TechSpot

Unknown redirect / hijacker

By Califauna
Sep 1, 2015
  1. Hi,

    I have an unknown redirect / hojacker on my windows 8.1 installation. It ocassionally redirects (not every time), mainly when searching the internet. It redirects to some thematically linked website, so for example when I search for SKype download, it will redirect to some dodgy skype advertising site. This happens with all types of search and the webpages it redirects too seem to always be different.

    I have scanned with Malware bytes, Comodo, Hitman pro, Hijack this, and Windows malicious software removal tool, but the redirect still occurs.

    It has not redirected for a couple of days now, but it seems to resurface after sometimes short periods, and the laptop is running very slow, so I think it is still hiding in there.

    Thanks for any help.
     
  2. Califauna

    Califauna TS Rookie Topic Starter Posts: 20

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:30-08-2015
    Ran by Administrator (administrator) on DALES-PC (30-08-2015 09:54:46)
    Running from C:\Users\Administrator\Downloads
    Loaded Profiles: Administrator (Available Profiles: dale & Administrator)
    Platform: Windows 8.1 Pro (X64) Language: English (United States)
    Internet Explorer Version 11 (Default browser: FF)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    (COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
    (Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    () C:\Program Files\COMODO\COMODO Programs Manager\CPMservice.exe
    (CrypKey (Canada) Ltd.) C:\Windows\System32\Crypserv.exe
    (CHENGDU YIWO Tech Development Co., Ltd) C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe
    ( ) C:\Windows\System32\lxbkcoms.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
    (PACE Anti-Piracy, Inc.) C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe
    (Seagate) C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedul2.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
    (COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
    () C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe
    (Microsoft Corporation) C:\Windows\System32\vds.exe
    (IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
    (COMODO) C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
    (Outertech) C:\Program Files (x86)\ClipboardHistory\ClipboardHistory.exe
    (Acronis) C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
    (COMODO) C:\Program Files\COMODO\COMODO Internet Security\cis.exe
    (Almico Software (www.almico.com)) C:\Program Files (x86)\SpeedFan\speedfan.exe
    (COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe


    ==================== Registry (Whitelisted) ===========================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [Seagate Scheduler2 Service] => C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedhlp.exe [400720 2013-10-31] (Seagate)
    HKLM\...\Run: [COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10}] => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1427648 2015-06-12] (COMODO)
    HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161984 2015-02-08] (IvoSoft)
    HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2585744 2015-07-06] (NVIDIA Corporation)
    HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
    HKLM\...\Run: [lxbkbmgr.exe] => C:\Program Files (x86)\Lexmark X1100 Series\lxbkbmgr.exe [74408 2015-02-09] (Lexmark International, Inc.)
    HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7659736 2015-02-15] (Realtek Semiconductor)
    HKLM\...\Run: [M-Audio Taskbar Icon] => C:\Windows\system32\M-AudioTaskBarIcon.exe [798216 2015-02-15] (Avid Technology, Inc.)
    HKLM\...\Run: [COMODO Internet Security] => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1427648 2015-06-12] (COMODO)
    HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472992 2013-03-21] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [DiscWizardMonitor.exe] => C:\Program Files (x86)\Seagate\DiscWizard\DiscWizardMonitor.exe [6418376 2013-10-31] (Seagate)
    HKLM-x32\...\Run: [AcronisTibMounterMonitor] => C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe [1105184 2013-01-10] (Acronis)
    HKLM-x32\...\Run: [EaseUS EPM tray] => C:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.2\bin\EpmNews.exe [2089056 2015-02-17] (CHENGDU YIWO Tech Development Co., Ltd)
    HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2015-02-08] (Apple Inc.)
    HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [448856 2015-02-08] (DivX, LLC)
    HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2015-02-08] ()
    HKLM-x32\...\Run: [EaseUS EPM Tray Agent] => C:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.2\bin\TrayPopupE\TrayTipAgentE.exe [255072 2015-02-17] ()
    HKLM-x32\...\Run: [Andy] => C:\Program Files\Andy\HandyAndy.exe
    HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311616 2015-05-05] (Samsung Electronics Co., Ltd.)
    HKLM-x32\...\Run: [Bonus.SSR.FR12] => C:\Program Files (x86)\ABBYY FineReader 12\Bonus.ScreenshotReader.exe [1517088 2015-05-19] (ABBYY Production LLC.)
    HKLM-x32\...\Run: [] => [X]
    HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3477640 2015-06-24] (Adobe Systems Inc.)
    HKU\S-1-5-21-2273160904-4274275969-784373220-500\...\Run: [ClipboardHistory] => C:\Program Files (x86)\ClipboardHistory\ClipboardHistory.exe [506728 2015-02-08] (Outertech)
    HKU\S-1-5-21-2273160904-4274275969-784373220-500\...\Run: [KiesPreload] => C:\Program Files (x86)\Samsung\Kies\Kies.exe [1566016 2015-05-05] (Samsung)
    HKU\S-1-5-21-2273160904-4274275969-784373220-500\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22344224 2015-08-30] (Google)
    HKU\S-1-5-21-2273160904-4274275969-784373220-500\...\Run: [JumplistWatcher] => C:\Program Files (x86)\JumplistExtender\T7EBackground.exe [622592 2015-02-08] (Marco Zafra)
    HKU\S-1-5-21-2273160904-4274275969-784373220-500\...\Run: [DAEMON Tools Lite] => C:\Program Files\DAEMON Tools Lite\DTLite.exe [5583120 2015-02-27] (Disc Soft Ltd)
    HKU\S-1-5-21-2273160904-4274275969-784373220-500\...\Run: [TunnelBear] => C:\Program Files (x86)\TunnelBear\TBear.Client.exe [2588608 2015-04-25] (TunnelBear)
    HKU\S-1-5-21-2273160904-4274275969-784373220-500\...\Run: [Spotify Web Helper] => C:\Users\Administrator\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2020920 2015-05-05] (Spotify Ltd)
    HKU\S-1-5-21-2273160904-4274275969-784373220-500\...\Run: [Spotify] => C:\Users\Administrator\AppData\Roaming\Spotify\Spotify.exe [7168568 2015-05-05] (Spotify Ltd)
    HKU\S-1-5-21-2273160904-4274275969-784373220-500\...\Run: [Allmyapps] => C:\Users\Administrator\AppData\Roaming\Allmyapps\Allmyapps.exe [7322488 2014-04-04] (Allmyapps SAS)
    HKU\S-1-5-21-2273160904-4274275969-784373220-500\...\Run: [Allmyapps Update] => C:\Users\Administrator\AppData\Roaming\Allmyapps\AllmyappsUpdater.exe [320888 2014-04-04] (Allmyapps SAS)
    HKU\S-1-5-21-2273160904-4274275969-784373220-500\...\Run: [Gamma Panel executable] => F:\B\Ma\Downloads\Windows Downloads\Success\WINDOWS CUSTOMISATION AND SHELL\Gamma Panel\gapa.exe
    HKU\S-1-5-21-2273160904-4274275969-784373220-500\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [53282944 2015-06-29] (Skype Technologies S.A.)
    ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-07-29] (Google)
    ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-07-29] (Google)
    ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-07-29] (Google)
    ShellIconOverlayIdentifiers: [0PerformanceMonitor] -> {3B5B973C-92A4-4855-9D3F-0F3D23332208} => No File
    ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20] (IvoSoft)
    ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-04-20] (IvoSoft)
    Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Core Temp.lnk [2015-02-08]
    ShortcutTarget: Core Temp.lnk -> C:\ProgramData\Allmyapps\apps\18327\Core Temp.exe ()
    Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\speedfan.exe - Shortcut.lnk [2015-02-13]
    ShortcutTarget: speedfan.exe - Shortcut.lnk -> C:\Program Files (x86)\SpeedFan\speedfan.exe (Almico Software (www.almico.com))
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Snagit 12.lnk [2015-03-31]
    ShortcutTarget: Snagit 12.lnk -> C:\Program Files (x86)\TechSmith\Snagit 12\Snagit32.exe (TechSmith Corporation)
    GroupPolicyScripts: Group Policy detected <======= ATTENTION

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Hosts: 127.0.0.1 www.meldaproduction.com
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
    Tcpip\..\Interfaces\{2C2C567D-75E5-4C09-8E30-2A6B303DA30D}: [NameServer] 156.154.70.22,156.154.71.22
    Tcpip\..\Interfaces\{2C2C567D-75E5-4C09-8E30-2A6B303DA30D}: [DhcpNameServer] 192.168.1.1
    Tcpip\..\Interfaces\{7AC9EED8-AC54-49AC-8118-178A9921374F}: [DhcpNameServer] 8.8.8.8 8.8.4.4
    Tcpip\..\Interfaces\{88613F22-A7D0-4FD4-B8D2-E00463F5B749}: [DhcpNameServer] 192.168.1.1
    Tcpip\..\Interfaces\{B8BDB5C8-EB90-4884-92F9-F2C858E9721F}: [DhcpNameServer] 192.168.1.1

    Internet Explorer:
    ==================
    HKU\S-1-5-21-2273160904-4274275969-784373220-500\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/es-es/?ocid=iehp
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2012-10-01] (Microsoft Corporation)
    BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20] (IvoSoft)
    BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation)
    BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll [2014-04-20] (IvoSoft)
    BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\OCHelper.dll [2015-06-09] (Microsoft Corporation)
    BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-04-20] (IvoSoft)
    BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-04-24] (Oracle Corporation)
    BHO-x32: Adobe Acrobat Create PDF Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2012-09-23] (Adobe Systems Incorporated)
    BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\GROOVEEX.DLL [2015-06-16] (Microsoft Corporation)
    BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-04-24] (Oracle Corporation)
    BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [2014-04-20] (IvoSoft)
    BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2012-09-23] (Adobe Systems Incorporated)
    Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20] (IvoSoft)
    Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-04-11] (Microsoft Corporation)
    Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\MSOSB.DLL [2015-04-11] (Microsoft Corporation)

    FireFox:
    ========
    FF ProfilePath: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ulpdv8g8.default
    FF NewTab: www.google.co.uk
    FF DefaultSearchEngine: Google UK
    FF SelectedSearchEngine: Google UK
    FF Homepage: www.google.co.uk
    FF NetworkProxy: "ftp", "180.183.105.55"
    FF NetworkProxy: "ftp_port", 3128
    FF NetworkProxy: "http", "180.183.105.55"
    FF NetworkProxy: "http_port", 3128
    FF NetworkProxy: "socks", "180.183.105.55"
    FF NetworkProxy: "socks_port", 3128
    FF NetworkProxy: "ssl", "180.183.105.55"
    FF NetworkProxy: "ssl_port", 3128
    FF NetworkProxy: "type", 0
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_232.dll [2015-08-30] ()
    FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40620.0\npctrl.dll [2015-06-20] ( Microsoft Corporation)
    FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-04-11] (Microsoft Corporation)
    FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2013-03-21] (Adobe Systems)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-08-30] ()
    FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
    FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll [2014-11-21] (DivX, LLC)
    FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
    FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-24] (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-24] (Oracle Corporation)
    FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2012-10-01] (Microsoft Corporation)
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40620.0\npctrl.dll [2015-06-19] ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\NPSPWRAP.DLL [2015-04-11] (Microsoft Corporation)
    FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-07-06] (NVIDIA Corporation)
    FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-07-06] (NVIDIA Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-30] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-30] (Google Inc.)
    FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
    FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
    FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2012-09-23] (Adobe Systems Inc.)
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-07-03] (Adobe Systems Inc.)
    FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2013-03-21] (Adobe Systems)
    FF Plugin HKU\S-1-5-21-2273160904-4274275969-784373220-500: @acestream.net/acestreamplugin,version=3.1.0-b2 -> C:\Users\Administrator\AppData\Roaming\ACEStream\player\npace_plugin.dll [2014-12-12] (Innovative Digital Technologies)
    FF Plugin HKU\S-1-5-21-2273160904-4274275969-784373220-500: SkypePlugin -> C:\Users\Administrator\AppData\Local\SkypePlugin\7.5.0.123\npGatewayNpapi.dll [2015-07-17] (Skype Technologies S.A.)
    FF Plugin HKU\S-1-5-21-2273160904-4274275969-784373220-500: SkypePlugin64 -> C:\Users\Administrator\AppData\Local\SkypePlugin\7.5.0.123\npGatewayNpapi-x64.dll [2015-07-17] (Skype Technologies S.A.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2012-10-01] (Microsoft Corporation)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-07-03] (Adobe Systems Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2015-02-08] (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2015-02-08] (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2015-02-08] (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2015-02-08] (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2015-02-08] (Apple Inc.)
    FF SearchPlugin: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ulpdv8g8.default\searchplugins\google-maps-uk.xml [2015-06-15]
    FF Extension: Xmarks - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ulpdv8g8.default\Extensions\foxmarks@kei.com [2015-05-15]
    FF Extension: Print pages to PDF - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ulpdv8g8.default\Extensions\printPages2Pdf@reinhold.ripper [2015-05-31]
    FF Extension: EPUBReader - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ulpdv8g8.default\Extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F} [2015-05-31]
    FF Extension: System.Security.Cryptography.CryptographicException - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ulpdv8g8.default\Extensions\{7F7A4577-8FC3-141E-DD31-1321B4A6F2FC} [2015-06-25]
    FF Extension: Flash and Video Download - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ulpdv8g8.default\Extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a} [2015-06-22]
    FF Extension: Default Full Zoom Level - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ulpdv8g8.default\Extensions\{D9A7CBEC-DE1A-444f-A092-844461596C4D} [2015-05-29]
    FF Extension: Roomy Bookmarks Toolbar - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ulpdv8g8.default\Extensions\ALone-live@ya.ru.xpi [2015-02-08]
    FF Extension: Add to Amazon Wish List Button - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ulpdv8g8.default\Extensions\amznUWL2@amazon.com.xpi [2015-02-08]
    FF Extension: DownThemAll! AntiContainer - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ulpdv8g8.default\Extensions\anticontainer@downthemall.net.xpi [2015-02-08]
    FF Extension: Bookmark Favicon Changer - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ulpdv8g8.default\Extensions\bookmarkfaviconchanger@sonthakit.xpi [2015-02-08]
    FF Extension: Color Transform - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ulpdv8g8.default\Extensions\colortransform@pjs.nl.xpi [2015-02-08]
    FF Extension: Colour That Site! - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ulpdv8g8.default\Extensions\ColourThatSite@einspeiser.de.xpi [2015-04-07]
    FF Extension: Myibidder (Myibay) Bid Sniper for eBay - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ulpdv8g8.default\Extensions\firefox1@myibay.com.xpi [2015-02-08]
    FF Extension: Media Hint - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ulpdv8g8.default\Extensions\firefox@mediahint.com.xpi [2015-03-21]
    FF Extension: Email This! Bookmarklet Extension - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ulpdv8g8.default\Extensions\gmailthis@lazyrussian.com.xpi [2015-06-04]
    FF Extension: savetexttofile - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ulpdv8g8.default\Extensions\HighlightedTextToFile@bobbyrne01.org.xpi [2015-02-08]
    FF Extension: YouTube mp3 - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ulpdv8g8.default\Extensions\info@youtube-mp3.org.xpi [2015-05-14]
    FF Extension: One Click Proxy - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ulpdv8g8.default\Extensions\jid0-zXo3XFGyiDalgkeEO4UYJTUwo2I@jetpack.xpi [2015-05-12]
    FF Extension: Lazarus: Form Recovery - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ulpdv8g8.default\Extensions\lazarus@interclue.com.xpi [2015-02-13]
    FF Extension: Live Edit - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ulpdv8g8.default\Extensions\lonely@hamzeen.xpi [2015-05-12]
    FF Extension: MD5 Reborned Hasher - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ulpdv8g8.default\Extensions\md5rehasher@phoneixs.es.xpi [2015-05-12]
    FF Extension: Multifox - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ulpdv8g8.default\Extensions\multifox@hultmann.xpi [2015-02-08]
    FF Extension: Multiple Tab Handler - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ulpdv8g8.default\Extensions\multipletab@piro.sakura.ne.jp.xpi [2015-05-09]
    FF Extension: NoSquint - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ulpdv8g8.default\Extensions\nosquint@urandom.ca.xpi [2015-02-08]
    FF Extension: Print Edit - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ulpdv8g8.default\Extensions\printedit@DW-dev.xpi [2015-02-08]
    FF Extension: MetisMe - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ulpdv8g8.default\Extensions\product@metisme.com.xpi [2015-02-08]
    FF Extension: Restart - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ulpdv8g8.default\Extensions\Restart@schuzak.jp.xpi [2015-02-13]
    FF Extension: Roomy Bookmarks Toolbar - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ulpdv8g8.default\Extensions\roomy_bookmarks_toolbar-1.4.4-sm.xpi [2015-02-08]
    FF Extension: Screen Draw - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ulpdv8g8.default\Extensions\screendraw@grizzlyape.com.xpi [2015-05-12]
    FF Extension: Auto-Sort Bookmarks - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ulpdv8g8.default\Extensions\sortbookmarks@bouanto.xpi [2015-02-08]
    FF Extension: Status-4-Evar - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ulpdv8g8.default\Extensions\status4evar@caligonstudios.com.xpi [2015-02-08]
    FF Extension: StopTube - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ulpdv8g8.default\Extensions\stoptube@kashiif.com.xpi [2015-02-08]
    FF Extension: Google Translator for Firefox - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ulpdv8g8.default\Extensions\translator@zoli.bod.xpi [2015-02-08]
    FF Extension: Undo Closed Tabs Button - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ulpdv8g8.default\Extensions\undoclosedtabsbutton@supernova00.biz.xpi [2015-02-08]
    FF Extension: Resurrect Pages - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ulpdv8g8.default\Extensions\{0c8fbd76-bdeb-4c52-9b24-d587ce7b9dc3}.xpi [2015-02-08]
    FF Extension: Session Manager - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ulpdv8g8.default\Extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi [2015-02-08]
    FF Extension: FlashGot - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ulpdv8g8.default\Extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi [2015-06-29]
    FF Extension: Print/Print Preview - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ulpdv8g8.default\Extensions\{19EB90DC-A456-458b-8AAC-616D91AAFCE1}.xpi [2015-02-08]
    FF Extension: uBlock - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ulpdv8g8.default\Extensions\{2b10c1c8-a11f-4bad-fe9c-1c11e82cac42}.xpi [2015-06-18]
    FF Extension: CacheViewer Continued - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ulpdv8g8.default\Extensions\{30E08C68-889E-11E0-95EF-DA7E4824019B}.xpi [2015-02-08]
    FF Extension: PDF Download - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ulpdv8g8.default\Extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}.xpi [2015-02-08]
    FF Extension: Download Videos From YouTube - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ulpdv8g8.default\Extensions\{3ED8ADFD-E755-4aea-986B-A3828315DB53}.xpi [2015-06-22]
    FF Extension: Text Link - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ulpdv8g8.default\Extensions\{54BB9F3F-07E5-486c-9B39-C7398B99391C}.xpi [2015-02-08]
    FF Extension: Mozilla Archive Format - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ulpdv8g8.default\Extensions\{7f57cf46-4467-4c2d-adfa-0cba7c507e54}.xpi [2015-02-08]
    FF Extension: Search by Image for Google - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ulpdv8g8.default\Extensions\{ab4b5718-3998-4a2c-91ae-18a7c2db513e}.xpi [2015-02-08]
    FF Extension: Password Exporter - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ulpdv8g8.default\Extensions\{B17C1C5A-04B1-11DB-9804-B622A1EF5492}.xpi [2015-02-08]
    FF Extension: Download YouTube Videos as MP4 - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ulpdv8g8.default\Extensions\{b9bfaf1c-a63f-47cd-8b9a-29526ced9060}.xpi [2015-06-22]
    FF Extension: Video DownloadHelper - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ulpdv8g8.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2015-06-15]
    FF Extension: DownThemAll! - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ulpdv8g8.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2015-02-08]
    FF Extension: Internote - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ulpdv8g8.default\Extensions\{e3631030-7c02-11da-a72b-0800200c9a66}.xpi [2015-02-08]
    FF Extension: Greasemonkey - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ulpdv8g8.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2015-02-08]
    FF Extension: QuickJava - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ulpdv8g8.default\Extensions\{E6C1199F-E687-42da-8C24-E7770CC3AE66}.xpi [2015-02-08]
    FF Extension: YouTube Flash Video Player - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ulpdv8g8.default\Extensions\{f3bd3dd2-2888-44c5-91a2-2caeb33fb898}.xpi [2015-06-18]
    FF Extension: UnMHT - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ulpdv8g8.default\Extensions\{f759ca51-3a91-4dd1-ae78-9db5eee9ebf0}.xpi [2015-07-08]
    FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
    FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2015-06-24]

    Chrome:
    =======
    CHR Profile: C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Media Hint) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\akipcefbjlmpbcejgdaopmmidpnjlhnb [2015-03-21]
    CHR Extension: (Google Docs) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-08]
    CHR Extension: (Google Drive) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-02-08]
    CHR Extension: (YouTube) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-02-08]
    CHR Extension: (uBlock Origin) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2015-08-27]
    CHR Extension: (Google Search) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-02-08]
    CHR Extension: (Adobe Acrobat - Create PDF) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2015-06-28]
    CHR Extension: (Hola Better Internet Engine) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\epbfmioobedknooiakdehepogalbgkng [2015-02-22]
    CHR Extension: (No Name) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2015-02-22]
    CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-14]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-02-08]
    CHR Extension: (Gmail) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-02-08]
    CHR HKU\S-1-5-21-2273160904-4274275969-784373220-500\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - https://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2012-09-23]
     
