TechSpot

Slow, and multiple iExplore.exe running

By skombeazel
Feb 4, 2015
  1. I've seen some of the other posts regarding this, would somebody mind assisting me, please?
     
  2. Broni

    Broni Malware Annihilator Posts: 52,884   +344

    Welcome aboard [​IMG]

    Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
    Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
    Attached logs won't be reviewed.

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
     
  3. skombeazel

    skombeazel TS Rookie Topic Starter Posts: 25

    Hi :) Here is the MBAM logs:

    Malwarebytes Anti-Malware
    www.malwarebytes.org

    Scan Date: 09/02/2015
    Scan Time: 10:23:21
    Logfile:
    Administrator: Yes

    Version: 2.00.4.1028
    Malware Database: v2015.02.09.03
    Rootkit Database: v2015.02.03.01
    License: Premium
    Malware Protection: Enabled
    Malicious Website Protection: Enabled
    Self-protection: Disabled

    OS: Windows 7 Service Pack 1
    CPU: x64
    File System: NTFS
    User: JP

    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 452672
    Time Elapsed: 32 min, 19 sec

    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Enabled
    PUM: Enabled

    Processes: 0
    (No malicious items detected)

    Modules: 0
    (No malicious items detected)

    Registry Keys: 0
    (No malicious items detected)

    Registry Values: 0
    (No malicious items detected)

    Registry Data: 0
    (No malicious items detected)

    Folders: 0
    (No malicious items detected)

    Files: 0
    (No malicious items detected)

    Physical Sectors: 0
    (No malicious items detected)


    (end)
     
  4. skombeazel

    skombeazel TS Rookie Topic Starter Posts: 25

    DDS.txt:

    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 8.0.7601.17514
    Run by JP at 11:21:50 on 2015-02-09
    Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3914.1467 [GMT 2:00]
    .
    AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    c:\Program Files\Microsoft Security Client\MsMpEng.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\igfxCUIService.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\SysWOW64\atashost.exe
    C:\Program Files (x86)\Sage Pastel Evolution\Freedom Service\Freedom.ServiceHost.exe
    C:\ProgramData\DatacardService\HWDeviceService64.exe
    C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
    C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
    C:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS2008R2\MSSQL\Binn\sqlservr.exe
    C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
    C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
    C:\Windows\SysWOW64\vmnat.exe
    C:\Program Files\WinAutomation\WinAutomation.ServiceAgent.exe
    C:\Program Files (x86)\Atheros\Ath_WlanAgent.exe
    C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
    C:\Windows\SysWOW64\vmnetdhcp.exe
    C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
    C:\Windows\System32\alg.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\taskhost.exe
    C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
    C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\ProgramData\DatacardService\DCSHelper.exe
    C:\Windows\system32\igfxEM.exe
    C:\Windows\system32\igfxHK.exe
    C:\Program Files (x86)\Skype\Phone\Skype.exe
    C:\Users\JP.AS2\AppData\Roaming\uTorrent\uTorrent.exe
    C:\Program Files (x86)\Microsoft Office\Office15\ONENOTEM.EXE
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uDefault_Page_URL = about:blank
    mSearch Page = www.google.com
    mDefault_Page_URL = about:blank
    mDefault_Search_URL = www.google.com
    mWinlogon: Userinit = userinit.exe,
    BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
    BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL
    BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL
    uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
    uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
    uRun: [Mobile Partner] C:\Program Files (x86)\MobileWiFi\MobileWiFi
    uRun: [uTorrent] "C:\Users\JP.AS2\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED
    StartupFolder: C:\Users\JP.AS2\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\SENDTO~1.LNK - C:\Program Files (x86)\Microsoft Office\Office15\ONENOTEM.EXE
    uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
    mPolicies-Explorer: NoActiveDesktop = dword:1
    mPolicies-Explorer: NoActiveDesktopChanges = dword:1
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableLUA = dword:0
    mPolicies-System: EnableUIADesktopToggle = dword:0
    mPolicies-System: PromptOnSecureDesktop = dword:0
    mPolicies-System: RunStartupScriptSync = dword:1
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office15\EXCEL.EXE/3000
    IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~2\Office15\ONBttnIE.dll/105
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
    IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
    TCP: NameServer = 192.168.0.10
    TCP: Interfaces\{18195D85-DB6B-4CD6-9C71-1E099F46D24B} : DHCPNameServer = 192.168.1.1 192.168.1.1
    TCP: Interfaces\{4CE61002-8F9A-42CE-AE4C-1339DB01F2DB} : DHCPNameServer = 192.168.1.1 192.168.1.1
    TCP: Interfaces\{6DA6402A-60EE-4D57-A6A6-7C0FB71B9184} : DHCPNameServer = 192.168.1.1 192.168.1.1
    TCP: Interfaces\{8B612D1A-14FE-4336-ADC2-D9D8BE03B054} : DHCPNameServer = 192.168.9.1 192.168.9.1
    TCP: Interfaces\{949FFFF9-2DA6-46F5-9614-8DC7D5035323} : DHCPNameServer = 192.168.0.10
    TCP: Interfaces\{949FFFF9-2DA6-46F5-9614-8DC7D5035323}\459676562775966696 : DHCPNameServer = 192.168.1.1 192.168.1.1
    TCP: Interfaces\{A902A7FD-8296-43DE-B849-2DD8FAEAD097} : DHCPNameServer = 10.20.30.8 10.20.30.19
    TCP: Interfaces\{D29F7482-36AC-46A1-950D-8C57FF51E649} : DHCPNameServer = 192.168.0.10
    TCP: Interfaces\{FF10FE80-CE43-4099-917D-CAEE3596CB84} : DHCPNameServer = 192.168.16.10
    Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
    Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
    SSODL: WebCheck - <orphaned>
    IFEO: mobilebroadband.exe - "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
    x64-mSearch Page = www.google.com
    x64-mDefault_Page_URL = about:blank
    x64-mDefault_Search_URL = www.google.com
    x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
    x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL
    x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL
    x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office15\ONBttnIE.dll
    x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
    x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
    x64-Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
    x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - <orphaned>
    x64-Notify: igfxcui - igfxdev.dll
    x64-SSODL: WebCheck - <orphaned>
    x64-IFEO: mobilebroadband.exe - "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\JP.AS2\AppData\Roaming\Mozilla\Firefox\Profiles\8uy6i9ye.default\
    FF - plugin: C:\PROGRA~2\MICROS~2\Office15\NPSPWRAP.DLL
    FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\browser\plugins\npatgpc.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMeetingJoinPluginOC.dll
    FF - plugin: C:\Program Files\Microsoft\Web Platform Installer\NPWPIDetector.dll
    FF - plugin: C:\Users\JP.AS2\AppData\Roaming\Mozilla\plugins\npatgpc.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2014-1-25 268512]
    R0 vsock;vSockets Driver;C:\Windows\System32\drivers\vsock.sys [2014-12-9 76480]
    R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2014-10-19 283064]
    R2 atashost;WebEx Service Host for Support Center;C:\Windows\SysWOW64\atashost.exe [2014-9-15 118056]
    R2 Evolution Freedom Service;Evolution Freedom Service;C:\Program Files (x86)\Sage Pastel Evolution\Freedom Service\Freedom.ServiceHost.exe [2014-6-27 338432]
    R2 HWDeviceService64.exe;HWDeviceService64.exe;C:\ProgramData\DatacardService\HWDeviceService64.exe [2013-4-10 351824]
    R2 igfxCUIService1.0.0.0;Intel(R) HD Graphics Control Panel Service;C:\Windows\System32\igfxCUIService.exe [2014-5-21 315352]
    R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2015-1-28 969016]
    R2 MSSQL$SQLEXPRESS2008R2;SQL Server (SQLEXPRESS2008R2);C:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS2008R2\MSSQL\Binn\sqlservr.exe [2010-4-3 61913952]
    R2 TeamViewer;TeamViewer 10;C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [2014-12-17 5429520]
    R2 VMUSBArbService;VMware USB Arbitration Service;C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [2014-11-18 912576]
    R2 WinAutomation Service;WinAutomation Service;C:\Program Files\WinAutomation\WinAutomation.ServiceAgent.exe [2011-1-25 166912]
    R2 ZAtheros Wlan Agent;ZAtheros Wlan Agent;C:\Program Files (x86)\Atheros\Ath_WlanAgent.exe [2014-8-4 72864]
    R3 huawei_enumerator;huawei_enumerator;C:\Windows\System32\drivers\ew_jubusenum.sys [2014-12-12 91648]
    R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2014-5-21 450520]
    R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2012-1-19 435240]
    R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2015-1-28 25816]
    R3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2015-1-28 129752]
    R3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac.sys [2015-1-28 63704]
    R3 WSDScan;WSD Scan Support via UMB;C:\Windows\System32\drivers\WSDScan.sys [2009-7-14 25088]
    R4 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2015-1-28 1871160]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2012-7-9 104912]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-7-8 123856]
    S2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;D:\Hi-Rez Studios\HiPatchService.exe --> D:\Hi-Rez Studios\HiPatchService.exe [?]
    S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2014-4-3 315008]
    S2 SQLAgent$SQLEXPRESS2008R2;SQL Server Agent (SQLEXPRESS2008R2);C:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS2008R2\MSSQL\Binn\SQLAGENT.EXE [2010-4-3 428384]
    S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2011-4-12 71168]
    S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;C:\Windows\System32\drivers\ew_hwusbdev.sys [2014-12-12 109568]
    S3 ew_usbenumfilter;huawei_CompositeFilter;C:\Windows\System32\drivers\ew_usbenumfilter.sys [2014-12-12 14976]
    S3 huawei_cdcacm;huawei_cdcacm;C:\Windows\System32\drivers\ew_jucdcacm.sys [2014-12-12 110592]
    S3 huawei_cdcecm;huawei_cdcecm;C:\Windows\System32\drivers\ew_jucdcecm.sys [2014-12-12 77312]
    S3 huawei_ext_ctrl;huawei_ext_ctrl;C:\Windows\System32\drivers\ew_juextctrl.sys [2014-12-12 30720]
    S3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS;C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [2014-8-4 169752]
    S3 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2014-3-11 133928]
    S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2014-3-11 347872]
    S3 pikbd;Pluralinput Keyboard 0.8.6;C:\Windows\System32\drivers\pikbd.sys [2014-9-29 22880]
    S3 pimou;Pluralinput Mouse 0.8.6;C:\Windows\System32\drivers\pimou.sys [2014-9-29 22880]
    S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 27136]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392]
    S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232]
    S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys [2013-8-21 14112]
    S4 Evolution Mobile Service;Evolution Mobile Service;C:\Program Files (x86)\Sage Pastel Evolution\Evolution Mobile Service\SageService.SelfHost.exe [2014-5-20 269824]
    S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2010-4-3 59744]
    S4 RsFx0150;RsFx0150 Driver;C:\Windows\System32\drivers\RsFx0150.sys [2010-4-3 313696]
    S4 test;test;cmd /K start C:\Users\JP.AS2\Desktop\taskkil.txt --> cmd [?]
    S4 TuneUp.UtilitiesSvc;TuneUp Utilities Service;C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe [2013-8-29 2100024]
    S4 VmbService;Vodafone Mobile Broadband Service;C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe [2012-10-15 8704]
    .
    =============== Created Last 30 ================
    .
    2015-02-09 05:59:04 1188440 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{1E2D3696-18DE-4C43-A1C5-0E93521495D3}\gapaengine.dll
    2015-02-09 05:57:16 11870360 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B2AD8641-E959-4D3E-AF80-A29345383876}\mpengine.dll
    2015-02-05 13:27:39 -------- d-----w- C:\Users\JP.AS2\AppData\Local\CrashDumps
    2015-02-05 08:37:24 -------- d-----w- C:\Users\JP.AS2\AppData\Roaming\FabFilter
    2015-02-05 08:23:20 1597440 ----a-w- C:\FabFilter Volcano 2.dpm
    2015-02-05 08:23:19 -------- d-----w- C:\Program Files (x86)\FabFilter
    2015-02-05 08:14:39 -------- d-----w- C:\ProgramData\RAW
    2015-02-05 08:14:39 -------- d-----w- C:\Program Files (x86)\Rob Papen
    2015-02-05 06:20:44 11870360 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2015-02-04 14:44:47 35064 ----a-w- C:\Windows\System32\drivers\TrueSight.sys
    2015-02-04 14:44:46 -------- d-----w- C:\ProgramData\RogueKiller
    2015-02-04 14:44:35 -------- d-----w- C:\TDSSKiller_Quarantine
    2015-02-03 07:29:21 -------- d-----w- C:\AdwCleaner
    2015-01-28 12:54:28 129752 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
    2015-01-28 12:54:00 93400 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
    2015-01-28 12:54:00 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys
    2015-01-28 12:54:00 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2015-01-28 12:54:00 -------- d-----w- C:\ProgramData\Malwarebytes
    2015-01-28 12:54:00 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
    2015-01-27 09:37:00 94320 ----a-w- C:\Program Files (x86)\Mozilla Firefox\webapprt-stub.exe
    2015-01-27 09:37:00 922168 ----a-w- C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe
    2015-01-27 09:37:00 91032 ----a-w- C:\Program Files (x86)\Mozilla Firefox\webapp-uninstaller.exe
    2015-01-27 09:37:00 73816 ----a-w- C:\Program Files (x86)\Mozilla Firefox\wow_helper.exe
    2015-01-27 09:37:00 34016 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npMeetingJoinPluginOC.dll
    2015-01-27 09:37:00 273008 ----a-w- C:\Program Files (x86)\Mozilla Firefox\updater.exe
    2015-01-27 09:37:00 27133040 ----a-w- C:\Program Files (x86)\Mozilla Firefox\xul.dll
    2015-01-27 09:37:00 227704 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll
    2015-01-27 09:37:00 220784 ----a-w- C:\Program Files (x86)\Mozilla Firefox\sandboxbroker.dll
    2015-01-27 09:37:00 150128 ----a-w- C:\Program Files (x86)\Mozilla Firefox\softokn3.dll
    2015-01-26 12:42:54 -------- d-----w- C:\Users\JP.AS2\AppData\Roaming\calibre
    2015-01-26 12:14:12 -------- d-----w- C:\Program Files (x86)\EPUB Converter Tool
    2015-01-16 06:25:19 -------- d-----w- C:\New folder
    2015-01-11 11:07:17 68 ----a-w- C:\on.bat
    .
    ==================== Find3M ====================
    .
    2014-12-31 11:14:31 298120 ------w- C:\Windows\System32\MpSigStub.exe
    2014-11-20 16:44:40 931008 ----a-w- C:\Windows\System32\vnetlib64.dll
    2014-11-20 16:44:38 66752 ----a-w- C:\Windows\System32\drivers\vmx86.sys
    2014-11-20 16:44:38 438464 ----a-w- C:\Windows\SysWow64\vmnat.exe
    2014-11-20 16:44:38 26816 ----a-w- C:\Windows\System32\drivers\vmnetuserif.sys
    2014-11-20 16:44:26 359104 ----a-w- C:\Windows\SysWow64\vmnetdhcp.exe
    2014-11-20 16:44:20 81088 ----a-w- C:\Windows\System32\vmnetbridge.dll
    2014-11-20 16:44:20 49856 ----a-w- C:\Windows\System32\vnetinst.dll
    2014-11-20 16:44:20 48832 ----a-w- C:\Windows\System32\drivers\vmnetbridge.sys
    2014-11-20 16:44:20 28864 ----a-w- C:\Windows\System32\drivers\vmnetadapter.sys
    2014-11-20 16:44:20 27328 ----a-w- C:\Windows\System32\drivers\vmnet.sys
    2014-11-20 16:44:16 33472 ----a-w- C:\Windows\System32\drivers\VMkbd.sys
    2014-11-18 06:04:10 55488 ----a-w- C:\Windows\System32\drivers\hcmon.sys
    2014-11-17 15:38:44 68288 ----a-w- C:\Windows\System32\vsocklib.dll
    2014-11-17 15:38:42 76480 ----a-w- C:\Windows\System32\drivers\vsock.sys
    2014-11-17 15:38:42 64192 ----a-w- C:\Windows\SysWow64\vsocklib.dll
    2014-11-17 15:38:40 85584 ----a-w- C:\Windows\System32\drivers\vmci.sys
    .
    ============= FINISH: 11:23:19.77 ===============
     
  5. skombeazel

    skombeazel TS Rookie Topic Starter Posts: 25

    attach.txt:

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows 7 Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 04/08/2014 10:41:58
    System Uptime: 09/02/2015 11:05:42 (0 hours ago)
    .
    Motherboard: Acer | | EA50_HC_CR
    Processor: Intel(R) Core(TM) i5-3230M CPU @ 2.60GHz | U3E1 | 2601/100mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 199 GiB total, 6.793 GiB free.
    D: is FIXED (NTFS) - 500 GiB total, 4.001 GiB free.
    E: is CDROM ()
    F: is CDROM ()
    Z: is NetworkDisk (NTFS) - 731 GiB total, 228.477 GiB free.
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: VMware Virtual Ethernet Adapter for VMnet8
    Device ID: ROOT\VMWARE\0001
    Manufacturer: VMware, Inc.
    Name: VMware Virtual Ethernet Adapter for VMnet8
    PNP Device ID: ROOT\VMWARE\0001
    Service: VMnetAdapter
    .
    Class GUID: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
    Description: USB Video Device
    Device ID: USB\VID_1BCF&PID_2C18&MI_00\7&22116BC6&0&0000
    Manufacturer: Microsoft
    Name: HD WebCam
    PNP Device ID: USB\VID_1BCF&PID_2C18&MI_00\7&22116BC6&0&0000
    Service: usbvideo
    .
    Class GUID:
    Description: Base System Device
    Device ID: PCI\VEN_14E4&DEV_16BE&SUBSYS_06471025&REV_10\4&2B026579&0&02E0
    Manufacturer:
    Name: Base System Device
    PNP Device ID: PCI\VEN_14E4&DEV_16BE&SUBSYS_06471025&REV_10\4&2B026579&0&02E0
    Service:
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Microsoft Teredo Tunneling Adapter
    Device ID: ROOT\*TEREDO\0000
    Manufacturer: Microsoft
    Name: Teredo Tunneling Pseudo-Interface
    PNP Device ID: ROOT\*TEREDO\0000
    Service: tunnel
    .
    Class GUID:
    Description: Base System Device
    Device ID: PCI\VEN_14E4&DEV_16BF&SUBSYS_06471025&REV_10\4&2B026579&0&03E0
    Manufacturer:
    Name: Base System Device
    PNP Device ID: PCI\VEN_14E4&DEV_16BF&SUBSYS_06471025&REV_10\4&2B026579&0&03E0
    Service:
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Atheros AR5BWB222 Wireless Network Adapter
    Device ID: PCI\VEN_168C&DEV_0034&SUBSYS_E052105B&REV_01\4&1B6B0519&0&00E1
    Manufacturer: Atheros Communications Inc.
    Name: Atheros AR5BWB222 Wireless Network Adapter
    PNP Device ID: PCI\VEN_168C&DEV_0034&SUBSYS_E052105B&REV_01\4&1B6B0519&0&00E1
    Service: athr
    .
    Class GUID:
    Description: PCI Simple Communications Controller
    Device ID: PCI\VEN_8086&DEV_1E3A&SUBSYS_064B1025&REV_04\3&11583659&0&B0
    Manufacturer:
    Name: PCI Simple Communications Controller
    PNP Device ID: PCI\VEN_8086&DEV_1E3A&SUBSYS_064B1025&REV_04\3&11583659&0&B0
    Service:
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: VMware Virtual Ethernet Adapter for VMnet1
    Device ID: ROOT\VMWARE\0000
    Manufacturer: VMware, Inc.
    Name: VMware Virtual Ethernet Adapter for VMnet1
    PNP Device ID: ROOT\VMWARE\0000
    Service: VMnetAdapter
    .
    ==== System Restore Points ===================
    .
    RP122: 09/02/2015 10:18:46 - pre-set
    .
    ==== Installed Programs ======================
    .
    µTorrent
    Adobe Flash Player 14 Plugin
    Adobe Reader XI (11.0.07)
    ARC System 2 version 2.2.0
    ASIO4ALL
    AutoHotkey 1.0.48.05
    Broadcom NetLink Controller
    Cableguys FilterShaper 3.1.6
    CamStudio 2.7.2
    Cisco WebEx Meetings
    Convert EPUB to PDF 6.6.0
    Counter-Strike 1.0
    Crystal Reports Basic Runtime for Visual Studio 2008
    DAEMON Tools Lite
    Dropbox
    EitherMouse 0.5988
    Evolution Freedom Service
    Evolution Mobile Service
    FabFilter Volcano v2.03
    FL Studio 11
    FL Studio 11.5
    FlowStone FL 3.0
    Foxit Reader
    Hi-Rez Studios Authenticate and Update Service
    Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946040)
    Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946308)
    Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946344)
    Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947540)
    Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947789)
    IK Multimedia Authorization Manager version 1.0.9
    IL Download Manager
    IL Harmor
    IL Shared Libraries
    Intel(R) OpenCL CPU Runtime
    Intel(R) Processor Graphics
    iZotope Trash 2
    K-Lite Mega Codec Pack 10.6.0
    KORG KONTROL Editor
    Lennar Digital Sylenth VSTi v1.2.1
    Malwarebytes Anti-Malware version 2.0.4.1028
    Microsoft .NET Framework 4.5
    Microsoft Access MUI (English) 2013
    Microsoft Access Setup Metadata MUI (English) 2013
    Microsoft Application Error Reporting
    Microsoft DCF MUI (English) 2013
    Microsoft Excel MUI (English) 2013
    Microsoft Groove MUI (English) 2013
    Microsoft InfoPath MUI (English) 2013
    Microsoft IntelliPoint 8.2
    Microsoft Lync MUI (English) 2013
    Microsoft Office 64-bit Components 2013
    Microsoft Office OSM MUI (English) 2013
    Microsoft Office OSM UX MUI (English) 2013
    Microsoft Office Professional Plus 2013
    Microsoft Office Proofing (English) 2013
    Microsoft Office Proofing Tools 2013 - English
    Microsoft Office Proofing Tools 2013 - Español
    Microsoft Office Shared 64-bit MUI (English) 2013
    Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2013
    Microsoft Office Shared MUI (English) 2013
    Microsoft Office Shared Setup Metadata MUI (English) 2013
    Microsoft OneNote MUI (English) 2013
    Microsoft Outlook MUI (English) 2013
    Microsoft PowerPoint MUI (English) 2013
    Microsoft Publisher MUI (English) 2013
    Microsoft Report Viewer Redistributable 2008 (KB971119)
    Microsoft Report Viewer Redistributable 2008 SP1
    Microsoft Security Client
    Microsoft Security Essentials
    Microsoft SQL Server 2008 R2 (64-bit)
    Microsoft SQL Server 2008 R2 Native Client
    Microsoft SQL Server 2008 R2 Policies
    Microsoft SQL Server 2008 R2 RsFx Driver
    Microsoft SQL Server 2008 R2 Setup (English)
    Microsoft SQL Server 2008 Setup Support Files
    Microsoft SQL Server Browser
    Microsoft SQL Server Compact 3.5 SP2 ENU
    Microsoft SQL Server Compact 3.5 SP2 Query Tools ENU
    Microsoft SQL Server VSS Writer
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2005 Redistributable (x64)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106
    Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.51106
    Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.51106
    Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106
    Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106
    Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
    Microsoft Visual Studio Tools for Applications 2.0 - ENU
    Microsoft Web Platform Installer 2.0
    Microsoft Word MUI (English) 2013
    MobileWiFi
    Mozilla Firefox 35.0.1 (x86 en-US)
    Mozilla Maintenance Service
    Native Instruments - Kore 2 Controller
    Native Instruments Kore 2
    Native Instruments Massive
    Native Instruments Service Center
    Ohm Force - Ohmicide VST
    OpenAL
    Outils de vérification linguistique 2013 de Microsoft Office - Français
    Pastel Evolution (6.50.85)
    Pastel Evolution (6.60.84)
    Pastel Evolution (6.81.48)
    Pastel Evolution (6.81.51)
    Pastel Evolution Business Intelligence Centre
    Pastel Evolution Cash Manager
    Pastel Evolution Inventory Issue
    Pastel Evolution Mobile Sales
    Pluralinput
    Polygon version 1.0
    Quake Live
    Qualcomm Atheros WiFi Driver Installation
    Race Driver Grid
    RecoveryFix for BKF Evaluation Ver 4.02.01
    Sage Evolution (6.82.65)
    Sage Evolution (6.82.67)
    Sage Evolution (6.82.81)
    Sage Evolution (7.00.174)
    Sage Evolution (7.00.195)
    Sage Evolution (7.00.198)
    Sage Evolution (7.00.204)
    Sage Evolution (7.00.207)
    Sage Evolution Advanced Procurement
    Sage Evolution Alert Management
    Sage Evolution Debtors Manager
    Sage Evolution Delivery Management
    Sage Evolution Global Tax
    Sage Evolution Intelligence Reporting
    Sage Evolution Inventory Issue
    Sage Evolution Inventory Optimisation
    Sage Evolution Mobile Sales
    Sage Evolution Outlook Add-in
    Sage Evolution Service Manager
    Sage Evolution Voucher Management
    SAP Crystal Reports runtime engine for .NET Framework 4 (32-bit)
    Schaack Audio Technologies Transient Shaper VST v2.04
    Skype™ 7.0
    SQL Server 2008 R2 Common Files
    SQL Server 2008 R2 Database Engine Services
    SQL Server 2008 R2 Database Engine Shared
    SQL Server 2008 R2 Management Studio
    Sql Server Customer Experience Improvement Program
    Steam
    Stutter Edit Expansion 1
    Stutter Edit Expansion 2
    TeamPlayer 2.2.0
    TeamSpeak 3 Client
    TeamViewer 10
    TeraCopy 2.3
    TuneUp Utilities 2014
    TuneUp Utilities 2014 (en-US)
    Virtual DJ Pro Full - Atomix Productions
    VLC media player 1.1.9
    VMware Player
    Vodafone Mobile Broadband
    Warface Launcher (Beta)
    Waves Complete V9r21
    Winamp
    WinAutomation
    Windows Small Business Server 2011 Standard ClientAgent
    Windows Small Business Server 2011 Standard WMI Provider
    WinRAR 5.00 beta 8 (64-bit)
    .
    ==== Event Viewer Messages From Past Week ========
    .
    09/02/2015 11:08:00, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
    09/02/2015 11:01:09, Error: Schannel [36888] - The following fatal alert was generated: 10. The internal error state is 10.
    09/02/2015 08:31:50, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
    09/02/2015 07:45:33, Error: NETLOGON [5719] - This computer was not able to set up a secure session with a domain controller in domain AS2 due to the following: There are currently no logon servers available to service the logon request. This may lead to authentication problems. Make sure that this computer is connected to the network. If the problem persists, please contact your domain administrator. ADDITIONAL INFO If this computer is a domain controller for the specified domain, it sets up the secure session to the primary domain controller emulator in the specified domain. Otherwise, this computer sets up the secure session to any domain controller in the specified domain.
    08/02/2015 17:47:12, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.191.4085.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.11302.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
    08/02/2015 17:41:09, Error: Microsoft-Windows-TerminalServices-RemoteConnectionManager [1067] - The terminal server cannot register 'TERMSRV' Service Principal Name to be used for server authentication. The following error occured: The specified domain either does not exist or could not be contacted. .
    08/02/2015 17:37:33, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.191.4085.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.11302.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
    08/02/2015 17:37:11, Error: Microsoft-Windows-GroupPolicy [1129] - The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.
    07/02/2015 15:15:44, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the MBAMScheduler service.
    06/02/2015 16:11:08, Error: Microsoft-Windows-SharedAccess_NAT [31004] - The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.
    05/02/2015 12:43:32, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
    05/02/2015 12:43:03, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.
    05/02/2015 12:42:27, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the LanmanServer service.
    05/02/2015 08:26:12, Error: Microsoft-Windows-SharedAccess_NAT [30013] - The DHCP allocator has disabled itself on IP address 192.168.0.110, since the IP address is outside the 192.168.137.0/255.255.255.0 scope from which addresses are being allocated to DHCP clients. To enable the DHCP allocator on this IP address, change the scope to include the IP address, or change the IP address to fall within the scope.
    05/02/2015 08:08:20, Error: Microsoft-Windows-SharedAccess_NAT [34001] - The ICS_IPV6 failed to configure IPv6 stack.
    .
    ==== End Of File ===========================
     
