrator (S-1-5-21-3286673083-1926705729-2674503367-500 - Administrator - Disabled)
    Asim Hussain (S-1-5-21-3286673083-1926705729-2674503367-1000 - Administrator - Enabled) => C:\Users\Asim Hussain
    Guest (S-1-5-21-3286673083-1926705729-2674503367-501 - Limited - Disabled)
    HomeGroupUser$ (S-1-5-21-3286673083-1926705729-2674503367-1002 - Limited - Enabled)

    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================

    System errors:
    =============

    Microsoft Office Sessions:
    =========================

    CodeIntegrity Errors:
    ===================================
    Date: 2014-10-11 18:30:37.571
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2014-10-11 18:30:37.509
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


    ==================== Memory info ===========================

    Processor: AMD FX(tm)-4100 Quad-Core Processor
    Percentage of memory in use: 14%
    Total physical RAM: 16300.26 MB
    Available physical RAM: 13885.87 MB
    Total Pagefile: 32598.7 MB
    Available Pagefile: 29939.09 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.8 MB

    ==================== Drives ================================

    Drive c: (Windows 7) (Fixed) (Total:238.37 GB) (Free:115.91 GB) NTFS
    Drive d: (2TB Drive) (Fixed) (Total:1863.01 GB) (Free:163.47 GB) NTFS
    Drive e: (Windows 8) (Fixed) (Total:81.36 GB) (Free:38.34 GB) NTFS
    Drive f: (Video Editing) (Fixed) (Total:508.32 GB) (Free:187.76 GB) NTFS
    Drive g: (Programs & Pictures) (Fixed) (Total:341.83 GB) (Free:123.71 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (Size: 1863 GB) (Disk ID: 0DFA2BF3)
    Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)

    ========================================================
    Disk: 1 (MBR Code: Windows 7 or 8) (Size: 238.5 GB) (Disk ID: 9A12DD7A)
    Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=238.4 GB) - (Type=OF Extended)

    ========================================================
    Disk: 2 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 9E438C40)
    Partition 1: (Not Active) - (Size=81.4 GB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=508.3 GB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=341.8 GB) - (Type=07 NTFS)

    ==================== End Of Log ============================
     
  13. Broni

    Broni Malware Annihilator Posts: 52,915   +344

    Download attached fixlist.txt file and save it to the Desktop.
    NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    Run FRST(FRST64) and press the Fix button just once and wait.
    The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
     

    Attached Files:

  14. ronaldo9_r9

    ronaldo9_r9 TS Member Topic Starter Posts: 20

    Here you go mate.

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-10-2014
    Ran by Asim Hussain at 2014-10-12 11:04:33 Run:1
    Running from C:\Users\Asim Hussain\Desktop
    Loaded Profile: Asim Hussain (Available profiles: Asim Hussain)
    Boot Mode: Normal
    ==============================================

    Content of fixlist:
    *****************
    S4 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [X]
    S3 catchme; \??\C:\ComboFix\catchme.sys [X]
    S3 VGPU; System32\drivers\rdvgkmd.sys [X]
    C:\Users\Asim Hussain\AppData\Local\Temp\Quarantine.exe
    RemoveDirectory: C:\Program Files (x86)\IObit
    *****************

    LiveUpdateSvc => Service deleted successfully.
    catchme => Service deleted successfully.
    VGPU => Service deleted successfully.
    C:\Users\Asim Hussain\AppData\Local\Temp\Quarantine.exe => Moved successfully.
    "C:\Program Files (x86)\IObit" => File/Directory not found.

    ==== End of Fixlog ====

    I have uninstalled Advanced system care after you asked me to remove in your first post.
     
  15. ronaldo9_r9

    ronaldo9_r9 TS Member Topic Starter Posts: 20

    Broni I am facing this same problem as before. I have to give permission to certain folder in program files (admin right) even though I am admin.

    For e.g. IOBIT folder in program data was not deleted after uninstalling all advanced system care programs. For me to uninstall ASC I had to give full permission to the folder before uninstall.

    I am seeing $Recyclebin folder on all my hardrives and Program data is also visible I thought both of these were hidden.

    It looks like permission were tempered with after I had this Virus/Malware/Trojen attack.

    How can I fix all these issues. I appreciate you helping surely I will donate for ur efforts.
     
  16. Broni

    Broni Malware Annihilator Posts: 52,915   +344

    Both folders are hidden system folders and as such they WILL need special permissions in order to make any changes there.
    Open Windows Explorer. Go Tools>Folder Options>View tab , put a checkmark next to Don't show hidden files, and folders, checkmark Hide protected operating system files.
    Restart Windows Explorer.

    How is computer doing?

    Last scans...

    [​IMG] Download Security Check from here or here and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
    NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
    NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
    NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run


    [​IMG] Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
      • Windows Defender
      • Other Services
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.

    [​IMG] Download Temp File Cleaner (TFC)
    Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.

    [​IMG] Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Internet Explorer users - Click on this link to open ESET OnlineScan.
    • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
      • Click on ESET Smart Installer to download the ESET Smart Installer. Save it to your desktop.
      • Double click on the [img=[url]http://www.bleepstatic.com/fhost/uploads/0/esetsmartinstaller_enu.png][/url] icon on your desktop.
    • Check "YES, I accept the Terms of Use."
    • Click the Start button.
    • Accept any security warnings from your browser.[/*]
    • Check "Enable detection of potentially unwanted applications".
    • Click Advanced settings and make sure all 4 boxes are checkmarked (two of them are already checkmarked by default).
      Do NOT checkmark "Use custom proxy settings"
    • Click the Start button.
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click List Threats[/*]
    • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • Click the Back button.
    • Click the Finish button.
     