  3. Califauna

    Califauna TS Rookie Topic Starter Posts: 20

    *****SECOND HALF ***


    ==================== Services (Whitelisted) ========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2255064 2015-02-18] (Broadcom Corporation.)
    S3 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2753720 2015-07-26] (Microsoft Corporation)
    R2 CmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [5541960 2015-06-12] (COMODO)
    R3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2265792 2015-06-12] (COMODO)
    R2 CPMService; C:\Program Files\COMODO\COMODO Programs Manager\CPMService.exe [116032 2011-09-05] ()
    R2 Crypkey License; C:\Windows\SYSTEM32\crypserv.exe [122880 2015-02-20] (CrypKey (Canada) Ltd.) [File not signed]
    S3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1272592 2015-03-02] (Disc Soft Ltd)
    S3 DroidExplorerService; C:\Program Files\Droid Explorer\DroidExplorer.Service.exe [255488 2015-03-09] (Ryan Conrad) [File not signed]
    R2 EaseUS Agent; C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe [37384 2015-02-26] (CHENGDU YIWO Tech Development Co., Ltd)
    S3 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148560 2015-07-06] (NVIDIA Corporation)
    R2 lxbk_device; C:\Windows\system32\lxbkcoms.exe [565928 2015-02-09] ( )
    R2 lxbk_device; C:\Windows\SysWOW64\lxbkcoms.exe [537256 2015-02-09] ( )
    S3 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-06-28] (Malwarebytes Corporation)
    S3 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1706128 2015-07-06] (NVIDIA Corporation)
    R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21833360 2015-07-06] (NVIDIA Corporation)
    S3 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2014-10-13] (DEVGURU Co., LTD.)
    S3 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5429520 2015-02-08] (TeamViewer GmbH)
    S3 TechSmith Uploader Service; C:\Program Files (x86)\Common Files\TechSmith Shared\Uploader\UploaderService.exe [3408384 2015-03-31] (TechSmith Corporation) [File not signed]
    S3 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe [2103096 2015-02-08] (TuneUp Software)
    S4 TunnelBearMaintenance; C:\Program Files (x86)\TunnelBear\TBear.Maintenance.exe [34752 2015-04-25] ()
    S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2015-01-16] (Microsoft Corporation)
    S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-01-16] (Microsoft Corporation)

    ===================== Drivers (Whitelisted) ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R3 Apowersoft_AudioDevice; C:\Windows\system32\drivers\Apowersoft_AudioDevice.sys [31920 2015-02-08] (Wondershare)
    R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [170712 2015-02-18] (Broadcom Corporation.)
    S3 BEHRINGER_2902; C:\Windows\System32\Drivers\BUSB2902.sys [460864 2009-10-30] (BEHRINGER)
    R3 BthA2DP; C:\Windows\system32\drivers\BthA2DP.sys [131328 2014-11-21] (Microsoft Corporation)
    S3 bthav; C:\Windows\system32\drivers\bthav.sys [40448 2015-02-15] (CSR, plc)
    R3 BthHFAud; C:\Windows\system32\DRIVERS\BthHfAud.sys [32768 2014-11-21] (Microsoft Corporation)
    S3 BUSB_AUDIO_WDM; C:\Windows\system32\drivers\busbwdm.sys [49728 2009-10-30] (BEHRINGER)
    R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [20672 2015-06-05] (COMODO)
    R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [820928 2015-06-05] (COMODO)
    R1 cmdhlp; C:\Windows\system32\DRIVERS\cmdhlp.sys [35056 2015-06-05] (COMODO)
    S3 CSRBC; C:\Windows\System32\Drivers\csrbc.sys [38400 2015-07-31] (CSR plc.)
    S3 csrusbfilter; C:\Windows\System32\Drivers\csrusbfilter.sys [23752 2015-02-18] (Cambridge Silicon Radio Limited)
    R0 cumon; C:\Windows\System32\drivers\cumon.sys [205512 2011-09-05] (Windows (R) Win 7 DDK provider)
    R3 dtlitescsibus; C:\Windows\System32\drivers\dtlitescsibus.sys [30352 2015-03-02] (Disc Soft Ltd)
    S3 eksmidi; C:\Windows\system32\drivers\eksmidi.sys [101472 2015-02-09] (EKS)
    R1 ElRawDisk; C:\Windows\system32\drivers\rsdrvx64.sys [26024 2015-02-08] (EldoS Corporation)
    S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [18528 2014-11-18] ()
    S3 epmntdrv; C:\Windows\SysWOW64\epmntdrv.sys [14944 2015-02-17] ()
    R0 EUBKMON; C:\Windows\System32\drivers\EUBKMON.sys [48136 2015-02-26] ()
    S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [10848 2014-11-18] ()
    S3 EuGdiDrv; C:\Windows\SysWOW64\EuGdiDrv.sys [10208 2015-02-17] ()
    R0 Evdd; C:\Windows\System32\drivers\evdd.sys [19568 2011-09-05] ()
    S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [43664 2015-07-06] ()
    R1 inspect; C:\Windows\system32\DRIVERS\inspect.sys [126696 2015-06-05] (COMODO)
    S3 MADFUPROKEYSSONO; C:\Windows\system32\DRIVERS\MAudioProKeysSono_DFU.sys [46088 2015-02-15] (M-Audio)
    S3 MAUSBPROKEYSSONO; C:\Windows\system32\DRIVERS\MAudioProKeysSono.sys [187912 2015-02-15] (Avid Technology, Inc.)
    S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-28] (Malwarebytes Corporation)
    S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-06-28] (Malwarebytes Corporation)
    S3 MTsensor; C:\Windows\system32\DRIVERS\ASACPI.sys [17280 2013-05-17] ()
    R1 NetworkX; C:\Windows\system32\ckldrv.sys [28664 2015-02-20] ()
    S3 NvnUsbAudio; C:\Windows\system32\DRIVERS\nvnusbaudio.sys [54000 2015-02-09] (Novation DMS Ltd.)
    R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-01-16] (NVIDIA Corporation)
    R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38032 2015-02-15] (NVIDIA Corporation)
    S3 OSFMount; C:\Program Files\OSFMount\OSFMount.sys [1299384 2015-02-08] (PassMark Software)
    R0 phylock; C:\Windows\System32\drivers\phylock.sys [34864 2015-07-26] (TeraByte, Inc.)
    R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-06-22] (Corel Corporation)
    S3 rspLLL; C:\Windows\System32\DRIVERS\rspLLL64.sys [25504 2015-02-18] (Resplendence Software Projects Sp.)
    R3 tap-tb-0901; C:\Windows\system32\DRIVERS\tap-tb-0901.sys [38656 2015-02-22] (The OpenVPN Project)
    R0 tib; C:\Windows\System32\DRIVERS\tib.sys [1120032 2015-02-08] (Acronis International GmbH)
    R0 tib_mounter; C:\Windows\System32\DRIVERS\tib_mounter.sys [183224 2015-02-08] (Acronis)
    S3 TosRfSnd; C:\Windows\system32\drivers\tosrfsnd.sys [63488 2015-02-13] (TOSHIBA Corporation) [File not signed]
    R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys [14112 2013-12-16] (TuneUp Software)
    U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] ()
    S3 VBoxUSB; C:\Windows\System32\Drivers\VBoxUSB.sys [115208 2015-05-23] (Oracle Corporation)
    R0 vidsflt; C:\Windows\System32\DRIVERS\vidsflt.sys [130848 2015-02-08] (Acronis International GmbH)
    S3 WUDFWpdComp; C:\Windows\system32\DRIVERS\WUDFRd.sys [226304 2014-11-21] (Microsoft Corporation)
    S3 ALSysIO; \??\C:\Users\ADMINI~1\AppData\Local\Temp\ALSysIO64.sys [X]
    S3 AthBTPort; \SystemRoot\system32\DRIVERS\btath_flt.sys [X]
    S3 BTATH_A2DP; \SystemRoot\system32\drivers\btath_a2dp.sys [X]
    S3 btath_avdt; \SystemRoot\system32\drivers\btath_avdt.sys [X]
    S0 BTATH_BUS; System32\drivers\btath_bus.sys [X]
    S3 BTATH_HCRP; \SystemRoot\system32\DRIVERS\btath_hcrp.sys [X]
    S3 BTATH_LWFLT; \SystemRoot\system32\DRIVERS\btath_lwflt.sys [X]
    S3 BTATH_RCP; \SystemRoot\System32\drivers\btath_rcp.sys [X]
    S3 btwaudio; \SystemRoot\system32\drivers\btwaudio.sys [X]
    S3 btwavdt; \SystemRoot\system32\drivers\btwavdt.sys [X]
    S3 btwl2cap; \SystemRoot\system32\DRIVERS\btwl2cap.sys [X]
    S3 btwrchid; \SystemRoot\System32\drivers\btwrchid.sys [X]
    S3 CsrBtPort; \SystemRoot\system32\DRIVERS\CsrBtPort.sys [X]
    S3 csrusb; \SystemRoot\System32\Drivers\csrusb.sys [X]
    S3 HWiNFO32; \??\C:\Users\ADMINI~1\AppData\Local\Temp\HWiNFO64A.SYS [X]
    S3 VMSMP; \SystemRoot\system32\DRIVERS\vmswitch.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2015-08-30 09:54 - 2015-08-30 09:55 - 00039492 _____ C:\Users\Administrator\Downloads\FRST.txt
    2015-08-30 09:41 - 2015-08-30 09:41 - 02188288 _____ (Farbar) C:\Users\Administrator\Downloads\FRST64.exe
    2015-08-29 23:46 - 2015-08-29 23:46 - 00407813 _____ C:\Users\Administrator\Downloads\B00TFORUM8.htm
    2015-08-29 23:17 - 2015-08-30 09:54 - 00000000 ____D C:\FRST
    2015-08-22 21:29 - 2015-08-22 21:29 - 01943070 _____ C:\Users\Administrator\Downloads\FicheroCliente(2).tiff
    2015-08-22 21:21 - 2015-08-22 21:21 - 00000000 ____D C:\Program Files (x86)\MSECache
    2015-08-19 00:43 - 2015-08-19 00:43 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Epson
    2015-08-18 00:12 - 2015-08-18 00:12 - 00019342 _____ C:\Users\Administrator\Downloads\[kat.cr]va.damn.presents.the.mash.ups.2007.dance(1).torrent
    2015-08-18 00:12 - 2015-08-18 00:12 - 00018574 _____ C:\Users\Administrator\Downloads\[kat.cr]va.high.voltage.mash.ups.2009.dubinferno.torrent
    2015-08-17 23:55 - 2015-08-17 23:55 - 00019342 _____ C:\Users\Administrator\Downloads\[kat.cr]va.damn.presents.the.mash.ups.2007.dance.torrent
    2015-08-17 17:35 - 2015-08-17 17:35 - 00063620 _____ C:\Users\Administrator\Downloads\Movimiento_0(1)
    2015-08-17 17:34 - 2015-08-17 17:34 - 00063620 _____ C:\Users\Administrator\Downloads\Movimiento_0
    2015-08-14 17:55 - 2015-08-29 22:09 - 00000000 ____D C:\Program Files (x86)\EPSON
    2015-08-14 17:51 - 2015-08-29 22:03 - 00000000 ____D C:\Program Files (x86)\EPSON Software
    2015-08-13 19:22 - 2015-08-13 19:22 - 00020410 _____ C:\Users\Administrator\Downloads\[kat.cr]microsoft.windows.10.home.and.pro.x64.clean.iso.torrent
    2015-08-09 11:58 - 2015-08-30 01:48 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
    2015-08-09 01:12 - 2015-08-09 01:12 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Andy
    2015-08-09 01:11 - 2015-08-09 01:11 - 01324696 _____ C:\Users\Administrator\Downloads\Andy_Android_Emulator_v44_10.exe
    2015-08-05 22:33 - 2015-08-05 22:33 - 00000000 ____D C:\Program Files\Common Files\EPSON
    2015-08-05 22:28 - 2015-08-05 22:28 - 00179712 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\E_YLMBNFE.DLL
    2015-08-05 22:28 - 2015-08-05 22:28 - 00083968 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\E_YD4BNFE.DLL
    2015-08-05 22:28 - 2015-08-05 22:28 - 00010752 _____ (SEIKO EPSON CORP.) C:\Windows\system32\E_GCINST.DLL
    2015-08-05 22:27 - 2015-08-05 23:33 - 00000000 ____D C:\ProgramData\EPSON
    2015-08-05 22:22 - 2015-08-05 22:23 - 26546176 _____ C:\Users\Administrator\Downloads\epson513359eu.exe
    2015-08-05 19:41 - 2015-08-05 19:41 - 00000000 ____D C:\Users\Administrator\Downloads\epson379189eu
    2015-08-01 18:23 - 2015-08-01 18:24 - 89374063 _____ C:\Users\Administrator\Downloads\Flash_tool_for_Xperia_6.zip
    2015-08-01 18:15 - 2015-08-01 18:15 - 00000000 ____D C:\Program Files (x86)\ClockworkMod
    2015-08-01 18:13 - 2015-08-01 18:13 - 15912493 _____ C:\Users\Administrator\Downloads\UniversalAdbDriver.zip
    2015-08-01 18:13 - 2015-08-01 18:13 - 00000000 ____D C:\Users\Administrator\Downloads\UniversalAdbDriver
    2015-08-01 05:19 - 2015-08-01 05:19 - 00637763 _____ C:\Users\Administrator\Downloads\epson379189eu.zip
    2015-08-01 05:19 - 2015-08-01 05:19 - 00637763 _____ C:\Users\Administrator\Downloads\epson379189eu (1).zip
    2015-07-31 12:48 - 2015-07-31 12:48 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_wpdcomp_01_11_00.Wdf
    2015-07-31 11:51 - 2015-08-30 07:50 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sony Ericsson
    2015-07-31 11:50 - 2015-08-30 07:50 - 00000000 ____D C:\Program Files (x86)\Sony Ericsson
    2015-07-31 10:35 - 2015-07-31 10:35 - 29593968 _____ (Sony Mobile Communications ) C:\Users\Administrator\Downloads\Sony PC Companion_Web.exe
    2015-07-31 10:33 - 2015-07-31 10:33 - 39919352 _____ C:\Users\Administrator\Downloads\Update_Service_Setup-2.11.12.5.exe
    2015-07-31 05:20 - 2015-07-31 05:20 - 00000000 ____D C:\Users\Administrator\AppData\Local\SkypePlugin
    2015-07-31 05:19 - 2015-07-31 05:19 - 06541312 _____ C:\Users\Administrator\Downloads\SkypeWebPlugin.msi
    2015-07-31 04:02 - 2015-07-31 04:02 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Cambridge Silicon Radio
    2015-07-31 03:55 - 2015-07-31 03:55 - 00038400 _____ (CSR plc.) C:\Windows\system32\Drivers\csrbc.sys
    2015-07-31 03:55 - 2015-07-31 03:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CSR BlueSuite 2.5.0
    2015-07-31 03:55 - 2015-07-31 03:55 - 00000000 ____D C:\Program Files\DIFX
    2015-07-31 03:54 - 2015-07-31 03:54 - 00000000 ____D C:\Program Files (x86)\CSR
    2015-07-31 03:45 - 2015-07-31 04:17 - 00000000 ____D C:\Users\Administrator\Downloads\JBL_CHARGE_2
    2015-07-31 03:41 - 2015-07-31 03:41 - 07456164 _____ C:\Users\Administrator\Downloads\JBL_CHARGE_2.7z

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2015-08-30 09:55 - 2015-07-08 21:32 - 00014046 _____ C:\Users\Administrator\Desktop\hijackthis.log
    2015-08-30 09:55 - 2015-02-08 19:25 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SECURITY
    2015-08-30 09:55 - 2015-02-08 16:08 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\ClassicShell
    2015-08-30 09:52 - 2015-02-08 14:25 - 00073710 _____ C:\Windows\system32\Drivers\fvstore.dat
    2015-08-30 09:44 - 2015-02-08 16:56 - 00000000 ____D C:\Program Files (x86)\SpeedFan
    2015-08-30 09:27 - 2015-07-06 14:50 - 00375211 _____ C:\Windows\setupact.log
    2015-08-30 09:09 - 2015-02-08 16:09 - 00000924 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2015-08-30 09:08 - 2015-02-08 21:39 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
    2015-08-30 09:00 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\system32\sru
    2015-08-30 08:28 - 2015-02-08 14:08 - 00003594 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2273160904-4274275969-784373220-500
    2015-08-30 08:23 - 2015-07-26 22:45 - 00002214 _____ C:\Users\Public\Desktop\Google Chrome.lnk
    2015-08-30 07:47 - 2015-02-08 17:03 - 00000000 ____D C:\Users\Administrator\AppData\Local\CrashDumps
    2015-08-30 07:41 - 2015-02-08 16:11 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
    2015-08-30 03:27 - 2015-02-08 05:14 - 01832972 _____ C:\Windows\WindowsUpdate.log
    2015-08-30 03:11 - 2015-07-17 22:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
    2015-08-30 03:09 - 2015-02-08 21:39 - 00003718 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
    2015-08-30 03:09 - 2015-02-08 16:09 - 00000920 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2015-08-30 03:07 - 2015-02-08 15:31 - 00003112 _____ C:\Windows\System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-2273160904-4274275969-784373220-500
    2015-08-30 03:07 - 2015-02-08 15:31 - 00000000 ___RD C:\Users\Administrator\OneDrive
    2015-08-30 03:06 - 2015-02-08 16:22 - 00000000 ____D C:\Users\Administrator\AppData\Local\Adobe
    2015-08-30 03:05 - 2015-02-09 19:04 - 00155592 _____ C:\Windows\DPINST.LOG
    2015-08-30 03:04 - 2015-02-08 16:09 - 00003896 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
    2015-08-30 03:04 - 2015-02-08 16:09 - 00003660 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
    2015-08-30 03:02 - 2015-02-08 13:50 - 00000000 ____D C:\Users\Administrator
    2015-08-30 02:58 - 2015-02-18 17:53 - 00014880 _____ C:\Windows\error.log
    2015-08-30 02:58 - 2013-08-22 16:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
    2015-08-30 02:57 - 2015-02-18 17:53 - 00004761 _____ C:\Windows\errord.log
    2015-08-30 01:51 - 2015-02-08 14:12 - 00011264 _____ C:\Windows\CUAppUsage.Dat
    2015-08-30 01:50 - 2015-02-08 05:13 - 00000000 ____D C:\Users\dale
    2015-08-30 01:49 - 2015-02-11 04:55 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\vlc
    2015-08-30 01:49 - 2015-02-08 14:20 - 00000000 ____D C:\Windows\System32\Tasks\COMODO
    2015-08-30 01:49 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\AppCompat
    2015-08-30 01:48 - 2015-07-26 22:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
    2015-08-30 01:48 - 2015-02-08 16:46 - 00000000 ____D C:\Program Files (x86)\TuneUp Utilities 2014
    2015-08-30 01:48 - 2015-02-08 14:56 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
    2015-08-30 01:34 - 2015-07-28 08:49 - 00000000 ____D C:\Users\Administrator\Desktop\Cayman 2015
    2015-08-30 01:34 - 2015-02-08 15:02 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Skype
    2015-08-30 01:34 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\registration
    2015-08-30 01:32 - 2015-04-01 13:11 - 00000000 ____D C:\ProgramData\InstallShield
    2015-08-30 01:32 - 2015-02-08 16:45 - 00000000 ____D C:\ProgramData\TuneUp Software
    2015-08-30 01:31 - 2014-03-18 03:24 - 00000000 __RHD C:\MSOCache
    2015-08-25 20:47 - 2015-07-04 00:08 - 00119808 ___SH C:\Users\Administrator\Desktop\Thumbs.db
    2015-08-22 18:05 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\system32\NDF
    2015-08-13 20:08 - 2014-11-21 09:29 - 00071098 _____ C:\Windows\PFRO.log
    2015-08-09 01:18 - 2013-08-22 15:25 - 00262144 ___SH C:\Windows\system32\config\BBI
    2015-08-09 01:15 - 2015-07-22 20:32 - 00000000 ___RD C:\Users\Administrator\AppData\Roaming\Andy_44_Online
    2015-08-09 01:12 - 2015-04-29 22:31 - 00000000 ____D C:\Program Files\Andy
    2015-08-09 01:10 - 2015-04-30 13:21 - 00000000 ____D C:\Users\Administrator\VirtualBox VMs
    2015-08-09 01:06 - 2015-04-29 22:42 - 00000000 ____D C:\Users\Administrator\.VirtualBox
    2015-08-05 19:33 - 2013-08-22 14:37 - 00089600 _____ (Seiko Epson Corporation.) C:\Windows\system32\ep0icd3.dll
    2015-08-03 19:59 - 2014-11-21 09:38 - 01367332 _____ C:\Windows\system32\PerfStringBackup.INI

    ==================== Files in the root of some directories =======

    2015-02-13 17:09 - 2015-02-13 17:19 - 1289216 _____ () C:\Program Files (x86)\JumplistLauncher.exe
    2015-02-13 17:20 - 2015-06-29 12:26 - 0005256 _____ () C:\Program Files (x86)\settings.dat
    2015-05-27 21:38 - 2015-05-27 21:45 - 0000539 _____ () C:\Users\Administrator\AppData\Roaming\DarkAdapted Preferences
    2015-02-08 23:42 - 2015-02-08 23:42 - 0118724 _____ () C:\Users\Administrator\AppData\Local\30FDB2F6_stp.CIS
    2015-02-08 23:42 - 2015-02-08 23:42 - 0000318 _____ () C:\Users\Administrator\AppData\Local\30FDB2F6_stp.CIS.part
    2015-06-12 16:27 - 2015-06-12 16:27 - 0003584 _____ () C:\Users\Administrator\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2015-02-12 10:43 - 2015-02-12 10:43 - 0000001 _____ () C:\Users\Administrator\AppData\Local\RawCopy.1.02.agreement
    2015-02-17 20:38 - 2015-02-17 20:38 - 0000055 _____ () C:\Users\Administrator\AppData\Local\RawCopy.savedialog.dir
    2015-02-12 10:47 - 2015-07-25 18:40 - 0000001 _____ () C:\Users\Administrator\AppData\Local\RawCopy.savedialog.filterindex
    2015-02-12 10:44 - 2015-07-25 18:39 - 0000001 _____ () C:\Users\Administrator\AppData\Local\RawCopy.sourcedisk.index
    2015-02-14 04:56 - 2015-02-14 04:56 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
    2015-05-05 18:14 - 2015-05-05 18:14 - 0010295 _____ () C:\ProgramData\regid.2011-06.com.youtubebyclick_3C521B99-9ACE-47EA-AC9F-26075467D03B.swidtag