  6. Broni

    Broni Malware Annihilator Posts: 52,884   +344

    [​IMG] Download RogueKiller from one of the following links and save it to your Desktop:

    Link 1
    Link 2

    • Close all the running programs
    • Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    [​IMG] Create new restore point before proceeding with the next step....
    How to: http://www.smartestcomputing.us.com/topic/63983-how-to-create-new-restore-point-all-windows/

    Download [​IMG] Malwarebytes Anti-Rootkit (MBAR) to your desktop.
    • Warning! Malwarebytes Anti-Rootkit needs to be run from an account with administrator rights.
    • Double click on downloaded file. OK self extracting prompt.
    • MBAR will start. Click "Next" to continue.
    • Click in the following screen "Update" to obtain the latest malware definitions.
    • Once the update is complete select "Next" and click "Scan".
    • When the scan is finished and no malware has been found select "Exit".
    • If malware was detected, make sure to check all the items and click "Cleanup". Reboot your computer.
    • Open the MBAR folder located on your Desktop and paste the content of the following files in your next reply:
      • "mbar-log-{date} (xx-xx-xx).txt"
      • "system-log.txt"
    NOTE. If you see This version requires you to completely exit the Anti Malware application message right click on the Malwarebytes Anti-Malware icon in the system tray and click on Exit.
     
  7. skombeazel

    skombeazel TS Rookie Topic Starter Posts: 25

    *-*-* In Decending order *-*-* RKreport_DEL_02102015_163608.log

    RogueKiller V10.2.0.0 [Jan 19 2015] by Adlice Software
    mail : http://www.adlice.com/contact/
    Feedback : http://forum.adlice.com
    Website : http://www.adlice.com/softwares/roguekiller/
    Blog : http://www.adlice.com

    Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User : JP [Administrator]
    Mode : Delete -- Date : 02/10/2015 16:36:08

    ¤¤¤ Processes : 2 ¤¤¤
    [Proc.Injected] iexplore.exe(7148) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe[7] -> Killed [TermProc]
    [Proc.Injected] iexplore.exe(5652) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe[7] -> Killed [TermProc]

    ¤¤¤ Registry : 13 ¤¤¤
    [PUM.SearchPage] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Search Page : http://go.microsoft.com/fwlink/?LinkId=54896 -> Replaced (http://go.microsoft.com/fwlink/?LinkId=54896)
    [PUM.SearchPage] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Search Page : http://go.microsoft.com/fwlink/?LinkId=54896 -> Replaced (http://go.microsoft.com/fwlink/?LinkId=54896)
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{A902A7FD-8296-43DE-B849-2DD8FAEAD097} | DhcpNameServer : [(Private Address) (XX)][(Private Address) (XX)] -> Replaced ()
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{A902A7FD-8296-43DE-B849-2DD8FAEAD097} | DhcpNameServer : [(Private Address) (XX)][(Private Address) (XX)] -> Replaced ()
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{A902A7FD-8296-43DE-B849-2DD8FAEAD097} | DhcpNameServer : [(Private Address) (XX)][(Private Address) (XX)] -> Replaced ()
    [PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 2 -> Replaced (2)
    [PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 2 -> Replaced (2)
    [PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-1913415371-4241227638-503936330-1202\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 1 -> Replaced (1)
    [PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-1913415371-4241227638-503936330-1202\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 1 -> Replaced (1)
    [PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 0 -> Replaced (0)
    [PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 0 -> Replaced (0)
    [PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 0 -> Replaced (0)
    [PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 0 -> Replaced (0)

    ¤¤¤ Tasks : 0 ¤¤¤

    ¤¤¤ Files : 0 ¤¤¤

    ¤¤¤ Hosts File : 0 ¤¤¤

    ¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤

    ¤¤¤ Web browsers : 1 ¤¤¤
    [FIREFX:Addon] 8uy6i9ye.default : Battlefield Play4Free [battlefieldplay4free@ea.com] -> Deleted

    ¤¤¤ MBR Check : ¤¤¤
    +++++ PhysicalDrive0: TOSHIBA MQ01ABD075 ATA Device +++++
    --- User ---
    [MBR] 5425fba6f519b39071d0f4b6a4d379ca
    [BSP] 95e5e9219f45e49bf13c080a11a9cb95 : Windows Vista/7/8 MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
    1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 203302 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
    2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 416569344 | Size: 512000 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
    User = LL1 ... OK
    User = LL2 ... OK


    ============================================
    RKreport_DEL_02042015_165229.log - RKreport_SCN_02042015_165123.log - RKreport_SCN_02102015_163406.log - RKreport_DEL_02102015_163521.log
    RKreport_DEL_02102015_163542.log
     
  8. skombeazel

    skombeazel TS Rookie Topic Starter Posts: 25

    RKreport_DEL_02102015_163542.log


    RogueKiller V10.2.0.0 [Jan 19 2015] by Adlice Software
    mail : http://www.adlice.com/contact/
    Feedback : http://forum.adlice.com
    Website : http://www.adlice.com/softwares/roguekiller/
    Blog : http://www.adlice.com

    Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User : JP [Administrator]
    Mode : Delete -- Date : 02/10/2015 16:35:42

    ¤¤¤ Processes : 2 ¤¤¤
    [Proc.Injected] iexplore.exe(7148) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe[7] -> Killed [TermProc]
    [Proc.Injected] iexplore.exe(5652) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe[7] -> Killed [TermProc]

    ¤¤¤ Registry : 13 ¤¤¤
    [PUM.SearchPage] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Search Page : www.google.com -> Replaced (http://go.microsoft.com/fwlink/?LinkId=54896)
    [PUM.SearchPage] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Search Page : www.google.com -> Replaced (http://go.microsoft.com/fwlink/?LinkId=54896)
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{A902A7FD-8296-43DE-B849-2DD8FAEAD097} | DhcpNameServer : 10.20.30.8 10.20.30.19 [(Private Address) (XX)][(Private Address) (XX)] -> Replaced ()
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{A902A7FD-8296-43DE-B849-2DD8FAEAD097} | DhcpNameServer : 10.20.30.8 10.20.30.19 [(Private Address) (XX)][(Private Address) (XX)] -> Replaced ()
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{A902A7FD-8296-43DE-B849-2DD8FAEAD097} | DhcpNameServer : 10.20.30.8 10.20.30.19 [(Private Address) (XX)][(Private Address) (XX)] -> Replaced ()
    [PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> Replaced (2)
    [PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> Replaced (2)
    [PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-1913415371-4241227638-503936330-1202\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Replaced (1)
    [PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-1913415371-4241227638-503936330-1202\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Replaced (1)
    [PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Replaced (0)
    [PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Replaced (0)
    [PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Replaced (0)
    [PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Replaced (0)

    ¤¤¤ Tasks : 0 ¤¤¤

    ¤¤¤ Files : 0 ¤¤¤

    ¤¤¤ Hosts File : 0 ¤¤¤

    ¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤

    ¤¤¤ Web browsers : 0 ¤¤¤

    ¤¤¤ MBR Check : ¤¤¤
    +++++ PhysicalDrive0: TOSHIBA MQ01ABD075 ATA Device +++++
    --- User ---
    [MBR] 5425fba6f519b39071d0f4b6a4d379ca
    [BSP] 95e5e9219f45e49bf13c080a11a9cb95 : Windows Vista/7/8 MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
    1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 203302 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
    2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 416569344 | Size: 512000 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
    User = LL1 ... OK
    User = LL2 ... OK


    ============================================
    RKreport_DEL_02042015_165229.log - RKreport_SCN_02042015_165123.log - RKreport_SCN_02102015_163406.log - RKreport_DEL_02102015_163521.log
     
  9. skombeazel

    skombeazel TS Rookie Topic Starter Posts: 25

    RKreport_DEL_02102015_163521.log

    RogueKiller V10.2.0.0 [Jan 19 2015] by Adlice Software
    mail : http://www.adlice.com/contact/
    Feedback : http://forum.adlice.com
    Website : http://www.adlice.com/softwares/roguekiller/
    Blog : http://www.adlice.com

    Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User : JP [Administrator]
    Mode : Delete -- Date : 02/10/2015 16:35:21

    ¤¤¤ Processes : 2 ¤¤¤
    [Proc.Injected] iexplore.exe(7148) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe[7] -> Killed [TermProc]
    [Proc.Injected] iexplore.exe(5652) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe[7] -> Killed [TermProc]

    ¤¤¤ Registry : 13 ¤¤¤
    [PUM.SearchPage] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Search Page : www.google.com -> Not selected
    [PUM.SearchPage] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Search Page : www.google.com -> Not selected
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{A902A7FD-8296-43DE-B849-2DD8FAEAD097} | DhcpNameServer : 10.20.30.8 10.20.30.19 [(Private Address) (XX)][(Private Address) (XX)] -> Not selected
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{A902A7FD-8296-43DE-B849-2DD8FAEAD097} | DhcpNameServer : 10.20.30.8 10.20.30.19 [(Private Address) (XX)][(Private Address) (XX)] -> Not selected
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{A902A7FD-8296-43DE-B849-2DD8FAEAD097} | DhcpNameServer : 10.20.30.8 10.20.30.19 [(Private Address) (XX)][(Private Address) (XX)] -> Not selected
    [PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> Not selected
    [PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> Not selected
    [PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-1913415371-4241227638-503936330-1202\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Not selected
    [PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-1913415371-4241227638-503936330-1202\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Not selected
    [PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Not selected
    [PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Not selected
    [PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Not selected
    [PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Not selected

    ¤¤¤ Tasks : 0 ¤¤¤

    ¤¤¤ Files : 0 ¤¤¤

    ¤¤¤ Hosts File : 0 ¤¤¤

    ¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤

    ¤¤¤ Web browsers : 0 ¤¤¤

    ¤¤¤ MBR Check : ¤¤¤
    +++++ PhysicalDrive0: TOSHIBA MQ01ABD075 ATA Device +++++
    --- User ---
    [MBR] 5425fba6f519b39071d0f4b6a4d379ca
    [BSP] 95e5e9219f45e49bf13c080a11a9cb95 : Windows Vista/7/8 MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
    1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 203302 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
    2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 416569344 | Size: 512000 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
    User = LL1 ... OK
    User = LL2 ... OK


    ============================================
    RKreport_DEL_02042015_165229.log - RKreport_SCN_02042015_165123.log - RKreport_SCN_02102015_163406.log
     
  10. skombeazel

    skombeazel TS Rookie Topic Starter Posts: 25

    RKreport_SCN_02102015_163406.log

    RogueKiller V10.2.0.0 [Jan 19 2015] by Adlice Software
    mail : http://www.adlice.com/contact/
    Feedback : http://forum.adlice.com
    Website : http://www.adlice.com/softwares/roguekiller/
    Blog : http://www.adlice.com

    Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User : JP [Administrator]
    Mode : Scan -- Date : 02/10/2015 16:34:06

    ¤¤¤ Processes : 2 ¤¤¤
    [Proc.Injected] iexplore.exe(7148) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe[7] -> Killed [TermProc]
    [Proc.Injected] iexplore.exe(5652) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe[7] -> Killed [TermProc]

    ¤¤¤ Registry : 13 ¤¤¤
    [PUM.SearchPage] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Search Page : www.google.com -> Found
    [PUM.SearchPage] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Search Page : www.google.com -> Found
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{A902A7FD-8296-43DE-B849-2DD8FAEAD097} | DhcpNameServer : 10.20.30.8 10.20.30.19 [(Private Address) (XX)][(Private Address) (XX)] -> Found
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{A902A7FD-8296-43DE-B849-2DD8FAEAD097} | DhcpNameServer : 10.20.30.8 10.20.30.19 [(Private Address) (XX)][(Private Address) (XX)] -> Found
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{A902A7FD-8296-43DE-B849-2DD8FAEAD097} | DhcpNameServer : 10.20.30.8 10.20.30.19 [(Private Address) (XX)][(Private Address) (XX)] -> Found
    [PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> Found
    [PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> Found
    [PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-1913415371-4241227638-503936330-1202\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Found
    [PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-1913415371-4241227638-503936330-1202\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Found
    [PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found
    [PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Found
    [PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found
    [PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Found

    ¤¤¤ Tasks : 0 ¤¤¤

    ¤¤¤ Files : 0 ¤¤¤

    ¤¤¤ Hosts File : 0 ¤¤¤

    ¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤

    ¤¤¤ Web browsers : 0 ¤¤¤

    ¤¤¤ MBR Check : ¤¤¤
    +++++ PhysicalDrive0: TOSHIBA MQ01ABD075 ATA Device +++++
    --- User ---
    [MBR] 5425fba6f519b39071d0f4b6a4d379ca
    [BSP] 95e5e9219f45e49bf13c080a11a9cb95 : Windows Vista/7/8 MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
    1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 203302 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
    2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 416569344 | Size: 512000 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
    User = LL1 ... OK
    User = LL2 ... OK


    ============================================
    RKreport_DEL_02042015_165229.log - RKreport_SCN_02042015_165123.log
     
  11. skombeazel

    skombeazel TS Rookie Topic Starter Posts: 25

    MBAR log:

    Malwarebytes Anti-Rootkit BETA 1.08.3.1004
    www.malwarebytes.org

    Database version:
    main: v2015.02.10.08
    rootkit: v2015.02.03.01

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 8.0.7601.17514
    JP :: JP-PC [administrator]

    10/02/2015 16:50:38
    mbar-log-2015-02-10 (16-50-38).txt

    Scan type: Quick scan
    Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
    Scan options disabled:
    Objects scanned: 452272
    Time elapsed: 27 minute(s), 24 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    Physical Sectors Detected: 0
    (No malicious items detected)

    (end)
     
  12. skombeazel

    skombeazel TS Rookie Topic Starter Posts: 25

    System log:
    ---------------------------------------
    Malwarebytes Anti-Rootkit BETA 1.08.3.1004

    (c) Malwarebytes Corporation 2011-2012

    OS version: 6.1.7601 Windows 7 Service Pack 1 x64

    Account is Administrative

    Internet Explorer version: 8.0.7601.17514

    File system is: NTFS
    Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
    CPU speed: 2.594000 GHz
    Memory total: 4104499200, free: 1931661312

    Downloaded database version: v2015.02.10.08
    Downloaded database version: v2015.02.03.01
    Downloaded database version: v2014.12.06.01
    Initializing...
    ======================
    This version of Malwarebytes Anti-Rootkit requires you to completely exit the Malwarebytes Anti-Malware application to continue.
    =======================================
    Initializing...
    This version of Malwarebytes Anti-Rootkit requires you to completely exit the Malwarebytes Anti-Malware application to continue.
    =======================================


    ---------------------------------------
    Malwarebytes Anti-Rootkit BETA 1.08.3.1004

    (c) Malwarebytes Corporation 2011-2012

    OS version: 6.1.7601 Windows 7 Service Pack 1 x64

    Account is Administrative

    Internet Explorer version: 8.0.7601.17514

    File system is: NTFS
    Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
    CPU speed: 2.594000 GHz
    Memory total: 4104499200, free: 2039607296