  17. ronaldo9_r9

    ronaldo9_r9 TS Member Topic Starter Posts: 20

    System is stable now. Its just these issues now I am facing.

    Problem with recycle bin showing and program data showing even thorugh "Hide protected operating system files" was ticked I dont understand why they are not hidden. I have manaully hidden them now. Is that okay? I will post logs when ESET scanner finishes its scan.
     
  18. Broni

    Broni Malware Annihilator Posts: 52,915   +344

    You probably didn't checkmark Hide protected operating system files.
     
  19. ronaldo9_r9

    ronaldo9_r9 TS Member Topic Starter Posts: 20

    Hi Baroni. I have left my pc on overnight to let est to finish its scan. I am at work now. Est is finished scanning all my drive and has posted 159 infected items. I have asked my mrs to save txt file of the scan. Do I delete quarantine? Not sure what to do.
    IMG-20141013-WA0002.jpg
    I will post logs when I am at home 7pm uk time.
     
  20. ronaldo9_r9

    ronaldo9_r9 TS Member Topic Starter Posts: 20

    Here you go.

    Results of screen317's Security Check version 0.99.88
    Windows 7 Service Pack 1 x64 (UAC is enabled)
    Internet Explorer 11
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Firewall Disabled!
    avast! Antivirus
    Antivirus up to date!
    `````````Anti-malware/Other Utilities Check:`````````
    MVPS Hosts File
    Java 7 Update 67
    Java 8 Update 20
    Adobe Flash Player 15.0.0.152
    Adobe Reader XI
    Mozilla Firefox (32.0.3)
    Google Chrome 37.0.2062.120
    Google Chrome 37.0.2062.124
    ````````Process Check: objlist.exe by Laurent````````
    Malwarebytes Anti-Malware mbamservice.exe
    Malwarebytes Anti-Malware mbam.exe
    Comodo Firewall cmdagent.exe
    Malwarebytes Anti-Malware mbamscheduler.exe
    AVAST Software Avast AvastSvc.exe
    AVAST Software Avast avastui.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C: 17% Defragment your hard drive soon! (Do NOT defrag if SSD!)
    ````````````````````End of Log``````````````````````

    Farbar Service Scanner Version: 21-07-2014
    Ran by Asim Hussain (administrator) on 12-10-2014 at 22:20:48
    Running from "C:\Users\Asim Hussain\Desktop"
    Microsoft Windows 7 Ultimate Service Pack 1 (X64)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Google.com is accessible.
    Yahoo.com is accessible.


    Windows Firewall:
    =============

    Firewall Disabled Policy:
    ==================
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall"=DWORD:0


    System Restore:
    ============

    System Restore Disabled Policy:
    ========================


    Action Center:
    ============


    Windows Update:
    ============

    Windows Autoupdate Disabled Policy:
    ============================


    Windows Defender:
    ==============

    Other Services:
    ==============


    File Check:
    ========
    C:\Windows\System32\nsisvc.dll => File is digitally signed
    C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
    C:\Windows\System32\dhcpcore.dll => File is digitally signed
    C:\Windows\System32\drivers\afd.sys => File is digitally signed
    C:\Windows\System32\drivers\tdx.sys => File is digitally signed
    C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
    C:\Windows\System32\dnsrslvr.dll => File is digitally signed
    C:\Windows\System32\mpssvc.dll => File is digitally signed
    C:\Windows\System32\bfe.dll => File is digitally signed
    C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
    C:\Windows\System32\SDRSVC.dll => File is digitally signed
    C:\Windows\System32\vssvc.exe => File is digitally signed
    C:\Windows\System32\wscsvc.dll => File is digitally signed
    C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
    C:\Windows\System32\wuaueng.dll => File is digitally signed
    C:\Windows\System32\qmgr.dll => File is digitally signed
    C:\Windows\System32\es.dll => File is digitally signed
    C:\Windows\System32\cryptsvc.dll => File is digitally signed
    C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
    C:\Windows\System32\ipnathlp.dll => File is digitally signed
    C:\Windows\System32\iphlpsvc.dll => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed


    **** End of log ****

    ESET Log

    D:\PC Storage\Solid State Drive Files\Others\My Backup\blackmart\downloads\org.greenlie.livesportstv.6.apk a variant of Android/Plankton.I trojan
    D:\PC Storage\Solid State Drive Files\Others\My Backup\Download\awraw5117.apk a variant of Android/TrojanSMS.Agent.KA trojan
    D:\PC Storage\Solid State Drive Files\Others\My Backup\Download\b2mddddddd-1.apk a variant of Android/TrojanSMS.Agent.KA trojan
    D:\PC Storage\Solid State Drive Files\Others\My Backup\Download\b2mddddddd.apk a variant of Android/TrojanSMS.Agent.KA trojan
    D:\PC Storage\Solid State Drive Files\Others\My Backup\Download\b2m_c_2769.apk a variant of Android/TrojanSMS.Agent.KA trojan
    D:\PC Storage\Solid State Drive Files\Others\My Backup\Download\Black Market Alpha Pro.apk multiple threats
    D:\PC Storage\Solid State Drive Files\Others\My Backup\Download\Black Market Alpha-1.apk a variant of Android/Plankton.I trojan
    D:\PC Storage\Solid State Drive Files\Others\My Backup\Download\black market alpha.apk a variant of Android/Plankton.I trojan
    D:\PC Storage\Solid State Drive Files\Others\My Backup\Download\Black Market Alpha_1.apk a variant of Android/Plankton.I trojan
    D:\PC Storage\Solid State Drive Files\Others\My Backup\Download\Blackmart Alpha 0.49.93-2.apk a variant of Android/Plankton.I trojan
    D:\PC Storage\Solid State Drive Files\Others\My Backup\Download\Blackmart Alpha 0.49.93_2.apk a variant of Android/Plankton.I trojan
    D:\PC Storage\Solid State Drive Files\Others\My Backup\Download\Blackmart Alpha full Edition-1.apk a variant of Android/Plankton.I trojan
    D:\PC Storage\Solid State Drive Files\Others\My Backup\Download\Blackmart Alpha full Edition.apk a variant of Android/Plankton.I trojan
    D:\PC Storage\Solid State Drive Files\Others\My Backup\Download\Blackmart Alpha Pro-1.apk a variant of Android/Leadbolt.E potentially unwanted application
    D:\PC Storage\Solid State Drive Files\Others\My Backup\Download\Blackmart Alpha Pro.apk a variant of Android/Leadbolt.E potentially unwanted application
    D:\PC Storage\Solid State Drive Files\Others\My Backup\Download\Blackmart Alpha-51-1.apk a variant of Android/Plankton.I trojan
    D:\PC Storage\Solid State Drive Files\Others\My Backup\Download\Blackmart Alpha-51-2.apk a variant of Android/Plankton.I trojan
    D:\PC Storage\Solid State Drive Files\Others\My Backup\Download\Blackmart Alpha-51.apk a variant of Android/Plankton.I trojan
    D:\PC Storage\Solid State Drive Files\Others\My Backup\Download\cb44432.apk a variant of Android/TrojanSMS.Agent.KA trojan
    D:\PC Storage\Solid State Drive Files\Others\My Backup\Download\ctb7389-1.apk a variant of Android/TrojanSMS.Agent.KA trojan
    D:\PC Storage\Solid State Drive Files\Others\My Backup\Download\ctb7389-2.apk a variant of Android/TrojanSMS.Agent.KA trojan
    D:\PC Storage\Solid State Drive Files\Others\My Backup\Download\ctb7389.apk a variant of Android/TrojanSMS.Agent.KA trojan
    D:\PC Storage\Solid State Drive Files\Others\My Backup\Download\gb317gr.apk a variant of Android/TrojanSMS.Agent.KA trojan
    D:\PC Storage\Solid State Drive Files\Others\My Backup\Download\glm211sx-1.apk a variant of Android/TrojanSMS.Agent.KA trojan
    D:\PC Storage\Solid State Drive Files\Others\My Backup\Download\glm211sx.apk a variant of Android/TrojanSMS.Agent.KA trojan
    D:\PC Storage\Solid State Drive Files\Others\My Backup\Download\mub2342asdf.apk a variant of Android/TrojanSMS.Agent.KA trojan
    D:\PC Storage\Solid State Drive Files\Others\My Backup\Download\Playporn_1390951089_888995-1.apk Android/TrojanSMS.Agent.ABK trojan
    D:\PC Storage\Solid State Drive Files\Others\My Backup\Download\Playporn_1390951089_888995.apk Android/TrojanSMS.Agent.ABK trojan
    D:\PC Storage\Solid State Drive Files\Others\My Backup\Download\Scan-For-Viruses-Now-1.apk a variant of Android/AndroidArmour.D potentially unwanted application
    D:\PC Storage\Solid State Drive Files\Others\My Backup\Download\Scan-For-Viruses-Now.apk a variant of Android/AndroidArmour.D potentially unwanted application
    D:\PC Storage\Solid State Drive Files\Others\My Backup\KingsoftOffice\file\download\attachment.txt Win32/DownWare.V potentially unwanted application
    D:\PC Storage\Solid State Drive Files\Programs Files\Pro Evolution Soccer 2013\rld_100.dll Win32/HackTool.Crack.BB potentially unsafe application
    E:\Users\Asim\Downloads\ccsetup412.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
    E:\Users\Asim\Downloads\KMSpico Install\KMSpico_setup.exe a variant of MSIL/HackTool.IdleKMS.C potentially unsafe application
    E:\Windows\SECOH-QAD.exe Win64/HackKMS.C potentially unsafe application
    F:\C Drive\Docs\Battlefield 3\Battlefield_3_[Update_10].rar a variant of Win32/HackTool.CheatEngine.AF potentially unsafe application
    F:\C Drive\Docs\Battlefield 3\Trainer Battlefield 3 [Update 10].exe a variant of Win32/HackTool.CheatEngine.AF potentially unsafe application
    F:\C Drive\Downloads\Pro Evolution Soccer Tools\PES2013 Tools\rld.dll Win32/HackTool.Crack.BB potentially unsafe application
    F:\C Drive\Downloads\Pro Evolution Soccer Tools\PES2013 Tools\PES 2013 Game Directory\Pro Evolution Soccer 2013\rld.dll Win32/HackTool.Crack.BB potentially unsafe application
    F:\C Drive\Downloads\Pro Evolution Soccer Tools\PES2013 Tools\PES 2013 Game Directory\Pro Evolution Soccer 2013\rld_100.dll Win32/HackTool.Crack.BB potentially unsafe application