    Some files in TEMP:
    ====================
    C:\Users\Administrator\AppData\Local\Temp\keygen.exe
    C:\Users\Administrator\AppData\Local\Temp\nvSCPAPI.dll
    C:\Users\Administrator\AppData\Local\Temp\nvSCPAPI64.dll
    C:\Users\Administrator\AppData\Local\Temp\nvStInst.exe
    C:\Users\Administrator\AppData\Local\Temp\Quarantine.exe
    C:\Users\Administrator\AppData\Local\Temp\R2REXT.dll
    C:\Users\Administrator\AppData\Local\Temp\R2RTOOL.dll
    C:\Users\Administrator\AppData\Local\Temp\sfamcc00001.dll
    C:\Users\Administrator\AppData\Local\Temp\sfareca00001.dll
    C:\Users\Administrator\AppData\Local\Temp\SkypeSetup.exe
    C:\Users\Administrator\AppData\Local\Temp\sqlite3.dll
    C:\Users\dale\AppData\Local\Temp\917b0b87-3358-4e79-93de-3dfc2fc99ed0.exe
    C:\Users\dale\AppData\Local\Temp\feedback.dll


    ==================== Bamital & volsnap =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\system32\winlogon.exe => File is digitally signed
    C:\Windows\system32\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\system32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\system32\services.exe => File is digitally signed
    C:\Windows\system32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\system32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\system32\rpcss.dll => File is digitally signed
    C:\Windows\system32\dnsapi.dll => File is digitally signed
    C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
    C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2015-08-21 19:59

    ==================== End of FRST.txt ============================
     
  4. Califauna

    Califauna TS Rookie Topic Starter Posts: 20

    Additional scan result of Farbar Recovery Scan Tool (x64) Version:30-08-2015
    Ran by Administrator (2015-08-30 09:57:56)
    Running from C:\Users\Administrator\Downloads
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-2273160904-4274275969-784373220-500 - Administrator - Enabled) => C:\Users\Administrator
    dale (S-1-5-21-2273160904-4274275969-784373220-1001 - Administrator - Enabled) => C:\Users\dale
    Guest (S-1-5-21-2273160904-4274275969-784373220-501 - Limited - Disabled)
    HomeGroupUser$ (S-1-5-21-2273160904-4274275969-784373220-1003 - Limited - Enabled)

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AV: COMODO Antivirus (Disabled - Up to date) {F25D0092-CDBE-B303-ADB7-88DE8CDECCF5}
    AS: Comodo Defense+ (Enabled - Up to date) {493CE176-EB84-BC8D-9707-B3ACF7598648}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    FW: COMODO Firewall (Enabled) {CA6681B7-87D1-B25B-86E8-21EB720D8B8E}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
    ABBYY FineReader 12 Corporate (HKLM-x32\...\{F12000CE-0001-0000-0000-074957833700}) (Version: 12.1.439 - ABBYY Production LLC)
    Ableton Live 9 Suite (HKLM\...\{D4EA4767-BB54-4094-A9F9-F058C2D47DA3}) (Version: 9.0.0.0 - Ableton)
    Ace Stream Media 3.1.0-b2 (HKU\S-1-5-21-2273160904-4274275969-784373220-500\...\AceStream) (Version: 3.1.0-b2 - Ace Stream Media) <==== ATTENTION
    Active@ File Recovery Professional 14 (HKLM\...\{C34F36E0-4D8B-42E8-90AD-50C76E1AE282}_is1) (Version: 14 - LSoft Technologies Inc)
    ActivePerl 5.16.1 Build 1601 (64-bit) (HKLM\...\{653D48F0-098C-45C1-8267-86EA7B9D0EDB}) (Version: 5.16.1601 - ActiveState)
    Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.008.20082 - Adobe Systems Incorporated)
    Adobe Acrobat XI Pro (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.00 - Adobe Systems)
    Adobe Audition CC (HKLM-x32\...\{DE1E055B-679C-42F8-B114-7B6ED0B8ED95}) (Version: 6.0 - Adobe Systems Incorporated)
    Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.232 - Adobe Systems Incorporated)
    Allmyapps (HKU\S-1-5-21-2273160904-4274275969-784373220-500\...\Allmyapps) (Version: 2.0.0.30 - Allmyapps)
    Android SDK Tools (HKLM-x32\...\Android SDK Tools) (Version: 1.16 - Google Inc.)
    Andy OS (HKLM-x32\...\Andy OS) (Version: 0.43 - Andy OS, Inc)
    Any Video Converter 5.7.7 (HKLM-x32\...\Any Video Converter_is1) (Version: - Any-Video-Converter.com)
    Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
    ARIA Engine v1.6.2.0 (HKLM\...\ARIA Engine_is1) (Version: v1.6.2.0 - Plogue Art et Technologie, Inc)
    Ashampoo MP3 Cover Finder v.1.0.12 (HKLM-x32\...\{5A842CF6-7E61-52D7-C64C-2F20E9D408F1}_is1) (Version: 1.0.12 - Ashampoo GmbH & Co. KG)
    ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.10 - Michael Tippach)
    Audacity 2.0.6 (HKLM-x32\...\Audacity_is1) (Version: 2.0.6 - Audacity Team)
    AutoHotkey 1.1.19.02 (HKLM\...\AutoHotkey) (Version: 1.1.19.02 - Lexikos)
    BBC iPlayer Downloads (HKLM-x32\...\{C3794B09-6C43-4B93-9CA8-F10BECCF2971}) (Version: 1.11.1 - BBC)
    BEHRINGER USB AUDIO DRIVER (HKLM\...\USB_AUDIO_DEusb-audio.deBehringer2902) (Version: - )
    bl (x32 Version: 1.0.0 - Your Company Name) Hidden
    Bluetooth Command Line Tools 1.2 (HKLM-x32\...\{2557A2FA-2A9A-4829-AD02-8DD95C7E4B8B}_is1) (Version: 1.2.0.56 - bluetoothinstaller.com)
    Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
    Chainer v1.0 (HKLM-x32\...\Chainer 1.0) (Version: - )
    Classic Shell (HKLM\...\{840C85B7-D3D6-4143-9AF9-DAE80FD54CFC}) (Version: 4.1.0 - IvoSoft)
    Clipboard History (HKLM-x32\...\ClipboardHistory) (Version: 1.0 - Outertech)
    COMODO Internet Security Premium (HKLM\...\{68BE8BAB-5375-4C99-9116-1808F5968D40}) (Version: 8.1.0.4426 - COMODO Security Solutions Inc.)
    COMODO Programs Manager (HKLM\...\{D968E920-3A49-48EB-BA1D-8964DCDF0CA9}) (Version: 1.3_build_30 - COMODO)
    ConvertHelper 3.1.1 (HKLM\...\{27CC6AB1-E72B-4179-AF1A-EAE507EBAF52}}_is1) (Version: - DownloadHelper)
    Core Temp 1.0 RC6 (HKLM\...\{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1) (Version: 1.0 - Alcpu)
    CPUID CPU-Z 1.72 (HKLM\...\CPUID CPU-Z_is1) (Version: - )
    CSR BlueSuite 2.5.0 (HKLM-x32\...\CSR BlueSuite 2.5.0_is1) (Version: - Cambridge Silicon Radio Ltd.)
    DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 5.0.1.0406 - Disc Soft Ltd)
    DarkAdapted 3.0 (HKLM-x32\...\{FDA06822-011E-4A1E-9B2E-BF25D5C453F8}_is1) (Version: - AquilaDigital Partnership)
    DB Browser for SQLite (HKLM-x32\...\SqliteBrowser3) (Version: 3.6.0 - oldsch00l)
    Direct WAV MP3 Splitter version 2.7.0.25 (HKLM-x32\...\Direct WAV MP3 Splitter_is1) (Version: 2.7.0.25 - Piston Software)
    DiskInternals Partition Recovery (HKLM-x32\...\DiskInternals Partition Recovery) (Version: 5.4 - DiskInternals Research)
    DivX Setup (HKLM-x32\...\DivX Setup) (Version: 2.7.0.31 - DivX, LLC)
    Droid Explorer 0.9.0.2 (x64) (HKLM\...\{CEC12343-D6C5-4C69-9A3D-295A2459B37D}) (Version: 0.9.0.2 - Ryan Conrad)
    EaseUS Data Recovery Wizard 8.6 (HKLM\...\EaseUS Data Recovery Wizard 8.6_is1) (Version: - EaseUS)
    EaseUS Partition Master 10.2 (HKLM-x32\...\EaseUS Partition Master_is1) (Version: - EaseUS)
    EaseUS Todo Backup Advanced Server 7.5 (HKLM-x32\...\EaseUS Todo Backup_is1) (Version: 7.5 - CHENGDU YIWO Tech Development Co., Ltd)
    EasyBCD 2.2 (HKLM-x32\...\EasyBCD) (Version: 2.2 - NeoSmart Technologies)
    EKS Driver Pack 16.12.2010 (HKLM\...\EKS Driver Pack 16.12.2010) (Version: 16.12.2010 - EKS)
    Equalizer APO (HKLM\...\EqualizerAPO) (Version: 0.9.1 - )
    EVEREST Ultimate Edition v5.50 (HKLM-x32\...\EVEREST Ultimate Edition_is1) (Version: 5.50 - Lavalys, Inc.)
    EZdrummer 2 64-bit (HKLM\...\{B9217824-0EBE-49C7-98A0-A76CC46BBB7D}) (Version: 2.0.0 - Toontrack)
    EZdrummer 2 64-bit Update (HKLM\...\{11CC8964-9CB0-46E6-9218-CD39ED4A554D}) (Version: 2.0.1 - Toontrack)
    EZkeys Grand Piano 64 (HKLM\...\{23CA8D91-FD3B-4EE6-BBDF-B5924E7E44EB}) (Version: 1.0.2 - Toontrack)
    EZXPercussion (HKLM-x32\...\{2CC4BC82-41CF-43D3-B533-7283AA8BB86F}) (Version: 1.0 - Toontrack)
    Finale 2012 (HKLM-x32\...\Finale 2012) (Version: 2012.c.r13.4 - MakeMusic)
    FreeFileSync 6.13 (HKLM-x32\...\FreeFileSync_is1) (Version: 6.13 - www.FreeFileSync.org)
    Garritan ARIA Player v1.620 (HKLM\...\__ARIA_1012___is1) (Version: v1.6.2.0 - Garritan)
    Garritan Instruments for Finale (HKLM\...\__ARIA_1013___is1) (Version: v2.0.0.0 - Garritan)
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 44.0.2403.157 - Google Inc.)
    Google Drive (HKLM-x32\...\{12ADFB82-D5A3-43E4-B2F4-FCD9B690315B}) (Version: 1.24.9931.5480 - Google, Inc.)
    Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
    Google Update Helper (x32 Version: 1.3.21.165 - Google Inc.) Hidden
    Google Update Helper (x32 Version: 1.3.28.13 - Google Inc.) Hidden
    Guitar Pro 6 (HKLM-x32\...\{14A487F2-1259-4E6C-AE3C-3C888DDBCB60}_is1) (Version: - Arobas Music)
    Hard Disk Sentinel PRO (HKLM-x32\...\Hard Disk Sentinel_is1) (Version: - HDS)
    HDD Raw Copy Tool v1.02 (HKLM-x32\...\HDD Raw Copy Tool_is1) (Version: - HDDGURU)
    HeavyLoad V3.3 (64 bit) (HKLM\...\HeavyLoad_is1) (Version: 3.3 - JAM Software)
    Hit'n'Mix Play (HKLM-x32\...\Hit'n'Mix Play) (Version: 1.5.8 - Hit'n'Mix Ltd)
    HWiNFO32 Version 4.50 (HKLM-x32\...\HWiNFO32_is1) (Version: 4.50 - Martin Malík - REALiX)
    HWiNFO64 Version 4.50 (HKLM\...\HWiNFO64_is1) (Version: 4.50 - Martin Malík - REALiX)
    Image for Windows 2.86 Trial (HKLM-x32\...\Image for Windows (V2)_is1) (Version: - TeraByte Unlimited)
    Jasc Paint Shop Pro 9 (HKLM-x32\...\{F843C6A3-224D-4615-94F8-3C461BD9AEA0}) (Version: 9.00.0000 - Jasc Software Inc)
    Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
    JBridge (HKLM-x32\...\JBridge) (Version: - JBridge)
    JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
    Jumplist Extender (HKLM-x32\...\{2D5349D5-167D-4D27-BD8C-9117A6C63FED}_is1) (Version: 0.4 - Marco Zafra)
    LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - )
    LatencyMon 6.00 (HKLM\...\LatencyMon_is1) (Version: - Resplendence Software Projects Sp.)
    Lexmark X1100 Series (HKLM\...\Lexmark X1100 Series) (Version: - Lexmark International, Inc.)
    Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
    M-Audio ProKeysSono Driver 6.0.2 (x64) (HKLM\...\{5008FD09-0F0B-4B0B-93FF-A7302137F62E}) (Version: 6.0.2 - M-Audio)
    Max 6.1.10 (x64) (HKLM\...\{C8F67FDD-EE0B-4F60-9FAD-1B49C4E2EB63}) (Version: 136.1.10 - Cycling '74)
    MediaHint (HKLM-x32\...\{35487E7F-80C5-42AB-B6F4-13E603645E44}) (Version: 1.80.0000 - MediaHint)
    MediaInfo 0.7.72 (HKLM\...\MediaInfo) (Version: 0.7.72 - MediaArea.net)
    MediaMonkey 4.1 (HKLM-x32\...\MediaMonkey_is1) (Version: 4.1 - Ventis Media Inc.)
    Medieval CUE Splitter (HKLM-x32\...\{B96D2269-568B-4CBF-9332-12FAE8B158F7}) (Version: 1.2.0 - Medieval Software)
    MeldaProduction MTotalBundle64 8 (HKLM-x32\...\MeldaProduction MTotalBundle64 8) (Version: - MeldaProduction)
    Melodyne Runtime 4.1 (x64) (HKLM\...\{53EE2829-E9DB-4913-B3EA-96F10F84E98B}) (Version: 1.0.1 - Celemony Software GmbH)
    Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4420.1017 - Microsoft Corporation)
    Microsoft OneDrive (HKU\S-1-5-21-2273160904-4274275969-784373220-500\...\OneDriveSetup.exe) (Version: 17.3.5930.0814 - Microsoft Corporation)
    Microsoft OneNote 2013 - en-us (HKLM\...\OneNoteFreeRetail - en-us) (Version: 15.0.4737.1003 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40620.0 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 (HKLM-x32\...\{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}) (Version: 9.0.21022.218 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
    MIDI Yoke (HKLM-x32\...\{CCB3F587-BAD0-4F32-99FC-301E6F9ABAB4}) (Version: 1.75.53 - JOConnell)
    MIDI-OX (HKLM-x32\...\{A6457851-5EA9-45B0-AF1D-D2A0A4781CFB}) (Version: 7.02.372 - MIDIOX Computing)
    Mozilla Firefox 39.0.3 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 39.0.3 (x86 en-US)) (Version: 39.0.3 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 39.0 - Mozilla)
    Mp3tag v2.65a (HKLM-x32\...\Mp3tag) (Version: v2.65a - Florian Heidenreich)
    MusicBrainz Picard (HKLM-x32\...\MusicBrainz Picard) (Version: 1.2 - MusicBrainz)
    Native Instruments Kontakt 5 (HKLM-x32\...\Native Instruments Kontakt 5) (Version: 5.4.2.245 - Native Instruments)
    Native Instruments Kontakt Factory Selection (HKLM-x32\...\Native Instruments Kontakt Factory Selection) (Version: - Native Instruments)
    NirSoft BlueScreenView (HKLM-x32\...\NirSoft BlueScreenView) (Version: - )
    Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.7.4 - Notepad++ Team)
    Novation USB Audio Driver 2.6 (HKLM\...\Novation USB Audio Driver_is1) (Version: 2.6 - Novation DMS Ltd.)
    NVIDIA 3D Vision Controller Driver 340.50 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 340.50 - NVIDIA Corporation)
    NVIDIA 3D Vision Driver 341.44 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 341.44 - NVIDIA Corporation)
    NVIDIA GeForce Experience 2.2.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.2.2 - NVIDIA Corporation)
    NVIDIA Graphics Driver 341.44 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 341.44 - NVIDIA Corporation)
    NVIDIA PhysX System Software 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
    Office 15 Click-to-Run Extensibility Component (Version: 15.0.4737.1003 - Microsoft Corporation) Hidden
    Office 15 Click-to-Run Licensing Component (Version: 15.0.4737.1003 - Microsoft Corporation) Hidden
    Office 15 Click-to-Run Localization Component (Version: 15.0.4737.1003 - Microsoft Corporation) Hidden
    OpenOffice 4.1.1 (HKLM-x32\...\{9395F41D-0F80-432E-9A59-B8E477E7E163}) (Version: 4.11.9775 - Apache Software Foundation)
    Oracle VM VirtualBox 4.3.28 (HKLM\...\{E8BB81BC-E67C-4750-84EE-128DA5A7ADA5}) (Version: 4.3.28 - Oracle Corporation)
    OSFMount v1.5 (HKLM\...\OSFMount_is1) (Version: 1.5.1015 - Passmark Software)
    Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
    Oxford Spanish Dictionary (HKLM-x32\...\Oxford Spanish Dictionary) (Version: - )
    PACE License Support Win64 (HKLM-x32\...\InstallShield_{72ad9d51-0903-4fe7-af5d-33b3185fa6e9}) (Version: 2.4.7.0852 - PACE Anti-Piracy, Inc.)
    PACE License Support Win64 (Version: 2.4.7.0852 - PACE Anti-Piracy, Inc.) Hidden
    ph (x32 Version: 1.0.0 - Your Company Name) Hidden
    Pianoteq v2.3.0 (HKLM-x32\...\Pianoteq23) (Version: - )
    Process Hacker 2.33 (r5590) (HKLM\...\Process_Hacker2_is1) (Version: 2.33.0.5590 - wj32)
    QtWeb Internet Browser 3.8.5 (HKLM-x32\...\{13C0E1F7-BB8A-4545-B25E-628D025A94AD}_is1) (Version: - QtWeb.NET)
    QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
    Quod Libet - audio library tagger, manager, and player (HKLM-x32\...\Quod Libet) (Version: - )
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7399 - Realtek Semiconductor Corp.)
    ReNamer (HKLM-x32\...\ReNamer_is1) (Version: 5.50 - [den4b] Denis Kozlov)
    Resource Hacker Version 3.6.0 (HKLM-x32\...\ResourceHacker_is1) (Version: - )
    Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
    R-Studio 7.5 (HKLM-x32\...\R-Studio 7.5NSIS) (Version: 7.5.156292 - R-Tools Technology Inc.)
    Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.3.15045.4 - Samsung Electronics Co., Ltd.)
    Samsung Kies (x32 Version: 2.6.3.15045.4 - Samsung Electronics Co., Ltd.) Hidden
    SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.49.0 - SAMSUNG Electronics Co., Ltd.)
    Seagate DiscWizard (HKLM-x32\...\{80AB2C3C-87B7-47C7-928C-ED5374631C97}) (Version: 16.0.5840 - Seagate)
    SHIELD Streaming (Version: 4.0.1000 - NVIDIA Corporation) Hidden
    SHIELD Wireless Controller Driver (Version: 17.12.8 - NVIDIA Corporation) Hidden
    Similarity 64-bit 1.9.2 (HKLM\...\{02F06E82-CCC3-4F71-ADC6-A65338E4A9DF}) (Version: 1.9.1941 - GAR Software)
    Skype Web Plugin (HKLM-x32\...\{75BBD24C-C19A-4885-B8FD-EB15009277D3}) (Version: 7.5.0.123 - Skype Technologies S.A.)
    Skype™ 7.6 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.6.105 - Skype Technologies S.A.)
    Snagit 12 (HKLM-x32\...\{d02e7440-ca9b-4c28-b0bf-f226a6c79efd}) (Version: 12.3.1.2879 - TechSmith Corporation)
    Snagit 12 (x32 Version: 12.3.1 - TechSmith Corporation) Hidden
    SopCast 3.9.6 (HKLM-x32\...\SopCast) (Version: 3.9.6 - www.sopcast.com)
    Spectrasonics Trilian Library version 1.0 (HKLM-x32\...\Spectrasonics Trilian Library_is1) (Version: - Copyright (C) 2009-2011 Spectrasonics)
    SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version: - )
    Spotify (HKU\S-1-5-21-2273160904-4274275969-784373220-500\...\Spotify) (Version: 1.0.4.90.g0b6df40b - Spotify AB)
    Spotydl 0.9.37.0 (HKLM-x32\...\Spotydl_is1) (Version: 0.9.37.0 - spotydl.com)
    SUPER © v2015.build.64+Recorder (2015/02/13) version v2015.buil (HKLM-x32\...\{8E2A29E2-96BF-8759-4DA7-5C16C90729A4}_is1) (Version: v2015.build.64+Recorder - eRightSoft)
    Superior Drummer 64-bit (HKLM\...\{22029AEE-38DF-4E35-AEF4-FE8CA3F6667F}) (Version: 2.4.0 - Toontrack)
    Superior Drummer Installer (HKLM-x32\...\{009AC76E-1A66-4682-82B7-417E77F3C648}) (Version: 2.0.1 - Toontrack)
    Tag&Rename 3.8.6 (HKLM-x32\...\Tag&Rename_is1) (Version: 3.8.6 - Softpointer Inc)
    TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.38475 - TeamViewer)
    TeraCopy 2.3 (HKLM\...\TeraCopy_is1) (Version: - Code Sector)
    TotalDocConverter (HKLM-x32\...\Total Doc Converter_is1) (Version: - Softplicity, Inc.)
    Tunatic (HKLM-x32\...\Tunatic) (Version: - )
    TuneUp Utilities 2014 (en-US) (x32 Version: 14.0.1000.221 - TuneUp Software) Hidden
    TuneUp Utilities 2014 (HKLM-x32\...\TuneUp Utilities) (Version: 14.0.1000.221 - TuneUp Software)
    TuneUp Utilities 2014 (x32 Version: 14.0.1000.221 - TuneUp Software) Hidden
    TunnelBear (HKLM-x32\...\{a8a8801e-37a4-4866-a5dc-2d8b0943b84c}) (Version: 2.3.13.0 - TunnelBear)
    TunnelBear (x32 Version: 2.3.13.0 - TunnelBear) Hidden
    Undelete 360 (HKLM-x32\...\Undelete 360_is1) (Version: - File Recovery Ltd.)
    Universal Adb Driver (HKLM-x32\...\{D9C4202E-6D51-4B06-A8F1-22316E654BCA}) (Version: 1.0.0 - ClockworkMod)
    Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb)
    VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
    Video Download Capture V4.8.0 (HKLM-x32\...\{3C9D008D-3716-4C3F-90CD-38ED57568FAB}_is1) (Version: 4.8.0 - Apowersoft)
    Virtual Audio Cable 4.10 (HKLM\...\Virtual Audio Cable 4.10) (Version: - )
    Virtual Disk Driver (HKLM-x32\...\{6B6137AE-281D-419E-9F40-FFD1B42A740D}) (Version: 1.1.2141 - Acronis)
    VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
    WhoCrashed 5.03 (HKLM\...\WhoCrashed_is1) (Version: - Resplendence Software Projects Sp.)
    Windows Driver Package - Cambridge Silicon Radio Ltd. (CSRBC) USB (02/03/2011 2.4.0.0) (HKLM\...\88C277C6E63CBDAF35A096E80A5B97A29A619D3A) (Version: 02/03/2011 2.4.0.0 - Cambridge Silicon Radio Ltd.)
    Windows Driver Package - Cambridge Silicon Radio Ltd. (USBSPI) USB (01/21/2011 2.4.0.0) (HKLM\...\516F2BEA6007D982DCE90BA1592C17F0FFD75DBA) (Version: 01/21/2011 2.4.0.0 - Cambridge Silicon Radio Ltd.)
    WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
    Xentone version 1.3.61 (HKLM-x32\...\{06AF433A-92A9-4DFB-A7F3-2F413BB35A8B}}_is1) (Version: 1.3.61 - H-Pi Instruments)
    YouTubeByClick (HKLM-x32\...\{C05E2D5A-938F-41AD-98C5-A6BCBC69CE2F}) (Version: 2.2.10 - YouTubeByClick.com)
    YTD Video Downloader 4.9 (HKLM-x32\...\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}) (Version: 4.9 - GreenTree Applications SRL) <==== ATTENTION