    Downloaded database version: v2015.02.10.08
    Downloaded database version: v2015.02.03.01
    Downloaded database version: v2014.12.06.01
    Initializing...
    ======================
    ------------ Kernel report ------------
    02/10/2015 16:50:05
    ------------ Loaded modules -----------
    \SystemRoot\system32\ntoskrnl.exe
    \SystemRoot\system32\hal.dll
    \SystemRoot\system32\kdcom.dll
    \SystemRoot\system32\mcupdate_GenuineIntel.dll
    \SystemRoot\system32\PSHED.dll
    \SystemRoot\system32\CLFS.SYS
    \SystemRoot\system32\CI.dll
    \SystemRoot\system32\drivers\Wdf01000.sys
    \SystemRoot\system32\drivers\WDFLDR.SYS
    \SystemRoot\system32\drivers\ACPI.sys
    \SystemRoot\system32\drivers\WMILIB.SYS
    \SystemRoot\system32\drivers\msisadrv.sys
    \SystemRoot\system32\drivers\pci.sys
    \SystemRoot\system32\drivers\vdrvroot.sys
    \SystemRoot\System32\drivers\partmgr.sys
    \SystemRoot\system32\DRIVERS\compbatt.sys
    \SystemRoot\system32\DRIVERS\BATTC.SYS
    \SystemRoot\system32\drivers\volmgr.sys
    \SystemRoot\System32\drivers\volmgrx.sys
    \SystemRoot\system32\DRIVERS\vmci.sys
    \SystemRoot\System32\drivers\mountmgr.sys
    \SystemRoot\system32\drivers\vsock.sys
    \SystemRoot\system32\drivers\atapi.sys
    \SystemRoot\system32\drivers\ataport.SYS
    \SystemRoot\system32\drivers\msahci.sys
    \SystemRoot\system32\drivers\PCIIDEX.SYS
    \SystemRoot\system32\drivers\amdxata.sys
    \SystemRoot\system32\drivers\fltmgr.sys
    \SystemRoot\system32\drivers\fileinfo.sys
    \SystemRoot\system32\DRIVERS\MpFilter.sys
    \SystemRoot\System32\Drivers\Ntfs.sys
    \SystemRoot\System32\Drivers\msrpc.sys
    \SystemRoot\System32\Drivers\ksecdd.sys
    \SystemRoot\System32\Drivers\cng.sys
    \SystemRoot\System32\drivers\pcw.sys
    \SystemRoot\System32\Drivers\Fs_Rec.sys
    \SystemRoot\system32\drivers\ndis.sys
    \SystemRoot\system32\drivers\NETIO.SYS
    \SystemRoot\System32\Drivers\ksecpkg.sys
    \SystemRoot\System32\drivers\tcpip.sys
    \SystemRoot\System32\drivers\fwpkclnt.sys
    \SystemRoot\system32\drivers\vmstorfl.sys
    \SystemRoot\system32\drivers\volsnap.sys
    \SystemRoot\System32\Drivers\spldr.sys
    \SystemRoot\System32\drivers\rdyboost.sys
    \SystemRoot\System32\Drivers\mup.sys
    \SystemRoot\System32\drivers\hwpolicy.sys
    \SystemRoot\System32\DRIVERS\fvevol.sys
    \SystemRoot\system32\drivers\disk.sys
    \SystemRoot\system32\drivers\CLASSPNP.SYS
    \SystemRoot\system32\DRIVERS\dtsoftbus01.sys
    \SystemRoot\system32\DRIVERS\cdrom.sys
    \SystemRoot\System32\Drivers\Null.SYS
    \SystemRoot\System32\Drivers\Beep.SYS
    \SystemRoot\System32\drivers\vga.sys
    \SystemRoot\System32\drivers\VIDEOPRT.SYS
    \SystemRoot\System32\drivers\watchdog.sys
    \SystemRoot\System32\DRIVERS\RDPCDD.sys
    \SystemRoot\system32\drivers\rdpencdd.sys
    \SystemRoot\system32\drivers\rdprefmp.sys
    \SystemRoot\System32\Drivers\Msfs.SYS
    \SystemRoot\System32\Drivers\Npfs.SYS
    \SystemRoot\system32\DRIVERS\tdx.sys
    \SystemRoot\system32\DRIVERS\TDI.SYS
    \SystemRoot\system32\drivers\afd.sys
    \SystemRoot\System32\DRIVERS\netbt.sys
    \SystemRoot\system32\drivers\ws2ifsl.sys
    \SystemRoot\system32\DRIVERS\wfplwf.sys
    \SystemRoot\system32\DRIVERS\pacer.sys
    \SystemRoot\system32\DRIVERS\vwififlt.sys
    \SystemRoot\system32\DRIVERS\netbios.sys
    \SystemRoot\system32\DRIVERS\wanarp.sys
    \SystemRoot\system32\DRIVERS\termdd.sys
    \SystemRoot\system32\DRIVERS\rdbss.sys
    \SystemRoot\system32\drivers\nsiproxy.sys
    \SystemRoot\system32\DRIVERS\mssmbios.sys
    \SystemRoot\System32\drivers\discache.sys
    \SystemRoot\system32\drivers\csc.sys
    \SystemRoot\System32\Drivers\dfsc.sys
    \SystemRoot\system32\DRIVERS\blbdrive.sys
    \SystemRoot\system32\DRIVERS\igdkmd64.sys
    \SystemRoot\System32\drivers\dxgkrnl.sys
    \SystemRoot\System32\drivers\dxgmms1.sys
    \SystemRoot\system32\DRIVERS\usbehci.sys
    \SystemRoot\system32\DRIVERS\USBPORT.SYS
    \SystemRoot\system32\DRIVERS\HDAudBus.sys
    \SystemRoot\system32\DRIVERS\k57nd60a.sys
    \SystemRoot\system32\DRIVERS\sdbus.sys
    \SystemRoot\system32\DRIVERS\i8042prt.sys
    \SystemRoot\system32\DRIVERS\kbdclass.sys
    \??\C:\Windows\system32\drivers\VMkbd.sys
    \SystemRoot\system32\DRIVERS\mouclass.sys
    \SystemRoot\system32\DRIVERS\CmBatt.sys
    \SystemRoot\system32\DRIVERS\wmiacpi.sys
    \SystemRoot\system32\DRIVERS\intelppm.sys
    \SystemRoot\system32\DRIVERS\CompositeBus.sys
    \SystemRoot\system32\DRIVERS\AgileVpn.sys
    \SystemRoot\system32\DRIVERS\rasl2tp.sys
    \SystemRoot\system32\DRIVERS\ndistapi.sys
    \SystemRoot\system32\DRIVERS\ndiswan.sys
    \SystemRoot\system32\DRIVERS\raspppoe.sys
    \SystemRoot\system32\DRIVERS\raspptp.sys
    \SystemRoot\system32\DRIVERS\rassstp.sys
    \SystemRoot\system32\DRIVERS\rdpbus.sys
    \SystemRoot\system32\DRIVERS\swenum.sys
    \SystemRoot\system32\DRIVERS\ks.sys
    \SystemRoot\system32\DRIVERS\umbus.sys
    \SystemRoot\system32\DRIVERS\ew_jubusenum.sys
    \SystemRoot\system32\DRIVERS\usbhub.sys
    \SystemRoot\System32\Drivers\NDProxy.SYS
    \SystemRoot\system32\drivers\HdAudio.sys
    \SystemRoot\system32\drivers\portcls.sys
    \SystemRoot\system32\drivers\drmk.sys
    \SystemRoot\system32\drivers\ksthunk.sys
    \SystemRoot\system32\DRIVERS\IntcDAud.sys
    \SystemRoot\System32\win32k.sys
    \SystemRoot\System32\drivers\Dxapi.sys
    \SystemRoot\System32\Drivers\crashdmp.sys
    \SystemRoot\System32\Drivers\dump_dumpata.sys
    \SystemRoot\System32\Drivers\dump_msahci.sys
    \SystemRoot\System32\Drivers\dump_dumpfve.sys
    \SystemRoot\System32\TSDDD.dll
    \SystemRoot\System32\cdd.dll
    \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    \SystemRoot\system32\DRIVERS\USBD.SYS
    \SystemRoot\system32\DRIVERS\usbccgp.sys
    \SystemRoot\System32\ATMFD.DLL
    \SystemRoot\system32\drivers\luafv.sys
    \SystemRoot\system32\drivers\WudfPf.sys
    \SystemRoot\system32\DRIVERS\vmnetbridge.sys
    \SystemRoot\system32\DRIVERS\VMNET.SYS
    \SystemRoot\system32\DRIVERS\lltdio.sys
    \SystemRoot\system32\DRIVERS\nwifi.sys
    \SystemRoot\system32\DRIVERS\ndisuio.sys
    \SystemRoot\system32\DRIVERS\rspndr.sys
    \SystemRoot\system32\drivers\HTTP.sys
    \SystemRoot\system32\DRIVERS\bowser.sys
    \SystemRoot\System32\drivers\mpsdrv.sys
    \SystemRoot\system32\DRIVERS\mrxsmb.sys
    \SystemRoot\system32\DRIVERS\mrxsmb10.sys
    \SystemRoot\system32\DRIVERS\mrxsmb20.sys
    \??\C:\Windows\system32\drivers\hcmon.sys
    \??\C:\Windows\system32\drivers\vmx86.sys
    \SystemRoot\system32\drivers\peauth.sys
    \SystemRoot\System32\Drivers\secdrv.SYS
    \SystemRoot\System32\DRIVERS\srvnet.sys
    \SystemRoot\System32\drivers\tcpipreg.sys
    \??\C:\Windows\system32\drivers\vmnetuserif.sys
    \SystemRoot\System32\DRIVERS\srv2.sys
    \SystemRoot\System32\DRIVERS\srv.sys
    \SystemRoot\System32\drivers\ipnat.sys
    \SystemRoot\System32\drivers\rdpdr.sys
    \SystemRoot\system32\drivers\tdtcp.sys
    \SystemRoot\System32\DRIVERS\tssecsrv.sys
    \SystemRoot\System32\Drivers\RDPWD.SYS
    \SystemRoot\system32\DRIVERS\asyncmac.sys
    \SystemRoot\system32\DRIVERS\monitor.sys
    \SystemRoot\system32\DRIVERS\hidusb.sys
    \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    \SystemRoot\system32\DRIVERS\kbdhid.sys
    \SystemRoot\system32\DRIVERS\mouhid.sys
    \SystemRoot\system32\DRIVERS\point64.sys
    \SystemRoot\system32\DRIVERS\WSDScan.sys
    \SystemRoot\system32\DRIVERS\WSDPrint.sys
    \??\C:\Windows\system32\drivers\mbamchameleon.sys
    \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
    \Windows\System32\ntdll.dll
    \Windows\System32\smss.exe
    \Windows\System32\apisetschema.dll
    \Windows\System32\autochk.exe
    \Windows\System32\psapi.dll
    \Windows\System32\difxapi.dll
    \Windows\System32\comdlg32.dll
    \Windows\System32\shell32.dll
    \Windows\System32\clbcatq.dll
    \Windows\System32\msctf.dll
    \Windows\System32\setupapi.dll
    \Windows\System32\wininet.dll
    \Windows\System32\user32.dll
    \Windows\System32\gdi32.dll
    \Windows\System32\ws2_32.dll
    \Windows\System32\iertutil.dll
    \Windows\System32\advapi32.dll
    \Windows\System32\imm32.dll
    \Windows\System32\imagehlp.dll
    \Windows\System32\rpcrt4.dll
    \Windows\System32\Wldap32.dll
    \Windows\System32\kernel32.dll
    \Windows\System32\nsi.dll
    \Windows\System32\usp10.dll
    \Windows\System32\msvcrt.dll
    \Windows\System32\shlwapi.dll
    \Windows\System32\oleaut32.dll
    \Windows\System32\lpk.dll
    \Windows\System32\normaliz.dll
    \Windows\System32\ole32.dll
    \Windows\System32\urlmon.dll
    \Windows\System32\sechost.dll
    \Windows\System32\devobj.dll
    \Windows\System32\KernelBase.dll
    \Windows\System32\crypt32.dll
    \Windows\System32\cfgmgr32.dll
    \Windows\System32\wintrust.dll
    \Windows\System32\comctl32.dll
    \Windows\System32\msasn1.dll
    \Windows\SysWOW64\normaliz.dll
    ----------- End -----------
    Done!

    Scan started
    Database versions:
    main: v2015.02.10.08
    rootkit: v2015.02.03.01

    <<<2>>>
    Physical Sector Size: 512
    Drive: 0, DevicePointer: 0xfffffa800502c060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    --------- Disk Stack ------
    DevicePointer: 0xfffffa800502cb90, DeviceName: Unknown, DriverName: \Driver\partmgr\
    DevicePointer: 0xfffffa800502c060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    DevicePointer: 0xfffffa8004a06060, DeviceName: \Device\Ide\IdeDeviceP0T0L0-0\, DriverName: \Driver\atapi\
    ------------ End ----------
    Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    Upper DeviceData: 0x0, 0x0, 0x0
    Lower DeviceData: 0x0, 0x0, 0x0
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    <<<2>>>
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
    Done!
    Drive 0
    This is a System drive
    Scanning MBR on drive 0...
    Inspecting partition table:
    MBR Signature: 55AA
    Disk Signature: E865E392

    Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048 Numsec = 204800
    Partition file system is NTFS
    Partition is bootable

    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 206848 Numsec = 416362496

    Partition 2 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 416569344 Numsec = 1048576000

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Disk Size: 750156374016 bytes
    Sector size: 512 bytes

    Done!
    Scan finished
    =======================================


    Removal queue found; removal started
    Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-I.mbam...
    Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-0-2048-I.mbam...
    Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
    Removal finished
     
  13. Broni

    Broni Malware Annihilator Posts: 52,884   +344

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Very Important! Temporarily disable your anti-virus and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
      If the connection is not there use restore point you created prior to running Combofix.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error Illegal operation attempted on a registery key that has been marked for deletion, restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try the following...

    Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Download Rkill (courtesy of BleepingComputer.com) to your desktop.
    There are 2 different versions. If one of them won't run then download and try to run the other one.
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
    iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

    Restart computer in safe mode

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Windows Vista, 7 or 8 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    When the scan is done Notepad will open with rKill.txt log.
    NOTE. rKill.txt log will also be present on your desktop.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
     
  14. Broni

    Broni Malware Annihilator Posts: 52,884   +344

    Still with me?
     
  15. Broni

    Broni Malware Annihilator Posts: 52,884   +344

    Reopened.
     
    Last edited: Mar 2, 2015
  16. Broni

    Broni Malware Annihilator Posts: 52,884   +344

    Bumped.
     
  17. skombeazel

    skombeazel TS Rookie Topic Starter Posts: 25

    Thank you sir :)

    here are my logs for ComboFix:

    ComboFix 15-03-01.01 - JP 02/03/2015 17:16:20.1.4 - x64
    Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3914.2463 [GMT 2:00]
    Running from: c:\users\JP.AS2\Downloads\ComboFix.exe
    AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
    SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\program files (x86)\UniDeealsa
    c:\program files (x86)\UniDeealsa\r72tBS7d0rw9oq.dat
    c:\program files (x86)\UniDeealsa\r72tBS7d0rw9oq.exe
    c:\program files (x86)\UniDeealsa\r72tBS7d0rw9oq.tlb
    c:\program files (x86)\UniDeealsa\r72tBS7d0rw9oq.x64.dll
    c:\programdata\ntuser.pol
    c:\users\JP.AS2\AppData\Local\assembly\tmp
    c:\windows\msvcr71.dll
    c:\windows\SysWow64\80509.dat
    c:\windows\SysWow64\hookdll.dll
    c:\windows\SysWow64\tmp276D.tmp
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    -------\Service_test
    .
    .
    ((((((((((((((((((((((((( Files Created from 2015-02-02 to 2015-03-02 )))))))))))))))))))))))))))))))
    .
    .
    2015-03-02 15:28 . 2015-03-02 15:28 144 ----a-w- c:\windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
    2015-03-02 15:23 . 2015-03-02 15:23 -------- d-----w- c:\users\JP~AS2\AppData\Local\temp
    2015-03-02 15:23 . 2015-03-02 15:23 -------- d-----w- c:\users\Default\AppData\Local\temp
    2015-03-02 15:23 . 2015-03-02 15:23 -------- d-----w- c:\users\netadmin\AppData\Local\temp
    2015-03-02 15:23 . 2015-03-02 15:23 -------- d-----w- c:\users\JP\AppData\Local\temp
    2015-03-02 14:57 . 2015-03-02 14:57 -------- d-----w- C:\CSV
    2015-03-02 14:52 . 2015-01-29 09:07 11910896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7E95EA3E-72B4-44D8-B30B-8244EC003E24}\mpengine.dll
    2015-03-02 06:07 . 2015-01-29 09:07 11910896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2015-02-25 11:42 . 2015-02-25 11:42 -------- d-----w- c:\users\JP.AS2\AppData\Local\TechSmith
    2015-02-25 11:40 . 2015-02-25 11:40 -------- d-----w- c:\programdata\regid.1995-08.com.techsmith
    2015-02-25 11:39 . 2015-02-25 11:39 -------- d-----w- c:\program files (x86)\Common Files\TechSmith Shared
    2015-02-25 11:38 . 2015-02-25 11:38 -------- d-----w- c:\programdata\TechSmith
    2015-02-25 11:38 . 2015-02-25 11:38 -------- d-----w- c:\program files (x86)\TechSmith
    2015-02-20 14:10 . 2015-02-20 14:10 -------- d-----w- c:\users\JP.AS2\AppData\Local\AskPartnerNetwork
    2015-02-20 14:10 . 2015-02-20 14:10 -------- d-----w- c:\programdata\AskPartnerNetwork
    2015-02-20 14:10 . 2015-02-20 14:10 -------- d-----w- c:\program files (x86)\AskPartnerNetwork
    2015-02-20 14:09 . 2015-02-20 14:09 -------- d-----w- c:\programdata\APN
    2015-02-20 14:09 . 2015-02-20 14:09 -------- d-----w- c:\programdata\YTD Video Downloader
    2015-02-20 14:08 . 2015-02-20 14:08 -------- d-----w- c:\program files (x86)\GreenTree Applications
    2015-02-19 07:18 . 2015-02-19 07:18 -------- d-----w- c:\programdata\AMMYY
    2015-02-16 06:34 . 2015-02-16 06:34 -------- d-----w- c:\users\JP.AS2\AppData\Local\Geckofx
    2015-02-16 06:28 . 2015-02-16 06:28 -------- d-----w- c:\program files (x86)\eReflect
    2015-02-16 06:28 . 2015-02-16 06:31 -------- d-----w- c:\programdata\Ultimate Vocabulary
    2015-02-16 06:24 . 2015-02-16 06:24 -------- d-----w- c:\users\JP.AS2\AppData\Roaming\eReflect
    2015-02-14 05:10 . 2015-02-14 05:10 -------- d-----w- c:\program files\Common Files\Steinberg
    2015-02-14 05:10 . 2015-02-14 05:11 -------- d-----w- c:\program files\Sugar Bytes
    2015-02-12 11:00 . 2015-02-12 12:34 -------- d-----w- c:\users\JP.AS2\AppData\Local\Free YouTube Downloader
    2015-02-12 10:59 . 2015-02-12 10:59 -------- d-----w- c:\program files (x86)\Free YouTube Downloader
    2015-02-12 07:54 . 2015-02-12 07:54 -------- d-----w- c:\program files (x86)\UNiDEals o
    2015-02-10 18:14 . 2015-02-10 18:14 -------- d-----w- c:\program files (x86)\MP3Diags-unstable
    2015-02-10 14:50 . 2015-02-10 15:18 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
    2015-02-09 05:59 . 2014-09-16 17:00 1188440 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1E2D3696-18DE-4C43-A1C5-0E93521495D3}\gapaengine.dll
    2015-02-05 13:27 . 2015-03-02 06:16 -------- d-----w- c:\users\JP.AS2\AppData\Local\CrashDumps
    2015-02-05 08:37 . 2015-02-05 08:37 -------- d-----w- c:\users\JP.AS2\AppData\Roaming\FabFilter
    2015-02-05 08:23 . 2009-03-18 18:23 1597440 ----a-w- C:\FabFilter Volcano 2.dpm
    2015-02-05 08:23 . 2015-02-05 08:23 -------- d-----w- c:\program files (x86)\FabFilter
    2015-02-05 08:14 . 2015-02-05 08:14 -------- d-----w- c:\programdata\RAW
    2015-02-05 08:14 . 2015-02-05 08:14 -------- d-----w- c:\program files (x86)\Rob Papen
    2015-02-04 14:44 . 2015-02-10 14:13 35064 ----a-w- c:\windows\system32\drivers\TrueSight.sys
    2015-02-04 14:44 . 2015-02-04 14:44 -------- d-----w- c:\programdata\RogueKiller
    2015-02-04 14:44 . 2015-02-04 14:44 -------- d-----w- C:\TDSSKiller_Quarantine
    2015-02-03 07:29 . 2015-02-03 07:31 -------- d-----w- C:\AdwCleaner
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2015-03-02 13:57 . 2015-01-28 12:54 129752 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
    2015-02-16 08:59 . 2014-08-04 17:53 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2015-02-16 08:59 . 2014-08-04 17:53 701616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2015-02-11 06:36 . 2015-02-11 06:38 14804709 ----a-w- C:\StiegelMeyer_110214.zip
    2015-02-10 14:49 . 2015-01-28 12:54 97496 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
    2015-01-11 11:08 . 2015-01-11 11:07 68 ----a-w- C:\on.bat
    2015-01-08 15:36 . 2015-01-09 06:02 150080131 ----a-w- C:\3streams smokehouse.zip
    2014-12-31 11:14 . 2010-11-21 03:27 298120 ------w- c:\windows\system32\MpSigStub.exe
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
    @="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
    [HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
    2012-10-01 18:33 1720976 ----a-w- c:\progra~2\MICROS~2\Office15\GROOVEEX.DLL
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
    @="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
    [HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
    2012-10-01 18:33 1720976 ----a-w- c:\progra~2\MICROS~2\Office15\GROOVEEX.DLL
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
    @="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
    [HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
    2012-10-01 18:33 1720976 ----a-w- c:\progra~2\MICROS~2\Office15\GROOVEEX.DLL
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2014-08-17 04:09 131480 ----a-w- c:\users\JP.AS2\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2014-08-17 04:09 131480 ----a-w- c:\users\JP.AS2\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
    @="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
    2014-08-17 04:09 131480 ----a-w- c:\users\JP.AS2\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
    @="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
    2014-08-17 04:09 131480 ----a-w- c:\users\JP.AS2\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2014-08-17 04:09 131480 ----a-w- c:\users\JP.AS2\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
    @="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
    2014-08-17 04:09 131480 ----a-w- c:\users\JP.AS2\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2014-08-17 04:09 131480 ----a-w- c:\users\JP.AS2\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
    @="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
    2014-08-17 04:09 131480 ----a-w- c:\users\JP.AS2\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Mobile Partner"="c:\program files (x86)\MobileWiFi\MobileWiFi" [X]
    "DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2014-03-04 3696912]
    "uTorrent"="c:\users\JP.AS2\AppData\Roaming\uTorrent\uTorrent.exe" [2014-12-01 1385808]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "ApnTBMon"="c:\program files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe" [2015-02-04 1980824]
    "KORG USB-MIDI Driver"="c:\program files (x86)\KORG\KORG USB-MIDI Driver\EsHelper2.exe" [2014-01-15 394096]
    .
    c:\users\JP.AS2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Send to OneNote.lnk - c:\program files (x86)\Microsoft Office\Office15\ONENOTEM.EXE /tsr [2012-10-1 158344]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
    "LoadAppInit_DLLs"=1 (0x1)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "midi2"=KORGUM64.DRV
    "midi3"=KORGUM64.DRV
    "midi4"=KORGUM64.DRV
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    .
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
    R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
    R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
    R2 SQLAgent$SQLEXPRESS2008R2;SQL Server Agent (SQLEXPRESS2008R2);c:\program files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS2008R2\MSSQL\Binn\SQLAGENT.EXE;c:\program files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS2008R2\MSSQL\Binn\SQLAGENT.EXE [x]
    R2 WinAutomation Service;WinAutomation Service;c:\program files\WinAutomation\WinAutomation.ServiceAgent.exe;c:\program files\WinAutomation\WinAutomation.ServiceAgent.exe [x]
    R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
    R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys;c:\windows\SYSNATIVE\DRIVERS\ew_hwusbdev.sys [x]
    R3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\DRIVERS\ew_usbenumfilter.sys;c:\windows\SYSNATIVE\DRIVERS\ew_usbenumfilter.sys [x]
    R3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\DRIVERS\ew_jucdcacm.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jucdcacm.sys [x]
    R3 huawei_cdcecm;huawei_cdcecm;c:\windows\system32\DRIVERS\ew_jucdcecm.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jucdcecm.sys [x]
    R3 huawei_ext_ctrl;huawei_ext_ctrl;c:\windows\system32\DRIVERS\ew_juextctrl.sys;c:\windows\SYSNATIVE\DRIVERS\ew_juextctrl.sys [x]
    R3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [x]
    R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x]
    R3 KORGUMDS;KORG USB-MIDI Driver for Windows;c:\windows\system32\Drivers\KORGUM64.SYS;c:\windows\SYSNATIVE\Drivers\KORGUM64.SYS [x]
    R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
    R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
    R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
    R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
    R3 pikbd;Pluralinput Keyboard 0.8.6;c:\windows\system32\DRIVERS\pikbd.sys;c:\windows\SYSNATIVE\DRIVERS\pikbd.sys [x]
    R3 pimou;Pluralinput Mouse 0.8.6;c:\windows\system32\DRIVERS\pimou.sys;c:\windows\SYSNATIVE\DRIVERS\pimou.sys [x]
    R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
    R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
    R3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\DRIVERS\WSDScan.sys;c:\windows\SYSNATIVE\DRIVERS\WSDScan.sys [x]
    R4 Evolution Mobile Service;Evolution Mobile Service;c:\program files (x86)\Sage Pastel Evolution\Evolution Mobile Service\SageService.SelfHost.exe;c:\program files (x86)\Sage Pastel Evolution\Evolution Mobile Service\SageService.SelfHost.exe [x]
    R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [x]
    R4 RsFx0150;RsFx0150 Driver;c:\windows\system32\DRIVERS\RsFx0150.sys;c:\windows\SYSNATIVE\DRIVERS\RsFx0150.sys [x]
    R4 VmbService;Vodafone Mobile Broadband Service;c:\program files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe;c:\program files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe [x]
    S0 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys;c:\windows\SYSNATIVE\DRIVERS\vmci.sys [x]
    S0 vsock;vSockets Driver;c:\windows\system32\drivers\vsock.sys;c:\windows\SYSNATIVE\drivers\vsock.sys [x]
    S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
    S2 APNMCP;Ask Update Service;c:\program files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe;c:\program files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [x]
    S2 atashost;WebEx Service Host for Support Center;c:\windows\SysWOW64\atashost.exe;c:\windows\SysWOW64\atashost.exe [x]
    S2 Evolution Freedom Service;Evolution Freedom Service;c:\program files (x86)\Sage Pastel Evolution\Freedom Service\Freedom.ServiceHost.exe;c:\program files (x86)\Sage Pastel Evolution\Freedom Service\Freedom.ServiceHost.exe [x]
    S2 HWDeviceService64.exe;HWDeviceService64.exe;c:\programdata\DatacardService\HWDeviceService64.exe;c:\programdata\DatacardService\HWDeviceService64.exe [x]
    S2 igfxCUIService1.0.0.0;Intel(R) HD Graphics Control Panel Service;c:\windows\system32\igfxCUIService.exe;c:\windows\SYSNATIVE\igfxCUIService.exe [x]
    S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]
    S2 MSSQL$SQLEXPRESS2008R2;SQL Server (SQLEXPRESS2008R2);c:\program files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS2008R2\MSSQL\Binn\sqlservr.exe;c:\program files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS2008R2\MSSQL\Binn\sqlservr.exe [x]
    S2 TeamViewer9;TeamViewer 9;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [x]
    S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe;c:\program files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe [x]
    S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [x]
    S2 ZAtheros Wlan Agent;ZAtheros Wlan Agent;c:\program files (x86)\Atheros\Ath_WlanAgent.exe;c:\program files (x86)\Atheros\Ath_WlanAgent.exe [x]
    S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jubusenum.sys [x]
    S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
    S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys;c:\program files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys [x]
    .
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
    @="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
    [HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
    2012-10-01 18:47 2322576 ----a-w- c:\progra~1\MICROS~3\Office15\GROOVEEX.DLL
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
    @="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
    [HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
    2012-10-01 18:47 2322576 ----a-w- c:\progra~1\MICROS~3\Office15\GROOVEEX.DLL
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
    @="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
    [HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
    2012-10-01 18:47 2322576 ----a-w- c:\progra~1\MICROS~3\Office15\GROOVEEX.DLL
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2014-08-17 04:10 164760 ----a-w- c:\users\JP.AS2\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2014-08-17 04:10 164760 ----a-w- c:\users\JP.AS2\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
    @="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
    2014-08-17 04:10 164760 ----a-w- c:\users\JP.AS2\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
    @="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
    2014-08-17 04:10 164760 ----a-w- c:\users\JP.AS2\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2014-08-17 04:10 164760 ----a-w- c:\users\JP.AS2\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
    @="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
    2014-08-17 04:10 164760 ----a-w- c:\users\JP.AS2\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2014-08-17 04:10 164760 ----a-w- c:\users\JP.AS2\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
    @="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
    2014-08-17 04:10 164760 ----a-w- c:\users\JP.AS2\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Drivers32]
    "midi2"=KORGUM64.DRV
    "midi3"=KORGUM64.DRV
    "midi4"=KORGUM64.DRV
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    mDefault_Search_URL = www.google.com
    mDefault_Page_URL = about:blank
    mLocal Page = c:\windows\SysWOW64\blank.htm
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office15\EXCEL.EXE/3000
    IE: Se&nd to OneNote - c:\progra~2\MICROS~2\Office15\ONBttnIE.dll/105
    TCP: DhcpNameServer = 192.168.0.10
    TCP: Interfaces\{949FFFF9-2DA6-46F5-9614-8DC7D5035323}: DhcpNameServer = 192.168.0.10
    TCP: Interfaces\{949FFFF9-2DA6-46F5-9614-8DC7D5035323}\459676562775966696: DhcpNameServer = 192.168.1.1 192.168.1.1
    TCP: Interfaces\{949FFFF9-2DA6-46F5-9614-8DC7D5035323}\54368616C61627026496378696E676: DhcpNameServer = 10.0.0.2
    TCP: Interfaces\{949FFFF9-2DA6-46F5-9614-8DC7D5035323}\64275646469656: DhcpNameServer = 10.0.0.2
    Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - c:\program files (x86)\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL
    FF - ProfilePath - c:\users\JP.AS2\AppData\Roaming\Mozilla\Firefox\Profiles\8uy6i9ye.default\
    .
    - - - - ORPHANS REMOVED - - - -
    .
    BHO-{0c8b4c42-6da8-42aa-a225-1f91e7c6ad73} - c:\program files (x86)\UniDeealsa\r72tBS7d0rw9oq.dll
    BHO-{0c8b4c42-6da8-42aa-a225-1f91e7c6ad73} - c:\program files (x86)\UniDeealsa\r72tBS7d0rw9oq.x64.dll
    AddRemove-Native Instruments - Kore 2 Controller - c:\program files (x86)\Native Instruments\Kore 2 Controller\uninst.exe Software\Native Instruments\Kore 2 Controller\Setup
    AddRemove-{11F6D5AB-263F-388E-74DE-E3DECD390E3F} - c:\program files (x86)\UniDeealsa\r72tBS7d0rw9oq.exe
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
    @Denied: (A) (Everyone)
    "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
    @Denied: (A) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
    "Key"="ActionsPane3"
    "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
    c:\windows\SysWOW64\vmnat.exe
    c:\program files (x86)\Microsoft Office\Office15\ONENOTEM.EXE
    c:\program files (x86)\VMware\VMware Player\vmware-authd.exe
    c:\windows\SysWOW64\vmnetdhcp.exe
    .
    **************************************************************************
    .
    Completion time: 2015-03-02 17:32:46 - machine was rebooted
    ComboFix-quarantined-files.txt 2015-03-02 15:32
    .
    Pre-Run: 7,484,006,400 bytes free
    Post-Run: 5,047,242,752 bytes free
    .
    - - End Of File - - 9CA0826F8F8D70802BE951CB0C5FF499
    A36C5E4F47E84449FF07ED3517B43A31
     