    F:\C Drive\Downloads\Pro Evolution Soccer Tools\PES2013 Tools\PES2013 Worldcup 2014 Patch\AIO V2\V2.AIO.WC14. for pes13\Installer.exe Win32/HackTool.Crack.BB potentially unsafe application
    F:\C Drive\Downloads\Pro Evolution Soccer Tools\PES2013 Tools\PES2013 Worldcup 2014 Patch\PESModders\PESModders Mundial Brasil 2014.exe Win32/HackTool.Crack.BB potentially unsafe application
    F:\C Drive\Downloads\Pro Evolution Soccer Tools\PES2013 Tools\PESEDIT Patch 6\Installer.exe Win32/HackTool.Crack.BB potentially unsafe application
    F:\C Drive\Downloads\Pro Evolution Soccer Tools\PES2014 Tools\PES 2014 Option Files\PC\PESEdit.com 2014 Patch 0.2\Installer.exe Win32/HackTool.Crack.BB potentially unsafe application
    F:\C Drive\Downloads\Pro Evolution Soccer Tools\PES2014 Tools\PTE Patch\[PES14] PTE PATCH 1.1\setup.exe Win32/HackTool.Crack.BB potentially unsafe application
    F:\Video Editing\Editing Tutorials\Sony Vegas\Sony Vegas 11 Presets\Zlargo114's Plugin Pack!\Zlargo114's Plugin Pack!.rar a variant of Win32/HackTool.Patcher.T potentially unsafe application
    G:\PC Programs\Programs\cbsidlm-tr1_13-Simple_HTML_To_Text_Converter-ORG-10587330.exe Win32/DownloadAdmin.G potentially unwanted application
    G:\PC Programs\Programs\ccsetup322.exe Win32/Bundled.Toolbar.Google.E potentially unsafe application
    G:\PC Programs\Programs\ccsetup324.exe Win32/Bundled.Toolbar.Google.E potentially unsafe application
    G:\PC Programs\Programs\ccsetup325.exe Win32/Bundled.Toolbar.Google.E potentially unsafe application
    G:\PC Programs\Programs\ccsetup401.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
    G:\PC Programs\Programs\ccsetup405.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
    G:\PC Programs\Programs\ccsetup406.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
    G:\PC Programs\Programs\ccsetup409.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
    G:\PC Programs\Programs\ccsetup410.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
    G:\PC Programs\Programs\ccsetup413.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
    G:\PC Programs\Programs\ccsetup415.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
    G:\PC Programs\Programs\cpu-z_1.61-setup-en.exe a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application
    G:\PC Programs\Programs\FerrariFiller_1_3_3_7FSE.exe a variant of Win32/Packed.Themida potentially unwanted application
    G:\PC Programs\Programs\FFSetup280(1).exe a variant of Win32/ELEX.AG potentially unwanted application
    G:\PC Programs\Programs\FFSetupMultilingual3-1-1.exe a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application
    G:\PC Programs\Programs\FreeAVIMP4WMVMPEGVideoJoiner.exe a variant of Win32/Toolbar.Conduit.B potentially unwanted application
    G:\PC Programs\Programs\Mipony-Installer.exe a variant of Win32/InstallCore.BY potentially unwanted application
    G:\PC Programs\Programs\MP4Joiner-1.0-win32(1).exe Win32/DownWare.W potentially unwanted application
    G:\PC Programs\Programs\MP4Joiner-1.0-win32.exe Win32/DownWare.W potentially unwanted application
    G:\PC Programs\Programs\Pes2014.All.Version.tr28-3DMGAME.exe a variant of Win32/FlyStudio potentially unwanted application
    G:\PC Programs\Programs\rcsetup146.exe Win32/Bundled.Toolbar.Google.E potentially unsafe application
    G:\PC Programs\Programs\Setup-SopCast-3.4.0-2011-6-9.exe a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
    G:\PC Programs\Programs\SFInstaller_SFFZ_filezilla_8992693_.exe a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application
    G:\PC Programs\Programs Folder\Adobe CS6 Master Collection\CS6 Master Collection\KEYGEN-XFORCE [WIN OSX]\Crack-OSX\xf-amcs6.dmg OSX/Keygen.AA potentially unsafe application
    G:\PC Programs\Programs Folder\Adobe CS6 Master Collection\CS6 Master Collection\KEYGEN-XFORCE [WIN OSX]\Crack-Windows\disable_activation.cmd BAT/HostsChanger.A potentially unsafe application
    G:\PC Programs\Programs Folder\Adobe Dreamweaver CC 2014 14 Build 6733 [ChingLiu]\Crack\xf-adobecc.exe a variant of Win32/Keygen.HA potentially unsafe application
    G:\PC Programs\Programs Folder\Adobe.Creative.Suite.5.5.Master.Collection.EN.ESD-WZT\ADOBE.CS5.5.MC_KEYGEN_WIN_OSX-XFORCE\WIN\disable_activation.cmd BAT/HostsChanger.A potentially unsafe application
    G:\PC Programs\Programs Folder\Advanced SystemCare Pro 7.3.0.457 [ChingLiu]\Advanced-SystemCare.exe a variant of Win32/Toolbar.Widgi.B potentially unwanted application
    G:\PC Programs\Programs Folder\Dreambox Files\DreamBox Files\DM800S\Rar Files\DreamBox-OptiFlasher-Ev1.0.4.rar a variant of Win32/Packed.Themida potentially unwanted application
    G:\PC Programs\Programs Folder\Dreambox Files\DreamBox Files\DM800SE HD\FerrariFiller_1_3_3_7FSE.rar a variant of Win32/Packed.Themida potentially unwanted application
    G:\PC Programs\Programs Folder\Dreambox Files\DreamBox Files\DM800SE HD\FFSetup3.0.1.zip a variant of Win32/Hao123.A potentially unwanted application
    G:\PC Programs\Programs Folder\Hiren's BootCD 15.2 Rebuild All in One Bootable CD\12.Hiren.s.Boot.CD.15.2.iso a variant of Win32/Toolbar.Conduit.H potentially unwanted application
    G:\PC Programs\Programs Folder\MAGIX Audio Cleaning Lab 2013 19.0.0.10 English [ChingLiu]\Audio_Cleaning_Lab_2013_DLV_en-II_121001_10-52_19_0_0_10.exe a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