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    CustomCLSID: HKU\S-1-5-21-2273160904-4274275969-784373220-500_Classes\CLSID\{2FF31824-C74B-43A1-1CC9-3201696135BC}\InprocServer32 -> C:\Windows\SYSTEM32\ole32.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-2273160904-4274275969-784373220-500_Classes\CLSID\{59CA9673-A08B-489C-8932-1C3E0CF244D8}\localserver32 -> C:\Users\Administrator\AppData\Local\SkypePlugin\7.5.0.123\GatewayVersion-x64.exe (Skype Technologies S.A.)
    CustomCLSID: HKU\S-1-5-21-2273160904-4274275969-784373220-500_Classes\CLSID\{B982932A-124D-489C-A7B3-8BCD1FDB8DD3}\InprocServer32 -> C:\Users\Administrator\AppData\Local\SkypePlugin\7.5.0.123\GatewayActiveX-x64.dll (Skype Technologies S.A.)
    CustomCLSID: HKU\S-1-5-21-2273160904-4274275969-784373220-500_Classes\CLSID\{CBF9CD8C-2714-4F36-B76A-43E6C7547BC2}\localserver32 -> C:\Users\Administrator\AppData\Local\SkypePlugin\7.5.0.123\EdgeCalling.exe (Skype Technologies S.A.)
    CustomCLSID: HKU\S-1-5-21-2273160904-4274275969-784373220-500_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\17.3.5930.0814_1\amd64\FileSyncApi64.dll (Microsoft Corporation)

    ==================== Restore Points =========================

    09-08-2015 14:41:01 Scheduled Checkpoint
    14-08-2015 17:50:17 Installed Software Updater
    21-08-2015 20:04:54 Scheduled Checkpoint
    22-08-2015 21:21:33 Installed Compatibility Pack for the 2007 Office system
    29-08-2015 21:46:19 Revo Uninstaller's restore point - Sony Ericsson Update Service
    30-08-2015 01:22:57 Restore Operation
    30-08-2015 08:08:22 Before flash update after restore

    ==================== Hosts content: ===============================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2013-08-22 15:25 - 2015-07-01 01:57 - 00000877 ____A C:\Windows\system32\Drivers\etc\hosts
    127.0.0.1 www.meldaproduction.com

    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {01828FF6-966A-4547-89BE-BA5A6D870203} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2015-06-12] (COMODO)
    Task: {0434ED0A-02E4-4377-BBBB-41A6936BAFBA} - System32\Tasks\AllmyappsUpdateTask => C:\Users\Administrator\AppData\Roaming\Allmyapps\Allmyapps.exe [2014-04-04] (Allmyapps SAS)
    Task: {067463E9-03F5-4E50-9D31-65ECF68B1F0C} - System32\Tasks\COMODO\COMODO Scan {F140D794-60B6-4F00-9235-D6457AA25B22} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2015-06-12] (COMODO)
    Task: {17B8FF30-AB86-45C0-939B-4F7D72C15537} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-2273160904-4274275969-784373220-500 => %localappdata%\Microsoft\OneDrive\OneDrive.exe
    Task: {19D06676-597C-4187-91A5-40B5DD2BD986} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2015-02-08] (Microsoft Corporation)
    Task: {1EDAAA73-43AD-4D9E-875B-67EE4C418BD1} - System32\Tasks\AdobeAAMUpdater-1.0-Dales-PC-Administrator => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2013-03-21] (Adobe Systems Incorporated)
    Task: {2CAADEC8-0729-4BE1-8FC1-C7B04DB78326} - System32\Tasks\{2197BCF0-4C78-47ED-8786-E6EC2178D3A7} => Firefox.exe http://ui.skype.com/ui/0/7.6.85.105/en/go/help.faq.installer?LastError=1603
    Task: {4DCF11D7-AD36-4436-9AB8-7F8208E69E71} - System32\Tasks\HardDiskSentinel\Hard Disk Sentinel_Administrator => C:\Program Files (x86)\Hard Disk Sentinel\HDSentinel.exe [2015-02-08] (H.D.S. Hungary)
    Task: {5D1B51F4-0905-4261-BBD2-E4E4AF6FA618} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
    Task: {5FD3960E-39ED-439E-8372-CC00A8E28C08} - System32\Tasks\{87CF9565-6A72-4FA2-B9DF-7C37814BDC8B} => Firefox.exe http://www.skype.com/go/downloading?source=lightinstaller&amp;ver=7.1.0.105&amp;LastError=12002
    Task: {67ED5FDD-C06F-4446-9409-04952F093942} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-07-26] (Microsoft Corporation)
    Task: {67F47573-EBF5-4B19-A167-CFEC0BB5E93B} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-08-30] (Adobe Systems Incorporated)
    Task: {6870BB2C-E93C-445E-8488-1C379FD0E1E2} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-26] (Adobe Systems Incorporated)
    Task: {6E00464F-41BC-4880-A8DD-FCDEB99C1022} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2015-02-08] (Microsoft Corporation)
    Task: {79B34201-A62A-47B6-A258-5FF0A398990A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
    Task: {876DB197-CAC1-4365-B483-46E4F34C073E} - System32\Tasks\COMODO\COMODO Cache Builder {0FB77674-7905-4F34-A362-C5A9A26F8CF9} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2015-06-12] (COMODO)
    Task: {8B936048-9BC0-4EFB-B7D2-53D2F4A90ADC} - System32\Tasks\TechSmith Updater => C:\Program Files (x86)\Common Files\TechSmith Shared\Updater\TSCUpdClt.exe [2015-03-31] (TechSmith Corporation)
    Task: {A0459977-33F3-4E0E-8396-DCD96DC1B94E} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2015-02-08] (Microsoft Corporation)
    Task: {AB848DC0-BA68-48DE-9274-E18DC5F50F72} - System32\Tasks\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2015-06-12] (COMODO)
    Task: {ADA39BA3-6806-441A-A59C-DB1A83CC1869} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2015-06-12] (COMODO)
    Task: {BD797F8E-1326-41E3-811A-3310E17F39AF} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-07-26] (Microsoft Corporation)

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

    ==================== Loaded Modules (Whitelisted) ==============

    2014-09-02 21:51 - 2014-09-02 21:51 - 00537600 _____ () C:\Program Files\EqualizerAPO\EqualizerAPO.dll
    2011-09-05 17:11 - 2011-09-05 17:11 - 00116032 _____ () C:\Program Files\COMODO\COMODO Programs Manager\CPMService.exe
    2013-04-15 19:39 - 2015-01-09 00:02 - 00067808 _____ () C:\Program Files\COMODO\COMODO Internet Security\scanners\smart.cav
    2015-02-26 18:24 - 2015-02-26 18:24 - 00240680 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe
    2012-10-01 22:36 - 2012-10-01 22:36 - 06522480 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
    2015-02-26 18:24 - 2015-02-26 18:24 - 00098824 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CodeLog.dll
    2015-02-26 18:24 - 2015-02-26 18:24 - 00031240 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CheckTool.dll
    2015-02-26 18:24 - 2015-02-26 18:24 - 00017416 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CompressFile.dll
    2015-02-26 18:24 - 2015-02-26 18:24 - 00088584 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\TBGetRemoteNetInfo.dll
    2015-02-26 18:24 - 2015-02-26 18:24 - 01296392 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\libxml2.dll
    2015-02-26 18:24 - 2015-02-26 18:24 - 00060936 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\zlib1.dll
    2015-02-26 18:24 - 2015-02-26 18:24 - 00107528 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\ActivationOnline.dll
    2015-02-26 18:24 - 2015-02-26 18:24 - 00075784 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\logsys.dll
    2015-02-26 18:24 - 2015-02-26 18:24 - 00030216 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\DiskSearchImg.dll
    2015-02-26 18:24 - 2015-02-26 18:24 - 00068104 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\MountImg.dll
    2015-02-26 18:24 - 2015-02-26 18:24 - 00158216 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\ImgFile.dll
    2015-02-26 18:24 - 2015-02-26 18:24 - 00275976 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\DsImgFile.dll
    2015-02-26 18:24 - 2015-02-26 18:24 - 00072200 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CheckImg.dll
    2015-02-26 18:24 - 2015-02-26 18:24 - 00139784 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\vhdvmdk.dll
    2015-02-26 18:24 - 2015-02-26 18:24 - 00037384 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\BootDriver.dll
    2015-02-26 18:24 - 2015-02-26 18:24 - 00297512 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\ExchBackupSize.dll
    2015-02-26 18:24 - 2015-02-26 18:24 - 00743976 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\ExImage.dll
    2015-02-26 18:24 - 2015-02-26 18:24 - 00472616 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\ExchBackupSizeEx.dll
    2015-02-26 18:24 - 2015-02-26 18:24 - 00193032 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\EmailBackupSize.dll
    2015-02-26 18:24 - 2015-02-26 18:24 - 00255496 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\AndroidImage.dll
    2015-02-26 18:24 - 2015-02-26 18:24 - 00243344 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\uexper.dll
    2015-02-26 18:24 - 2015-02-26 18:24 - 00163914 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\libssh2.dll
    2015-02-26 18:24 - 2015-02-26 18:24 - 00145928 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\EnumDisk.dll
    2015-02-26 18:24 - 2015-02-26 18:24 - 00076808 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\FatLib.dll
    2015-02-26 18:24 - 2015-02-26 18:24 - 00207880 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\NTFSLib.dll
    2015-02-26 18:24 - 2015-02-26 18:24 - 00024584 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\GetDriverInfo.dll
    2015-02-26 18:24 - 2015-02-26 18:24 - 00020488 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CorrectMbr.dll
    2015-02-26 18:24 - 2015-02-26 18:24 - 00032264 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\EnumTapeDevice.dll
    2015-02-26 18:24 - 2015-02-26 18:24 - 00034824 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\TbTapeBrowse.dll
    2015-02-26 18:24 - 2015-02-26 18:24 - 00064008 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\RegLib.dll
    2015-02-26 18:24 - 2015-02-26 18:24 - 00022536 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\AccountManager.dll
    2015-02-26 18:24 - 2015-02-26 18:24 - 00115720 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\NasOperator.dll
    2015-02-26 18:24 - 2015-02-26 18:24 - 00194056 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\EmailBrowser.dll
    2015-02-26 18:24 - 2015-02-26 18:24 - 00135688 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CloudOperator.dll
    2015-02-26 18:24 - 2015-02-26 18:24 - 00037896 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\ActiveOnline.dll
    2015-02-26 18:24 - 2015-02-26 18:24 - 00135688 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\VMConfig.dll
    2015-02-26 18:24 - 2015-02-26 18:24 - 00019976 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\AndroidDeviceManager.dll
    2015-02-26 18:24 - 2015-02-26 18:24 - 00043016 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\TbDataSwap.dll
    2015-02-26 18:24 - 2015-02-26 18:24 - 00096776 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\TBFireWall.dll
    2015-02-26 18:24 - 2015-02-26 18:24 - 00353800 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\DeviceManager.dll
    2015-02-26 18:24 - 2015-02-26 18:24 - 00027144 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\DeviceAdapter.dll
    2015-02-26 18:24 - 2015-02-26 18:24 - 00137224 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\Device.dll
    2015-02-26 18:24 - 2015-02-26 18:24 - 00146952 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\Partition.dll
    2015-02-26 18:24 - 2015-02-26 18:24 - 00050184 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\FileSystemAnalyser.dll
    2015-02-26 18:24 - 2015-02-26 18:24 - 00061960 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\FATFileSystemAnalyser.dll
    2015-02-26 18:24 - 2015-02-26 18:24 - 00089608 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\Common.dll
    2015-02-26 18:24 - 2015-02-26 18:24 - 00056328 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\NTFSFileSystemAnalyser.dll
    2015-02-26 18:24 - 2015-02-26 18:24 - 00223752 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\SmartBackup.dll
    2010-11-22 15:26 - 2010-11-22 15:26 - 00047880 _____ () C:\Program Files (x86)\ClipboardHistory\ClipboardHotkey.dll
    2013-01-10 15:43 - 2013-01-10 15:43 - 00014360 _____ () C:\Program Files (x86)\Common Files\Acronis\TibMounter\icudt38.dll
    2015-08-30 09:44 - 2015-08-30 09:44 - 00158720 _____ () C:\Users\Administrator\AppData\Local\Temp\sfareca00001.dll
    2015-02-09 00:59 - 2015-08-30 09:44 - 00192512 _____ () C:\Users\Administrator\AppData\Local\Temp\sfamcc00001.dll
     
  5. Califauna

    Califauna TS Rookie Topic Starter Posts: 20

    ***SECOND PART OF ADDITIONAL***


    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)