  18. Broni

    Broni Malware Annihilator Posts: 52,884   +344

    Please move Combofix to proper location (Desktop).

    [​IMG] Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Scan button.
    • When the scan has finished click on Clean button.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the contents of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.

    [​IMG] Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.

    [​IMG] Please download Farbar Recovery Scan Tool and save it to your Desktop.

    Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
    • Double-click to run it. When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
    • The first time the tool is run, it makes also another log (Addition.txt). Please copy and paste it to your reply.
     
  19. skombeazel

    skombeazel TS Rookie Topic Starter Posts: 25

    Here is AdwCleaner log:

    # AdwCleaner v4.111 - Logfile created 04/03/2015 at 08:21:41
    # Updated 18/02/2015 by Xplode
    # Database : 2015-03-02.3 [Server]
    # Operating system : Windows 7 Professional Service Pack 1 (x64)
    # Username : JP - JP-PC
    # Running from : C:\Users\JP.AS2\Downloads\adwcleaner_4.111.exe
    # Option : Cleaning

    ***** [ Services ] *****

    Service Deleted : APNMCP

    ***** [ Files / Folders ] *****

    Folder Deleted : C:\ProgramData\apn
    Folder Deleted : C:\ProgramData\AskPartnerNetwork
    Folder Deleted : C:\ProgramData\ytd video downloader
    Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ytd video downloader
    Folder Deleted : C:\Program Files (x86)\AskPartnerNetwork
    Folder Deleted : C:\Program Files (x86)\GreenTree Applications
    Folder Deleted : C:\Program Files (x86)\DriverToolkit
    Folder Deleted : C:\Program Files (x86)\UNiDEals o

    ***** [ Scheduled tasks ] *****


    ***** [ Shortcuts ] *****

    Shortcut Disinfected : C:\Users\JP.AS2\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\StormFall.lnk

    ***** [ Registry ] *****

    Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnTbMon]
    Key Deleted : HKLM\SOFTWARE\Classes\P0c8b4c42_6da8_42aa_a225_1f91e7c6ad73_.P0c8b4c42_6da8_42aa_a225_1f91e7c6ad73_
    Key Deleted : HKLM\SOFTWARE\Classes\P0c8b4c42_6da8_42aa_a225_1f91e7c6ad73_.P0c8b4c42_6da8_42aa_a225_1f91e7c6ad73_.9
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0c8b4c42-6da8-42aa-a225-1f91e7c6ad73}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C7405EEB-2E16-40FE-9E27-1F48CAAB15E1}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0c8b4c42-6da8-42aa-a225-1f91e7c6ad73}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0c8b4c42-6da8-42aa-a225-1f91e7c6ad73}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{0c8b4c42-6da8-42aa-a225-1f91e7c6ad73}
    Key Deleted : HKCU\Software\AskPartnerNetwork
    Key Deleted : HKCU\Software\DriverToolkit
    Key Deleted : HKLM\SOFTWARE\AskPartnerNetwork
    Key Deleted : HKLM\SOFTWARE\Description
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{11F6D5AB-263F-388E-74DE-E3DECD390E3F}
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7AB5857A57A0687786597A857BFFFFFF

    ***** [ Web browsers ] *****

    -\\ Internet Explorer v8.0.7601.17514


    -\\ Mozilla Firefox v35.0.1 (x86 en-US)


    *************************

    AdwCleaner[R0].txt - [2722 bytes] - [03/02/2015 09:29:25]
    AdwCleaner[R1].txt - [2775 bytes] - [04/03/2015 08:19:37]
    AdwCleaner[S0].txt - [2790 bytes] - [03/02/2015 09:31:32]
    AdwCleaner[S1].txt - [2759 bytes] - [04/03/2015 08:21:41]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [2818 bytes] ##########
     
  20. skombeazel

    skombeazel TS Rookie Topic Starter Posts: 25

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 6.4.3 (03.01.2015:1)
    OS: Windows 7 Professional x64
    Ran by JP on 04/03/2015 at 8:34:52.69
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    ~~~ Services



    ~~~ Registry Values



    ~~~ Registry Keys



    ~~~ Files



    ~~~ Folders

    Successfully deleted: [Folder] "C:\ProgramData\ammyy"
    Failed to delete: [Folder] "C:\Users\JP.AS2\AppData\Roaming\moters"
    Successfully deleted: [Folder] "C:\Users\JP.AS2\appdata\local\free youtube downloader"
    Successfully deleted: [Folder] "C:\Program Files (x86)\free youtube downloader"



    ~~~ FireFox

    Successfully deleted: [File] C:\Users\JP.AS2\AppData\Roaming\mozilla\firefox\profiles\8uy6i9ye.default\searchplugins\ask-search.xml
    Successfully deleted the following from C:\Users\JP.AS2\AppData\Roaming\mozilla\firefox\profiles\8uy6i9ye.default\prefs.js

    user_pref("extensions.xpiState", "{\"app-profile\":{\"toolbar_SGT1-SP@apn.ask.com\":{\"d\":\"C:\\\\Users\\\\JP.AS2\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\8
    Emptied folder: C:\Users\JP.AS2\AppData\Roaming\mozilla\firefox\profiles\8uy6i9ye.default\minidumps [2 files]



    ~~~ Event Viewer Logs were cleared





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on 04/03/2015 at 8:37:01.77
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     
  21. skombeazel

    skombeazel TS Rookie Topic Starter Posts: 25

    ***Part1***

    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-03-2015
    Ran by JP (administrator) on JP-PC on 04-03-2015 08:48:29
    Running from C:\Users\JP.AS2\Downloads
    Loaded Profiles: JP (Available profiles: Netadmin & JP & JP)
    Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
    Internet Explorer Version 8 (Default browser: FF)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
    (Intel Corporation) C:\Windows\System32\igfxCUIService.exe
    (Cisco WebEx LLC) C:\Windows\SysWOW64\atashost.exe
    (Sage Pastel) C:\Program Files (x86)\Sage Pastel Evolution\Freedom Service\Freedom.ServiceHost.exe
    () C:\ProgramData\DatacardService\HWDeviceService64.exe
    (Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
    (KORG Inc.) C:\Program Files (x86)\KORG\KORG USB-MIDI Driver\EsHelper2.exe
    (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS2008R2\MSSQL\Binn\sqlservr.exe
    (Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
    (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
    (TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe
    (VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
    (Softomotive) C:\Program Files\WinAutomation\WinAutomation.ServiceAgent.exe
    (TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesApp64.exe
    (Atheros) C:\Program Files (x86)\Atheros\Ath_WlanAgent.exe
    (VMware, Inc.) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
    (VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
    (Microsoft Corporation) C:\Windows\System32\alg.exe
    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
    (Intel Corporation) C:\Windows\System32\igfxEM.exe
    (Intel Corporation) C:\Windows\System32\igfxHK.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
    (Farbar) C:\Users\JP.AS2\Downloads\FRST64(1).exe


    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM-x32\...\Run: [KORG USB-MIDI Driver] => C:\Program Files (x86)\KORG\KORG USB-MIDI Driver\EsHelper2.exe [394096 2014-01-16] (KORG Inc.)
    Winlogon\Notify\igfxcui: igfxdev.dll [X]
    HKU\S-1-5-21-1913415371-4241227638-503936330-1202\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
    HKU\S-1-5-21-1913415371-4241227638-503936330-1202\...\Run: [Mobile Partner] => C:\Program Files (x86)\MobileWiFi\MobileWiFi
    HKU\S-1-5-21-1913415371-4241227638-503936330-1202\...\Run: [uTorrent] => C:\Users\JP.AS2\AppData\Roaming\uTorrent\uTorrent.exe [1385808 2014-12-01] (BitTorrent Inc.)
    Startup: C:\Users\JP.AS2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk
    ShortcutTarget: Send to OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\Office15\ONENOTEM.EXE (Microsoft Corporation)
    Startup: C:\Users\JP.AS2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk
    ShortcutTarget: Send to OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\Office15\ONENOTEM.EXE (Microsoft Corporation)
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    HKU\S-1-5-21-1913415371-4241227638-503936330-1202\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSSE
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSSE
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
    HKU\S-1-5-21-1913415371-4241227638-503936330-1202\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKU\S-1-5-21-1913415371-4241227638-503936330-1202\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSSE
    SearchScopes: HKLM-x32 -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = http://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
    BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
    BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
    BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
    BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
    BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
    Tcpip\Parameters: [DhcpNameServer] 192.168.0.10

    FireFox:
    ========
    FF ProfilePath: C:\Users\JP.AS2\AppData\Roaming\Mozilla\Firefox\Profiles\8uy6i9ye.default
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
    FF Plugin: @microsoft.com/wpi,version=1.0 -> C:\Program Files\Microsoft\Web Platform Installer\\npwpidetector.dll (Microsoft Corp)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
    FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
    FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
    FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/wpi,version=1.1 -> C:\Program Files\Microsoft\Web Platform Installer\\npwpidetector.dll (Microsoft Corp)
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npatgpc.dll (Cisco WebEx LLC)
    FF Plugin ProgramFiles/Appdata: C:\Users\JP.AS2\AppData\Roaming\mozilla\plugins\npatgpc.dll (Cisco WebEx LLC)
    FF Extension: Search App by Ask - C:\Users\JP.AS2\AppData\Roaming\Mozilla\Firefox\Profiles\8uy6i9ye.default\Extensions\toolbar_SGT1-SP@apn.ask.com.xpi [2015-02-06]
    FF Extension: Download Status Bar - C:\Users\JP.AS2\AppData\Roaming\Mozilla\Firefox\Profiles\8uy6i9ye.default\Extensions\{6c28e999-e900-4635-a39d-b1ec90ba0c0f}.xpi [2014-08-27]
    FF Extension: SoundCloud Downloader - Technowise - C:\Users\JP.AS2\AppData\Roaming\Mozilla\Firefox\Profiles\8uy6i9ye.default\Extensions\{c8d3bc80-0810-4d21-a2c2-be5f2b2832ac}.xpi [2015-02-27]
    FF Extension: Adblock Plus - C:\Users\JP.AS2\AppData\Roaming\Mozilla\Firefox\Profiles\8uy6i9ye.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-08-04]
    FF Extension: DownThemAll! - C:\Users\JP.AS2\AppData\Roaming\Mozilla\Firefox\Profiles\8uy6i9ye.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2014-12-29]

    Chrome:
    =======
    CHR dev: Chrome dev build detected! <======= ATTENTION

    ==================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R2 Evolution Freedom Service; C:\Program Files (x86)\Sage Pastel Evolution\Freedom Service\Freedom.ServiceHost.exe [338432 2014-06-27] (Sage Pastel) [File not signed]
    S4 Evolution Mobile Service; C:\Program Files (x86)\Sage Pastel Evolution\Evolution Mobile Service\SageService.SelfHost.exe [269824 2014-05-20] () [File not signed]
    R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [351824 2013-04-10] ()
    R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [315352 2014-08-04] (Intel Corporation)
    R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
    R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
    R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
    R2 MSSQL$SQLEXPRESS2008R2; C:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS2008R2\MSSQL\Binn\sqlservr.exe [61913952 2010-04-03] (Microsoft Corporation)
    S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)
    S2 SQLAgent$SQLEXPRESS2008R2; C:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS2008R2\MSSQL\Binn\SQLAGENT.EXE [428384 2010-04-03] (Microsoft Corporation)
    R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe [2100024 2013-08-29] (TuneUp Software)
    S4 VmbService; C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe [8704 2012-10-15] (Vodafone) [File not signed]
    R2 WinAutomation Service; C:\Program Files\WinAutomation\WinAutomation.ServiceAgent.exe [166912 2011-01-27] (Softomotive) [File not signed]
    S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)
    R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Atheros\Ath_WlanAgent.exe [72864 2012-02-19] (Atheros) [File not signed]

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-10-19] (Disc Soft Ltd)
    S3 KORGUMDS; C:\Windows\System32\Drivers\KORGUM64.SYS [34136 2014-01-16] (KORG INC.)
    R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
    R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-03-04] (Malwarebytes Corporation)
    S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
    R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
    S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
    S3 pikbd; C:\Windows\System32\DRIVERS\pikbd.sys [22880 2013-11-30] (Christian Gulden)
    S3 pimou; C:\Windows\System32\DRIVERS\pimou.sys [22880 2013-11-30] (Christian Gulden)
    U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-02-10] ()
    R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys [14112 2013-08-21] (TuneUp Software)
    R0 vsock; C:\Windows\System32\drivers\vsock.sys [76480 2014-11-17] (VMware, Inc.)
    S3 catchme; \??\C:\ComboFix\catchme.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
     