    G:\PC Programs\Programs Folder\Nero 8.1.1.0 Ultra Edition + Keygen [h33t] [CaZoR]\Nero 8.1.1.0 Ultra Edition + Keygen [h33t] [CaZoR].rar a variant of Win32/Keygen.DS potentially unsafe application
    G:\PC Programs\Programs Folder\Nitro PDF Professional Enterprise 8 (32-bit+64-bit) v8.1.1.12 + Key + Keygen - {Cyclonoid}\Nitro PDF Professional Enterprise 8 (64-bit-x64) v8.1.1.12 + Keygen - {Cyclonoid}.rar a variant of Win32/Keygen.AN potentially unsafe application
    G:\PC Programs\Programs Folder\Nitro PDF Professional Enterprise 8 (32-bit+64-bit) v8.1.1.12 + Key + Keygen - {Cyclonoid}\Nitro PDF Professional Enterprise 8 (64-bit-x64) v8.1.1.12 + Keygen - {Cyclonoid}\keygen_np8.exe a variant of Win32/Keygen.AN potentially unsafe application
    G:\PC Programs\Programs Folder\Sony Vegas Pro 13.0 build 290 (64 bit) Multilingual [ChingLiu]\Patch KHG\vegas.pro.13.0.(64-bit)-patch.exe a variant of Win32/HackTool.Patcher.AD potentially unsafe application
    G:\PC Programs\Zip Files\FFSetup3.0.1.zip a variant of Win32/Hao123.A potentially unwanted application
    C:\Users\Asim Hussain\Downloads\Alien Isolation V1.00 Trainer +4 MrAntiFun B.EXE a variant of Win32/HackTool.CheatEngine.AF potentially unsafe application deleted - quarantined
    D:\PC Storage\Downloads Folder\batmanarkhamoriginstrainer_+2.rar a variant of Win32/HackTool.CheatEngine.AF potentially unsafe application deleted - quarantined
    D:\PC Storage\Downloads Folder\ccsetup407.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined
    D:\PC Storage\Downloads Folder\ccsetup408.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined
    D:\PC Storage\Downloads Folder\ccsetup409.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined
    D:\PC Storage\Downloads Folder\CrystalDiskInfo6_0_4ShizukuUltimate-en.exe Win32/OpenCandy potentially unsafe application deleted - quarantined
    D:\PC Storage\Downloads Folder\dfsetup216.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined
    D:\PC Storage\Mobile Phones\Imran Backup\Internal Backup\blackmart\downloads\com.allsports.live.390.apk a variant of Android/Leadbolt.E potentially unwanted application deleted - quarantined
    D:\PC Storage\Mobile Phones\Imran Backup\Internal Backup\blackmart\downloads\com.celebrities.wwefannation.2.apk a variant of Android/AdDisplay.AirPush.G potentially unwanted application deleted - quarantined
    D:\PC Storage\Mobile Phones\Imran Backup\Internal Backup\blackmart\downloads\com.DSquareAndroid.hindimovies.5.apk a variant of Android/Plankton.I trojan deleted - quarantined
    D:\PC Storage\Mobile Phones\Imran Backup\Internal Backup\blackmart\downloads\com.kii.im.hd.4.apk a variant of Android/AdDisplay.AirPush.G potentially unwanted application deleted - quarantined
    D:\PC Storage\Mobile Phones\Imran Backup\Internal Backup\blackmart\downloads\com.kt.boxoffice.hd.7.apk a variant of Android/AdDisplay.AirPush.G potentially unwanted application deleted - quarantined
    D:\PC Storage\Mobile Phones\Imran Backup\Internal Backup\blackmart\downloads\com.nk.bwdmvs.26.apk a variant of Android/AdDisplay.AirPush.G potentially unwanted application deleted - quarantined
    D:\PC Storage\Mobile Phones\Imran Backup\Internal Backup\blackmart\downloads\com.robotsandpencils.minecraftWEent.2147483641.apk a variant of Android/AdDisplay.AirPush.G potentially unwanted application deleted - quarantined
    D:\PC Storage\Mobile Phones\Imran Backup\Internal Backup\blackmart\downloads\flash_player.flash.player.free.574.apk a variant of Android/Plankton.I trojan deleted - quarantined
    D:\PC Storage\Mobile Phones\Imran Backup\Internal Backup\blackmart\downloads\in.droidstore.freehindimovies.29.apk a variant of Android/AdDisplay.AirPush.G potentially unwanted application deleted - quarantined
    D:\PC Storage\Mobile Phones\Imran Backup\Internal Backup\blackmart\downloads\live.wtchtv.pro.4.apk a variant of Android/Plankton.I trojan deleted - quarantined
    D:\PC Storage\Mobile Phones\Imran Backup\Internal Backup\blackmart\downloads\net.tv.watch.free.300000000.apk a variant of Android/Plankton.I trojan deleted - quarantined
    D:\PC Storage\Mobile Phones\Imran Backup\Internal Backup\blackmart\downloads\online.livetv2g3g.6.apk a variant of Android/AdDisplay.AirPush.G potentially unwanted application deleted - quarantined
    D:\PC Storage\Mobile Phones\Imran Backup\Internal Backup\blackmart\downloads\org.greenlie.livesportstv.6.apk a variant of Android/Plankton.I trojan deleted - quarantined
    D:\PC Storage\Mobile Phones\Imran Backup\Internal Backup\Download\awraw5117.apk a variant of Android/TrojanSMS.Agent.KA trojan deleted - quarantined
    D:\PC Storage\Mobile Phones\Imran Backup\Internal Backup\Download\b2mddddddd-1.apk a variant of Android/TrojanSMS.Agent.KA trojan deleted - quarantined
    D:\PC Storage\Mobile Phones\Imran Backup\Internal Backup\Download\b2mddddddd.apk a variant of Android/TrojanSMS.Agent.KA trojan deleted - quarantined
    D:\PC Storage\Mobile Phones\Imran Backup\Internal Backup\Download\b2m_c_2769.apk a variant of Android/TrojanSMS.Agent.KA trojan deleted - quarantined
    D:\PC Storage\Mobile Phones\Imran Backup\Internal Backup\Download\Black Market Alpha Pro.apk multiple threats deleted - quarantined