    AlternateDataStreams: C:\Program Files (x86)\JumplistLauncher.exe:$CmdTcID
    AlternateDataStreams: C:\Windows\Ckconfig.exe:$CmdTcID
    AlternateDataStreams: C:\Windows\Ckrfresh.exe:$CmdTcID
    AlternateDataStreams: C:\Windows\lsb_un20.exe:$CmdTcID
    AlternateDataStreams: C:\Windows\MASetupCaller.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\MusiccityDownload.exe:$CmdTcID
    AlternateDataStreams: C:\Windows\Setup_ck.exe:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\AcpiServiceVnA64.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\actxprxy.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\AdobePDF.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\AdobePDFUI.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\AERTAC64.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\AERTAR64.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\audioLibVc.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\BcmBtRSupport.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\BootMan.exe:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\btwdi.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\BtwRSupportService.exe:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\certcli.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\Ckldrv.sys:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\CONEQMSAPOGUILibrary.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\Crypserv.exe:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\CsrSecCoins.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\CX64APO.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\d3dx10_43.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\d3dx11_43.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\D3DX9_43.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\DDPA64.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\DDPA64F3.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\DDPD64A.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\DDPD64AF3.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\DDPO64A.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\DDPO64AF3.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\DDPP64A.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\DDPP64AF3.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\dns-sd.exe:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\DTSBassEnhancementDLL64.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\DTSBoostDLL64.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\DTSGainCompensatorDLL64.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\DTSGFXAPO64.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\DTSGFXAPONS64.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\DTSLFXAPO64.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\DTSLimiterDLL64.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\DTSNeoPCDLL64.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\DTSS2HeadphoneDLL64.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\DTSS2SpeakerDLL64.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\DTSSymmetryDLL64.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\DTSU2PGFX64.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\DTSU2PLFX64.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\DTSU2PREC64.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\DTSVoiceClarityDLL64.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\dxtmsft.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\ep0icd3.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\EuEpmGdi.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\E_GCINST.DLL:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\E_YD4BNFE.DLL:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\E_YLMBNFE.DLL:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\fbnative.exe:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\FMAPO64.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\hpinkcoiB111.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\hpinkinsB111.exe:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\hpinkstsB111LM.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\ICEsoundAPO64.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\ie4uinit.exe:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\ieapfltr.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\iedkcs32.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\ieframe.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\iertutil.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\inetcomm.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\inetcpl.cpl:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\jscript.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\jscript9.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\KAAPORT64.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\lxbkcfg.exe:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\lxbkcnv4.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\lxbkcnv5.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\lxbkcoin.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\lxbkcoms.exe:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\lxbkdrs.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\lxbkg.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\lxbkih.exe:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\lxbkvs.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\M-AudioTaskBarIcon.exe:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\MaxxAudioAPO20.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\MaxxAudioAPO30.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\MaxxAudioAPO4064.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\MaxxAudioAPO5064.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\MaxxAudioAPO6064.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\MaxxAudioAPOShell64.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\MaxxAudioEQ64.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\MaxxAudioRealtek64.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\MaxxSpeechAPO64.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\MaxxVoiceAPO2064.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\MaxxVoiceAPO3064.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\MaxxVolumeSDAPO.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\MISS_APO.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\MRT.exe:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\msfeeds.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\mshtml.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\MshtmlDac.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\mshtmled.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\mv91xxm.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\NAHIMICAPOlfx.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\NahimicAPONSControl.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\ntdll.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\ntoskrnl.exe:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\nvapi64.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\nvaudcap64v.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\nvcompiler.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\nvcuda.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\nvcuvid.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\nvd3dumx.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\nvdispco6434144.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\nvdispgenco6434144.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\NvFBC64.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\NvIFR64.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\nvnusbaudio_coinst.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\nvoglv64.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\nvopencl.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\nvvsvc.exe:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\nvwgf2umx.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\oleaut32.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\OpenCL.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\PresentationNative_v0300.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\R4EEA64A.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\R4EED64A.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\R4EEG64A.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\R4EEL64A.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\R4EEP64A.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\RCoInstII64.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\RltkAPO64.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\RP3DAA64.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\RP3DHT64.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\RTCOM64.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\RtDataProc64.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\RTEED64A.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\RTEEG64A.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\RTEEL64A.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\RTEEP64A.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\RtkApi64.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\RtkCfg64.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\RtkCoLDR64.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\RtlCPAPI64.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\RtNicProp64.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\RtPgEx64.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\rtscan.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\RTSnMg64.cpl:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\scesrv.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\schannel.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\SFAPO64.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\SFCOM64.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\SFNHK64.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\SFSS_APO.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\sl3apo64.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\slcnt64.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\slprp64.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\sltech64.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\sppobjs.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\SRAPO64.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\SRCOM.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\SRCOM64.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\SRRPTR64.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\SRSHP64.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\SRSTSH64.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\SRSTSX64.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\SRSWOW64.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\tadefxapo.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\tadefxapo264.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\tepeqapo64.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\tosade.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\tosasfapo64.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\toseaeapo64.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\tossaeapo64.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\TsWpfWrp.exe:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\urlmon.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\VBoxNetFltNobj.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\vbscript.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\WavesGUILib64.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\WdfCoInstaller01007.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\wdfcoinstaller01009.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\webcheck.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\wiafbdrv.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\win32k.sys:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\WindowsCodecs.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\wininet.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\WinUSBCoInstaller.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\WSDScDrv.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\YamahaAE.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\ApowersoftScreenCapturing.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\ApowersoftScreenCapturingFilter.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\ApowersoftVideoMixerFilter.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\BootMan.exe:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\certcli.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\d3dx10_43.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\d3dx11_43.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_31.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\D3DX9_43.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\dgderapi.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\dns-sd.exe:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\drvc.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\dxtmsft.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\epmntdrv.sys:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\EuEpmGdi.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\EuGdiDrv.sys:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\FlashPlayerApp.exe:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\ieapfltr.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\iedkcs32.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\ieframe.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\iepeers.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\iertutil.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\inetcomm.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\inetcpl.cpl:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\jscript.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\jscript9.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\lxbkcfg.exe:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\lxbkcoms.exe:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\lxbkih.exe:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\lxbkppls.exe:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\MASetupCleaner.exe:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\MFC71ESP.DLL:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\msfeeds.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\mshtml.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\MshtmlDac.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\muzapp.exe:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\ntdll.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\nvapi.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\nvaudcap32v.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\nvcompiler.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\nvcuda.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\nvcuvid.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\nvd3dum.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\NvFBC.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\NvIFR.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\nvoglv32.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\nvopencl.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\nvStreaming.exe:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\nvwgf2um.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\oleaut32.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\Olepau32.ax:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\OpenCL.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\pncrt.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\PresentationNative_v0300.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\Redemption.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\RltkAPO.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\scesrv.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\schannel.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\setupempdrv03.exe:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\SFCOM.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\SRCOM.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\swscale-lav-2.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\TAKDSDecoder.ax:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\TsWpfWrp.exe:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\urlmon.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\vbscript.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\webcheck.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\WindowsCodecs.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\wininet.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\Drivers\Apowersoft_AudioDevice.sys:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\Drivers\bcbtums.sys:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\Drivers\bthav.sys:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\Drivers\btwampfl.sys:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\Drivers\cng.sys:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\Drivers\csrbc.sys:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\Drivers\csrusbfilter.sys:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\Drivers\dtlitescsibus.sys:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\Drivers\eksmidi.sys:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\Drivers\eubakup.sys:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\Drivers\EUBKMON.sys:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\Drivers\eudskacs.sys:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\Drivers\EuFdDisk.sys:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\Drivers\iaStorA.sys:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\Drivers\jraid.sys:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\Drivers\ksecpkg.sys:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\Drivers\MAudioProKeysSono.sys:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\Drivers\MAudioProKeysSono_DFU.sys:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\Drivers\mbam.sys:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\Drivers\mbamchameleon.sys:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\Drivers\mv91cons.sys:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\Drivers\mvs91xx.sys:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\Drivers\mvxxmm.sys:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\Drivers\mwac.sys:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\Drivers\nvlddmkm.sys:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\Drivers\nvnusbaudio.sys:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\Drivers\nvvad64v.sys:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\Drivers\phylock.sys:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\Drivers\rsdrvx64.sys:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\Drivers\rspLLL64.sys:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\Drivers\Rt630x64.sys:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\Drivers\RTKVHD64.sys:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\Drivers\tap-tb-0901.sys:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\Drivers\tosporte.sys:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\Drivers\tosrfbd.sys:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\Drivers\tosrfbnp.sys:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\Drivers\tosrfcom.sys:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\Drivers\Tosrfhid.sys:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\Drivers\tosrfnds.sys:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\Drivers\TosRfSnd.sys:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\Drivers\tosrfusb.sys:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\Drivers\usbscan.sys:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\Drivers\VBoxDrv.sys:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\Drivers\VBoxNetAdp.sys:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\Drivers\VBoxNetFlt.sys:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\Drivers\VBoxUSB.sys:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\Drivers\VBoxUSBMon.sys:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\Drivers\WSDScan.sys:$CmdTcID
    AlternateDataStreams: C:\Users\Administrator\Cookies:RxhZ9woyaG2Kyu070E6ze
    AlternateDataStreams: C:\Users\Administrator\Local Settings:rJ4j1Rw0zYvQPSIMvmMh
    AlternateDataStreams: C:\Users\Administrator\Desktop\Num_2._Art_4._Diane_Fromage.pdf:$CmdZnID
    AlternateDataStreams: C:\Users\Administrator\Desktop\Run Explorer as System.bat:$CmdTcID
    AlternateDataStreams: C:\Users\Administrator\Downloads\11760405_10153030110535679_1542847361_o.jpg:$CmdZnID
    AlternateDataStreams: C:\Users\Administrator\Downloads\341.44-desktop-win8-win7-winvista-64bit-international-whql.exe:$CmdTcID
    AlternateDataStreams: C:\Users\Administrator\Downloads\341.44-desktop-win8-win7-winvista-64bit-international-whql.exe:$CmdZnID
    AlternateDataStreams: C:\Users\Administrator\Downloads\adwcleaner_4.207.exe:$CmdZnID
    AlternateDataStreams: C:\Users\Administrator\Downloads\Andy_Android_Emulator_v44_10.exe:$CmdZnID
    AlternateDataStreams: C:\Users\Administrator\Downloads\B00TFORUM8.htm:$CmdZnID
    AlternateDataStreams: C:\Users\Administrator\Downloads\ChromeSetup.exe:$CmdZnID
    AlternateDataStreams: C:\Users\Administrator\Downloads\Cibo Matto-Spoon.mp3:$CmdTcID
    AlternateDataStreams: C:\Users\Administrator\Downloads\Cibo Matto-Spoon.mp3:$CmdZnID
    AlternateDataStreams: C:\Users\Administrator\Downloads\epson378919eu.pdf:$CmdZnID
    AlternateDataStreams: C:\Users\Administrator\Downloads\epson513359eu.exe:$CmdTcID
    AlternateDataStreams: C:\Users\Administrator\Downloads\epson513359eu.exe:$CmdZnID
    AlternateDataStreams: C:\Users\Administrator\Downloads\ercclptn-unplgged2013.rar.part:$CmdTcID
    AlternateDataStreams: C:\Users\Administrator\Downloads\Eric Clapton - Change The World (Pro)(1).gp3:$CmdZnID
    AlternateDataStreams: C:\Users\Administrator\Downloads\Eric Clapton - Change The World (Pro)(2).gp3:$CmdZnID
    AlternateDataStreams: C:\Users\Administrator\Downloads\Eric Clapton - Change The World (Pro).gp3:$CmdZnID
    AlternateDataStreams: C:\Users\Administrator\Downloads\Eric Clapton - Change The World (Pro).gp4:$CmdZnID
    AlternateDataStreams: C:\Users\Administrator\Downloads\Eric Clapton - Old Love (Pro).gp3:$CmdZnID
    AlternateDataStreams: C:\Users\Administrator\Downloads\Eric Clapton - Old Love (Pro).gp5:$CmdZnID
    AlternateDataStreams: C:\Users\Administrator\Downloads\Eric Clapton - Old Love (Unplugged, 1992) (E. Matacena).mp3:$CmdTcID
    AlternateDataStreams: C:\Users\Administrator\Downloads\Eric Clapton - Old Love (Unplugged, 1992) (E. Matacena).mp3:$CmdZnID
    AlternateDataStreams: C:\Users\Administrator\Downloads\Eric Clapton - Old Love [MTV Unplugged] [vk.comsmfm_radio] (S. Afanasyev).mp3:$CmdTcID
    AlternateDataStreams: C:\Users\Administrator\Downloads\Eric Clapton - Old Love [MTV Unplugged] [vk.comsmfm_radio] (S. Afanasyev).mp3:$CmdZnID
    AlternateDataStreams: C:\Users\Administrator\Downloads\FicheroCliente(1).pdf:$CmdTcID
    AlternateDataStreams: C:\Users\Administrator\Downloads\FicheroCliente(1).pdf:$CmdZnID
    AlternateDataStreams: C:\Users\Administrator\Downloads\FicheroCliente(2).pdf:$CmdTcID
    AlternateDataStreams: C:\Users\Administrator\Downloads\FicheroCliente(2).pdf:$CmdZnID
    AlternateDataStreams: C:\Users\Administrator\Downloads\FicheroCliente.pdf:$CmdZnID
    AlternateDataStreams: C:\Users\Administrator\Downloads\Flash_tool_for_Xperia_6.zip:$CmdZnID
    AlternateDataStreams: C:\Users\Administrator\Downloads\FRST64.exe:$CmdZnID
    AlternateDataStreams: C:\Users\Administrator\Downloads\gapa.zip:$CmdTcID
    AlternateDataStreams: C:\Users\Administrator\Downloads\gapa.zip:$CmdZnID
    AlternateDataStreams: C:\Users\Administrator\Downloads\HitmanPro_x64(1).exe:$CmdTcID
    AlternateDataStreams: C:\Users\Administrator\Downloads\HitmanPro_x64(1).exe:$CmdZnID
    AlternateDataStreams: C:\Users\Administrator\Downloads\HojaDeFirmas.pdf:$CmdTcID
    AlternateDataStreams: C:\Users\Administrator\Downloads\HojaDeFirmas.pdf:$CmdZnID
    AlternateDataStreams: C:\Users\Administrator\Downloads\interim-101-guidance-12-2014.PDF:$CmdZnID
    AlternateDataStreams: C:\Users\Administrator\Downloads\JBL_CHARGE_2.7z:$CmdZnID
    AlternateDataStreams: C:\Users\Administrator\Downloads\JRT.exe:$CmdTcID
    AlternateDataStreams: C:\Users\Administrator\Downloads\JRT.exe:$CmdZnID
    AlternateDataStreams: C:\Users\Administrator\Downloads\manhunter.(1986).eng.1cd.(3546915).zip:$CmdTcID
    AlternateDataStreams: C:\Users\Administrator\Downloads\manhunter.(1986).eng.1cd.(3546915).zip:$CmdZnID
    AlternateDataStreams: C:\Users\Administrator\Downloads\Movimiento_0:$CmdTcID
    AlternateDataStreams: C:\Users\Administrator\Downloads\Movimiento_0:$CmdZnID
    AlternateDataStreams: C:\Users\Administrator\Downloads\Movimiento_0(1):$CmdTcID
    AlternateDataStreams: C:\Users\Administrator\Downloads\Movimiento_0(1):$CmdZnID
    AlternateDataStreams: C:\Users\Administrator\Downloads\Movimiento_2:$CmdZnID
    AlternateDataStreams: C:\Users\Administrator\Downloads\NPE.exe:$CmdZnID
    AlternateDataStreams: C:\Users\Administrator\Downloads\phylock_ifw2.zip:$CmdTcID
    AlternateDataStreams: C:\Users\Administrator\Downloads\phylock_ifw2.zip:$CmdZnID
    AlternateDataStreams: C:\Users\Administrator\Downloads\Pink-Tambourine.rar:$CmdTcID
    AlternateDataStreams: C:\Users\Administrator\Downloads\Pink-Tambourine.rar:$CmdZnID
    AlternateDataStreams: C:\Users\Administrator\Downloads\Pro027.xlsx:$CmdZnID
    AlternateDataStreams: C:\Users\Administrator\Downloads\Prosodic Typology Revisited_Adding Macro-Rhythm(1).pdf:$CmdTcID
    AlternateDataStreams: C:\Users\Administrator\Downloads\Prosodic Typology Revisited_Adding Macro-Rhythm(1).pdf:$CmdZnID
    AlternateDataStreams: C:\Users\Administrator\Downloads\Prosodic Typology Revisited_Adding Macro-Rhythm(2).pdf:$CmdTcID
    AlternateDataStreams: C:\Users\Administrator\Downloads\Prosodic Typology Revisited_Adding Macro-Rhythm(2).pdf:$CmdZnID
    AlternateDataStreams: C:\Users\Administrator\Downloads\Prosodic Typology Revisited_Adding Macro-Rhythm(3).pdf:$CmdTcID
    AlternateDataStreams: C:\Users\Administrator\Downloads\Prosodic Typology Revisited_Adding Macro-Rhythm(3).pdf:$CmdZnID
    AlternateDataStreams: C:\Users\Administrator\Downloads\Prosodic Typology Revisited_Adding Macro-Rhythm.pdf:$CmdTcID
    AlternateDataStreams: C:\Users\Administrator\Downloads\Prosodic Typology Revisited_Adding Macro-Rhythm.pdf:$CmdZnID
    AlternateDataStreams: C:\Users\Administrator\Downloads\QQ截图20150707110501.png:$CmdZnID
    AlternateDataStreams: C:\Users\Administrator\Downloads\rq08074_7-28-2015_9-39-22(1).pdf:$CmdTcID
    AlternateDataStreams: C:\Users\Administrator\Downloads\rq08074_7-28-2015_9-39-22(1).pdf:$CmdZnID
    AlternateDataStreams: C:\Users\Administrator\Downloads\rq08074_7-28-2015_9-39-22.pdf:$CmdTcID
    AlternateDataStreams: C:\Users\Administrator\Downloads\rq08074_7-28-2015_9-39-22.pdf:$CmdZnID
    AlternateDataStreams: C:\Users\Administrator\Downloads\SkypeSetup.exe:$CmdZnID
    AlternateDataStreams: C:\Users\Administrator\Downloads\SkypeWebPlugin.msi:$CmdTcID
    AlternateDataStreams: C:\Users\Administrator\Downloads\SkypeWebPlugin.msi:$CmdZnID
    AlternateDataStreams: C:\Users\Administrator\Downloads\Sony PC Companion_Web.exe:$CmdTcID
    AlternateDataStreams: C:\Users\Administrator\Downloads\Sony PC Companion_Web.exe:$CmdZnID
    AlternateDataStreams: C:\Users\Administrator\Downloads\Stemm - Face the Pain.mp3:$CmdTcID
    AlternateDataStreams: C:\Users\Administrator\Downloads\Stemm - Face the Pain.mp3:$CmdZnID
    AlternateDataStreams: C:\Users\Administrator\Downloads\subtersonic-_black_swamp_tambourine.zip:$CmdTcID
    AlternateDataStreams: C:\Users\Administrator\Downloads\subtersonic-_black_swamp_tambourine.zip:$CmdZnID
    AlternateDataStreams: C:\Users\Administrator\Downloads\Tambo by ahjteam EXAMPLE.midi:$CmdZnID
    AlternateDataStreams: C:\Users\Administrator\Downloads\Tambo by ahjteam README.rtf:$CmdZnID
    AlternateDataStreams: C:\Users\Administrator\Downloads\Tambo by ahjteam.tci:$CmdZnID
    AlternateDataStreams: C:\Users\Administrator\Downloads\Tambo-by-ahjteam(1).zip:$CmdTcID
    AlternateDataStreams: C:\Users\Administrator\Downloads\Tambo-by-ahjteam(1).zip:$CmdZnID
    AlternateDataStreams: C:\Users\Administrator\Downloads\Tambo-by-ahjteam.zip:$CmdTcID
    AlternateDataStreams: C:\Users\Administrator\Downloads\Tambo-by-ahjteam.zip:$CmdZnID
    AlternateDataStreams: C:\Users\Administrator\Downloads\test-ramp-1.jpg:$CmdZnID
    AlternateDataStreams: C:\Users\Administrator\Downloads\third_year_progress_report_locked_2.pdf:$CmdZnID
    AlternateDataStreams: C:\Users\Administrator\Downloads\UNED_ENGLISH 2015.pdf:$CmdTcID
    AlternateDataStreams: C:\Users\Administrator\Downloads\UNED_ENGLISH 2015.pdf:$CmdZnID
    AlternateDataStreams: C:\Users\Administrator\Downloads\UniversalAdbDriver.zip:$CmdTcID
    AlternateDataStreams: C:\Users\Administrator\Downloads\UniversalAdbDriver.zip:$CmdZnID
    AlternateDataStreams: C:\Users\Administrator\Downloads\Update_Service_Setup-2.11.12.5.exe:$CmdTcID
    AlternateDataStreams: C:\Users\Administrator\Downloads\Update_Service_Setup-2.11.12.5.exe:$CmdZnID
    AlternateDataStreams: C:\Users\Administrator\Downloads\Wax Tailor - Sometimes.mp3:$CmdTcID
    AlternateDataStreams: C:\Users\Administrator\Downloads\Wax Tailor - Sometimes.mp3:$CmdZnID
    AlternateDataStreams: C:\Users\Administrator\Downloads\Windows-KB890830-x64-V5.26.exe:$CmdTcID
    AlternateDataStreams: C:\Users\Administrator\Downloads\Windows-KB890830-x64-V5.26.exe:$CmdZnID
    AlternateDataStreams: C:\Users\Administrator\Downloads\[kat.cr]microsoft.windows.10.home.and.pro.x64.clean.iso.torrent:$CmdZnID
    AlternateDataStreams: C:\Users\Administrator\Downloads\[kat.cr]va.damn.presents.the.mash.ups.2007.dance(1).torrent:$CmdZnID
    AlternateDataStreams: C:\Users\Administrator\Downloads\[kat.cr]va.damn.presents.the.mash.ups.2007.dance.torrent:$CmdTcID
    AlternateDataStreams: C:\Users\Administrator\Downloads\[kat.cr]va.damn.presents.the.mash.ups.2007.dance.torrent:$CmdZnID
    AlternateDataStreams: C:\Users\Administrator\Downloads\[kat.cr]va.high.voltage.mash.ups.2009.dubinferno.torrent:$CmdZnID
    AlternateDataStreams: C:\Users\Administrator\AppData\Local:rJ4j1Rw0zYvQPSIMvmMh
    AlternateDataStreams: C:\Users\Administrator\AppData\Local\30FDB2F6_stp.CIS.part:$CmdTcID
    AlternateDataStreams: C:\Users\Administrator\AppData\Local\Application Data:rJ4j1Rw0zYvQPSIMvmMh
    AlternateDataStreams: C:\Users\Administrator\AppData\Local\Temporary Internet Files:VQdFEeXtwm6V30vPb6pxouFFoY
    AlternateDataStreams: C:\ProgramData\Microsoft:6TyF1Wzu89Wq7FSv4wFIEAerA
    AlternateDataStreams: C:\ProgramData\Microsoft:HPxbQxmU4gcmqOIYe1Zp3do4EiB
    AlternateDataStreams: C:\ProgramData\TEMP:4ABA35EE
    AlternateDataStreams: C:\ProgramData\TEMP:535FBEA2
    AlternateDataStreams: C:\ProgramData\TEMP:6DDED7D9
    AlternateDataStreams: C:\ProgramData\TEMP:89FAC91C
    AlternateDataStreams: C:\ProgramData\TEMP:CF08C48A
    AlternateDataStreams: C:\ProgramData\TEMP:DDCCB2FA
    AlternateDataStreams: C:\ProgramData\TEMP:E8BE05FA
    AlternateDataStreams: C:\Users\dale\OneDrive:ms-properties
     
  6. Califauna

    Califauna TS Rookie Topic Starter Posts: 20

    ***THIRD PART OF ADDITIONAL ***

    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


    ==================== EXE Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)


    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-2273160904-4274275969-784373220-500\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
    DNS Servers: 192.168.1.1
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
    mpsdrv Firewall Service is not running.
    MpsSvc Firewall Service is not running.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (Currently there is no automatic fix for this section.)

    MSCONFIG\Services: NvNetworkService => 3
    MSCONFIG\Services: NvStreamSvc => 3
    MSCONFIG\Services: SkypeUpdate => 2
    MSCONFIG\Services: Stereo Service => 3
    MSCONFIG\Services: TeamViewer => 3
    MSCONFIG\Services: TuneUp.UtilitiesSvc => 3
    HKLM\...\StartupApproved\Run: => "Seagate Scheduler2 Service"
    HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
    HKLM\...\StartupApproved\Run: => "NvBackend"
    HKLM\...\StartupApproved\Run: => "lxbkbmgr.exe"
    HKLM\...\StartupApproved\Run: => "RTHDVCPL"
    HKLM\...\StartupApproved\Run: => "M-Audio Taskbar Icon"
    HKLM\...\StartupApproved\Run: => "CsrHCRPServer"
    HKLM\...\StartupApproved\Run: => "CsrAudioguiCtrl"
    HKLM\...\StartupApproved\Run: => "CsrSyncMLServer"
    HKLM\...\StartupApproved\Run: => "vksts"
    HKLM\...\StartupApproved\Run: => "HarmonyUserStartup"
    HKLM\...\StartupApproved\Run: => "CSRHarmonySkypePlugin"
    HKLM\...\StartupApproved\Run: => "TrayApplication"
    HKLM\...\StartupApproved\Run32: => "DiscWizardMonitor.exe"
    HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
    HKLM\...\StartupApproved\Run32: => "EaseUS EPM tray"
    HKLM\...\StartupApproved\Run32: => "EaseUS EPM Tray Agent"
    HKLM\...\StartupApproved\Run32: => "KiesTrayAgent"
    HKLM\...\StartupApproved\Run32: => "APSDaemon"
    HKLM\...\StartupApproved\Run32: => "QuickTime Task"
    HKLM\...\StartupApproved\Run32: => "Adobe ARM"
    HKLM\...\StartupApproved\Run32: => "Acrobat Assistant 8.0"
    HKLM\...\StartupApproved\Run32: => ""
    HKLM\...\StartupApproved\Run32: => "DivXMediaServer"
    HKLM\...\StartupApproved\Run32: => "DivXUpdate"
    HKLM\...\StartupApproved\Run32: => "Andy"
    HKLM\...\StartupApproved\Run32: => "Bonus.SSR.FR12"
    HKU\S-1-5-21-2273160904-4274275969-784373220-500\...\StartupApproved\StartupFolder: => "speedfan.exe - Shortcut.lnk"
    HKU\S-1-5-21-2273160904-4274275969-784373220-500\...\StartupApproved\StartupFolder: => "Core Temp.lnk"
    HKU\S-1-5-21-2273160904-4274275969-784373220-500\...\StartupApproved\Run: => "Allmyapps"
    HKU\S-1-5-21-2273160904-4274275969-784373220-500\...\StartupApproved\Run: => "Allmyapps Update"
    HKU\S-1-5-21-2273160904-4274275969-784373220-500\...\StartupApproved\Run: => "KiesPreload"
    HKU\S-1-5-21-2273160904-4274275969-784373220-500\...\StartupApproved\Run: => "KiesAirMessage"
    HKU\S-1-5-21-2273160904-4274275969-784373220-500\...\StartupApproved\Run: => "GoogleDriveSync"
    HKU\S-1-5-21-2273160904-4274275969-784373220-500\...\StartupApproved\Run: => "Google Update"
    HKU\S-1-5-21-2273160904-4274275969-784373220-500\...\StartupApproved\Run: => "JumplistWatcher"
    HKU\S-1-5-21-2273160904-4274275969-784373220-500\...\StartupApproved\Run: => "Wondershare Helper Compact.exe"
    HKU\S-1-5-21-2273160904-4274275969-784373220-500\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_361C1DD22E1256C6B68316A32E8B1949"
    HKU\S-1-5-21-2273160904-4274275969-784373220-500\...\StartupApproved\Run: => "DAEMON Tools Lite"
    HKU\S-1-5-21-2273160904-4274275969-784373220-500\...\StartupApproved\Run: => "TunnelBear"
    HKU\S-1-5-21-2273160904-4274275969-784373220-500\...\StartupApproved\Run: => "Spotify Web Helper"
    HKU\S-1-5-21-2273160904-4274275969-784373220-500\...\StartupApproved\Run: => "Spotify"
    HKU\S-1-5-21-2273160904-4274275969-784373220-500\...\StartupApproved\Run: => "Gamma Panel executable"
    HKU\S-1-5-21-2273160904-4274275969-784373220-500\...\StartupApproved\Run: => "Embtion"
    HKU\S-1-5-21-2273160904-4274275969-784373220-500\...\StartupApproved\Run: => ""
    HKU\S-1-5-21-2273160904-4274275969-784373220-500\...\StartupApproved\Run: => "Skype"

    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
    FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppextcomobj.exe
    FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppextcomobj.exe
    FirewallRules: [{2783EB04-052E-4EE9-A29A-E7483E67E5A8}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
    FirewallRules: [{AFEFDFB0-96A7-4F22-B04E-1F5B32D2ECEA}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
    FirewallRules: [{BB857866-C605-4D99-B8A7-D429BF3FFE9D}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
    FirewallRules: [{3AAB0A6E-8633-40BE-9CE3-BFEABF561371}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
    FirewallRules: [{92AC6E3A-022D-462E-A4CD-CEE2D29497E5}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{DD657591-C16D-46FB-B66B-515E384E577E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{4AD873A6-E094-4FB6-924D-EAB11B3FD0A4}] => (Allow) C:\Users\Administrator\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
    FirewallRules: [{2B4572F5-7D98-4AC1-8E08-F189EF61B055}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
    FirewallRules: [{6B121315-D6E3-4BF0-B7E6-E89FE9E7FD06}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture\Video Download Capture.exe
    FirewallRules: [{B1677CDD-F448-4280-B537-A630A4C7B902}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture\Video Download Capture.exe
    FirewallRules: [{2D92E39D-E942-4BB6-A452-053239D5FAB8}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture\ApowersoftSrv.dll
    FirewallRules: [{071EBA47-B5B0-464C-9000-603129FD4ED9}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture\ApowersoftSrv.dll
    FirewallRules: [{2FD3DE22-6802-460E-8435-333FF067CE04}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture\ApowersoftDump.dll
    FirewallRules: [{2AE87BD6-B282-44D1-AC90-ED6FB717BC16}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture\ApowersoftDump.dll
    FirewallRules: [{C1A96054-23C3-4B1A-A9BF-7520F4BB7F9A}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture\ApowersoftAC.dll
    FirewallRules: [{A106BA46-F08D-436B-87AB-45E6F5BDEE95}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture\ApowersoftAC.dll
    FirewallRules: [{E0214837-48B4-41EB-8C0B-DE2D2B0A3832}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture\ApowersoftPlayer.dll
    FirewallRules: [{39037797-C465-4832-9037-EDDF4C9DC3D4}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture\ApowersoftPlayer.dll
    FirewallRules: [{005841C4-B1CA-4065-879C-BD848B8714D1}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture\ApowersoftDownloaderHelp.dll
    FirewallRules: [{1EC951D6-9F1D-43F4-BEC8-AB637508BE46}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture\ApowersoftDownloaderHelp.dll
    FirewallRules: [{B5F4C02A-497F-4710-AC65-0EB1DE15435C}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TbService.exe
    FirewallRules: [{AD96584F-67AC-4F82-9BBE-AD5C0E6E61A6}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TbService.exe
    FirewallRules: [{2F4ACAA2-9C79-4F78-8591-9A42FEB5E507}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TBConsoleUI.exe
    FirewallRules: [{1DDDFB35-984E-4D04-BB81-A3F834FC965D}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TBConsoleUI.exe
    FirewallRules: [{B9DAF5DF-E6FE-4999-A521-094A1F6AAA4B}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe
    FirewallRules: [{10947210-F4B5-4040-826D-D6317AF7CB46}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe
    FirewallRules: [{CCDF3E5D-873C-4A95-8E16-E4F8915FB36C}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe
    FirewallRules: [{B47FB92A-9D42-4C41-A953-3DDB8071316A}] => (Allow) C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe
    FirewallRules: [{7DD3B35C-6EFF-4A5D-8832-980DA8E1411A}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe
    FirewallRules: [{CB635AB7-168B-418D-B5B7-995972C7EFDF}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe
    FirewallRules: [{1EF2B9E8-7AC1-4BCA-A986-B69047FC9B89}] => (Allow) F:\B\Ma\PROGRAM DATA AND PROJECTS ETC\uTorrent Software\uTorrentSoftware.exe
    FirewallRules: [{3860C4B0-E795-4F41-ACC2-E3FB090BA3FD}] => (Allow) F:\B\Ma\PROGRAM DATA AND PROJECTS ETC\uTorrent Software\uTorrentSoftware.exe
    FirewallRules: [{0C752913-45A1-4039-817C-6060C2C89110}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
    FirewallRules: [{5141F975-0650-4626-A23C-7522CE51BDFD}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
    FirewallRules: [{033BF356-B984-4958-B584-91A1372E18B9}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
    FirewallRules: [{0E3DBB5D-9AA8-4CD1-BF00-A5BCE1C1FE55}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe

    ==================== Faulty Device Manager Devices =============

    Name: EKS XP-Series MIDI Driver
    Description: EKS XP-Series MIDI Driver
    Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
    Manufacturer: EKS
    Service: eksmidi
    Problem: : This device is disabled. (Code 22)
    Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

    Could not list Devices. Check "winmgmt" service or repair WMI.