  22. skombeazel

    skombeazel TS Rookie Topic Starter Posts: 25

    ***Part2***



    ==================== One Month Created Files and Folders ========

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-03-04 08:44 - 2015-03-04 08:48 - 00013528 _____ () C:\Users\JP.AS2\Downloads\FRST.txt
    2015-03-04 08:44 - 2015-03-04 08:44 - 00033188 _____ () C:\Users\JP.AS2\Downloads\Addition.txt
    2015-03-04 08:43 - 2015-03-04 08:48 - 00000000 ____D () C:\FRST
    2015-03-04 08:37 - 2015-03-04 08:37 - 00001485 _____ () C:\Users\JP.AS2\Desktop\JRT.txt
    2015-03-04 08:16 - 2015-03-04 08:16 - 02092544 _____ (Farbar) C:\Users\JP.AS2\Downloads\FRST64(1).exe
    2015-03-04 08:15 - 2015-03-04 08:16 - 02126848 _____ () C:\Users\JP.AS2\Downloads\adwcleaner_4.111.exe
    2015-03-04 08:15 - 2015-03-04 08:15 - 01388333 _____ (Thisisu) C:\Users\JP.AS2\Downloads\JRT(1).exe
    2015-03-03 17:45 - 2015-03-03 17:45 - 00010037 _____ () C:\Users\JP.AS2\Desktop\Three Streams Timesheet - 03-03-2015.xlsx
    2015-03-03 17:29 - 2015-03-03 17:31 - 00000000 ____D () C:\Users\JP.AS2\Downloads\Datsik - Release Me (Remixes)
    2015-03-03 14:20 - 2015-03-03 14:20 - 00033712 _____ () C:\Users\JP.AS2\Downloads\Glitch 2013 Psy Bass1.FXP
    2015-03-03 14:19 - 2015-03-03 14:19 - 00089134 _____ () C:\Users\JP.AS2\Downloads\Drishti Trancegates.fxb
    2015-03-03 14:18 - 2015-03-03 14:18 - 00193236 _____ () C:\Users\JP.AS2\Downloads\Bass.fxp
    2015-03-03 14:18 - 2015-03-03 14:18 - 00093282 _____ () C:\Users\JP.AS2\Downloads\squelch 2.flp
    2015-03-03 14:18 - 2015-03-03 14:18 - 00055550 _____ () C:\Users\JP.AS2\Downloads\squelch.flp
    2015-03-03 13:52 - 2015-03-03 13:52 - 00516276 _____ () C:\Users\JP.AS2\Downloads\The Psy Producers Forum Beginners Bank V3 (Sylenth 26_01_15)(1).fxb
    2015-03-03 13:10 - 2015-03-03 13:10 - 00052149 _____ () C:\Users\JP.AS2\Downloads\Salmon.zip
    2015-03-03 11:08 - 2015-03-03 11:08 - 00000000 ____D () C:\Users\JP.AS2\Downloads\Smokehouse
    2015-03-03 11:07 - 2015-03-03 11:07 - 00123216 _____ () C:\Users\JP.AS2\Downloads\Smokehouse.zip
    2015-03-03 09:58 - 2015-03-03 09:58 - 00803118 _____ () C:\Users\JP.AS2\Downloads\15 likes! FLP.zip
    2015-03-02 17:32 - 2015-03-02 17:32 - 00025636 _____ () C:\ComboFix.txt
    2015-03-02 17:14 - 2015-03-02 17:32 - 00000000 ____D () C:\Qoobox
    2015-03-02 17:14 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
    2015-03-02 17:14 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
    2015-03-02 17:14 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
    2015-03-02 17:14 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
    2015-03-02 17:14 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
    2015-03-02 17:14 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
    2015-03-02 17:14 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
    2015-03-02 17:14 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
    2015-03-02 17:13 - 2015-03-02 17:31 - 00000000 ____D () C:\Windows\erdnt
    2015-03-02 16:57 - 2015-03-02 16:57 - 00000000 ____D () C:\CSV
    2015-03-02 16:02 - 2015-03-02 16:02 - 100393835 _____ () C:\Users\JP.AS2\Documents\KILLER WORKOUT MOTIVATION (HD) 720P.mp4
    2015-03-02 15:53 - 2015-03-02 15:53 - 101778699 _____ () C:\Users\JP.AS2\Documents\BEST MOTIVATION TO WORKOUT !!!.mp4
    2015-03-02 15:49 - 2015-03-02 15:50 - 01943800 _____ (Bleeping Computer, LLC) C:\Users\JP.AS2\Downloads\rkill.exe
    2015-03-02 15:47 - 2015-03-02 15:49 - 05612482 ____R (Swearware) C:\Users\JP.AS2\Desktop\ComboFix.exe
    2015-03-02 15:38 - 2015-03-02 15:38 - 49340832 _____ () C:\Users\JP.AS2\Documents\Astounding Workout ART (HD).mp4
    2015-03-02 15:37 - 2015-03-02 15:37 - 48427688 _____ () C:\Users\JP.AS2\Documents\Pure Motivation!.mp4
    2015-02-28 16:37 - 2015-03-02 17:06 - 00000499 _____ () C:\Users\JP.AS2\Desktop\blo.txt
    2015-02-27 17:27 - 2015-02-27 17:27 - 00000000 ____D () C:\Users\JP.AS2\Downloads\Dirtyphonics - Write Your Future EP (2015)
    2015-02-27 15:16 - 2015-02-27 15:17 - 04812800 _____ () C:\Users\JP.AS2\Downloads\Workgroup
    2015-02-27 10:39 - 2015-02-27 10:39 - 00000000 ____D () C:\Users\JP.AS2\Downloads\Jack Ü – Take Ü There (Remixes)
    2015-02-27 10:13 - 2015-02-27 10:13 - 29668214 _____ () C:\Users\JP.AS2\Downloads\2015-02 pack.rar
    2015-02-27 10:12 - 2015-02-27 10:12 - 00091643 _____ () C:\Users\JP.AS2\Downloads\2015-02+pack.rar.html
    2015-02-27 09:27 - 2015-02-27 09:27 - 00000064 _____ () C:\Users\JP.AS2\Desktop\cc.txt
    2015-02-27 09:11 - 2015-02-27 09:12 - 18105857 ____R () C:\Users\JP.AS2\Downloads\Guitar Rig 4 Presets.rar
    2015-02-27 09:07 - 2015-02-27 13:49 - 00000000 ____D () C:\Users\JP.AS2\Downloads\Bong – Drop Your Head (2014) [UPA007] [GLITCH HOP, D&B, DUBSTEP] [EDM RG]
    2015-02-27 09:07 - 2015-02-27 09:08 - 00000000 ____D () C:\Users\JP.AS2\Downloads\Bong – Savage (2014) [SBHM035]
    2015-02-27 09:00 - 2015-02-27 09:00 - 00008373 _____ () C:\Users\JP.AS2\Desktop\freesoundclouddownloader.zip
    2015-02-27 08:55 - 2015-02-27 08:57 - 00000000 ____D () C:\Users\JP.AS2\Downloads\Vikings.S03E02.HDTV.x264-KILLERS[ettv]
    2015-02-27 08:39 - 2014-08-09 06:32 - 00398335 _____ () C:\Users\JP.AS2\Downloads\DJMFilterPC.zip
    2015-02-27 08:39 - 2013-11-25 00:55 - 00412366 _____ () C:\Users\JP.AS2\Downloads\DimExpVSTPC.zip
    2015-02-27 08:39 - 2011-09-01 18:38 - 00563873 _____ () C:\Users\JP.AS2\Downloads\OP1DrumUtilityPC_101.zip
    2015-02-27 08:39 - 2011-08-30 03:15 - 00327116 _____ () C:\Users\JP.AS2\Downloads\MIDIShiftArrayVSTPC.zip
    2015-02-27 08:38 - 2015-01-26 01:02 - 01052960 _____ () C:\Users\JP.AS2\Downloads\Install_Xfer_OTT.exe
    2015-02-27 08:38 - 2013-11-24 11:49 - 00374755 _____ () C:\Users\JP.AS2\Downloads\DeltaModulatorPC.zip
    2015-02-26 17:08 - 2015-02-26 17:11 - 00000000 ____D () C:\Users\JP.AS2\Downloads\Datsik-Down_For_My_Ninjas_EP--WEB-2014
    2015-02-26 16:33 - 2015-03-03 17:32 - 00000000 ____D () C:\Users\JP.AS2\Downloads\DMS.Nutty.T.Z3ta.Hardstyle.SoundBank-AMPLiFY
    2015-02-26 16:32 - 2015-02-26 16:33 - 00000000 ____D () C:\Users\JP.AS2\Downloads\Vandalism - Kick Me (WAV)
    2015-02-26 16:30 - 2015-02-26 16:30 - 00000000 ____D () C:\Users\JP.AS2\Downloads\DMS Heavy Bass NI Massive Soundset
    2015-02-26 16:29 - 2015-02-26 16:31 - 00000000 ____D () C:\Users\JP.AS2\Downloads\Vandalism.Just.Before.The.Drop
    2015-02-26 16:28 - 2015-02-26 16:28 - 00000000 ____D () C:\Users\JP.AS2\Downloads\DMS NI Massive Electro Soundset
    2015-02-26 16:10 - 2015-02-26 16:10 - 00000000 ____D () C:\Users\JP.AS2\Downloads\DanceMidiSamples Darwins Piano Sessions Vol.1 & Vol.2
    2015-02-26 16:08 - 2015-02-26 16:08 - 00022226 _____ () C:\Users\JP.AS2\Downloads\[rutracker.org].t4636402.torrent
    2015-02-26 16:08 - 2015-02-26 16:08 - 00020398 _____ () C:\Users\JP.AS2\Downloads\[rutracker.org].t4782641.torrent
    2015-02-26 16:06 - 2015-02-26 16:06 - 00018719 _____ () C:\Users\JP.AS2\Downloads\[rutracker.org].t4513555.torrent
    2015-02-26 16:06 - 2015-02-26 16:06 - 00015703 _____ () C:\Users\JP.AS2\Downloads\[rutracker.org].t4679021.torrent
    2015-02-26 16:04 - 2015-02-26 16:11 - 00000000 ____D () C:\Users\JP.AS2\Downloads\Mechanimal Psytrance Samples Vol 1
    2015-02-26 16:03 - 2015-02-26 16:03 - 00035691 _____ () C:\Users\JP.AS2\Downloads\uc.htm
    2015-02-26 16:00 - 2015-02-26 16:00 - 00027209 _____ () C:\Users\JP.AS2\Downloads\[rutracker.org].t3745574.torrent
    2015-02-26 15:59 - 2015-02-26 15:59 - 00054495 _____ () C:\Users\JP.AS2\Downloads\[rutracker.org].t2620943.torrent
    2015-02-26 15:59 - 2015-02-26 15:59 - 00004705 _____ () C:\Users\JP.AS2\Downloads\[rutracker.org].t3439909.torrent
    2015-02-26 15:59 - 2015-02-26 15:59 - 00003070 _____ () C:\Users\JP.AS2\Downloads\[rutracker.org].t3738934.torrent
    2015-02-26 15:59 - 2015-02-26 15:59 - 00000504 _____ () C:\Users\JP.AS2\Downloads\[rutracker.org].t3684345.torrent
    2015-02-26 15:58 - 2015-02-26 16:08 - 00000000 ____D () C:\Users\JP.AS2\Downloads\DanceMidiSamples.Beetz.n.Bobz.Insanity.FX.WAV-ASSiGN
    2015-02-26 15:58 - 2015-02-26 16:06 - 00000000 ____D () C:\Users\JP.AS2\Downloads\DMS Hardstyle Manipulation Vol 1
    2015-02-26 15:58 - 2015-02-26 16:03 - 00000000 ____D () C:\Users\JP.AS2\Downloads\NuBorn.PsyTrance
    2015-02-26 15:58 - 2015-02-26 15:58 - 00000000 ____D () C:\Users\JP.AS2\Downloads\DMS Mashed-Up Dance Vocals
    2015-02-26 15:57 - 2015-02-26 15:57 - 00102397 _____ () C:\Users\JP.AS2\Downloads\[rutracker.org].t2425592.torrent
    2015-02-26 15:57 - 2015-02-26 15:57 - 00063551 _____ () C:\Users\JP.AS2\Downloads\[rutracker.org].t3629952.torrent
    2015-02-26 15:57 - 2015-02-26 15:57 - 00034161 _____ () C:\Users\JP.AS2\Downloads\[rutracker.org].t2473423.torrent
    2015-02-26 15:57 - 2015-02-26 15:57 - 00021877 _____ () C:\Users\JP.AS2\Downloads\[rutracker.org].t3465985.torrent
    2015-02-26 15:57 - 2015-02-26 15:57 - 00019118 _____ () C:\Users\JP.AS2\Downloads\[rutracker.org].t4692908.torrent
    2015-02-26 15:57 - 2015-02-26 15:57 - 00000000 ____D () C:\Users\JP.AS2\Downloads\DMS - Trance Bundle MIDI
    2015-02-26 15:56 - 2015-02-26 15:56 - 00035856 _____ () C:\Users\JP.AS2\Downloads\[rutracker.org].t3757386.torrent
    2015-02-26 15:56 - 2015-02-26 15:56 - 00034783 _____ () C:\Users\JP.AS2\Downloads\[rutracker.org].t3760099.torrent
    2015-02-26 15:56 - 2015-02-26 15:56 - 00033978 _____ () C:\Users\JP.AS2\Downloads\[rutracker.org].t3409779(1).torrent
    2015-02-26 15:55 - 2015-02-26 16:13 - 00000000 ____D () C:\Users\JP.AS2\Downloads\Dms - Mechanimal Psytrance Samples Vol.2
    2015-02-26 15:55 - 2015-02-26 15:55 - 00033978 _____ () C:\Users\JP.AS2\Downloads\[rutracker.org].t3409779.torrent
    2015-02-26 15:37 - 2015-02-26 15:37 - 00000000 ____D () C:\Users\JP.AS2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Soundcloud Playlist Downloader
    2015-02-26 15:31 - 2014-11-21 22:50 - 19195346 _____ () C:\Users\JP.AS2\Downloads\Invective MW EvilEpic.wav
    2015-02-26 14:10 - 2014-12-26 09:04 - 183908813 _____ () C:\Users\JP.AS2\Downloads\ums18.PlugInGuru.MegaWav.Combo.rar
    2015-02-26 13:35 - 2015-02-26 14:05 - 62209288 _____ () C:\Users\JP.AS2\Downloads\ums18.PlugInGuru.MegaWav.Combo.rar.part
    2015-02-26 11:49 - 2015-02-26 11:49 - 117501954 _____ () C:\Users\JP.AS2\Documents\Making Of _The Prodigy's Firestarter_ by Jim Pavloff in Ableton Live.mp4
    2015-02-26 11:47 - 2015-02-26 11:47 - 56788480 _____ () C:\Users\JP.AS2\Documents\Making of _The Prodigy - Voodoo People_ in Ableton by Jim Pavloff.mp4
    2015-02-26 11:46 - 2015-02-26 11:46 - 42389456 _____ () C:\Users\JP.AS2\Documents\Making of _The Prodigy - Smack My ***** Up_ in Ableton by Jim Pavloff.mp4
    2015-02-26 09:59 - 2015-02-26 10:00 - 00078042 _____ () C:\Users\JP.AS2\Desktop\Job Quotation MCM_pre.rtm
    2015-02-25 16:03 - 2015-02-25 16:04 - 00070126 _____ () C:\Users\JP.AS2\Desktop\Job card.rtm
    2015-02-25 15:19 - 2015-02-25 15:19 - 00030740 _____ () C:\Users\JP.AS2\Downloads\[limetorrents.cc]Datzme.–.Nihilism.EP..2014..[HAR291].[ELECTRO.HOUSE..DUBST.torrent
    2015-02-25 15:15 - 2015-02-25 15:16 - 39921532 _____ () C:\Users\JP.AS2\Downloads\Against Humanity - Saqqarah Remix Stems.zip
    2015-02-25 14:52 - 2015-02-25 14:52 - 143385882 _____ () C:\Users\JP.AS2\Documents\POWER_RANGERS.mp4
    2015-02-25 13:43 - 2015-02-25 13:43 - 00003788 _____ () C:\Windows\System32\Tasks\TechSmith Updater
    2015-02-25 13:42 - 2015-02-25 13:42 - 00000000 ____D () C:\Users\JP.AS2\AppData\Local\TechSmith
    2015-02-25 13:41 - 2015-02-25 13:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TechSmith
    2015-02-25 13:40 - 2015-02-25 13:40 - 00000000 ____D () C:\ProgramData\regid.1995-08.com.techsmith
    2015-02-25 13:38 - 2015-02-25 13:38 - 00000000 ____D () C:\ProgramData\TechSmith
    2015-02-25 13:38 - 2015-02-25 13:38 - 00000000 ____D () C:\Program Files (x86)\TechSmith
    2015-02-25 13:23 - 2015-02-25 13:25 - 00000000 ____D () C:\Users\JP.AS2\Downloads\Techsmith Snagit v12.2.2 Build 2107 Final Eng_Rus
    2015-02-25 13:22 - 2015-02-25 13:22 - 00013652 _____ () C:\Users\JP.AS2\Downloads\[rutracker.org].t4920863.torrent
    2015-02-25 10:19 - 2015-02-25 10:21 - 00000000 ____D () C:\Users\JP.AS2\Downloads\English Pronunciation Books and Audio books Collection - Mantesh
    2015-02-25 09:01 - 2015-02-26 15:43 - 00000000 ____D () C:\Users\JP.AS2\Downloads\Ableton Live 9 Suite 9.1.3 (Win 64 bit) (patch - io) [ChingLiu]
    2015-02-25 08:40 - 2015-02-25 08:40 - 176078321 _____ () C:\Users\JP.AS2\Documents\Dragon Ball Z_ Light of Hope - Pilot.mp4
    2015-02-24 20:06 - 2015-02-24 20:06 - 00000749 _____ () C:\Users\JP.AS2\Desktop\gdsfsdfsdsfdfsdfsd.txt
    2015-02-24 16:05 - 2015-02-24 16:06 - 08371384 _____ (Digital Metaphors ) C:\Users\JP.AS2\Downloads\LearnRAP.exe
    2015-02-24 15:58 - 2015-02-24 15:58 - 76367905 _____ () C:\Users\JP.AS2\Documents\MOD Vienna 2015 Beyond the future by Monster Energy Highlights.mp4
    2015-02-24 14:18 - 2015-02-24 14:18 - 00019365 _____ () C:\Users\JP.AS2\Downloads\[rutracker.org].t4666193.torrent
    2015-02-24 13:10 - 2015-02-24 13:10 - 00001174 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk
    2015-02-24 13:10 - 2015-02-24 13:10 - 00001162 _____ () C:\Users\Public\Desktop\TeamViewer 9.lnk
    2015-02-24 13:10 - 2015-02-24 13:10 - 00000000 ____D () C:\Users\JP.AS2\Downloads\TeamViewer Premium v10.0.39052 Multilanguage + Crack {B@tman}
    2015-02-24 13:10 - 2015-02-24 13:10 - 00000000 ____D () C:\Users\JP.AS2\Downloads\TeamViewer 9.0.26297 Incl Premium + Enterprise Activator [KaranPC]
    2015-02-24 12:37 - 2015-02-24 12:37 - 49294916 _____ () C:\Users\JP.AS2\Documents\Jeremy Ellis - Maschine & MPC Lessons #22 part 2.mp4
    2015-02-24 12:36 - 2015-02-24 12:36 - 48702889 _____ () C:\Users\JP.AS2\Documents\Jeremy Ellis - Maschine & MPC Lessons #22 part 1.mp4
    2015-02-24 12:36 - 2015-02-24 12:36 - 23179175 _____ () C:\Users\JP.AS2\Documents\Jeremy Ellis - Maschine & MPC Lessons #23.mp4
    2015-02-24 12:35 - 2015-02-24 12:35 - 46105281 _____ () C:\Users\JP.AS2\Documents\Jeremy Ellis - Maschine & MPC Lessons #21.mp4
    2015-02-24 12:35 - 2015-02-24 12:35 - 44299220 _____ () C:\Users\JP.AS2\Documents\Jeremy Ellis - Maschine & MPC Lessons #20.mp4
    2015-02-24 12:33 - 2015-02-24 12:33 - 65378678 _____ () C:\Users\JP.AS2\Documents\Jeremy Ellis - Maschine & MPC Lessons #18.mp4
    2015-02-24 12:33 - 2015-02-24 12:33 - 34015506 _____ () C:\Users\JP.AS2\Documents\Jeremy Ellis - Maschine & MPC Lessons #19.mp4
    2015-02-24 12:32 - 2015-02-24 12:32 - 50775558 _____ () C:\Users\JP.AS2\Documents\Jeremy Ellis - Maschine & MPC Lessons #17.mp4
    2015-02-24 12:30 - 2015-02-24 12:30 - 24050961 _____ () C:\Users\JP.AS2\Documents\Jeremy Ellis - Maschine & MPC Lessons #16.mp4
    2015-02-24 12:30 - 2015-02-24 12:30 - 14442239 _____ () C:\Users\JP.AS2\Documents\Jeremy Ellis - Maschine & MPC Lessons #15.mp4
    2015-02-24 12:29 - 2015-02-24 12:29 - 21898007 _____ () C:\Users\JP.AS2\Documents\Jeremy Ellis - Maschine & MPC Lessons #13.mp4
    2015-02-24 12:29 - 2015-02-24 12:29 - 21701879 _____ () C:\Users\JP.AS2\Documents\Jeremy Ellis - Maschine & MPC Lessons #12.mp4
    2015-02-24 12:29 - 2015-02-24 12:29 - 15479625 _____ () C:\Users\JP.AS2\Documents\Jeremy Ellis - Maschine & MPC Lessons #14.mp4
    2015-02-24 12:28 - 2015-02-24 12:28 - 28492201 _____ () C:\Users\JP.AS2\Documents\Jeremy Ellis - Maschine & MPC Lessons #10.mp4
    2015-02-24 12:28 - 2015-02-24 12:28 - 15191264 _____ () C:\Users\JP.AS2\Documents\Jeremy Ellis - Maschine & MPC Lessons #11.mp4
    2015-02-24 12:27 - 2015-02-24 12:27 - 38871793 _____ () C:\Users\JP.AS2\Documents\Jeremy Ellis- Maschine & MPC Lessons #5a.mp4
    2015-02-24 12:27 - 2015-02-24 12:27 - 32221247 _____ () C:\Users\JP.AS2\Documents\Jeremy Ellis - Maschine & MPC Lessons #9.mp4
    2015-02-24 12:27 - 2015-02-24 12:27 - 28038055 _____ () C:\Users\JP.AS2\Documents\Jeremy Ellis - Maschine & MPC Lessons #8.mp4
    2015-02-24 12:25 - 2015-02-24 12:25 - 17962295 _____ () C:\Users\JP.AS2\Documents\Jeremy Ellis - Maschine & MPC Lessons #6.mp4
    2015-02-24 12:25 - 2015-02-24 12:25 - 17673622 _____ () C:\Users\JP.AS2\Documents\Jeremy Ellis - Maschine & MPC Lessons #5.mp4
    2015-02-24 12:24 - 2015-02-24 12:24 - 25348204 _____ () C:\Users\JP.AS2\Documents\Jeremy Ellis - Maschine & MPC Lessons.mp4
    2015-02-24 12:24 - 2015-02-24 12:24 - 22212717 _____ () C:\Users\JP.AS2\Documents\Jeremy Ellis - Maschine & MPC Lessons #3.mp4
    2015-02-24 12:24 - 2015-02-24 12:24 - 13679905 _____ () C:\Users\JP.AS2\Documents\Jeremy Ellis - Maschine & MPC Lessons #2.mp4
    2015-02-24 12:24 - 2015-02-24 12:24 - 08672268 _____ () C:\Users\JP.AS2\Documents\Jeremy Ellis - Maschine & MPC Lessons #4.mp4
    2015-02-24 12:22 - 2015-02-24 12:22 - 14436998 _____ () C:\Users\JP.AS2\Documents\Jeremy Ellis Presents_ MPC_MPD Lessons 5 - Cascara Variations.mp4
    2015-02-24 12:22 - 2015-02-24 12:22 - 13099695 _____ () C:\Users\JP.AS2\Documents\Jeremy Ellis Presents_ MPC_MPD Lessons 7 - Bell and Beats 2.mp4
    2015-02-24 12:22 - 2015-02-24 12:22 - 10066514 _____ () C:\Users\JP.AS2\Documents\Jeremy Ellis Presents_ MPC_MPD Lessons 8 - Bell and Beats 3.mp4
    2015-02-24 12:21 - 2015-02-24 12:21 - 10217825 _____ () C:\Users\JP.AS2\Documents\Jeremy Ellis presents - MPC_MPD Lessons 2 - Son Clave.mp4
    2015-02-24 12:21 - 2015-02-24 12:21 - 09535202 _____ () C:\Users\JP.AS2\Documents\Jeremy Ellis presents_ MPC_MPD Lessons 1- 6_8 Clave.mp4
    2015-02-24 12:21 - 2015-02-24 12:21 - 07444259 _____ () C:\Users\JP.AS2\Documents\Jeremy Ellis presents - MPC_MPD Lessons 3 - Cascara_Palito.mp4
    2015-02-24 12:21 - 2015-02-24 12:21 - 07406266 _____ () C:\Users\JP.AS2\Documents\Jeremy Ellis presents_ MPC_MPD Lessons 4 - Tumbao.mp4
    2015-02-24 12:21 - 2015-02-24 12:21 - 05117022 _____ () C:\Users\JP.AS2\Documents\Jeremy Ellis Presents_ MPC_MPD Lessons 6 - Bell and Beats 1.mp4
    2015-02-24 12:20 - 2015-02-24 12:20 - 06165068 _____ () C:\Users\JP.AS2\Documents\Jeremy Ellis - MPC_MPD Basics 4.mp4
    2015-02-24 12:20 - 2015-02-24 12:20 - 03515846 _____ () C:\Users\JP.AS2\Documents\Jeremy Ellis - MPC_MPD Basics 3.mp4
    2015-02-24 12:19 - 2015-02-24 12:19 - 05315872 _____ () C:\Users\JP.AS2\Documents\Jeremy Ellis - MPC_MPD Basics 6 - Paradiddles.mp4
    2015-02-24 12:19 - 2015-02-24 12:19 - 04584075 _____ () C:\Users\JP.AS2\Documents\Jeremy Ellis - MPC_MPD Basics 8 - Triple Paradiddles.mp4
    2015-02-24 12:19 - 2015-02-24 12:19 - 04397409 _____ () C:\Users\JP.AS2\Documents\Jeremy Ellis - MPC_MPD Basics 7 - Double Paradiddles.mp4
    2015-02-24 12:19 - 2015-02-24 12:19 - 03955972 _____ () C:\Users\JP.AS2\Documents\Jeremy Ellis - MPC_MPD Basics 2.mp4
    2015-02-24 12:18 - 2015-02-24 12:18 - 03463493 _____ () C:\Users\JP.AS2\Documents\Jeremy Ellis - MPC_MPD Basics 1.mp4
    2015-02-23 19:56 - 2015-02-23 19:57 - 00000000 ____D () C:\Users\JP.AS2\Downloads\usbdeview-x64
    2015-02-23 19:56 - 2015-02-23 19:56 - 00108171 _____ () C:\Users\JP.AS2\Downloads\usbdeview-x64.zip
    2015-02-23 19:56 - 2014-11-17 13:51 - 00169568 _____ (NirSoft) C:\Users\JP.AS2\Downloads\USBDeview.exe
    2015-02-23 19:56 - 2014-11-17 13:51 - 00022536 _____ () C:\Users\JP.AS2\Downloads\USBDeview.chm
    2015-02-23 19:40 - 2015-02-23 19:40 - 02660137 _____ () C:\Users\JP.AS2\Desktop\PadKONTROLPreload_Scenes_633659301117640000.zip
    2015-02-23 19:21 - 2015-02-23 19:21 - 08808479 _____ () C:\Users\JP.AS2\Downloads\PadKONTROL_Editor_Librarian_PC_633659297069650000.ZIP
    2015-02-23 19:06 - 2015-01-28 23:24 - 00000000 ____D () C:\Users\JP.AS2\Downloads\__MACOSX
    2015-02-23 19:06 - 2014-02-13 08:51 - 02771128 _____ (Korg Inc. ) C:\Users\JP.AS2\Downloads\DrvTools_e(1.14_r12).exe
    2015-02-23 18:29 - 2015-02-23 18:29 - 02272319 _____ () C:\Users\JP.AS2\Downloads\USA_DrvTools_e(1.14_r12).zip
    2015-02-23 17:13 - 2007-07-02 12:31 - 00000000 ____D () C:\Users\JP.AS2\Downloads\Pastor Troy - Tool Muziq (2007) - Rap [www.torrentazos.com]
    2015-02-23 15:35 - 2015-02-23 15:35 - 00000000 ____D () C:\Users\JP.AS2\Downloads\1.0.0.34
    2015-02-23 15:34 - 2015-02-23 15:34 - 03493672 _____ () C:\Users\JP.AS2\Downloads\1.0.0.34.zip
    2015-02-23 13:52 - 2015-02-23 13:52 - 00070351 _____ () C:\Users\JP.AS2\Desktop\Job Quotation export.rtm
    2015-02-23 12:35 - 2015-02-23 12:35 - 00078880 _____ () C:\Users\JP.AS2\Desktop\Job Invoice_2.rtm
    2015-02-20 16:10 - 2015-02-20 16:10 - 00000000 ____D () C:\Users\JP.AS2\AppData\Local\AskPartnerNetwork
    2015-02-20 15:16 - 2015-02-20 16:07 - 00000000 ____D () C:\Users\JP.AS2\Downloads\Heavyocity.Evolve.VSTi.DXi.RTAS.HYBRID.DVDR.D2-AiRISO
    2015-02-20 14:19 - 2015-02-20 15:04 - 140255386 _____ () C:\Users\JP.AS2\Downloads\14.NeuroVision.Vol.2.rar