    D:\PC Storage\Mobile Phones\Imran Backup\Internal Backup\Download\Black Market Alpha-1.apk a variant of Android/Plankton.I trojan deleted - quarantined
    D:\PC Storage\Mobile Phones\Imran Backup\Internal Backup\Download\black market alpha.apk a variant of Android/Plankton.I trojan deleted - quarantined
    D:\PC Storage\Mobile Phones\Imran Backup\Internal Backup\Download\Black Market Alpha_1.apk a variant of Android/Plankton.I trojan deleted - quarantined
    D:\PC Storage\Mobile Phones\Imran Backup\Internal Backup\Download\Blackmart Alpha 0.49.93-2.apk a variant of Android/Plankton.I trojan deleted - quarantined
    D:\PC Storage\Mobile Phones\Imran Backup\Internal Backup\Download\Blackmart Alpha 0.49.93_2.apk a variant of Android/Plankton.I trojan deleted - quarantined
    D:\PC Storage\Mobile Phones\Imran Backup\Internal Backup\Download\Blackmart Alpha full Edition-1.apk a variant of Android/Plankton.I trojan deleted - quarantined
    D:\PC Storage\Mobile Phones\Imran Backup\Internal Backup\Download\Blackmart Alpha full Edition.apk a variant of Android/Plankton.I trojan deleted - quarantined
    D:\PC Storage\Mobile Phones\Imran Backup\Internal Backup\Download\Blackmart Alpha Pro-1.apk a variant of Android/Leadbolt.E potentially unwanted application deleted - quarantined
    D:\PC Storage\Mobile Phones\Imran Backup\Internal Backup\Download\Blackmart Alpha Pro.apk a variant of Android/Leadbolt.E potentially unwanted application deleted - quarantined
    D:\PC Storage\Mobile Phones\Imran Backup\Internal Backup\Download\Blackmart Alpha-51-1.apk a variant of Android/Plankton.I trojan deleted - quarantined
    D:\PC Storage\Mobile Phones\Imran Backup\Internal Backup\Download\Blackmart Alpha-51-2.apk a variant of Android/Plankton.I trojan deleted - quarantined
    D:\PC Storage\Mobile Phones\Imran Backup\Internal Backup\Download\Blackmart Alpha-51.apk a variant of Android/Plankton.I trojan deleted - quarantined
    D:\PC Storage\Mobile Phones\Imran Backup\Internal Backup\Download\cb44432.apk a variant of Android/TrojanSMS.Agent.KA trojan deleted - quarantined
    D:\PC Storage\Mobile Phones\Imran Backup\Internal Backup\Download\ctb7389-1.apk a variant of Android/TrojanSMS.Agent.KA trojan deleted - quarantined
    D:\PC Storage\Mobile Phones\Imran Backup\Internal Backup\Download\ctb7389-2.apk a variant of Android/TrojanSMS.Agent.KA trojan deleted - quarantined
    D:\PC Storage\Mobile Phones\Imran Backup\Internal Backup\Download\ctb7389.apk a variant of Android/TrojanSMS.Agent.KA trojan deleted - quarantined
    D:\PC Storage\Mobile Phones\Imran Backup\Internal Backup\Download\gb317gr.apk a variant of Android/TrojanSMS.Agent.KA trojan deleted - quarantined
    D:\PC Storage\Mobile Phones\Imran Backup\Internal Backup\Download\glm211sx-1.apk a variant of Android/TrojanSMS.Agent.KA trojan deleted - quarantined
    D:\PC Storage\Mobile Phones\Imran Backup\Internal Backup\Download\glm211sx.apk a variant of Android/TrojanSMS.Agent.KA trojan deleted - quarantined
    D:\PC Storage\Mobile Phones\Imran Backup\Internal Backup\Download\mub2342asdf.apk a variant of Android/TrojanSMS.Agent.KA trojan deleted - quarantined
    D:\PC Storage\Mobile Phones\Imran Backup\Internal Backup\Download\Playporn_1390951089_888995-1.apk Android/TrojanSMS.Agent.ABK trojan deleted - quarantined
    D:\PC Storage\Mobile Phones\Imran Backup\Internal Backup\Download\Playporn_1390951089_888995.apk Android/TrojanSMS.Agent.ABK trojan deleted - quarantined
    D:\PC Storage\Mobile Phones\Imran Backup\Internal Backup\Download\Scan-For-Viruses-Now-1.apk a variant of Android/AndroidArmour.D potentially unwanted application deleted - quarantined
    D:\PC Storage\Mobile Phones\Imran Backup\Internal Backup\Download\Scan-For-Viruses-Now.apk a variant of Android/AndroidArmour.D potentially unwanted application deleted - quarantined
    D:\PC Storage\Mobile Phones\Imran Backup\Internal Backup\KingsoftOffice\file\download\attachment.txt Win32/DownWare.V potentially unwanted application deleted - quarantined
    D:\PC Storage\Mobile Phones\Imran Backup\Internal Backup\TitaniumBackup\com.fggpx189.chlsf326-36d9624ebfac0af37312291d986e5c36.apk.gz a variant of Android/AdDisplay.RevMob.A potentially unwanted application deleted - quarantined
    D:\PC Storage\Mobile Phones\Imran Backup\Internal Backup\TitaniumBackup\org.blackmart.market-b733a2fbea55a224702f6bbcc04cfec9.apk.gz a variant of Android/AdDisplay.AirPush.M potentially unwanted application deleted - quarantined
    D:\PC Storage\Mobile Phones\JXD S7800B\Inaaya\Android\data\org.blackmart.market\cache\blackmart\updates\blackmart.apk a variant of Android/AdDisplay.AirPush.M potentially unwanted application deleted - quarantined
    D:\PC Storage\Mobile Phones\JXD S7800B\Inaaya\apks\4_3\Lost Levels.apk a variant of Android/AdDisplay.Kuguo.F potentially unwanted application deleted - quarantined
    D:\PC Storage\Mobile Phones\JXD S7800B\Inaaya\TitaniumBackup\com.onetech.barbie.hair.salon-5a7e2b4b83c58bfcce846b6d2fed7293.apk.gz a variant of Android/AdDisplay.AirPush.M potentially unwanted application deleted - quarantined
    D:\PC Storage\Mobile Phones\JXD S7800B\Inaaya\TitaniumBackup\org.blackmart.market-20131226-145254.tar.gz a variant of Android/AdDisplay.AirPush.M potentially unwanted application deleted - quarantined
    D:\PC Storage\Mobile Phones\JXD S7800B\Inaaya\TitaniumBackup\org.blackmart.market-b733a2fbea55a224702f6bbcc04cfec9.apk.gz a variant of Android/AdDisplay.AirPush.M potentially unwanted application deleted - quarantined