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (08/30/2015 09:54:08 AM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: The program FRST64.exe version 30.8.2015.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

    Process ID: bd4

    Start Time: 01d0e2f8c9512884

    Termination Time: 4294967295

    Application Path: C:\Users\Administrator\Downloads\FRST64.exe

    Report Id: 43a95df0-4eec-11e5-82e0-001d0975e885

    Faulting package full name:

    Faulting package-relative application ID:

    Error: (08/30/2015 09:45:57 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
    Description: License Activation (slui.exe) failed with the following error code:
    hr=0x8007232B
    Command-line arguments:
    RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=NetworkAvailable

    Error: (08/30/2015 09:45:52 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
    Description: License Activation (slui.exe) failed with the following error code:
    hr=0x8007232B
    Command-line arguments:
    RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=NetworkAvailable

    Error: (08/30/2015 09:36:11 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
    Description: License Activation (slui.exe) failed with the following error code:
    hr=0x8007232B
    Command-line arguments:
    RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=NetworkAvailable

    Error: (08/30/2015 09:36:02 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
    Description: License Activation (slui.exe) failed with the following error code:
    hr=0x8007232B
    Command-line arguments:
    RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=NetworkAvailable

    Error: (08/30/2015 09:27:02 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 3766

    Error: (08/30/2015 09:27:02 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 3766

    Error: (08/30/2015 09:27:02 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second

    Error: (08/30/2015 09:27:00 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 1641

    Error: (08/30/2015 09:27:00 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 1641


    System errors:
    =============
    Error: (08/30/2015 09:39:02 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The TuneUp Utilities Service service terminated unexpectedly. It has done this 1 time(s).

    Error: (08/30/2015 03:40:03 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
    Description: The HomeGroup Listener service terminated with the following service-specific error:
    %%2147944153

    Error: (08/30/2015 03:29:50 AM) (Source: DCOM) (EventID: 10010) (User: Dales-PC)
    Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

    Error: (08/30/2015 03:29:20 AM) (Source: DCOM) (EventID: 10010) (User: Dales-PC)
    Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

    Error: (08/30/2015 02:58:13 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The UAC File Virtualization service failed to start due to the following error:
    %%1275

    Error: (08/30/2015 01:25:04 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
    Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the CPMService service.

    Error: (08/30/2015 01:01:01 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
    Description: The HomeGroup Listener service terminated with the following service-specific error:
    %%2147944153

    Error: (08/30/2015 12:59:50 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The UAC File Virtualization service failed to start due to the following error:
    %%1275

    Error: (08/30/2015 12:59:53 AM) (Source: EventLog) (EventID: 6008) (User: )
    Description: The previous system shutdown at 00:44:33 on ‎30/‎08/‎2015 was unexpected.

    Error: (08/30/2015 12:46:01 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
    Description: A timeout was reached (30000 milliseconds) while waiting for the Peer Networking Identity Manager service to connect.


    Microsoft Office:
    =========================
    Error: (08/30/2015 09:54:08 AM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: FRST64.exe30.8.2015.0bd401d0e2f8c95128844294967295C:\Users\Administrator\Downloads\FRST64.exe43a95df0-4eec-11e5-82e0-001d0975e885

    Error: (08/30/2015 09:45:57 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
    Description: hr=0x8007232BRuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=NetworkAvailable

    Error: (08/30/2015 09:45:52 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
    Description: hr=0x8007232BRuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=NetworkAvailable

    Error: (08/30/2015 09:36:11 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
    Description: hr=0x8007232BRuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=NetworkAvailable

    Error: (08/30/2015 09:36:02 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
    Description: hr=0x8007232BRuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=NetworkAvailable

    Error: (08/30/2015 09:27:02 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 3766

    Error: (08/30/2015 09:27:02 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 3766

    Error: (08/30/2015 09:27:02 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second

    Error: (08/30/2015 09:27:00 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 1641

    Error: (08/30/2015 09:27:00 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 1641


    CodeIntegrity:
    ===================================
    Date: 2015-02-13 03:53:54.797
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

    Date: 2015-02-13 03:05:40.455
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

    Date: 2015-02-13 02:53:10.726
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

    Date: 2015-02-13 02:47:49.353
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

    Date: 2015-02-13 02:43:24.057
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

    Date: 2015-02-13 02:25:55.367
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

    Date: 2015-02-13 02:09:56.777
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

    Date: 2015-02-13 01:51:28.991
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

    Date: 2015-02-13 01:28:52.421
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

    Date: 2015-02-13 01:12:35.516
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.


    ==================== Memory info ===========================

    Processor: Intel(R) Pentium(R) Dual CPU E2140 @ 1.60GHz
    Percentage of memory in use: 55%
    Total physical RAM: 3317.17 MB
    Available physical RAM: 1477.73 MB
    Total Virtual: 5173.17 MB
    Available Virtual: 3066.73 MB

    ==================== Drives ================================

    Drive c: (Windows 8.1) (Fixed) (Total:232.88 GB) (Free:62.57 GB) NTFS ==>[drive with boot components (obtained from BCD)]

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: EA270E9A)
    Partition 1: (Active) - (Size=232.9 GB) - (Type=07 NTFS)

    ==================== End of Addition.txt ============================
     
  7. Broni

    Broni Malware Annihilator Posts: 52,915   +344

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ===================================

    [​IMG] Uninstall following unwanted programs:

    Ace Stream Media
    YTD Video Downloader


    [​IMG] Download RogueKiller from one of the following links and save it to your Desktop:

    Link 1
    Link 2

    • Close all the running programs
    • Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    [​IMG] Please download Malwarebytes Anti-Malware (MBAM) to your desktop.
    NOTE. If you already have MBAM 2.0 installed scroll down.

    • Double-click mbam-setup-2.0.0.1000.exe and follow the prompts to install the program.
    • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
    • Click Finish.
    • On the Dashboard, click the 'Update Now >>' link
    • After the update completes, click the 'Scan Now >>' button.
    • Or, on the Dashboard, click the Scan Now >> button.
    • If an update is available, click the Update Now button.
    • A Threat Scan will begin.
    • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
    • In most cases, a restart will be required.
    • Wait for the prompt to restart the computer to appear, then click on Yes.


    If you already have MBAM 2.0 installed:

    • On the Dashboard, click the 'Update Now >>' link
    • After the update completes, click the 'Scan Now >>' button.
    • Or, on the Dashboard, click the Scan Now >> button.
    • If an update is available, click the Update Now button.
    • A Threat Scan will begin.
    • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
    • In most cases, a restart will be required.
    • Wait for the prompt to restart the computer to appear, then click on Yes.

    How to get logs:
    (Export log to save as txt)


    • After the restart once you are back at your desktop, open MBAM once more.
    • Click on the History tab > Application Logs.
    • Double click on the Scan Log which shows the Date and time of the scan just performed.
    • Click 'Export'.
    • Click 'Text file (*.txt)'
    • In the Save File dialog box which appears, click on Desktop.
    • In the File name: box type a name for your scan log.
    • A message box named 'File Saved' should appear stating "Your file has been successfully exported".
    • Click Ok
    • Attach that saved log to your next reply.


    (Copy to clipboard for pasting into forum replies or tickets)

    • After the restart once you are back at your desktop, open MBAM once more.
    • Click on the History tab > Application Logs.
    • Double click on the Scan Log which shows the Date and time of the scan just performed.
    • Click 'Copy to Clipboard'
    • Paste the contents of the clipboard into your reply.

    [​IMG] Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Scan button.
    • When the scan has finished click on Clean button.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the contents of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.

    [​IMG] Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.
     
  8. Broni

    Broni Malware Annihilator Posts: 52,915   +344

    Reopened.
     
  9. Califauna

    Califauna TS Rookie Topic Starter Posts: 20

    OK, scans done.

    Adware Cleaner log:

    # AdwCleaner v5.008 - Logfile created 26/09/2015 at 14:59:06
    # Updated 18/09/2015 by Xplode
    # Database : 2015-09-23.1 [Server]
    # Operating system : Windows 8.1 Pro (x64)
    # Username : Administrator - DALES-PC
    # Running from : C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SECURITY\adwcleaner_5.008(1).exe
    # Option : Cleaning
    # Support : http://toolslib.net/forum

    ***** [ Services ] *****


    ***** [ Folders ] *****

    [x] Folder Not Deleted : C:\ProgramData\Allmyapps
    [-] Folder Deleted : C:\ProgramData\{00E0164B-B182-4800-96DA-F8D39B3A7189}
    [-] Folder Deleted : C:\ProgramData\{1C6FDDD8-FC9E-4C12-9FA5-1AAD377097B3}
    [-] Folder Deleted : C:\ProgramData\{2E9C94ED-C152-4D5D-8E21-AAE23373844C}
    [-] Folder Deleted : C:\ProgramData\{B2C6E14C-4505-4C8C-A718-746AEC51B32B}
    [-] Folder Deleted : C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
    [x] Folder Not Deleted : C:\Users\Administrator\AppData\Roaming\Allmyapps

    ***** [ Files ] *****


    ***** [ Shortcuts ] *****


    ***** [ Scheduled tasks ] *****


    ***** [ Registry ] *****


    ***** [ Web browsers ] *****

    [-] [C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : uk.ask.com

    *************************

    :: Winsock settings cleared

    ########## EOF - C:\AdwCleaner\AdwCleaner[C3].txt - [1310 bytes] ##########

    Malware Bytes Log:

    Malwarebytes Anti-Malware
    www.malwarebytes.org

    Scan Date: 26/09/2015
    Scan Time: 03:28
    Logfile: MWB Scan.txt
    Administrator: Yes

    Version: 2.1.8.1057
    Malware Database: v2015.09.26.01
    Rootkit Database: v2015.09.22.01
    License: Free
    Malware Protection: Disabled
    Malicious Website Protection: Disabled
    Self-protection: Disabled

    OS: Windows 8.1
    CPU: x64
    File System: NTFS
    User: Administrator

    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 447365
    Time Elapsed: 39 min, 47 sec

    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Enabled
    PUM: Enabled

    Processes: 0
    (No malicious items detected)

    Modules: 0
    (No malicious items detected)

    Registry Keys: 0
    (No malicious items detected)

    Registry Values: 0
    (No malicious items detected)

    Registry Data: 0
    (No malicious items detected)

    Folders: 1
    PUP.Optional.Amonetize, C:\Users\Administrator\AppData\Local\2032, Quarantined, [fa7f53e198f3be784836d2631be87a86],

    Files: 3
    PUP.Optional.Amonetize, C:\$Recycle.Bin\S-1-5-21-2273160904-4274275969-784373220-500\$R0KZZNE.exe, Quarantined, [fc7d36febccf41f5fdf43f9ddb26c63a],
    PUP.Optional.Amonetize, C:\Users\Administrator\AppData\Local\2032\status.cfg, Quarantined, [fa7f53e198f3be784836d2631be87a86],
    PUP.Optional.Amonetize, C:\Users\Administrator\AppData\Local\2032\Updater.xml, Quarantined, [fa7f53e198f3be784836d2631be87a86],

    Physical Sectors: 0
    (No malicious items detected)


    (end)

    Rogue Killer Log:

    RogueKiller V10.10.6.0 (x64) [Sep 21 2015] by Adlice Software
    mail : http://www.adlice.com/contact/
    Feedback : http://forum.adlice.com
    Website : http://www.adlice.com/software/roguekiller/
    Blog : http://www.adlice.com

    Operating System : Windows 8.1 (6.3.9600) 64 bits version
    Started in : Normal mode
    User : Administrator [Administrator]
    Started from : C:\Program Files\RogueKiller\RogueKiller.exe
    Mode : Scan -- Date : 09/26/2015 03:08:20

    ¤¤¤ Processes : 0 ¤¤¤

    ¤¤¤ Registry : 0 ¤¤¤

    ¤¤¤ Tasks : 0 ¤¤¤

    ¤¤¤ Files : 0 ¤¤¤

    ¤¤¤ Hosts File : 0 ¤¤¤

    ¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

    ¤¤¤ Web browsers : 0 ¤¤¤

    ¤¤¤ MBR Check : ¤¤¤
    +++++ PhysicalDrive0: ST9250410AS ATA Device +++++
    --- User ---
    [MBR] 486698ea1b1cbfef0aad532be991f28e
    [BSP] f45cd0380af1b9b8b98c157a086c2085 : Windows Vista/7/8|VT.Unknown MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 238473 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
    User = LL1 ... OK
    User = LL2 ... OK

    +++++ PhysicalDrive1: TDK LoR TF10 USB Device +++++
    --- User ---
    [MBR] c0236c9873b9c6baf5511eb22ab04dae
    [BSP] bba77e2ae928bf9504918bb948070ce3 : Unknown|VT.Unknown MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 7380 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
    User = LL1 ... OK
    Error reading LL2 MBR! ([32] The request is not supported. )


    JRT Log:

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Malwarebytes
    Version: 7.6.3 (09.21.2015:1)
    OS: Windows 8.1 Pro x64
    Ran by Administrator on 26/09/2015 at 15:51:36.76
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    ~~~ Services



    ~~~ Tasks



    ~~~ Registry Values



    ~~~ Registry Keys

    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{4858E7D9-8E12-45a3-B6A3-1CD128C9D403}
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shell\TuneUp Undelete
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shellex\ContextMenuHandlers\TuneUp Shredder Shell Extension
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Directory\shellex\ContextMenuHandlers\TuneUp Disk Space Explorer Shell Extension
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Directory\shellex\ContextMenuHandlers\TuneUp Shredder Shell Extension



    ~~~ Files



    ~~~ Folders

    Successfully deleted: [Folder] C:\ai_recyclebin
    Successfully deleted: [Folder] C:\ProgramData\allmyapps
    Successfully deleted: [Folder] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\tuneup utilities 2014
    Successfully deleted: [Folder] C:\Users\Administrator\Appdata\Local\crashrpt
    Successfully deleted: [Folder] C:\Users\Administrator\Appdata\LocalLow\.acestream
    Successfully deleted: [Folder] C:\Users\Administrator\AppData\Roaming\.acestream
    Successfully deleted: [Folder] C:\Users\Administrator\AppData\Roaming\allmyapps



    ~~~ FireFox

    Successfully deleted: [File] C:\Users\Administrator\AppData\Roaming\mozilla\firefox\profiles\ulpdv8g8.default\extensions\firefox1@myibay.com.xpi
    Successfully deleted: [File] C:\Users\Administrator\AppData\Roaming\mozilla\firefox\profiles\ulpdv8g8.default\extensions\undoclosedtabsbutton@supernova00.biz.xpi
    Successfully deleted: [File] C:\Users\Administrator\AppData\Roaming\mozilla\firefox\profiles\ulpdv8g8.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi
    Emptied folder: C:\Users\Administrator\AppData\Roaming\mozilla\firefox\profiles\ulpdv8g8.default\minidumps [56 files]



    ~~~ Chrome


    [C:\Users\Administrator\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - default search provider reset

    [C:\Users\Administrator\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:

    [C:\Users\Administrator\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset

    [C:\Users\Administrator\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
    []





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on 26/09/2015 at 16:44:40.48
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     
  10. Califauna

    Califauna TS Rookie Topic Starter Posts: 20

    Browser is still being redirected. Only happens on Firefox. Happens on 50% of the links I click on on Google I'd say.

    For example, the following redirects have happened since doing all the above scans:

    1) Intended page, via google:
    http://www.elephonemobile.com/collections/pre-order/products/elephone-vowney?variant=1681582467

    Redirected to:

    http://voxfind.com/?category=Web&st=dr&ic=&q=windows

    2) Intended page, (via google)

    Redirected
    first to: http://filter.adventurefeeds.com/filter?q=skype+download&I=JbqAXFjCC6I_6&t=1351381051

    ...then immediately automatically redirected (so kind a double redirect) to..

    http://track.youniversalmedia.com/o...vd25sb2FkIjtzOjg6InJlZGlyZWN0IjtzOjI6ImpzIjt9

    Other example pages ridected to:

    http://www.movistar-ofertas.es/fusi...urce=dm88&partnerid=75afa20804280b0cc559089f6

    http://es.strawberrynet.com/cologne...men-extreme-eau-de/103010/?trackid=7083500002
     
  11. Broni

    Broni Malware Annihilator Posts: 52,915   +344

    Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.

    • Double-click to run it. When the tool opens click Yes to disclaimer.
    • Make sure you checkmark Addition.txt box.
    • Press Scan button.
    • Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.
     