    2015-02-20 13:43 - 2015-02-20 13:43 - 00000055 _____ () C:\Users\JP.AS2\Desktop\pltest.csv
    2015-02-20 13:23 - 2015-02-20 13:23 - 00030048 _____ () C:\Users\JP.AS2\Downloads\[rutracker.org].t4039095.torrent
    2015-02-20 13:23 - 2015-02-20 13:23 - 00030048 _____ () C:\Users\JP.AS2\Downloads\[rutracker.org].t4039095(2).torrent
    2015-02-20 13:23 - 2015-02-20 13:23 - 00030048 _____ () C:\Users\JP.AS2\Downloads\[rutracker.org].t4039095(1).torrent
    2015-02-20 13:19 - 2015-02-20 13:19 - 00006245 _____ () C:\Users\JP.AS2\Downloads\[rutracker.org].t4022388.torrent
    2015-02-20 12:03 - 2015-02-20 12:21 - 110314125 _____ () C:\Users\JP.AS2\Downloads\14.NeuroVision.Vol.3.rar
    2015-02-20 11:23 - 2015-02-20 11:23 - 00029623 _____ () C:\Users\JP.AS2\Downloads\[rutracker.org].t4865984.torrent
    2015-02-20 11:23 - 2015-02-20 11:23 - 00017753 _____ () C:\Users\JP.AS2\Downloads\[rutracker.org].t4914065.torrent
    2015-02-20 11:23 - 2015-02-20 11:23 - 00017718 _____ () C:\Users\JP.AS2\Downloads\[rutracker.org].t4875882.torrent
    2015-02-20 11:23 - 2015-02-20 11:23 - 00009511 _____ () C:\Users\JP.AS2\Downloads\[rutracker.org].t4867100.torrent
    2015-02-20 11:21 - 2015-02-20 11:21 - 00014165 _____ () C:\Users\JP.AS2\Downloads\[rutracker.org].t3608227.torrent
    2015-02-20 11:21 - 2015-02-20 11:21 - 00005069 _____ () C:\Users\JP.AS2\Downloads\[rutracker.org].t3957668.torrent
    2015-02-20 11:21 - 2015-02-20 11:21 - 00003557 _____ () C:\Users\JP.AS2\Downloads\[rutracker.org].t4522025.torrent
    2015-02-20 11:20 - 2015-02-20 11:20 - 00034308 _____ () C:\Users\JP.AS2\Downloads\[rutracker.org].t4677771.torrent
    2015-02-20 11:20 - 2015-02-20 11:20 - 00003624 _____ () C:\Users\JP.AS2\Downloads\[rutracker.org].t3720058.torrent
    2015-02-20 11:17 - 2015-02-20 11:17 - 00010600 _____ () C:\Users\JP.AS2\Downloads\[rutracker.org].t3725710.torrent
    2015-02-20 11:17 - 2015-02-20 11:17 - 00004368 _____ () C:\Users\JP.AS2\Downloads\[rutracker.org].t3960230.torrent
    2015-02-20 10:49 - 2015-02-20 10:55 - 19709187 _____ () C:\Users\JP.AS2\Downloads\KICK101WiN.rar
    2015-02-19 10:51 - 2015-02-19 10:52 - 00000000 ____D () C:\Users\JP.AS2\AppData\OICE_15_974FA576_32C1D314_1F2A
    2015-02-19 08:52 - 2015-02-19 08:52 - 00000519 _____ () C:\Users\JP.AS2\Desktop\18-02-2015.txt
    2015-02-18 10:36 - 2015-02-18 10:36 - 00020920 _____ () C:\Users\JP.AS2\Downloads\eReflect_207_20Speed_20Reading_202014_20_28Windows_2BMac_29_20_2B_20eReflect_20Confidence_20In_20Context-aMYOvE.torrent
    2015-02-18 10:36 - 2015-02-18 10:36 - 00020920 _____ () C:\Users\JP.AS2\Downloads\eReflect_207_20Speed_20Reading_202014_20_28Windows_2BMac_29_20_2B_20eReflect_20Confidence_20In_20Context-aMYOvE(1).torrent
    2015-02-18 10:32 - 2015-02-18 10:33 - 00000000 ____D () C:\Users\JP.AS2\Downloads\U.S. Army Reconnaissance and Surveillance Handbook
    2015-02-17 18:05 - 2015-02-17 18:09 - 73882971 ____R () C:\Users\JP.AS2\Downloads\Pastor Troy - Tool Muziq (2007) - Rap [www.torrentazos.com].rar
    2015-02-17 17:42 - 2015-02-17 17:42 - 00000000 ____D () C:\Users\JP.AS2\Downloads\Jason Ferruggia - Renegade Diet
    2015-02-17 17:42 - 2015-02-17 17:42 - 00000000 ____D () C:\Users\JP.AS2\Downloads\Create the Style You Crave on a Budget You Can Afford The Sweet Spot Guide to Home Decor - Desha Peacock
    2015-02-17 17:39 - 2015-02-17 17:42 - 00000000 ____D () C:\Users\JP.AS2\Downloads\Decision Making For Dummies -Dawna Jones + Decision Making Techniques and Applications - Mantesh
    2015-02-17 17:39 - 2015-02-17 17:39 - 00000000 ____D () C:\Users\JP.AS2\Downloads\Style for Men - The Fundamentals of Style - An Illustrated Guide to Dressing Well + Being the Best Man For Dummies - Mantesh
    2015-02-17 17:39 - 2015-02-17 17:39 - 00000000 ____D () C:\Users\JP.AS2\Downloads\David Wygant (America's Dating Agent) - No Excuses & SelfLove - Mantesh
    2015-02-17 17:38 - 2015-02-17 17:38 - 00000000 ____D () C:\Users\JP.AS2\Downloads\Susie Dent - How To Talk Like a Local A Complete Guide to English Dialects - Mantesh
    2015-02-17 17:37 - 2015-02-17 17:38 - 00000000 ____D () C:\Users\JP.AS2\Downloads\Steve Kaplan - Be the Elephant - Build a Bigger, Better Business - How to Win and Keep Big Customers - Mantesh
    2015-02-17 17:35 - 2015-02-17 17:35 - 00000000 ____D () C:\Users\JP.AS2\Downloads\The New Rules of Lifting Supercharged Ten All-New Muscle-Building Programs for Men and Women - Lou Schuler, Alwyn Cosgrove - Mantesh
    2015-02-17 17:34 - 2015-02-17 17:36 - 00000000 ____D () C:\Users\JP.AS2\Downloads\The Joy of Home Distilling The Ultimate Guide to Making Your Own Vodka, Whiskey, Rum, Brandy, Moonshine, and More - Mantesh
    2015-02-17 17:33 - 2015-02-17 17:35 - 00000000 ____D () C:\Users\JP.AS2\Downloads\Yoga Basics for Men - An Intro to Man Flow Yoga - Dean Pohlman, Pam Apostolou - Mantesh
    2015-02-17 17:33 - 2015-02-17 17:34 - 00000000 ____D () C:\Users\JP.AS2\Downloads\Improving Your Memory How to Remember What You're Starting to Forget - Janet Fogler, Lynn Stern - Mantesh
    2015-02-17 17:29 - 2015-02-17 17:38 - 00000000 ____D () C:\Users\JP.AS2\Downloads\High-Intensity 300 - Intense Workouts Including 40 of thr Toughest Test for the Ultimate Challenge - Dan Trink - Mantesh
    2015-02-17 17:29 - 2015-02-17 17:31 - 00000000 ____D () C:\Users\JP.AS2\Downloads\Writing With Power Techniques for Mastering the Writing Process
    2015-02-17 17:29 - 2015-02-17 17:29 - 00000000 ____D () C:\Users\JP.AS2\Downloads\How to Study - Ron Fry - Mantesh
    2015-02-17 17:28 - 2015-02-17 17:33 - 00000000 ____D () C:\Users\JP.AS2\Downloads\Kama Sutra - A Modern Guide to the Ancient Art of Sex - Nitya Lacroix
    2015-02-17 17:28 - 2015-02-17 17:28 - 00000000 ____D () C:\Users\JP.AS2\Downloads\Now I Know More The Revealing Stories Behind Even More of the World's Most Interesting Facts - Dan Lewis - Mantesh
    2015-02-17 17:27 - 2015-02-17 17:31 - 00000000 ____D () C:\Users\JP.AS2\Downloads\1,000 Inventions and Discoveries - Roger Bridgman - Mantesh
    2015-02-17 17:27 - 2015-02-17 17:28 - 00000000 ____D () C:\Users\JP.AS2\Downloads\But I Didn't Mean That! - How to Avoid Misunderstandings And Hurt Feelings in Everyday Life - Richard Heyman EdD, June Paris, Rachel Small - Mantesh
    2015-02-17 17:27 - 2015-02-17 17:27 - 00000000 ____D () C:\Users\JP.AS2\Downloads\How to Build a Fire And Other Handy Things Your Grandfather Knew - Erin Bried - Mantesh
    2015-02-17 17:22 - 2015-02-17 17:26 - 00000000 ____D () C:\Users\JP.AS2\Downloads\*****'s Guides As Easy As It Gets ! - People Skills - Casey Hawley - Mantesh
    2015-02-17 17:22 - 2015-02-17 17:25 - 00000000 ____D () C:\Users\JP.AS2\Downloads\Complete Guide to Dumbbell Training + Diamond-Cut Abs - Danny Kavadlo, Josh Bryant, Fred C. Hatfield - Mantesh
    2015-02-17 17:20 - 2015-02-17 17:26 - 00000000 ____D () C:\Users\JP.AS2\Downloads\Oxford Word Skills Basic,Intermediate,Advanced - Learn and Practise English Vocabulary + Supplementary Skills Reading - Mantesh
    2015-02-17 17:20 - 2015-02-17 17:22 - 00000000 ____D () C:\Users\JP.AS2\Downloads\21 Ways To Meet And Marry The Woman Of Your Dreams -Mantesh
    2015-02-17 17:17 - 2015-02-17 17:21 - 00000000 ____D () C:\Users\JP.AS2\Downloads\Men's Health Push, Pull, Swing - The Fat-Torching, Muscle-Building Dumbbell, Kettlebell & Sandbag Program - Myatt Murphy - Mantesh
    2015-02-17 17:16 - 2015-02-17 17:27 - 00000000 ____D () C:\Users\JP.AS2\Downloads\Target Vocabulary Books 1,2, 3 - Peter Watcyn-Jones - Mantesh
    2015-02-17 17:15 - 2015-02-17 17:17 - 00000000 ____D () C:\Users\JP.AS2\Downloads\Speed Mathematics - Secret Skills for Quick Mental Calculation ,Math for Life Crucial Ideas,Achieve Their Full Potential ,Speed Mathematics Simplified - Bill Handley - Mantesh
    2015-02-17 17:14 - 2015-02-17 17:17 - 00000000 ____D () C:\Users\JP.AS2\Downloads\Chi Kung - Warm Up Exercises,Health and Martial Arts,Healing Practices,Sexual Vigor,Healing Principles for Detoxification and Rejuvenation - Mantesh
    2015-02-17 17:14 - 2015-02-17 17:15 - 00000000 ____D () C:\Users\JP.AS2\Downloads\Five Good Minutes in the Evening 100 Mindful Practices to Help You Relieve Stress and Bring Your Best to Work - Jeffrey Brantley - Mantesh
    2015-02-17 17:14 - 2015-02-17 17:14 - 00000000 ____D () C:\Users\JP.AS2\Downloads\Things you should know about your mate 1000 Questions for Couples - Michael Webb - Mantesh
    2015-02-17 17:13 - 2015-02-17 17:13 - 00000000 ____D () C:\Users\JP.AS2\Downloads\Reflexology - Beginners Guide to Eliminate Pain, Lose Weight and De-Stress with Ancient Techniques - Ingrid Sen - Mantesh
    2015-02-17 17:12 - 2015-02-17 17:12 - 00000000 ____D () C:\Users\JP.AS2\Downloads\The Secrets to Writing a Successful Business Plan A Pro Shares a Step-By-Step Guide to Creating a Plan That Gets Results - Hal Shelton - Mantesh
    2015-02-17 17:12 - 2015-02-17 17:12 - 00000000 ____D () C:\Users\JP.AS2\Downloads\*****'s Guides Basic Math and Pre-Algebra - Carolyn Wheater - Mantesh
    2015-02-17 17:11 - 2015-02-17 17:12 - 00000000 ____D () C:\Users\JP.AS2\Downloads\Men’s Fitness Workout Manual 2015 + 10 Week Body Plan - Complete Guide to Building Muscle, Losing Fat and feeling Great- Mantesh
    2015-02-17 17:11 - 2015-02-17 17:12 - 00000000 ____D () C:\Users\JP.AS2\Downloads\English How to Speak English Fluently in 1 Week - Over 70+ SECRET TIPS to Learn Vocabulary and Speak Great English - Edward Clemons - Mantesh
    2015-02-17 17:11 - 2015-02-17 17:12 - 00000000 ____D () C:\Users\JP.AS2\Downloads\Boost Your Brain - Switch on Your Brain With more than 300 Puzzles,Tips and Teasers - Joel Levy - Mantesh
    2015-02-16 18:49 - 2015-02-16 18:50 - 00000000 ____D () C:\Users\JP.AS2\Downloads\The.Walking.Dead.S05E10.HDTV.x264-KILLERS[ettv]
    2015-02-16 11:23 - 2015-02-16 11:24 - 00043413 _____ () C:\Users\JP.AS2\Desktop\qin.csv
    2015-02-16 11:21 - 2015-02-16 11:21 - 00031473 _____ () C:\Users\JP.AS2\Desktop\qin.xlsx
    2015-02-16 11:03 - 2015-02-16 11:03 - 00103236 _____ () C:\Users\JP.AS2\Documents\CTN Import.csv
    2015-02-16 10:53 - 2015-02-16 10:53 - 00150584 _____ () C:\Users\JP.AS2\Documents\Linkqage CTN Inventory Journal Batch 1.xlsx
    2015-02-16 10:49 - 2015-02-16 10:21 - 00103236 _____ () C:\Users\JP.AS2\Documents\CTN Import.txt
    2015-02-16 08:34 - 2015-02-16 08:34 - 00000000 ____D () C:\Users\JP.AS2\Documents\Ultimate Vocabulary
    2015-02-16 08:34 - 2015-02-16 08:34 - 00000000 ____D () C:\Users\JP.AS2\AppData\Local\Geckofx
    2015-02-16 08:29 - 2015-02-16 08:29 - 00002156 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ultimate Vocabulary 2014.lnk
    2015-02-16 08:29 - 2015-02-16 08:29 - 00002144 _____ () C:\Users\Public\Desktop\Ultimate Vocabulary 2014.lnk
    2015-02-16 08:28 - 2015-02-16 08:31 - 00000000 ____D () C:\ProgramData\Ultimate Vocabulary
    2015-02-16 08:28 - 2015-02-16 08:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ultimate Vocabulary 2014
    2015-02-16 08:28 - 2015-02-16 08:28 - 00000000 ____D () C:\Program Files (x86)\eReflect
    2015-02-16 08:24 - 2015-02-16 08:24 - 00000000 ____D () C:\Users\JP.AS2\AppData\Roaming\eReflect
    2015-02-14 10:08 - 2015-02-26 08:38 - 00000000 ____D () C:\Users\JP.AS2\Desktop\New folder (3)
    2015-02-14 07:10 - 2015-02-14 07:11 - 00000000 ____D () C:\Users\JP.AS2\Documents\Sugar Bytes
    2015-02-14 07:10 - 2015-02-14 07:11 - 00000000 ____D () C:\Users\JP.AS2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sugar Bytes
    2015-02-14 07:10 - 2015-02-14 07:11 - 00000000 ____D () C:\Program Files\Sugar Bytes
    2015-02-14 07:10 - 2015-02-14 07:10 - 00000000 ____D () C:\Program Files\Common Files\Steinberg
    2015-02-14 06:58 - 2015-02-14 06:58 - 00000000 ____D () C:\Users\JP.AS2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TubeOhm
    2015-02-14 06:58 - 2015-02-14 06:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TubeOhm
    2015-02-13 17:05 - 2015-02-13 17:05 - 05447719 ____R () C:\Users\JP.AS2\Downloads\Antares.Tube.VST.DX.v1.0-ArCTiC.rar
    2015-02-13 17:02 - 2015-02-16 19:03 - 00000000 ____D () C:\Users\JP.AS2\Downloads\Heavyocity.Evolve.VSTi.DXi.RTAS.HYBRID.DVDR.D1-AiRISO
    2015-02-13 16:55 - 2015-02-13 17:00 - 00000000 ____D () C:\Users\JP.AS2\Downloads\Heavyocity Evolve R2 v1.6 KONTAKT UPDATE-SYNTHiC4TE [oddsox]
    2015-02-13 13:56 - 2015-02-13 14:11 - 11878802 _____ () C:\Users\JP.AS2\Downloads\Hive3304Win.zip
    2015-02-13 12:13 - 2015-02-13 12:13 - 00086361 _____ () C:\Users\JP.AS2\Desktop\Invoice.rtm
    2015-02-13 12:13 - 2015-02-13 12:13 - 00000042 _____ () C:\Users\JP.AS2\Desktop\Invoice Data.dtm
    2015-02-13 11:42 - 2015-02-13 11:42 - 00000000 ____D () C:\Users\JP.AS2\Documents\SQLSCRIPTS
    2015-02-13 10:27 - 2015-02-13 10:57 - 00000000 ____D () C:\Users\JP.AS2\Downloads\eReflect Ultimate Vocabulary 2014
    2015-02-13 10:26 - 2015-02-13 10:26 - 00015567 _____ () C:\Users\JP.AS2\Downloads\F7FC56621BFBD82C4A15235875A957C837779A74.torrent
    2015-02-12 20:11 - 2015-02-12 20:11 - 00000023 _____ () C:\Users\JP.AS2\Desktop\pa.txt
    2015-02-12 16:49 - 2015-02-12 17:00 - 00000000 ____D () C:\Users\JP.AS2\Downloads\Marco.Polo.2014.S01E03.WEBRIP.x264-2HD[rarbg]
    2015-02-12 16:49 - 2015-02-12 16:58 - 00000000 ____D () C:\Users\JP.AS2\Downloads\Marco.Polo.2014.S01E04.WEBRIP.x264-2HD
    2015-02-12 16:38 - 2015-02-12 16:38 - 00000000 ____D () C:\Users\JP.AS2\Downloads\Marco.Polo.2014.S01E02.WEBRIP.x264-2HD[ettv]
    2015-02-12 13:32 - 2015-02-12 13:32 - 00000000 ____D () C:\Users\JP.AS2\Downloads\Better Call Saul S01E02 HDTV.XviD-AFG[Pawulon]
    2015-02-12 13:07 - 2015-02-12 13:08 - 11127472 _____ () C:\Users\JP.AS2\Downloads\SetupYTD.exe
    2015-02-12 12:59 - 2015-02-12 12:59 - 00001289 _____ () C:\Users\Public\Desktop\Free YouTube Downloader.lnk
    2015-02-12 12:59 - 2015-02-12 12:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free YouTube Downloader
    2015-02-12 12:59 - 2015-02-11 08:35 - 102067712 _____ () C:\StiegelMeyer_110214.bak
    2015-02-12 12:46 - 2015-02-12 12:46 - 00000000 ____D () C:\Users\JP.AS2\Desktop\D
    2015-02-12 12:45 - 2015-02-12 12:45 - 00000000 ____D () C:\Users\JP.AS2\Downloads\FL Studio Cookbook, Friedman (Packt)[PDF][StormRG]
    2015-02-12 12:41 - 2015-02-12 12:42 - 00000000 ____D () C:\Users\JP.AS2\Downloads\Sonic Academy Ultimate Drums Dubstep
    2015-02-12 12:40 - 2015-02-12 12:40 - 00000000 ____D () C:\Users\JP.AS2\Downloads\Fab Filter Plugins Pack WIN x86 x64 - R2R [deepstatus]
    2015-02-12 10:36 - 2015-02-12 10:36 - 00000000 ____D () C:\Users\JP.AS2\Downloads\Get That Pro Sound - The Ultimate Guide to Compression
    2015-02-12 10:24 - 2015-02-12 10:24 - 00000479 _____ () C:\Users\JP.AS2\Desktop\anon.txt
    2015-02-12 10:15 - 2015-02-12 10:37 - 00000000 ____D () C:\Users\JP.AS2\Downloads\Groove3 Fabfilter Effects And Synths Explained TUTORiAL-MATRiX [deepstatus][h33t][1337x][flashtorrents]
    2015-02-12 10:02 - 2015-02-12 10:23 - 00000000 ____D () C:\Users\JP.AS2\Downloads\Lynda - Mixing an EDM Track Tutorial-kEISO
    2015-02-12 10:00 - 2015-02-12 10:05 - 00000000 ____D () C:\Users\JP.AS2\Downloads\Music Tech Magazine - 50 Ways to Supercharge Your Sound + Gear of the Year +30 Pages of Tutorials (January 2014)
    2015-02-12 10:00 - 2015-02-12 10:00 - 00000000 ____D () C:\Users\JP.AS2\Downloads\[Video Tutorial] Learn to play songs by ear never need sheet music again No prior knowledge needed_
    2015-02-11 09:10 - 2015-02-11 09:10 - 00000031 _____ () C:\Users\JP.AS2\Desktop\riaan.txt
    2015-02-11 08:38 - 2015-02-11 08:36 - 14804709 _____ () C:\StiegelMeyer_110214.zip
    2015-02-10 21:39 - 2015-02-10 21:39 - 00648177 _____ () C:\Users\JP.AS2\Documents\MP3Diags.dat
    2015-02-10 20:15 - 2015-02-10 21:39 - 00002819 _____ () C:\Users\JP.AS2\Documents\MP3Diags.ini
    2015-02-10 20:14 - 2015-02-10 20:14 - 00000000 ____D () C:\Users\JP.AS2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MP3 Diags Unstable
    2015-02-10 20:14 - 2015-02-10 20:14 - 00000000 ____D () C:\Program Files (x86)\MP3Diags-unstable
    2015-02-10 19:58 - 2015-02-10 20:01 - 07803477 _____ () C:\Users\JP.AS2\Downloads\MP3DiagsSetup-unstable.exe
    2015-02-10 16:50 - 2015-02-10 17:18 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
    2015-02-10 16:47 - 2015-02-10 17:18 - 00000000 ____D () C:\Users\JP.AS2\Desktop\mbar
    2015-02-10 16:44 - 2015-02-10 16:45 - 16466552 _____ (Malwarebytes Corp.) C:\Users\JP.AS2\Downloads\mbar-1.08.3.1004.exe
    2015-02-10 15:58 - 2015-02-10 16:11 - 15431256 _____ () C:\Users\JP.AS2\Downloads\RogueKiller(1).exe
    2015-02-10 08:31 - 2015-02-10 08:32 - 00000000 ____D () C:\Users\JP.AS2\Documents\Xite
    2015-02-09 17:21 - 2015-02-09 17:51 - 00000000 ____D () C:\Users\JP.AS2\Downloads\Season 1
    2015-02-09 15:30 - 2015-02-09 15:30 - 00134137 _____ () C:\Users\JP.AS2\Documents\MASTER Pricelist FINAL - ___.xlsx
    2015-02-09 12:14 - 2015-02-09 12:14 - 00046886 _____ () C:\Customers.csv
    2015-02-09 11:23 - 2015-02-09 11:23 - 00018561 _____ () C:\Users\JP.AS2\Desktop\dds.txt
    2015-02-09 11:23 - 2015-02-09 11:23 - 00014162 _____ () C:\Users\JP.AS2\Desktop\attach.txt
    2015-02-09 11:18 - 2015-02-09 11:18 - 00688992 ____R (Swearware) C:\Users\JP.AS2\Downloads\dds.com
    2015-02-06 12:30 - 2015-02-06 13:58 - 267260076 _____ () C:\Users\JP.AS2\Downloads\LYNDA_MIXING_AN_EDM_TRACK_TUTORIAL-kEISO.rar.part
    2015-02-05 17:41 - 2015-02-05 17:41 - 00000000 ____D () C:\Users\JP.AS2\Downloads\Limp Bizkit
    2015-02-05 17:40 - 2015-02-05 17:42 - 00000000 ____D () C:\Users\JP.AS2\Downloads\Limp Bizkit Special Edition - Chocolate Starfish and the Hot Dog Flavored Water [320kbps]
    2015-02-05 15:27 - 2015-03-03 16:53 - 00000000 ____D () C:\Users\JP.AS2\AppData\Local\CrashDumps
    2015-02-05 10:37 - 2015-02-05 10:37 - 00000000 ____D () C:\Users\JP.AS2\Documents\FabFilter
    2015-02-05 10:37 - 2015-02-05 10:37 - 00000000 ____D () C:\Users\JP.AS2\AppData\Roaming\FabFilter
    2015-02-05 10:23 - 2015-02-05 10:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FabFilter
    2015-02-05 10:23 - 2015-02-05 10:23 - 00000000 ____D () C:\Program Files (x86)\FabFilter
    2015-02-05 10:23 - 2009-03-18 20:23 - 01597440 _____ (FabFilter) C:\FabFilter Volcano 2.dpm
    2015-02-05 10:23 - 2009-03-09 02:03 - 00000286 _____ () C:\FabFilter Volcano 2.dpm.rsr
    2015-02-05 10:14 - 2015-02-05 10:14 - 00000000 ____D () C:\Users\JP.AS2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Rob Papen
    2015-02-05 10:14 - 2015-02-05 10:14 - 00000000 ____D () C:\ProgramData\RAW
    2015-02-05 10:14 - 2015-02-05 10:14 - 00000000 ____D () C:\Program Files (x86)\Rob Papen
    2015-02-05 10:06 - 2015-02-05 10:06 - 00001644 _____ () C:\Users\JP.AS2\Desktop\aaa.txt
    2015-02-05 08:55 - 2015-02-05 09:00 - 00000000 ____D () C:\Users\JP.AS2\Desktop\New folder (2)
    2015-02-04 16:44 - 2015-02-10 16:13 - 00035064 _____ () C:\Windows\system32\Drivers\TrueSight.sys
    2015-02-04 16:44 - 2015-02-04 16:44 - 00000000 ____D () C:\TDSSKiller_Quarantine
    2015-02-04 16:44 - 2015-02-04 16:44 - 00000000 ____D () C:\ProgramData\RogueKiller
    2015-02-04 13:47 - 2015-02-04 13:49 - 15431256 _____ () C:\Users\JP.AS2\Downloads\RogueKiller.exe
    2015-02-04 13:22 - 2015-02-04 13:24 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\JP.AS2\Downloads\tdsskiller.exe
    2015-02-04 11:44 - 2015-02-04 11:46 - 01388274 _____ (Thisisu) C:\Users\JP.AS2\Downloads\JRT.exe
    2015-02-04 10:51 - 2015-02-04 10:51 - 00000000 _____ () C:\Users\JP.AS2\Desktop\New Text Document (3).txt
    2015-02-03 19:15 - 2015-02-03 19:15 - 00000000 ____D () C:\Users\JP.AS2\Desktop\TC
    2015-02-03 18:31 - 2015-02-03 18:44 - 01182088 _____ () C:\Users\JP.AS2\Downloads\squad vox.wav.part
    2015-02-03 09:29 - 2015-03-04 08:21 - 00000000 ____D () C:\AdwCleaner
    2015-02-03 09:27 - 2015-02-03 09:27 - 02194432 _____ () C:\Users\JP.AS2\Downloads\AdwCleaner.exe
    2015-02-03 09:26 - 2015-02-03 09:26 - 00688992 _____ (Swearware) C:\Users\JP.AS2\Downloads\dds.scr
    2015-02-03 09:01 - 2015-02-03 09:07 - 00000000 ____D () C:\Users\JP.AS2\Downloads\Lynda - Accounting Fundamentals Tutorial
    2015-02-03 08:59 - 2015-02-03 08:59 - 00000000 ____D () C:\Users\JP.AS2\Downloads\Accounting Made Simple Accounting Explained in 100 Pages or Less (Mike Piper) (epub, mobi) {S-B}™
    2015-02-03 08:55 - 2015-02-03 08:56 - 00000000 ____D () C:\Users\JP.AS2\Downloads\Lynda - QuickBooks Advanced Bookkeeping Techniques
    2015-02-02 10:42 - 2015-02-02 10:42 - 00000109 _____ () C:\Users\JP.AS2\Desktop\ghg.txt
    2015-02-02 09:40 - 2015-02-05 12:41 - 00002184 _____ () C:\Users\JP.AS2\Desktop\Sage Evolution.lnk
    2015-02-02 09:40 - 2015-02-02 09:43 - 00000000 ____D () C:\Users\JP.AS2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sage Evolution 7.00.207