    D:\PC Storage\Mobile Phones\JXD S7800B\Moeeze\Internal Backup\apks\4_3\Lost Levels.apk a variant of Android/AdDisplay.Kuguo.F potentially unwanted application deleted - quarantined
    D:\PC Storage\Mobile Phones\Samsung Galaxy SIII\Backups\CWM\clockworkmod\backup\2013-05-06.17.58.23\data.ext4.tar a variant of Android/AdDisplay.Viser.A potentially unwanted application deleted - quarantined
    D:\PC Storage\Mobile Phones\Samsung Galaxy SIII\Backups\CWM\clockworkmod\backup\2013-05-14.13.21.16_Omega_v43.3_-_XXEMC3\data.ext4.tar.a a variant of Android/AdDisplay.Viser.A potentially unwanted application deleted - quarantined
    D:\PC Storage\Mobile Phones\Samsung Galaxy SIII\TitaniumBackup\com.gameloft.android.ANMP.GloftAMHM-520c7bf2f09de91575eabd37bae74243.apk.gz a variant of Android/AdDisplay.Viser.A potentially unwanted application deleted - quarantined
    D:\PC Storage\Mobile Phones\Samsung Galaxy SIII\TitaniumBackup\org.blackmart.market-b733a2fbea55a224702f6bbcc04cfec9.apk.gz a variant of Android/AdDisplay.AirPush.M potentially unwanted application deleted - quarantined
    D:\PC Storage\Mobile Phones\Samsung Galaxy SIV\Backup\2014-06-05.20.08.24_Omega_v30_-_XXUGNE5\data.ext4.tar.a a variant of Android/AdDisplay.AirPush.M potentially unwanted application deleted - quarantined
    D:\PC Storage\Mobile Phones\Samsung Galaxy SIV\Backup\2014-06-11.09.22.54_Omega_v30_-_XXUGNE5\data.ext4.tar.a a variant of Android/AdDisplay.AirPush.M potentially unwanted application deleted - quarantined
    D:\PC Storage\Mobile Phones\Samsung Galaxy SIV\Backup\2014-06-20.19.45.59_Omega_v31_-_VJUGNE2\data.ext4.tar.a a variant of Android/AdDisplay.AirPush.M potentially unwanted application deleted - quarantined
    D:\PC Storage\PC Games\Ashes Cricket 2013\rld-ascr13.iso a variant of Win32/HackTool.Crack.BL potentially unsafe application deleted - quarantined
    D:\PC Storage\PC Games\Batman Arkham Origins\rld-baaror.iso a variant of Win32/HackTool.Crack.BL potentially unsafe application deleted - quarantined
    D:\PC Storage\PC Games\Dirt 3\sr-dirt3.iso Win32/HackTool.Crack.O potentially unsafe application deleted - quarantined
    D:\PC Storage\PC Games\F1 2013\rld-f12013.iso a variant of Win32/HackTool.Crack.BL potentially unsafe application deleted - quarantined
    D:\PC Storage\Solid State Drive Files\Documents Folders\Battlefield 3\Battlefield_3_[Update_10].rar a variant of Win32/HackTool.CheatEngine.AF potentially unsafe application deleted - quarantined
    D:\PC Storage\Solid State Drive Files\Documents Folders\Battlefield 3\Trainer Battlefield 3 [Update 10].exe a variant of Win32/HackTool.CheatEngine.AF potentially unsafe application deleted - quarantined
    D:\PC Storage\Solid State Drive Files\Downloads Folder\ccsetup414.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined
    D:\PC Storage\Solid State Drive Files\Downloads Folder\FreeVideoToJPGConverter.exe Win32/OpenCandy potentially unsafe application deleted - quarantined
    D:\PC Storage\Solid State Drive Files\Others\My Backup\blackmart\downloads\com.allsports.live.390.apk a variant of Android/Leadbolt.E potentially unwanted application deleted - quarantined
    D:\PC Storage\Solid State Drive Files\Others\My Backup\blackmart\downloads\com.celebrities.wwefannation.2.apk a variant of Android/AdDisplay.AirPush.G potentially unwanted application deleted - quarantined
    D:\PC Storage\Solid State Drive Files\Others\My Backup\blackmart\downloads\com.DSquareAndroid.hindimovies.5.apk a variant of Android/Plankton.I trojan deleted - quarantined
    D:\PC Storage\Solid State Drive Files\Others\My Backup\blackmart\downloads\com.kii.im.hd.4.apk a variant of Android/AdDisplay.AirPush.G potentially unwanted application deleted - quarantined
    D:\PC Storage\Solid State Drive Files\Others\My Backup\blackmart\downloads\com.kt.boxoffice.hd.7.apk a variant of Android/AdDisplay.AirPush.G potentially unwanted application deleted - quarantined
    D:\PC Storage\Solid State Drive Files\Others\My Backup\blackmart\downloads\com.nk.bwdmvs.26.apk a variant of Android/AdDisplay.AirPush.G potentially unwanted application deleted - quarantined
    D:\PC Storage\Solid State Drive Files\Others\My Backup\blackmart\downloads\com.robotsandpencils.minecraftWEent.2147483641.apk a variant of Android/AdDisplay.AirPush.G potentially unwanted application deleted - quarantined
    D:\PC Storage\Solid State Drive Files\Others\My Backup\blackmart\downloads\flash_player.flash.player.free.574.apk a variant of Android/Plankton.I trojan deleted - quarantined
    D:\PC Storage\Solid State Drive Files\Others\My Backup\blackmart\downloads\in.droidstore.freehindimovies.29.apk a variant of Android/AdDisplay.AirPush.G potentially unwanted application deleted - quarantined
    D:\PC Storage\Solid State Drive Files\Others\My Backup\blackmart\downloads\live.wtchtv.pro.4.apk a variant of Android/Plankton.I trojan deleted - quarantined
    D:\PC Storage\Solid State Drive Files\Others\My Backup\blackmart\downloads\net.tv.watch.free.300000000.apk a variant of Android/Plankton.I trojan deleted - quarantined
    D:\PC Storage\Solid State Drive Files\Others\My Backup\blackmart\downloads\online.livetv2g3g.6.apk a variant of Android/AdDisplay.AirPush.G potentially unwanted application deleted - quarantined
     