  12. Califauna

    Califauna TS Rookie Topic Starter Posts: 20

    Done:

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:23-09-2015
    Ran by Administrator (administrator) on DALES-PC (27-09-2015 03:31:38)
    Running from C:\Users\Administrator\Downloads
    Loaded Profiles: Administrator (Available Profiles: dale & Administrator)
    Platform: Windows 8.1 Pro (X64) Language: English (United States)
    Internet Explorer Version 11 (Default browser: FF)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    (COMODO) C:\Program Files\COMODO\COMODO Internet Security\CisTray.exe
    (Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe
    (COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
    () C:\Program Files\COMODO\COMODO Programs Manager\CPMservice.exe
    (CrypKey (Canada) Ltd.) C:\Windows\System32\Crypserv.exe
    (CHENGDU YIWO Tech Development Co., Ltd) C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe
    ( ) C:\Windows\System32\lxbkcoms.exe
    (Seagate) C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedul2.exe
    (Seagate) C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedhlp.exe
    (COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
    () C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe
    (Microsoft Corporation) C:\Windows\System32\vds.exe
    (COMODO) C:\Program Files\COMODO\COMODO Internet Security\cis.exe
    (IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
    (Microsoft Corporation) C:\Windows\System32\rundll32.exe
    (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe
    (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe


    ==================== Registry (Whitelisted) ===========================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13774552 2015-02-15] (Realtek Semiconductor)
    HKLM\...\Run: [Seagate Scheduler2 Service] => C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedhlp.exe [400720 2013-10-31] (Seagate)
    HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161984 2015-02-08] (IvoSoft)
    HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2585744 2015-07-06] (NVIDIA Corporation)
    HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
    HKLM\...\Run: [M-Audio Taskbar Icon] => C:\Windows\system32\M-AudioTaskBarIcon.exe [798216 2015-02-15] (Avid Technology, Inc.)
    HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472992 2013-03-21] (Adobe Systems Incorporated)
    HKLM\...\Run: [COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10}] => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1427648 2015-08-05] (COMODO)
    HKLM-x32\...\Run: [DiscWizardMonitor.exe] => C:\Program Files (x86)\Seagate\DiscWizard\DiscWizardMonitor.exe [6418376 2013-10-31] (Seagate)
    HKLM-x32\...\Run: [AcronisTibMounterMonitor] => C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe [1105184 2013-01-10] (Acronis)
    HKLM-x32\...\Run: [EaseUS EPM tray] => C:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.2\bin\EpmNews.exe [2089056 2015-02-17] (CHENGDU YIWO Tech Development Co., Ltd)
    HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2015-02-08] (Apple Inc.)
    HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [448856 2015-02-08] (DivX, LLC)
    HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2015-02-08] ()
    HKLM-x32\...\Run: [EaseUS EPM Tray Agent] => C:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.2\bin\TrayPopupE\TrayTipAgentE.exe [255072 2015-02-17] ()
    HKLM-x32\...\Run: [Andy] => C:\Program Files\Andy\HandyAndy.exe
    HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311616 2015-05-05] (Samsung Electronics Co., Ltd.)
    HKLM-x32\...\Run: [Bonus.SSR.FR12] => C:\Program Files (x86)\ABBYY FineReader 12\Bonus.ScreenshotReader.exe [1517088 2015-05-19] (ABBYY Production LLC.)
    HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597552 2015-09-16] (Oracle Corporation)
    HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [926896 2015-09-26] ()
    HKLM-x32\...\Run: [] => [X]
    HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3477640 2015-09-26] (Adobe Systems Inc.)
    HKU\S-1-5-21-2273160904-4274275969-784373220-500\...\Run: [ClipboardHistory] => C:\Program Files (x86)\ClipboardHistory\ClipboardHistory.exe [506728 2015-02-08] (Outertech)
    HKU\S-1-5-21-2273160904-4274275969-784373220-500\...\Run: [KiesPreload] => C:\Program Files (x86)\Samsung\Kies\Kies.exe [1566016 2015-05-05] (Samsung)
    HKU\S-1-5-21-2273160904-4274275969-784373220-500\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22344224 2015-07-29] (Google)
    HKU\S-1-5-21-2273160904-4274275969-784373220-500\...\Run: [JumplistWatcher] => C:\Program Files (x86)\JumplistExtender\T7EBackground.exe [622592 2015-02-08] (Marco Zafra)
    HKU\S-1-5-21-2273160904-4274275969-784373220-500\...\Run: [DAEMON Tools Lite] => C:\Program Files\DAEMON Tools Lite\DTLite.exe [5583120 2015-02-27] (Disc Soft Ltd)
    HKU\S-1-5-21-2273160904-4274275969-784373220-500\...\Run: [TunnelBear] => C:\Program Files (x86)\TunnelBear\TBear.Client.exe [2588608 2015-04-25] (TunnelBear)
    HKU\S-1-5-21-2273160904-4274275969-784373220-500\...\Run: [Spotify Web Helper] => C:\Users\Administrator\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2020920 2015-05-05] (Spotify Ltd)
    HKU\S-1-5-21-2273160904-4274275969-784373220-500\...\Run: [Spotify] => C:\Users\Administrator\AppData\Roaming\Spotify\Spotify.exe [7168568 2015-05-05] (Spotify Ltd)
    HKU\S-1-5-21-2273160904-4274275969-784373220-500\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [53282944 2015-06-29] (Skype Technologies S.A.)
    HKU\S-1-5-21-2273160904-4274275969-784373220-500\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\x64\3\E_YATINFE.EXE /EPT "EPLTarget\P0000000000000000" /M "XP-225 Series"
    HKU\S-1-5-21-2273160904-4274275969-784373220-500\...\MountPoints2: {89bb100f-c06a-11e4-8293-001a7d0abf05} - "E:\Autoplay.exe" -auto
    ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-07-29] (Google)
    ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-07-29] (Google)
    ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-07-29] (Google)
    ShellIconOverlayIdentifiers: [0PerformanceMonitor] -> {3B5B973C-92A4-4855-9D3F-0F3D23332208} => No File
    ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20] (IvoSoft)
    ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-04-20] (IvoSoft)
    Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Core Temp.lnk [2015-02-08]
    ShortcutTarget: Core Temp.lnk -> C:\ProgramData\Allmyapps\apps\18327\Core Temp.exe (No File)
    Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\speedfan.exe - Shortcut.lnk [2015-02-13]
    ShortcutTarget: speedfan.exe - Shortcut.lnk -> C:\Program Files (x86)\SpeedFan\speedfan.exe (Almico Software (www.almico.com))
    GroupPolicyScripts: Restriction <======= ATTENTION

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Internet Explorer:
    ==================
    HKU\S-1-5-21-2273160904-4274275969-784373220-500\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/es-es/?ocid=iehp
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2012-10-01] (Microsoft Corporation)
    BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20] (IvoSoft)
    BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation)
    BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll [2014-04-20] (IvoSoft)
    BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23] (Adobe Systems Incorporated)
    BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\OCHelper.dll [2015-06-09] (Microsoft Corporation)
    BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-04-20] (IvoSoft)
    BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\ssv.dll [2015-09-16] (Oracle Corporation)
    BHO-x32: Adobe Acrobat Create PDF Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2012-09-23] (Adobe Systems Incorporated)
    BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\GROOVEEX.DLL [2015-06-16] (Microsoft Corporation)
    BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-09-16] (Oracle Corporation)
    BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [2014-04-20] (IvoSoft)
    BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2012-09-23] (Adobe Systems Incorporated)
    Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20] (IvoSoft)
    Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2012-09-23] (Adobe Systems Incorporated)
    Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-04-11] (Microsoft Corporation)
    Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\MSOSB.DLL [2015-04-11] (Microsoft Corporation)

    FireFox:
    ========
    FF ProfilePath: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ulpdv8g8.default
    FF NewTab: www.google.co.uk
    FF DefaultSearchEngine: Google UK
    FF SelectedSearchEngine: Google UK
    FF Homepage: www.google.co.uk
    FF NetworkProxy: "ftp", "180.183.105.55"
    FF NetworkProxy: "ftp_port", 3128
    FF NetworkProxy: "socks", "180.183.105.55"
    FF NetworkProxy: "socks_port", 3128
    FF NetworkProxy: "ssl", "180.183.105.55"
    FF NetworkProxy: "ssl_port", 3128
    FF NetworkProxy: "type", 0
    FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40620.0\npctrl.dll [2015-06-20] ( Microsoft Corporation)
    FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-04-11] (Microsoft Corporation)
    FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2013-03-21] (Adobe Systems)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_209.dll [2015-07-15] ()
    FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
    FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll [2014-11-21] (DivX, LLC)
    FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
    FF Plugin-x32: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-09-16] (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-09-16] (Oracle Corporation)
    FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2012-10-01] (Microsoft Corporation)
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40620.0\npctrl.dll [2015-06-19] ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\NPSPWRAP.DLL [2015-04-11] (Microsoft Corporation)
    FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-07-06] (NVIDIA Corporation)
    FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-07-06] (NVIDIA Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-16] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-16] (Google Inc.)
    FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
    FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
    FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2012-09-23] (Adobe Systems Inc.)
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-07-03] (Adobe Systems Inc.)
    FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2013-03-21] (Adobe Systems)
    FF Plugin HKU\S-1-5-21-2273160904-4274275969-784373220-500: SkypePlugin -> C:\Users\Administrator\AppData\Local\SkypePlugin\7.5.0.123\npGatewayNpapi.dll [2015-07-17] (Skype Technologies S.A.)
    FF Plugin HKU\S-1-5-21-2273160904-4274275969-784373220-500: SkypePlugin64 -> C:\Users\Administrator\AppData\Local\SkypePlugin\7.5.0.123\npGatewayNpapi-x64.dll [2015-07-17] (Skype Technologies S.A.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2012-10-01] (Microsoft Corporation)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2012-09-23] (Adobe Systems Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2015-02-08] (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2015-02-08] (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2015-02-08] (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2015-02-08] (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2015-02-08] (Apple Inc.)
    FF SearchPlugin: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ulpdv8g8.default\searchplugins\google-maps-uk.xml [2015-09-11]
    FF Extension: Xmarks - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ulpdv8g8.default\Extensions\foxmarks@kei.com [2015-05-15]
    FF Extension: Print pages to PDF - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ulpdv8g8.default\Extensions\printPages2Pdf@reinhold.ripper [2015-05-31]
    FF Extension: EPUBReader - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ulpdv8g8.default\Extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F} [2015-05-31]
    FF Extension: System.Security.Cryptography.CryptographicException - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ulpdv8g8.default\Extensions\{7F7A4577-8FC3-141E-DD31-1321B4A6F2FC} [2015-06-25]
    FF Extension: Flash and Video Download - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ulpdv8g8.default\Extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a} [2015-09-21]
    FF Extension: Default Full Zoom Level - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ulpdv8g8.default\Extensions\{D9A7CBEC-DE1A-444f-A092-844461596C4D} [2015-05-29]
    FF Extension: YouTube Flash Video Player - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ulpdv8g8.default\Extensions\{f3bd3dd2-2888-44c5-91a2-2caeb33fb898} [2015-09-05]
    FF Extension: Roomy Bookmarks Toolbar - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ulpdv8g8.default\Extensions\ALone-live@ya.ru.xpi [2015-02-08]
    FF Extension: Add to Amazon Wish List Button - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ulpdv8g8.default\Extensions\amznUWL2@amazon.com.xpi [2015-02-08]
    FF Extension: DownThemAll! AntiContainer - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ulpdv8g8.default\Extensions\anticontainer@downthemall.net.xpi [2015-02-08]
    FF Extension: Bookmark Favicon Changer - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ulpdv8g8.default\Extensions\bookmarkfaviconchanger@sonthakit.xpi [2015-02-08]
    FF Extension: Color Transform - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ulpdv8g8.default\Extensions\colortransform@pjs.nl.xpi [2015-02-08]
    FF Extension: Colour That Site! - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ulpdv8g8.default\Extensions\ColourThatSite@einspeiser.de.xpi [2015-04-07]
    FF Extension: Media Hint - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ulpdv8g8.default\Extensions\firefox@mediahint.com.xpi [2015-03-21]
    FF Extension: Email This! Bookmarklet Extension - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ulpdv8g8.default\Extensions\gmailthis@lazyrussian.com.xpi [2015-06-04]
    FF Extension: savetexttofile - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ulpdv8g8.default\Extensions\HighlightedTextToFile@bobbyrne01.org.xpi [2015-02-08]
    FF Extension: YouTube mp3 - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ulpdv8g8.default\Extensions\info@youtube-mp3.org.xpi [2015-05-14]
    FF Extension: One Click Proxy - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ulpdv8g8.default\Extensions\jid0-zXo3XFGyiDalgkeEO4UYJTUwo2I@jetpack.xpi [2015-05-12]
    FF Extension: Lazarus: Form Recovery - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ulpdv8g8.default\Extensions\lazarus@interclue.com.xpi [2015-02-13]
    FF Extension: Live Edit - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ulpdv8g8.default\Extensions\lonely@hamzeen.xpi [2015-05-12]
    FF Extension: MD5 Reborned Hasher - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ulpdv8g8.default\Extensions\md5rehasher@phoneixs.es.xpi [2015-05-12]
    FF Extension: Multifox - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ulpdv8g8.default\Extensions\multifox@hultmann.xpi [2015-02-08]
    FF Extension: Multiple Tab Handler - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ulpdv8g8.default\Extensions\multipletab@piro.sakura.ne.jp.xpi [2015-05-09]
    FF Extension: NoSquint - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ulpdv8g8.default\Extensions\nosquint@urandom.ca.xpi [2015-02-08]
    FF Extension: Print Edit - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ulpdv8g8.default\Extensions\printedit@DW-dev.xpi [2015-02-08]
    FF Extension: MetisMe - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ulpdv8g8.default\Extensions\product@metisme.com.xpi [2015-02-08]
    FF Extension: Restart - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ulpdv8g8.default\Extensions\Restart@schuzak.jp.xpi [2015-02-13]
    FF Extension: Roomy Bookmarks Toolbar - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ulpdv8g8.default\Extensions\roomy_bookmarks_toolbar-1.4.4-sm.xpi [2015-02-08]
    FF Extension: Screen Draw - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ulpdv8g8.default\Extensions\screendraw@grizzlyape.com.xpi [2015-05-12]
    FF Extension: Auto-Sort Bookmarks - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ulpdv8g8.default\Extensions\sortbookmarks@bouanto.xpi [2015-02-08]
    FF Extension: Status-4-Evar - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ulpdv8g8.default\Extensions\status4evar@caligonstudios.com.xpi [2015-02-08]
    FF Extension: StopTube - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ulpdv8g8.default\Extensions\stoptube@kashiif.com.xpi [2015-02-08]
    FF Extension: Google Translator for Firefox - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ulpdv8g8.default\Extensions\translator@zoli.bod.xpi [2015-02-08]
    FF Extension: Resurrect Pages - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ulpdv8g8.default\Extensions\{0c8fbd76-bdeb-4c52-9b24-d587ce7b9dc3}.xpi [2015-02-08]
    FF Extension: Session Manager - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ulpdv8g8.default\Extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi [2015-02-08]
    FF Extension: FlashGot - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ulpdv8g8.default\Extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi [2015-06-29]
    FF Extension: Print/Print Preview - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ulpdv8g8.default\Extensions\{19EB90DC-A456-458b-8AAC-616D91AAFCE1}.xpi [2015-02-08]
    FF Extension: uBlock - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ulpdv8g8.default\Extensions\{2b10c1c8-a11f-4bad-fe9c-1c11e82cac42}.xpi [2015-06-18]
    FF Extension: CacheViewer Continued - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ulpdv8g8.default\Extensions\{30E08C68-889E-11E0-95EF-DA7E4824019B}.xpi [2015-02-08]
    FF Extension: PDF Download - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ulpdv8g8.default\Extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}.xpi [2015-02-08]
    FF Extension: Download Videos From YouTube - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ulpdv8g8.default\Extensions\{3ED8ADFD-E755-4aea-986B-A3828315DB53}.xpi [2015-06-22]
    FF Extension: Text Link - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ulpdv8g8.default\Extensions\{54BB9F3F-07E5-486c-9B39-C7398B99391C}.xpi [2015-02-08]
    FF Extension: Mozilla Archive Format - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ulpdv8g8.default\Extensions\{7f57cf46-4467-4c2d-adfa-0cba7c507e54}.xpi [2015-02-08]
    FF Extension: Search by Image for Google - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ulpdv8g8.default\Extensions\{ab4b5718-3998-4a2c-91ae-18a7c2db513e}.xpi [2015-02-08]
    FF Extension: Password Exporter - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ulpdv8g8.default\Extensions\{B17C1C5A-04B1-11DB-9804-B622A1EF5492}.xpi [2015-02-08]
    FF Extension: Download YouTube Videos as MP4 - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ulpdv8g8.default\Extensions\{b9bfaf1c-a63f-47cd-8b9a-29526ced9060}.xpi [2015-06-22]
    FF Extension: DownThemAll! - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ulpdv8g8.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2015-02-08]
    FF Extension: Internote - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ulpdv8g8.default\Extensions\{e3631030-7c02-11da-a72b-0800200c9a66}.xpi [2015-02-08]
    FF Extension: Greasemonkey - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ulpdv8g8.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2015-02-08]
    FF Extension: QuickJava - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ulpdv8g8.default\Extensions\{E6C1199F-E687-42da-8C24-E7770CC3AE66}.xpi [2015-02-08]
    FF Extension: UnMHT - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ulpdv8g8.default\Extensions\{f759ca51-3a91-4dd1-ae78-9db5eee9ebf0}.xpi [2015-07-08]
    FF Extension: YouTube Flash Video Player - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\mrfu2j53.Redirect test profile\Extensions\{f3bd3dd2-2888-44c5-91a2-2caeb33fb898} [2015-09-27]
    FF Extension: No Name - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\mrfu2j53.Redirect test profile\Extensions\colortransform@pjs.nl.xpi [2015-09-27]
    FF Extension: No Name - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\mrfu2j53.Redirect test profile\Extensions\ColourThatSite@einspeiser.de.xpi [2015-09-27]
    FF Extension: No Name - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\mrfu2j53.Redirect test profile\Extensions\HighlightedTextToFile@bobbyrne01.org.xpi [2015-09-27]
    FF Extension: No Name - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\mrfu2j53.Redirect test profile\Extensions\info@youtube-mp3.org.xpi [2015-09-27]
    FF Extension: No Name - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\mrfu2j53.Redirect test profile\Extensions\jid0-zXo3XFGyiDalgkeEO4UYJTUwo2I@jetpack.xpi [2015-09-27]
    FF Extension: No Name - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\mrfu2j53.Redirect test profile\Extensions\multifox@hultmann.xpi [2015-09-27]
    FF Extension: No Name - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\mrfu2j53.Redirect test profile\Extensions\sortbookmarks@bouanto.xpi [2015-09-27]
    FF Extension: StopTube - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\mrfu2j53.Redirect test profile\Extensions\stoptube@kashiif.com.xpi [2015-09-27]
    FF Extension: No Name - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\mrfu2j53.Redirect test profile\Extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi [2015-09-27]
    FF Extension: No Name - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\mrfu2j53.Redirect test profile\Extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi [2015-09-27]
    FF Extension: No Name - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\mrfu2j53.Redirect test profile\Extensions\{2b10c1c8-a11f-4bad-fe9c-1c11e82cac42}.xpi [2015-09-27]
    FF Extension: No Name - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\mrfu2j53.Redirect test profile\Extensions\{ab4b5718-3998-4a2c-91ae-18a7c2db513e}.xpi [2015-09-27]
    FF Extension: No Name - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\mrfu2j53.Redirect test profile\Extensions\{B17C1C5A-04B1-11DB-9804-B622A1EF5492}.xpi [2015-09-27]
    FF Extension: No Name - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\mrfu2j53.Redirect test profile\Extensions\{b9bfaf1c-a63f-47cd-8b9a-29526ced9060}.xpi [2015-09-27]
    FF Extension: No Name - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\mrfu2j53.Redirect test profile\Extensions\{E6C1199F-E687-42da-8C24-E7770CC3AE66}.xpi [2015-09-27]
    FF Extension: No Name - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\mrfu2j53.Redirect test profile\Extensions\{f759ca51-3a91-4dd1-ae78-9db5eee9ebf0}.xpi [2015-09-27]
    FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
    FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2015-09-26]

    Chrome:
    =======
    CHR Profile: C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Google Slides) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-09-07]
    CHR Extension: (Media Hint) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\akipcefbjlmpbcejgdaopmmidpnjlhnb [2015-09-07]
    CHR Extension: (Google Docs) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-09-07]
    CHR Extension: (Google Drive) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-09-07]
    CHR Extension: (YouTube) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-07]
    CHR Extension: (uBlock Origin) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2015-09-20]
    CHR Extension: (Google Search) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-09-07]
    CHR Extension: (Adobe Acrobat - Create PDF) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2015-09-07]
    CHR Extension: (Google Sheets) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-09-07]
    CHR Extension: (Google Docs Offline) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-07]
    CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-09-07]
    CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2015-09-07]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-09-07]
    CHR Extension: (Gmail) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-09-07]
    CHR HKU\S-1-5-21-2273160904-4274275969-784373220-500\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2012-09-23]
     
  13. Califauna

    Califauna TS Rookie Topic Starter Posts: 20

    ==================== Services (Whitelisted) ========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2255064 2015-02-18] (Broadcom Corporation.)
    S3 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2753720 2015-07-26] (Microsoft Corporation)
    R2 CmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [5542472 2015-09-25] (COMODO)
    S3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2265792 2015-08-05] (COMODO)
    R2 CPMService; C:\Program Files\COMODO\COMODO Programs Manager\CPMService.exe [116032 2011-09-05] ()
    R2 Crypkey License; C:\Windows\SYSTEM32\crypserv.exe [122880 2015-02-20] (CrypKey (Canada) Ltd.) [File not signed]
    S3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1272592 2015-03-02] (Disc Soft Ltd)
    S3 DroidExplorerService; C:\Program Files\Droid Explorer\DroidExplorer.Service.exe [255488 2015-03-09] (Ryan Conrad) [File not signed]
    R2 EaseUS Agent; C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe [37384 2015-02-26] (CHENGDU YIWO Tech Development Co., Ltd)
    S3 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148560 2015-07-06] (NVIDIA Corporation)
    R2 lxbk_device; C:\WINDOWS\system32\lxbkcoms.exe [565928 2015-09-23] ( )
    R2 lxbk_device; C:\WINDOWS\SysWOW64\lxbkcoms.exe [537256 2015-09-23] ( )
    S4 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-09-01] (Malwarebytes Corporation)
    S3 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1706128 2015-07-06] (NVIDIA Corporation)
    S3 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21833360 2015-07-06] (NVIDIA Corporation)
    S3 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2014-10-13] (DEVGURU Co., LTD.)
    S3 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5429520 2015-02-08] (TeamViewer GmbH)
    S3 TechSmith Uploader Service; C:\Program Files (x86)\Common Files\TechSmith Shared\Uploader\UploaderService.exe [3408384 2015-03-31] (TechSmith Corporation) [File not signed]
    S4 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe [2103096 2015-09-26] (TuneUp Software)
    S4 TunnelBearMaintenance; C:\Program Files (x86)\TunnelBear\TBear.Maintenance.exe [34752 2015-04-25] ()
    S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2015-01-16] (Microsoft Corporation)
    S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-01-16] (Microsoft Corporation)