    ==================== One Month Modified Files and Folders =======

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-03-04 08:47 - 2014-08-04 19:25 - 02022106 _____ () C:\Windows\WindowsUpdate.log
    2015-03-04 08:46 - 2014-08-26 15:50 - 00000000 ____D () C:\Stuff
    2015-03-04 08:35 - 2014-12-06 01:21 - 00000000 ____D () C:\Users\JP.AS2\AppData\Roaming\moters
    2015-03-04 08:31 - 2015-01-28 14:54 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2015-03-04 08:31 - 2009-07-14 06:45 - 00020288 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2015-03-04 08:31 - 2009-07-14 06:45 - 00020288 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2015-03-04 08:24 - 2014-12-09 13:26 - 00000000 ____D () C:\ProgramData\VMware
    2015-03-04 08:24 - 2014-08-04 11:26 - 00000000 ____D () C:\Users\JP.AS2\AppData\Roaming\uTorrent
    2015-03-04 08:23 - 2014-08-04 11:13 - 00000112 _____ () C:\Windows\system32\config\netlogon.ftl
    2015-03-04 08:23 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
    2015-03-04 08:23 - 2009-07-14 06:51 - 00100557 _____ () C:\Windows\setupact.log
    2015-03-03 17:40 - 2014-08-04 13:02 - 00002008 ____H () C:\Users\JP.AS2\Documents\Default.rdp
    2015-03-03 17:02 - 2014-12-09 13:34 - 00000000 ____D () C:\Users\JP.AS2\AppData\Local\VMware
    2015-03-03 17:02 - 2009-07-14 07:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
    2015-03-03 16:53 - 2014-11-03 15:23 - 00000000 ____D () C:\Users\JP.AS2\AppData\Roaming\Skype
    2015-03-03 15:17 - 2010-11-21 05:27 - 00295552 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
    2015-03-03 10:09 - 2014-12-09 13:34 - 00000000 ____D () C:\Users\JP.AS2\AppData\Roaming\VMware
    2015-03-03 08:19 - 2014-08-25 09:06 - 00027043 _____ () C:\Users\JP.AS2\AppData\Local\BICEvolution.log
    2015-03-02 17:34 - 2014-08-08 11:24 - 00000000 ____D () C:\Users\JP.AS2\AppData\Local\Apps\2.0
    2015-03-02 17:32 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default
    2015-03-02 17:27 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
    2015-03-02 17:26 - 2010-11-21 05:47 - 09367944 _____ () C:\Windows\PFRO.log
    2015-03-02 17:26 - 2009-07-14 04:34 - 82313216 _____ () C:\Windows\system32\config\SOFTWARE.bak
    2015-03-02 17:26 - 2009-07-14 04:34 - 28311552 _____ () C:\Windows\system32\config\SYSTEM.bak
    2015-03-02 17:26 - 2009-07-14 04:34 - 00524288 _____ () C:\Windows\system32\config\DEFAULT.bak
    2015-03-02 17:26 - 2009-07-14 04:34 - 00262144 _____ () C:\Windows\system32\config\SECURITY.bak
    2015-03-02 16:28 - 2014-12-19 14:39 - 00000000 ____D () C:\Users\JP.AS2\Downloads\Season 3
    2015-03-02 08:23 - 2014-07-07 09:56 - 00000000 ____D () C:\EvoBICMetaData
    2015-03-02 07:54 - 2015-01-11 13:00 - 00000432 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
    2015-02-28 17:10 - 2009-07-14 07:13 - 00881004 _____ () C:\Windows\system32\PerfStringBackup.INI
    2015-02-26 15:37 - 2014-08-15 09:23 - 00000000 ____D () C:\Users\JP.AS2\AppData\Local\Deployment
    2015-02-24 16:19 - 2014-09-07 05:19 - 00000000 ____D () C:\Windows\Minidump
    2015-02-24 16:18 - 2014-12-19 08:42 - 456068663 _____ () C:\Windows\MEMORY.DMP
    2015-02-24 15:45 - 2014-08-04 11:16 - 00118608 _____ () C:\Users\JP.AS2\AppData\Local\GDIPFONTCACHEV1.DAT
    2015-02-24 15:39 - 2009-07-14 06:45 - 00450840 _____ () C:\Windows\system32\FNTCACHE.DAT
    2015-02-24 13:03 - 2014-08-05 09:26 - 00000000 ____D () C:\Program Files (x86)\TeamViewer
    2015-02-24 12:35 - 2014-07-04 23:02 - 00000000 ____D () C:\Program Files (x86)\Image-Line
    2015-02-23 19:50 - 2014-08-11 12:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KORG
    2015-02-23 19:50 - 2014-08-11 12:39 - 00000000 ____D () C:\Program Files (x86)\KORG
    2015-02-20 16:08 - 2015-01-29 09:47 - 00001289 _____ () C:\Users\Public\Desktop\YTD Video Downloader.lnk
    2015-02-19 13:35 - 2014-12-05 11:17 - 00000000 ____D () C:\Users\JP.AS2\Desktop\Evo
    2015-02-19 08:57 - 2014-11-03 15:23 - 00000000 ___RD () C:\Program Files (x86)\Skype
    2015-02-19 08:57 - 2014-11-03 15:22 - 00000000 ____D () C:\ProgramData\Skype
    2015-02-16 11:00 - 2014-08-28 09:04 - 00000000 ____D () C:\Users\JP.AS2\AppData\Local\Adobe
    2015-02-16 10:59 - 2014-08-04 19:53 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2015-02-16 10:59 - 2014-08-04 19:53 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2015-02-14 06:58 - 2014-08-11 17:56 - 00000000 ____D () C:\Program Files (x86)\VstPlugins
    2015-02-13 12:01 - 2014-08-05 08:52 - 00000000 ____D () C:\Users\JP.AS2\Documents\SQL Server Management Studio
    2015-02-13 10:34 - 2014-08-27 14:39 - 00000000 ____D () C:\ProgramData\TuneUp Software
    2015-02-12 21:34 - 2014-11-13 19:57 - 00000000 __HDC () C:\ProgramData\{E26B3878-7CEC-469C-B449-5CAA336DF8CD}
    2015-02-12 21:34 - 2014-11-13 19:56 - 00000000 __HDC () C:\ProgramData\{C78336EC-F2EB-4640-99A4-DFE96581B90B}
    2015-02-12 21:34 - 2014-08-04 14:55 - 00000000 ____D () C:\Users\JP.AS2\AppData\Local\Downloaded Installations
    2015-02-12 15:26 - 2014-09-03 16:16 - 00000000 ____D () C:\Program Files (x86)\Sage Evolution v7
    2015-02-11 11:47 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
    2015-02-10 16:49 - 2015-01-28 14:54 - 00097496 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
    2015-02-09 16:20 - 2015-01-12 08:41 - 00000000 ____D () C:\Users\JP.AS2\Desktop\ug
    2015-02-09 08:44 - 2014-12-19 10:52 - 00000000 ____D () C:\Program Files\TeraCopy
    2015-02-06 09:37 - 2015-01-29 11:45 - 00089343 _____ () C:\Users\JP.AS2\Desktop\Budget Income Statement Monthly.rtm
    2015-02-05 10:21 - 2014-10-08 07:51 - 00000000 ____D () C:\Program Files\VSTPlugIns
    2015-02-04 14:58 - 2014-08-05 17:02 - 00000000 ____D () C:\Users\JP.AS2\AppData\Roaming\SageEvolution-WhatsNew
    2015-02-04 14:18 - 2015-01-16 08:25 - 00000000 ____D () C:\New folder
    2015-02-04 08:13 - 2014-10-27 09:58 - 00000000 ____D () C:\Users\JP.AS2\AppData\Roaming\Dropbox
    2015-02-03 22:52 - 2014-10-27 10:04 - 00000000 ___RD () C:\Users\JP.AS2\Dropbox
    2015-02-02 12:40 - 2015-01-05 17:28 - 00000000 ____D () C:\Users\JP.AS2\Documents\2015 Timesheets
    2015-02-02 11:58 - 2014-12-09 18:40 - 00189692 _____ () C:\Users\JP.AS2\Downloads\AA_v3.5.log

    ==================== Files in the root of some directories =======

    2014-08-26 09:40 - 2014-08-26 09:40 - 0000096 _____ () C:\Users\JP.AS2\AppData\Roaming\version2.xml
    2014-08-25 09:06 - 2015-03-03 08:19 - 0027043 _____ () C:\Users\JP.AS2\AppData\Local\BICEvolution.log

    Some content of TEMP:
    ====================
    C:\Users\JP.AS2\AppData\Local\Temp\Foxit Reader Updater.exe
    C:\Users\JP.AS2\AppData\Local\Temp\Quarantine.exe
    C:\Users\JP.AS2\AppData\Local\Temp\sqlite3.dll


    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\System32\winlogon.exe => File is digitally signed
    C:\Windows\System32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\System32\services.exe => File is digitally signed
    C:\Windows\System32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\System32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed
    C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2015-02-28 16:54

    ==================== End Of Log ============================
     
  23. Broni

    Broni Malware Annihilator Posts: 52,884   +344

    I still need Addition.txt log.
     
  24. skombeazel

    skombeazel TS Rookie Topic Starter Posts: 25

    Addition.txt

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-03-2015
    Ran by JP at 2015-03-04 08:48:53
    Running from C:\Users\JP.AS2\Downloads
    Boot Mode: Normal
    ==========================================================


    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Microsoft Security Essentials (Disabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
    AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Microsoft Security Essentials (Disabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