  21. Broni

    Broni Malware Annihilator Posts: 52,915   +344

    Your computer is clean [​IMG]

    1. This step will remove all cleaning tools we used, it'll reset restore points (so you won't get reinfected by accidentally using some older restore point) and it'll make some other minor adjustments...
    This is a very crucial step so make sure you don't skip it.
    Download [​IMG]DelFix by Xplode to your desktop. Delfix will delete all the used tools and logfiles.

    Double-click Delfix.exe to start the tool.
    Make sure the following items are checked:
    • Activate UAC (optional; some users prefer to keep it off)
    • Remove disinfection tools
    • Create registry backup
    • Purge System Restore
    • Reset system settings
    Now click "Run" and wait patiently.
    Once finished a logfile will be created. You don't have to attach it to your next reply.

    2. Make sure Windows Updates are current.

    3. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    4. Check if your browser plugins are up to date.
    Firefox - https://www.mozilla.org/en-US/plugincheck/
    other browsers: https://browsercheck.qualys.com/ (click on "Launch a quick scan now" link)

    5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    7. Run Temporary File Cleaner (TFC), AdwCleaner and Junkware Removal Tool (JRT) weekly (you need to redownload these tools since they were removed by DelFix).

    8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    10. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

    11. Read:
    How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
    Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
    About those Toolbars and Add-ons - Potentially Unwanted Programs (PUPs) which change your browser settings: http://www.bleepingcomputer.com/for...curity-questions-best-practices/#entry3187642

    12. Please, let me know, how your computer is doing.
     
  22. ronaldo9_r9

    ronaldo9_r9 TS Member Topic Starter Posts: 20

    I would like to Thank you for help. I will donate once I am home from work. PC is running fine but I need to scan my other drives with avg and malwarebytes to make sure all infection fount by ESET online scanner are wiped. Other than that everything stable. This can be marked as resolved. Thanks once again Baroni.
     
  23. Broni

    Broni Malware Annihilator Posts: 52,915   +344

    Way to go!! [​IMG]
    Good luck and stay safe :)
     

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...