    ==================== Installed Programs ======================

    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    µTorrent (HKU\S-1-5-21-1913415371-4241227638-503936330-1202\...\uTorrent) (Version: 3.4.2.35702 - BitTorrent Inc.)
    Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
    Adobe Reader XI (11.0.07) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
    ARC System 2 version 2.2.0 (HKLM\...\{4952A610-D484-4F6A-B1B4-33797CFDB821}_is1) (Version: 2.2.0 - IK Multimedia)
    ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.10 - Michael Tippach)
    AutoHotkey 1.0.48.05 (HKLM-x32\...\AutoHotkey) (Version: 1.0.48.05 - Chris Mallett)
    Broadcom NetLink Controller (HKLM\...\{C91DCB72-F5BB-410D-A91A-314F5D1B4284}) (Version: 15.0.7.1 - Broadcom Corporation)
    Cableguys FilterShaper 3.1.6 (HKLM\...\FilterShaper_is1) (Version: 3.1.6 - Cableguys)
    CamStudio 2.7.2 (HKLM\...\{04B83666-3A62-452B-85D3-70F8117F2329}_is1) (Version: 2.7.2 - CamStudio Open Source)
    Cisco WebEx Meetings (HKLM-x32\...\ActiveTouchMeetingClient) (Version: - Cisco WebEx LLC)
    Convert EPUB to PDF 6.6.0 (HKLM-x32\...\{C860AFE7-2A99-4AF6-AB03-116EFC14AD30}) (Version: 6.6.0 - EPUB Converter)
    Counter-Strike 1.0 (HKLM-x32\...\Counter-Strike) (Version: 1.0 - )
    Crystal Reports Basic Runtime for Visual Studio 2008 (HKLM-x32\...\{CE26F10F-C80F-4377-908B-1B7882AE2CE3}) (Version: 10.5.0.0 - Business Objects)
    DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
    Dropbox (HKU\S-1-5-21-1913415371-4241227638-503936330-1202\...\Dropbox) (Version: 3.0.3 - Dropbox, Inc.)
    EitherMouse 0.5988 (HKLM-x32\...\EitherMouse) (Version: 0.5988 - Steffen Software)
    Evolution Freedom Service (HKLM-x32\...\{24191AB7-2CA0-47C7-9B2E-DBB5322FA684}) (Version: 2.0.5291.18677 - Sage Pastel)
    Evolution Mobile Service (HKLM-x32\...\{1A1F86F6-82EE-4BBF-942F-89487F3D1743}) (Version: 1.0.5253.24107 - Sage Pastel)
    FabFilter Volcano v2.03 (HKLM-x32\...\FabFilter Volcano 2_is1) (Version: - ViP Team)
    FL Studio 11 (HKLM-x32\...\FL Studio 11) (Version: - Image-Line)
    FL Studio 11.5 (HKLM-x32\...\FL Studio 11.5) (Version: - Image-Line)
    FlowStone FL 3.0 (HKLM-x32\...\FlowStone) (Version: - )
    Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 6.2.2.802 - Foxit Corporation)
    IK Multimedia Authorization Manager version 1.0.9 (HKLM\...\{85BC0DCB-69E5-4279-AA25-F108EF896588}_is1) (Version: 1.0.9 - IK Multimedia)
    IL Download Manager (HKLM-x32\...\IL Download Manager) (Version: - Image-Line)
    IL Harmor (HKLM-x32\...\IL Harmor) (Version: - Image-Line)
    IL Shared Libraries (HKLM-x32\...\IL Shared Libraries) (Version: - Image-Line)
    Intel(R) OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: - Intel Corporation)
    Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3621 - Intel Corporation)
    iZotope Trash 2 (HKLM-x32\...\iZotope Trash 2_is1) (Version: 2.00 - iZotope, Inc.)
    K-Lite Mega Codec Pack 10.6.0 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 10.6.0 - )
    KORG KONTROL Editor (HKLM-x32\...\{2994E3F1-B6A3-40FD-860E-A54363FC266C}) (Version: 1.50.0000 - KORG Inc.)
    KORG USB-MIDI Driver Tools for Windows (HKLM-x32\...\{CACF2945-0BD5-43D3-B0CF-FA7D25DB2C1E}) (Version: 1.14.1202 - Korg Inc.)
    Lennar Digital Sylenth VSTi v1.2.1 (HKLM-x32\...\Lennar Digital Sylenth VSTi v1.2.1) (Version: - )
    Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
    Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
    Microsoft IntelliPoint 8.2 (HKLM\...\Microsoft IntelliPoint 8.2) (Version: 8.20.468.0 - Microsoft Corporation)
    Microsoft Office Professional Plus 2013 (HKLM-x32\...\Office15.PROPLUSR) (Version: 15.0.4420.1017 - Microsoft Corporation)
    Microsoft Report Viewer Redistributable 2008 SP1 (HKLM-x32\...\Microsoft Report Viewer Redistributable 2008 (KB971119)) (Version: - Microsoft Corporation)
    Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)
    Microsoft SQL Server 2008 R2 (64-bit) (HKLM\...\Microsoft SQL Server 2008 R2) (Version: - Microsoft Corporation)
    Microsoft SQL Server 2008 R2 Native Client (HKLM\...\{2180B33F-3225-423E-BBC1-7798CFD3CD1F}) (Version: 10.50.1600.1 - Microsoft Corporation)
    Microsoft SQL Server 2008 R2 Policies (HKLM-x32\...\{D21BC5B2-CBAC-48FA-A701-B5A63C1CA7B8}) (Version: 10.50.1600.1 - Microsoft Corporation)
    Microsoft SQL Server 2008 R2 Setup (English) (HKLM\...\{6D10FB2C-82A9-40F2-91D0-7BE64CF0DAF2}) (Version: 10.50.1600.1 - Microsoft Corporation)
    Microsoft SQL Server 2008 Setup Support Files (HKLM\...\{B40EE88B-400A-4266-A17B-E3DE64E94431}) (Version: 10.1.2731.0 - Microsoft Corporation)
    Microsoft SQL Server Browser (HKLM-x32\...\{BF9BF038-FE03-429D-9B26-2FA0FD756052}) (Version: 10.50.1600.1 - Microsoft Corporation)
    Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
    Microsoft SQL Server Compact 3.5 SP2 Query Tools ENU (HKLM-x32\...\{DDFD8348-058C-4F4B-85E5-6D740D4AB3FE}) (Version: 3.5.8080.0 - Microsoft Corporation)
    Microsoft SQL Server VSS Writer (HKLM\...\{288D79EE-A2D1-42AF-9597-B0ADCC23A8ED}) (Version: 10.50.1600.1 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
    Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.31007 - Microsoft Corporation)
    Microsoft Visual Studio Tools for Applications 2.0 - ENU (HKLM-x32\...\{4ECF4BDC-8387-329A-ABE9-CF5798F84BB2}) (Version: 9.0.35191 - Microsoft Corporation)
    Microsoft Web Platform Installer 2.0 (HKLM\...\{59996900-0E6C-45B7-8C39-C64CB98462E4}) (Version: 2.1.1 - Microsoft Corporation)
    MobileWiFi (HKLM-x32\...\MobileWiFi) (Version: TOOL-ConnLaucher_WIN1.12.07.00 - Huawei Technologies Co.,Ltd)
    Mozilla Firefox 35.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 35.0.1 (x86 en-US)) (Version: 35.0.1 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 31.0 - Mozilla)
    MP3 Diags Unstable (HKLM-x32\...\MP3Diags-unstable) (Version: - )
    Native Instruments - Kore 2 Controller (HKLM-x32\...\Native Instruments - Kore 2 Controller) (Version: - )
    Native Instruments Kore 2 (HKLM-x32\...\Native Instruments Kore 2) (Version: - )
    Ohm Force - Ohmicide VST (HKLM-x32\...\Ohmicide VST) (Version: - )
    OpenAL (HKLM-x32\...\OpenAL) (Version: - )
    Outils de vérification linguistique 2013 de Microsoft Office - Français (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
    Pastel Evolution (6.50.85) (HKLM-x32\...\CProgramFiles(x86)SageEvolutionv6v6.50.85) (Version: - Softline Pastel)
    Pastel Evolution (6.60.84) (HKLM-x32\...\CProgramFiles(x86)SageEvolutionv6v6.60.84) (Version: - Softline Pastel)
    Pastel Evolution (6.81.48) (HKLM-x32\...\CProgramFiles(x86)SageEvolutionv6v6.81.48) (Version: - Softline Pastel)
    Pastel Evolution (6.81.51) (HKLM-x32\...\CProgramFiles(x86)EvolutionVersion66.81.51) (Version: - Softline Pastel)
    Pastel Evolution (6.81.51) (HKLM-x32\...\CProgramFiles(x86)SageEvolutionv6v6.81.51) (Version: - Softline Pastel)
    Pastel Evolution Business Intelligence Centre (HKLM-x32\...\{2C97912D-D468-4814-979B-9B78F4954F19}) (Version: 6.8.596 - Alchemex (PTY) LTD)
    Pastel Evolution Business Intelligence Centre (HKLM-x32\...\{31A5320D-E32D-46C3-A13E-C73C482C0F03}) (Version: 6.8.594 - Alchemex (PTY) LTD)
    Pastel Evolution Business Intelligence Centre (HKLM-x32\...\{97544892-3A43-490F-B7C5-F23327D85BB7}) (Version: 6.8.590 - Alchemex (PTY) LTD)
    Pastel Evolution Cash Manager (HKLM-x32\...\{792FA6FC-24DB-4DEF-AE7F-9F1D47F6E186}) (Version: 1.6.0 - Softline Pastel)
    Pastel Evolution Cash Manager (HKLM-x32\...\{E537AB80-DF85-429A-860A-4494D6DD2256}) (Version: 1.7.1 - Softline Pastel)
    Pastel Evolution Inventory Issue (HKLM-x32\...\{6CC34425-F107-42C4-9CC3-69B6C5910794}) (Version: 6.81.221 - Softline Pastel)
    Pastel Evolution Mobile Sales (HKLM-x32\...\{E95E6EDC-23DB-4082-8F2C-292B02D0DC42}) (Version: 6.81.150 - Softline Pastel)
    Pluralinput (HKLM-x32\...\{008E3690-DF28-4719-9650-94E8416CCCBE}_is1) (Version: 0.8.6.35930 - Christian Gulden)
    Polygon version 1.0 (HKLM-x32\...\{0BF82F4F-37CC-4A00-A20E-B24AA8D90160}_is1) (Version: 1.0 - Glitchmachines)
    Quake Live (HKLM-x32\...\Quake Live) (Version: - id Software)
    Qualcomm Atheros WiFi Driver Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 3.1 - Qualcomm Atheros)
    Race Driver Grid (HKLM-x32\...\Race Driver Grid_R.G. Mechanics_is1) (Version: - R.G. Mechanics, Panky)
    RecoveryFix for BKF Evaluation Ver 4.02.01 (HKLM-x32\...\RecoveryFix for BKF - Evaluation Version_is1) (Version: - Chily Softech Pvt Ltd)
    Sage Evolution (6.82.65) (HKLM-x32\...\CProgramFiles(x86)EvolutionVersion6v6.82.65) (Version: - Sage Pastel)
    Sage Evolution (6.82.67) (HKLM-x32\...\CProgramFiles(x86)EvolutionVersion6v6.82.67) (Version: - Sage Pastel)
    Sage Evolution (6.82.67) (HKLM-x32\...\CProgramFiles(x86)SageEvolutionv6v6.82.67) (Version: - Sage Pastel)
    Sage Evolution (6.82.81) (HKLM-x32\...\CProgramFiles(x86)SageEvolutionv6v6.82.81) (Version: - Sage Pastel)
    Sage Evolution (7.00.174) (HKLM-x32\...\CProgramFiles(x86)SageEvolutionv7v7.00.174) (Version: - Sage Pastel)
    Sage Evolution (7.00.195) (HKLM-x32\...\CProgramFiles(x86)SageEvolution) (Version: - Sage Pastel)
    Sage Evolution (7.00.195) (HKLM-x32\...\CProgramFiles(x86)SageEvolutionv7v7.00.195) (Version: - Sage Pastel)
    Sage Evolution (7.00.198) (HKLM-x32\...\CProgramFiles(x86)SageEvolutionv7v7.00.198) (Version: - Sage Pastel)
    Sage Evolution (7.00.204) (HKLM-x32\...\CProgramFiles(x86)SageEvolutionv7v7.00.202) (Version: - Sage Pastel)
    Sage Evolution (7.00.207) (HKLM-x32\...\CProgramFiles(x86)SageEvolutionv7v7.00.207) (Version: - Sage Pastel)
    Sage Evolution Advanced Procurement (HKLM-x32\...\{9C96F2B7-505D-4B2E-B793-F0A2F10F7370}) (Version: 7.0.111 - Sage Pastel)
    Sage Evolution Alert Management (HKLM-x32\...\{215CB21C-90EE-4F78-A975-7232A577612B}) (Version: 7.0.109 - Sage Pastel)
    Sage Evolution Debtors Manager (HKLM-x32\...\{90CF1D0B-7866-4B97-9FF8-58DECACAC7A3}) (Version: 2.0.0 - Sage Pastel)
    Sage Evolution Delivery Management (HKLM-x32\...\{AA942942-68DD-4B06-8476-F3891CF143E7}) (Version: 7.0.115 - Sage Pastel)
    Sage Evolution Global Tax (HKLM-x32\...\{19B81904-1840-4C53-8B43-192DB8358102}) (Version: 7.0.106 - Sage Pastel)
    Sage Evolution Intelligence Reporting (HKLM-x32\...\{F53748E7-4DEE-43C0-B221-BE33FA29C3DF}) (Version: 7.0.7430.0045 - Sage Alchemex)
    Sage Evolution Inventory Issue (HKLM-x32\...\{BA9C4905-1888-47BA-9717-2B0E5D3A5088}) (Version: 6.82.316 - Sage Pastel)
    Sage Evolution Inventory Issue (HKLM-x32\...\{DB3E2547-86C2-422E-B58A-32F1E3088A48}) (Version: 7.0.30 - Sage Pastel)
    Sage Evolution Inventory Optimisation (HKLM-x32\...\{C7F40648-35C0-41BE-99E6-AB8072DB68B1}) (Version: 7.0.114 - Sage Pastel)
    Sage Evolution Mobile Sales (HKLM-x32\...\{06FA5587-1C17-4F64-B733-696ADEE9236A}) (Version: 7.0.120 - Sage Pastel)
    Sage Evolution Outlook Add-in (HKU\S-1-5-21-1913415371-4241227638-503936330-1202\...\0CC5E23BF36330E76AA2C214CF4788DDBCB92E6A) (Version: 7.0.0.12 - Sage Pastel)
    Sage Evolution Service Manager (HKLM-x32\...\{ABF08321-CE67-4E06-979B-CE15059F5DDC}) (Version: 7.0.232 - Sage Pastel)
    Sage Evolution Voucher Management (HKLM-x32\...\{8471EB46-A2EA-4511-B2F4-A78E86B826FA}) (Version: 7.0.120 - Sage Pastel)
    SAP Crystal Reports runtime engine for .NET Framework 4 (32-bit) (HKLM-x32\...\{083988D7-BDA9-4244-983B-409A634BBC09}) (Version: 13.0.1.220 - SAP)
    Schaack Audio Technologies Transient Shaper VST v2.04 (HKLM-x32\...\Schaack Audio Technologies Transient Shaper VST v2.04_is1) (Version: - )
    Search App by Ask (HKLM-x32\...\{53475431-2D53-5000-76A7-A758B70C1900}) (Version: 12.25.0.244 - APN, LLC) <==== ATTENTION
    Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
    Snagit 12 (HKLM-x32\...\{979028FC-2DBF-4BB4-A9EC-4627A9D63D50}) (Version: 12.2.2 - TechSmith Corporation)
    Soundcloud Playlist Downloader (HKU\S-1-5-21-1913415371-4241227638-503936330-1202\...\9d4be2ebecbc4e2b) (Version: 1.0.0.33 - Soundcloud Playlist Downloader)
    SQL Server 2008 R2 Common Files (Version: 10.50.1600.1 - Microsoft Corporation) Hidden
    SQL Server 2008 R2 Database Engine Services (Version: 10.50.1600.1 - Microsoft Corporation) Hidden
    SQL Server 2008 R2 Database Engine Shared (Version: 10.50.1600.1 - Microsoft Corporation) Hidden
    SQL Server 2008 R2 Management Studio (Version: 10.50.1600.1 - Microsoft Corporation) Hidden
    Sql Server Customer Experience Improvement Program (Version: 10.50.1600.1 - Microsoft Corporation) Hidden
    Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
    Stutter Edit Expansion 1 (HKLM-x32\...\Stutter Edit Expansion 1_is1) (Version: 1.00 - iZotope, Inc.)
    Stutter Edit Expansion 2 (HKLM-x32\...\Stutter Edit Expansion 2_is1) (Version: 1.00 - iZotope, Inc.)
    Sugar Bytes Turnado 1.5.1 (HKLM\...\Turnado_is1) (Version: 1.5.1 - Sugar Bytes)
    Sugar Bytes WOW2 2.1.1 (HKLM\...\WOW2_is1) (Version: 2.1.1 - Sugar Bytes)
    TeamPlayer 2.2.0 (HKLM-x32\...\TeamPlayer_is1) (Version: 2.2.0 - WunderWorks)
    TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
    TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.26297 - TeamViewer)
    TeraCopy 2.3 (HKLM\...\TeraCopy_is1) (Version: - Code Sector)
    TuneUp Utilities 2014 (en-US) (x32 Version: 14.0.1000.88 - TuneUp Software) Hidden
    TuneUp Utilities 2014 (HKLM-x32\...\TuneUp Utilities 2014) (Version: 14.0.1000.88 - TuneUp Software)
    TuneUp Utilities 2014 (x32 Version: 14.0.1000.88 - TuneUp Software) Hidden
    Ultimate Vocabulary 2014 (HKLM-x32\...\{E9AFB88A-9133-4348-BE7C-EDEFE0A1B6CF}) (Version: 14.0 - eReflect)
    Virtual DJ Pro Full - Atomix Productions (HKLM-x32\...\Virtual DJ Pro Full - Atomix Productions) (Version: - )
    VLC media player 1.1.9 (HKLM-x32\...\VLC media player) (Version: 1.1.9 - VideoLAN)
    VMware Player (HKLM-x32\...\VMware_Player) (Version: 7.0.0 - VMware, Inc)
    VMware Player (Version: 7.0.0 - VMware, Inc.) Hidden
    Vodafone Mobile Broadband (HKLM-x32\...\{6C29152D-3FF9-43B2-84E4-9B35FC0BF5C2}) (Version: 10.3.300.42078 - Vodafone)
    Warface Launcher (Beta) (HKLM-x32\...\{28D1723C-31C4-4A83-9799-DFFB3739026D}) (Version: 1.0.0 - Crytek GmbH)
    Waves Complete V9r21 (HKLM-x32\...\{93000001-C561-4E32-99EB-3C5AD3683A70}) (Version: 9.3.21 - Waves)
    Winamp (HKLM-x32\...\Winamp) (Version: 5.666 - Nullsoft, Inc)
    WinAutomation (Version: 3.1.5.637 - Softomotive Ltd) Hidden
    Windows Small Business Server 2011 Standard ClientAgent (HKLM\...\{5C72F8A3-BF39-4733-B41E-0ED7EF622E37}) (Version: 6.1.7900.1 - Microsoft Corporation)
    WinRAR 5.00 beta 8 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.00.8 - win.rar GmbH)

    ==================== Custom CLSID (selected items): ==========================

    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

    CustomCLSID: HKU\S-1-5-21-1913415371-4241227638-503936330-1202_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\JP.AS2\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-1913415371-4241227638-503936330-1202_Classes\CLSID\{56FDF344-FD6D-11d0-958A-006097C9A090}\InprocServer32 -> C:\Users\JP.AS2\AppData\Roaming\moters\supna.dll No File <==== ATTENTION
    CustomCLSID: HKU\S-1-5-21-1913415371-4241227638-503936330-1202_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)
    CustomCLSID: HKU\S-1-5-21-1913415371-4241227638-503936330-1202_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\JP.AS2\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-1913415371-4241227638-503936330-1202_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\JP.AS2\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-1913415371-4241227638-503936330-1202_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\JP.AS2\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-1913415371-4241227638-503936330-1202_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\JP.AS2\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-1913415371-4241227638-503936330-1202_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\JP.AS2\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-1913415371-4241227638-503936330-1202_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\JP.AS2\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-1913415371-4241227638-503936330-1202_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\JP.AS2\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-1913415371-4241227638-503936330-1202_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\JP.AS2\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

    ==================== Restore Points =========================


    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2009-07-14 04:34 - 2015-03-02 17:27 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
    127.0.0.1 localhost

    ==================== Scheduled Tasks (whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

    Task: {1F968657-C409-42F4-BAB8-E9585F47CF7E} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
    Task: {262B9A4A-B208-42FA-BB33-95815D1C57B6} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files (x86)\TuneUp Utilities 2014\OneClick.exe [2013-08-29] (TuneUp Software)
    Task: {5AA832CD-99A2-4D81-8D7C-8E9020763F28} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => c:\Program Files\Microsoft IntelliPoint\IPoint.exe [2011-08-01] (Microsoft Corporation)
    Task: {69FD544E-F2A4-4B13-A235-2F2CDFFB1400} - System32\Tasks\Adobe online update program => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-05-08] (Adobe Systems Incorporated)
    Task: {ADDC3DC6-0E73-44D2-B813-770DDEEA6A31} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
    Task: {B9E13D31-E182-419E-9EFA-2617E39255F8} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
    Task: {C48D2698-B5C6-45FC-9F12-4ACE197031D2} - System32\Tasks\TechSmith Updater => C:\Program Files (x86)\Common Files\TechSmith Shared\Updater\TSCUpdClt.exe [2014-07-31] (TechSmith Corporation)
    Task: {F06E4151-2915-4E6F-AE85-58681092D2D1} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe

    ==================== Loaded Modules (whitelisted) ==============

    2013-04-10 07:58 - 2013-04-10 07:58 - 00351824 _____ () C:\ProgramData\DatacardService\HWDeviceService64.exe
    2013-08-29 12:08 - 2013-08-29 12:08 - 00757048 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\avgrepliba.dll
    2010-12-09 16:42 - 2010-12-09 16:42 - 00927744 _____ () C:\Program Files\WinAutomation\System.Data.SQLite.dll
    2012-10-01 20:34 - 2012-10-01 20:34 - 06522480 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
    2014-12-19 10:52 - 2012-01-29 16:55 - 00657920 _____ () C:\Program Files\TeraCopy\TeraCopy64.dll
    2014-11-20 18:44 - 2014-11-20 18:44 - 01299136 _____ () C:\Program Files (x86)\VMware\VMware Player\libxml2.dll
    2012-10-01 20:33 - 2012-10-01 20:33 - 06522480 _____ () C:\Program Files (x86)\Microsoft Office\Office15\1033\GrooveIntlResource.dll

    ==================== Alternate Data Streams (whitelisted) =========

    (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


    ==================== Safe Mode (whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\atashost => ""="Service"

    ==================== EXE Association (whitelisted) ===============

    (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-1913415371-4241227638-503936330-1202\Control Panel\Desktop\\Wallpaper -> C:\Users\JP.AS2\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
    DNS Servers: 192.168.0.10

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (Currently there is no automatic fix for this section.)

    MSCONFIG\Services: AdobeARMservice => 2
    MSCONFIG\Services: BDESVC => 3
    MSCONFIG\Services: bthserv => 3
    MSCONFIG\Services: Evolution Freedom Service => 2
    MSCONFIG\Services: Evolution Mobile Service => 2
    MSCONFIG\Services: IePluginServices => 2
    MSCONFIG\Services: test => 2
    MSCONFIG\Services: TuneUp.UtilitiesSvc => 2
    MSCONFIG\startupfolder: C:^Users^JP.AS2^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Send to OneNote.lnk => C:\Windows\pss\Send to OneNote.lnk.Startup
    MSCONFIG\startupreg: IntelliPoint => "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
    MSCONFIG\startupreg: MobileBroadband => C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe /silent
    MSCONFIG\startupreg: VmbNotifier => C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbNotifier.exe

    ==================== Accounts: =============================

    Administrator (S-1-5-21-3714125016-866609955-929467234-500 - Administrator - Disabled)
    Guest (S-1-5-21-3714125016-866609955-929467234-501 - Limited - Disabled)
    JP (S-1-5-21-3714125016-866609955-929467234-1000 - Administrator - Enabled) => C:\Users\JP

    ==================== Faulty Device Manager Devices =============

    Name: VMware Virtual Ethernet Adapter for VMnet1
    Description: VMware Virtual Ethernet Adapter for VMnet1
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: VMware, Inc.
    Service: VMnetAdapter
    Problem: : This device is disabled. (Code 22)
    Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

    Name: VMware Virtual Ethernet Adapter for VMnet8
    Description: VMware Virtual Ethernet Adapter for VMnet8
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: VMware, Inc.
    Service: VMnetAdapter
    Problem: : This device is disabled. (Code 22)
    Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

    Name: Base System Device
    Description: Base System Device
    Class Guid:
    Manufacturer:
    Service:
    Problem: : The drivers for this device are not installed. (Code 28)
    Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

    Name: Teredo Tunneling Pseudo-Interface
    Description: Microsoft Teredo Tunneling Adapter
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Microsoft
    Service: tunnel
    Problem: : This device is disabled. (Code 22)
    Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

    Name: Base System Device
    Description: Base System Device
    Class Guid:
    Manufacturer:
    Service:
    Problem: : The drivers for this device are not installed. (Code 28)
    Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

    Name: Atheros AR5BWB222 Wireless Network Adapter
    Description: Atheros AR5BWB222 Wireless Network Adapter
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Atheros Communications Inc.
    Service: athr
    Problem: : This device is disabled. (Code 22)
    Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

    Name: HD WebCam
    Description: USB Video Device
    Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
    Manufacturer: Microsoft
    Service: usbvideo
    Problem: : This device is disabled. (Code 22)
    Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

    Name: PCI Simple Communications Controller
    Description: PCI Simple Communications Controller
    Class Guid:
    Manufacturer:
    Service:
    Problem: : The drivers for this device are not installed. (Code 28)
    Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


    ==================== Event log errors: =========================

    Application errors:
    ==================

    System errors:
    =============

    Microsoft Office Sessions:
    =========================

    CodeIntegrity Errors:
    ===================================
    Date: 2015-03-02 17:23:24.837
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2015-03-02 17:23:24.822
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2014-10-18 12:16:23.991
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\LENDIG.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2014-10-18 12:16:23.983
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\LENDIG.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2014-10-18 10:12:11.612
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\LENDIG.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2014-10-18 10:12:11.590
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\LENDIG.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2014-10-04 13:38:22.768
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\LENDIG.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2014-10-04 13:38:22.756
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\LENDIG.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2014-10-04 13:35:14.669
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\LENDIG.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2014-10-04 13:35:14.656
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\LENDIG.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


    ==================== Memory info ===========================

    Processor: Intel(R) Core(TM) i5-3230M CPU @ 2.60GHz
    Percentage of memory in use: 40%
    Total physical RAM: 3914.36 MB
    Available physical RAM: 2310.98 MB
    Total Pagefile: 7556.97 MB
    Available Pagefile: 5582.27 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.8 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:198.54 GB) (Free:4.7 GB) NTFS
    Drive d: () (Fixed) (Total:500 GB) (Free:2.7 GB) NTFS
    Drive z: () (Network) (Total:731.32 GB) (Free:225.49 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: E865E392)
    Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=198.5 GB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=500 GB) - (Type=07 NTFS)

    ==================== End Of Log ============================
     
  25. Broni

    Broni Malware Annihilator Posts: 52,884   +344

    [​IMG] Uninstall Search App by Ask.

    [​IMG]
    Download attached fixlist.txt file and save it to the Desktop.
    NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    Run FRST(FRST64) and press the Fix button just once and wait.
    The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
     

    Attached Files:

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...