    ===================== Drivers (Whitelisted) ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R3 Apowersoft_AudioDevice; C:\Windows\system32\drivers\Apowersoft_AudioDevice.sys [31920 2015-02-08] (Wondershare)
    R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [170712 2015-02-18] (Broadcom Corporation.)
    R3 BthA2DP; C:\Windows\system32\drivers\BthA2DP.sys [131328 2014-11-21] (Microsoft Corporation)
    S3 bthav; C:\Windows\system32\drivers\bthav.sys [40448 2015-02-15] (CSR, plc)
    R3 BthHFAud; C:\Windows\system32\DRIVERS\BthHfAud.sys [32768 2014-11-21] (Microsoft Corporation)
    R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [21720 2015-08-05] (COMODO)
    R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [827632 2015-08-05] (COMODO)
    R1 cmdhlp; C:\Windows\system32\DRIVERS\cmdhlp.sys [35056 2015-08-05] (COMODO)
    S3 csrusbfilter; C:\Windows\System32\Drivers\csrusbfilter.sys [23752 2015-02-18] (Cambridge Silicon Radio Limited)
    R0 cumon; C:\Windows\System32\drivers\cumon.sys [205512 2011-09-05] (Windows (R) Win 7 DDK provider)
    R3 dtlitescsibus; C:\Windows\System32\drivers\dtlitescsibus.sys [30352 2015-03-02] (Disc Soft Ltd)
    S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
    S3 eksmidi; C:\Windows\system32\drivers\eksmidi.sys [101472 2015-02-09] (EKS)
    R1 ElRawDisk; C:\Windows\system32\drivers\rsdrvx64.sys [26024 2015-02-08] (EldoS Corporation)
    S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [18528 2014-11-18] ()
    S3 epmntdrv; C:\Windows\SysWOW64\epmntdrv.sys [14944 2015-02-17] ()
    R0 EUBKMON; C:\Windows\System32\drivers\EUBKMON.sys [48136 2015-02-26] ()
    S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [10848 2014-11-18] ()
    S3 EuGdiDrv; C:\Windows\SysWOW64\EuGdiDrv.sys [10208 2015-02-17] ()
    R0 Evdd; C:\Windows\System32\drivers\evdd.sys [19568 2011-09-05] ()
    R1 inspect; C:\Windows\system32\DRIVERS\inspect.sys [127232 2015-08-05] (COMODO)
    S3 MADFUPROKEYSSONO; C:\Windows\System32\drivers\MAudioProKeysSono_DFU.sys [46088 2015-02-15] (M-Audio)
    S3 MAUSBPROKEYSSONO; C:\Windows\system32\DRIVERS\MAudioProKeysSono.sys [187912 2015-02-15] (Avid Technology, Inc.)
    S3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-09-01] (Malwarebytes Corporation)
    S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-09-01] (Malwarebytes Corporation)
    R1 NetworkX; C:\Windows\system32\ckldrv.sys [28664 2015-02-20] ()
    S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-01-16] (NVIDIA Corporation)
    R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38032 2015-02-15] (NVIDIA Corporation)
    S3 OSFMount; C:\Program Files\OSFMount\OSFMount.sys [1299384 2015-02-08] (PassMark Software)
    R0 phylock; C:\Windows\System32\drivers\phylock.sys [34864 2015-07-26] (TeraByte, Inc.)
    R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-06-22] (Corel Corporation)
    S3 rspLLL; C:\Windows\System32\DRIVERS\rspLLL64.sys [25504 2015-02-18] (Resplendence Software Projects Sp.)
    R3 tap-tb-0901; C:\Windows\system32\DRIVERS\tap-tb-0901.sys [38656 2015-02-22] (The OpenVPN Project)
    R0 tib; C:\Windows\System32\DRIVERS\tib.sys [1120032 2015-02-08] (Acronis International GmbH)
    S0 tib_mounter; C:\Windows\System32\DRIVERS\tib_mounter.sys [183224 2015-02-08] (Acronis)
    S3 TosRfSnd; C:\Windows\system32\drivers\tosrfsnd.sys [63488 2015-02-13] (TOSHIBA Corporation) [File not signed]
    S3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys [14112 2013-12-16] (TuneUp Software)
    S3 VBoxUSB; C:\Windows\System32\Drivers\VBoxUSB.sys [115208 2015-05-23] (Oracle Corporation)
    R0 vidsflt; C:\Windows\System32\DRIVERS\vidsflt.sys [130848 2015-02-08] (Acronis International GmbH)
    S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [35320 2015-01-16] (Microsoft Corporation)
    R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [258368 2015-01-16] (Microsoft Corporation)
    S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-01-16] (Microsoft Corporation)

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2015-09-27 03:30 - 2015-09-27 03:30 - 02192384 _____ (Farbar) C:\Users\Administrator\Downloads\FRST64.exe
    2015-09-26 20:17 - 2015-09-26 20:17 - 00002469 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat XI Pro.lnk
    2015-09-26 20:17 - 2015-09-26 20:17 - 00002080 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller XI.lnk
    2015-09-26 20:08 - 2015-09-26 20:09 - 00000747 _____ C:\WINDOWS\KB893803v2.log
    2015-09-26 16:44 - 2015-09-26 16:44 - 00002900 _____ C:\Users\Administrator\Desktop\JRT.txt
    2015-09-26 15:27 - 2015-09-26 15:27 - 00003292 _____ C:\WINDOWS\System32\Tasks\Restart Snagit
    2015-09-26 15:22 - 2015-09-26 15:22 - 00003820 _____ C:\WINDOWS\System32\Tasks\TechSmith Updater
    2015-09-26 15:19 - 2015-09-26 15:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TechSmith
    2015-09-26 15:03 - 2015-09-26 15:03 - 00001389 _____ C:\Users\Administrator\Desktop\AdwCleaner[C3].txt
    2015-09-26 13:28 - 2015-09-26 13:28 - 00002736 _____ C:\WINDOWS\system32\Drivers\fvstore.dat
    2015-09-26 13:23 - 2015-09-26 13:23 - 00000000 ____D C:\Users\Administrator\Downloads\ytd-video-downloader-4-7-2-es-en-br-fr-de-it-ar-ru-nl-pl-gr-tr-win
    2015-09-26 13:22 - 2015-09-26 13:22 - 11616432 _____ C:\Users\Administrator\Downloads\ytd-video-downloader-4-7-2-es-en-br-fr-de-it-ar-ru-nl-pl-gr-tr-win.exe
    2015-09-26 13:20 - 2015-09-26 13:20 - 00000000 ____D C:\Users\Administrator\Downloads\YTDSetup
    2015-09-26 13:17 - 2015-09-26 13:17 - 00113560 _____ (GreenTree Applications SRL) C:\Users\Administrator\Downloads\YTDSetup(1).exe
    2015-09-26 13:16 - 2015-09-26 13:16 - 00113560 _____ (GreenTree Applications SRL) C:\Users\Administrator\Downloads\YTDSetup.exe
    2015-09-26 12:39 - 2015-09-26 12:39 - 00001516 _____ C:\Users\Administrator\Desktop\MWB Scan.txt
    2015-09-26 03:16 - 2015-09-26 03:16 - 00002918 _____ C:\Users\Administrator\Desktop\Rogue killer report rk_42D6.tmp.txt
    2015-09-26 02:09 - 2015-09-26 02:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
    2015-09-26 02:06 - 2015-09-26 02:07 - 24702920 _____ (Adlice Software ) C:\Users\Administrator\Downloads\setup(1).exe
    2015-09-26 01:10 - 2015-09-26 01:10 - 00002218 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2014.lnk
    2015-09-26 01:10 - 2013-12-18 10:01 - 00040760 _____ (TuneUp Software) C:\WINDOWS\system32\TURegOpt.exe
    2015-09-26 01:10 - 2013-12-18 10:01 - 00029496 _____ (TuneUp Software) C:\WINDOWS\system32\authuitu.dll
    2015-09-26 01:10 - 2013-12-18 10:01 - 00025400 _____ (TuneUp Software) C:\WINDOWS\SysWOW64\authuitu.dll
    2015-09-26 01:09 - 2015-09-26 01:45 - 00000000 ____D C:\Program Files (x86)\TuneUp Utilities 2014
    2015-09-26 00:57 - 2015-09-26 00:57 - 18801736 _____ C:\Users\Administrator\Downloads\RogueKiller(1).exe
    2015-09-26 00:56 - 2015-09-26 00:57 - 21700168 _____ C:\Users\Administrator\Downloads\RogueKillerX64.exe
    2015-09-25 21:23 - 2015-09-25 21:24 - 00000000 ____D C:\Users\Administrator\Downloads\12337 WS
    2015-09-25 21:06 - 2015-09-25 21:31 - 00000000 ____D C:\Users\Administrator\Downloads\12337 Go
    2015-09-25 19:32 - 2015-09-25 21:31 - 00000000 ____D C:\Users\Administrator\Downloads\12337 Adv
    2015-09-25 18:47 - 2015-09-25 18:47 - 00311432 _____ C:\Users\Administrator\Downloads\JDownloader2Setup(2).exe
    2015-09-25 18:46 - 2015-09-25 18:46 - 00351304 _____ C:\Users\Administrator\Downloads\JDownloader2Setup(1).exe
    2015-09-25 18:42 - 2015-09-25 18:42 - 00342184 _____ C:\Users\Administrator\Downloads\JDownloader2Setup.exe
    2015-09-25 18:35 - 2015-09-25 18:39 - 209715200 _____ C:\Users\Administrator\Downloads\12337_Adv.part2.rar
    2015-09-25 18:30 - 2015-09-25 18:35 - 209715200 _____ C:\Users\Administrator\Downloads\12337_Adv.part1.rar
    2015-09-24 14:10 - 2015-09-24 14:10 - 00042094 _____ C:\Users\Administrator\Downloads\net.pikanji.recentlyaddedcontacts-0.apk
    2015-09-23 04:56 - 2015-09-23 05:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lexmark X1100 Series
    2015-09-23 04:56 - 2015-09-23 04:56 - 00537256 _____ ( ) C:\WINDOWS\SysWOW64\lxbkcoms.exe
    2015-09-23 04:56 - 2015-09-23 04:56 - 00385704 _____ ( ) C:\WINDOWS\SysWOW64\lxbkih.exe
    2015-09-23 04:56 - 2015-09-23 04:56 - 00381608 _____ ( ) C:\WINDOWS\SysWOW64\lxbkcfg.exe
    2015-09-23 04:56 - 2015-09-23 04:56 - 00180904 _____ ( ) C:\WINDOWS\SysWOW64\lxbkppls.exe
    2015-09-23 04:56 - 2015-09-23 04:56 - 00000000 ____D C:\Program Files\Lexmark X1100 Series
    2015-09-23 04:56 - 2015-09-23 04:56 - 00000000 ____D C:\Program Files (x86)\Lexmark X1100 Series
    2015-09-23 04:56 - 2008-02-19 09:04 - 00001525 _____ C:\WINDOWS\SysWOW64\lxbk.loc
    2015-09-23 04:56 - 2006-11-30 16:02 - 00072192 _____ (Lexmark International, Inc.) C:\WINDOWS\system32\lxbkinsr.dll
    2015-09-23 04:56 - 2006-11-30 15:47 - 00177664 _____ (Lexmark International, Inc.) C:\WINDOWS\system32\lxbkins.dll
    2015-09-23 04:56 - 2006-11-30 15:47 - 00135168 _____ (Lexmark International Inc.) C:\WINDOWS\system32\lxbkinsb.dll
    2015-09-23 04:56 - 2006-11-30 13:42 - 00458752 _____ (Lexmark International Inc.) C:\WINDOWS\SysWOW64\lxbkjswr.dll
    2015-09-23 04:56 - 2006-11-30 13:42 - 00094208 _____ (Lexmark International Inc.) C:\WINDOWS\SysWOW64\lxbkcur.dll
    2015-09-23 04:56 - 2006-11-30 13:42 - 00086016 _____ (Lexmark International, Inc.) C:\WINDOWS\SysWOW64\lxbkinsr.dll
    2015-09-23 04:56 - 2006-11-30 13:35 - 00155648 _____ (Lexmark International Inc.) C:\WINDOWS\SysWOW64\lxbkinsb.dll
    2015-09-23 04:56 - 2006-11-30 13:35 - 00131072 _____ (Lexmark International, Inc.) C:\WINDOWS\SysWOW64\lxbkins.dll
    2015-09-23 04:56 - 2006-11-30 13:34 - 00413696 _____ C:\WINDOWS\SysWOW64\lxbkutil.dll
    2015-09-23 04:56 - 2006-11-30 13:34 - 00073728 _____ (Lexmark International Inc.) C:\WINDOWS\SysWOW64\lxbkcu.dll
    2015-09-23 04:56 - 2006-11-09 20:28 - 00073728 _____ (Lexmark International) C:\WINDOWS\SysWOW64\LXBKcfg.dll
    2015-09-23 04:56 - 2006-11-06 17:32 - 00194048 _____ C:\WINDOWS\system32\LXBKinst.dll
    2015-09-23 04:56 - 2006-11-06 17:05 - 00305152 _____ ( ) C:\WINDOWS\system32\LXBKhcp.dll
    2015-09-23 04:56 - 2006-11-06 16:37 - 00643072 _____ ( ) C:\WINDOWS\SysWOW64\lxbkpmui.dll
    2015-09-23 04:56 - 2006-11-06 16:35 - 01224704 _____ ( ) C:\WINDOWS\SysWOW64\lxbkserv.dll
    2015-09-23 04:56 - 2006-11-06 16:28 - 00421888 _____ ( ) C:\WINDOWS\SysWOW64\lxbkcomm.dll
    2015-09-23 04:56 - 2006-11-06 16:26 - 00585728 _____ ( ) C:\WINDOWS\SysWOW64\lxbklmpm.dll
    2015-09-23 04:56 - 2006-11-06 16:25 - 00274432 _____ C:\WINDOWS\SysWOW64\LXBKinst.dll
    2015-09-23 04:56 - 2006-11-06 16:24 - 00397312 _____ ( ) C:\WINDOWS\SysWOW64\lxbkiesc.dll
    2015-09-23 04:56 - 2006-11-06 16:21 - 00094208 _____ ( ) C:\WINDOWS\SysWOW64\lxbkpplc.dll
    2015-09-23 04:56 - 2006-11-06 16:20 - 00684032 _____ ( ) C:\WINDOWS\SysWOW64\lxbkcomc.dll
    2015-09-23 04:56 - 2006-11-06 16:20 - 00163840 _____ ( ) C:\WINDOWS\SysWOW64\lxbkprox.dll
    2015-09-23 04:56 - 2006-11-06 16:12 - 00413696 _____ ( ) C:\WINDOWS\SysWOW64\lxbkinpa.dll
    2015-09-23 04:56 - 2006-11-06 16:11 - 00991232 _____ ( ) C:\WINDOWS\SysWOW64\lxbkusb1.dll
    2015-09-23 04:56 - 2006-11-06 16:07 - 00696320 _____ ( ) C:\WINDOWS\SysWOW64\lxbkhbn3.dll
    2015-09-23 04:56 - 2006-09-18 11:23 - 00983101 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\lxbkgf.dll
    2015-09-23 04:07 - 2015-09-23 04:48 - 00003190 _____ C:\lxbk.log
    2015-09-23 03:57 - 2015-09-23 03:59 - 1712016608 _____ C:\Users\Administrator\Downloads\Cometrep2015.tiff
    2015-09-23 03:41 - 2015-09-23 03:41 - 38808920 _____ (Microsoft Corporation) C:\Users\Administrator\Downloads\FileFormatConverters.exe
    2015-09-22 23:54 - 2015-09-22 23:54 - 01800512 _____ (Malwarebytes) C:\Users\Administrator\Downloads\JRT(1).exe
    2015-09-22 23:54 - 2015-09-22 23:54 - 01662976 _____ C:\Users\Administrator\Downloads\adwcleaner_5.008.exe
    2015-09-19 01:16 - 2015-09-19 01:18 - 00000000 ____D C:\WINDOWS\LastGood.Tmp
    2015-09-16 22:05 - 2015-09-16 22:05 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Sun
    2015-09-16 22:05 - 2015-09-16 22:05 - 00000000 ____D C:\Users\Administrator\.oracle_jre_usage
    2015-09-16 22:02 - 2015-09-16 22:02 - 00584288 _____ (Oracle Corporation) C:\Users\Administrator\Downloads\jxpiinstall.exe
    2015-09-07 04:11 - 2015-09-07 04:11 - 00929360 _____ (Google Inc.) C:\Users\Administrator\Downloads\ChromeSetup(1).exe
    2015-09-06 00:47 - 2015-09-06 00:47 - 00000000 ____D C:\WINDOWS\Minidump
    2015-09-02 21:32 - 2015-09-02 21:32 - 00000000 ____D C:\WINDOWS\System32\Tasks\COMODO
    2015-09-02 21:32 - 2015-09-02 21:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\COMODO
    2015-09-02 21:31 - 2015-09-27 03:31 - 01474832 _____ C:\WINDOWS\system32\Drivers\sfi.dat
    2015-09-02 21:27 - 2015-09-02 21:32 - 00000000 ____D C:\ProgramData\Comodo
    2015-09-02 20:46 - 2015-09-02 20:49 - 226558984 _____ (COMODO) C:\Users\Administrator\Downloads\cispremium_installer.exe
    2015-09-02 19:21 - 2015-09-27 01:47 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
    2015-09-02 00:44 - 2015-09-02 00:44 - 01654272 _____ C:\Users\Administrator\Downloads\adwcleaner_5.005.exe
    2015-09-01 23:01 - 2015-09-01 23:01 - 01057320 _____ C:\Users\Administrator\Desktop\Sept 2015 Complete Config Working.cfgx
    2015-09-01 20:28 - 2015-08-05 02:32 - 00007471 _____ C:\WINDOWS\system32\Drivers\inspect.cat
    2015-09-01 20:09 - 2015-09-01 20:09 - 00003028 _____ C:\WINDOWS\System32\Tasks\{31DDBD37-5DB7-4030-8064-10B0CAA806C3}
    2015-09-01 18:18 - 2015-09-01 18:44 - 00127955 _____ C:\zoek-results.log
    2015-09-01 17:55 - 2015-09-01 17:55 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\AVAST Software
    2015-09-01 17:52 - 2015-09-26 02:09 - 00037624 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
    2015-09-01 17:52 - 2015-09-01 19:17 - 00000000 ____D C:\ProgramData\RogueKiller
    2015-09-01 17:51 - 2015-09-26 02:09 - 00000000 ____D C:\Program Files\RogueKiller
    2015-09-01 17:51 - 2015-09-01 17:51 - 03824464 _____ (AVAST Software) C:\Users\Administrator\Downloads\avast-browser-cleanup-sfx.exe
    2015-09-01 17:50 - 2015-09-01 17:51 - 24659208 _____ (Adlice Software ) C:\Users\Administrator\Downloads\setup.exe
    2015-09-01 17:50 - 2015-09-01 17:50 - 00000000 ____D C:\zoek_backup
    2015-09-01 16:05 - 2015-09-01 16:05 - 00000000 ____D C:\Program Files (x86)\JMicron
    2015-09-01 16:04 - 2015-09-01 16:04 - 00000000 ____D C:\WINDOWS\SysWOW64\SDA
    2015-09-01 15:49 - 2015-09-01 15:49 - 00203352 _____ (JMicron Technology Corporation) C:\WINDOWS\SysWOW64\jmcricon.dll
    2015-09-01 15:49 - 2015-09-01 15:49 - 00203352 _____ (JMicron Technology Corporation) C:\WINDOWS\system32\jmcricon.dll
    2015-09-01 15:49 - 2015-09-01 15:49 - 00174168 _____ (JMicron Technology Corporation) C:\WINDOWS\system32\Drivers\jmcr.sys
    2015-09-01 15:47 - 2015-09-01 15:48 - 01061384 _____ (Lenovo Group Limited ) C:\Users\Administrator\Downloads\6jx107ww.exe
    2015-09-01 15:46 - 2015-09-01 15:46 - 00826369 _____ C:\Users\Administrator\Downloads\jmb38x_windrv_r1.00.24_whql.zip
    2015-09-01 06:17 - 2015-09-01 06:17 - 00000000 ____D C:\WINDOWS\pss
    2015-09-01 05:31 - 2015-09-01 05:32 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\Administrator\Downloads\mbam-setup-2.1.8.1057 (1).exe
    2015-09-01 05:31 - 2015-09-01 05:31 - 29593968 _____ (Sony Mobile Communications ) C:\Users\Administrator\Downloads\SonyPCCompanion_Web.exe
    2015-09-01 05:29 - 2015-09-01 05:29 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\Administrator\Downloads\mbam-setup-2.1.8.1057.exe
    2015-08-31 18:26 - 2015-08-31 18:26 - 51076312 _____ (Microsoft Corporation) C:\Users\Administrator\Downloads\Windows-KB890830-x64-V5.27.exe
    2015-08-31 17:37 - 2015-08-31 16:55 - 00000000 ___DC C:\WINDOWS\Panther
    2015-08-31 17:35 - 2015-08-31 17:35 - 00262144 _____ C:\WINDOWS\system32\config\userdiff
    2015-08-31 17:32 - 2015-08-31 17:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hyper-V Management Tools
    2015-08-31 17:32 - 2015-08-31 17:32 - 00000000 ____D C:\Program Files\Reference Assemblies
    2015-08-31 17:32 - 2015-08-31 17:32 - 00000000 ____D C:\Program Files\MSBuild
    2015-08-31 17:32 - 2015-08-31 17:32 - 00000000 ____D C:\Program Files\Hyper-V
    2015-08-31 17:32 - 2015-08-31 17:32 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies
    2015-08-31 17:32 - 2015-08-31 17:32 - 00000000 ____D C:\Program Files (x86)\MSBuild
    2015-08-31 17:31 - 2015-08-31 17:31 - 00024576 _____ (Microsoft Corporation) C:\WINDOWS\system32\sdbinst.exe
    2015-08-31 17:31 - 2015-08-31 17:31 - 00021504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sdbinst.exe
    2015-08-31 17:31 - 2015-08-31 05:58 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
    2015-08-31 17:31 - 2015-08-31 05:57 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
    2015-08-31 17:31 - 2015-02-08 03:38 - 00778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll
    2015-08-31 17:31 - 2015-02-08 03:38 - 00102608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
    2015-08-31 17:31 - 2015-02-08 03:34 - 01166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
    2015-08-31 17:31 - 2015-02-08 03:33 - 00124112 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
    2015-08-31 17:30 - 2015-08-31 17:30 - 00028672 ___SH C:\WINDOWS\system32\config\BCD-Template.LOG
    2015-08-31 16:56 - 2015-08-31 16:56 - 00001453 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
    2015-08-31 16:55 - 2015-08-31 16:55 - 00000020 ___SH C:\Users\Administrator\ntuser.ini
    2015-08-31 16:53 - 2015-08-31 16:53 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_tcwbf_01_09_00.Wdf
    2015-08-31 16:53 - 2015-08-31 16:53 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_WinUSB_01009.Wdf
    2015-08-31 16:53 - 2015-08-31 16:53 - 00000000 ____D C:\Program Files\AuthenTec
    2015-08-31 08:35 - 2015-09-27 00:52 - 01130480 _____ C:\WINDOWS\WindowsUpdate.log
    2015-08-31 08:34 - 2015-08-31 08:34 - 00022744 _____ C:\WINDOWS\system32\emptyregdb.dat
    2015-08-31 08:08 - 2015-08-31 08:08 - 00001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
    2015-08-31 08:08 - 2015-08-31 08:08 - 00000000 ____D C:\Users\Default\AppData\Local\Google
    2015-08-31 08:08 - 2015-08-31 08:08 - 00000000 ____D C:\Users\Default User\AppData\Local\Google
    2015-08-31 07:53 - 2015-08-31 08:10 - 00000000 ____D C:\WINDOWS\system32\config\bbimigrate
    2015-08-31 07:50 - 2015-08-31 08:34 - 00036198 _____ C:\WINDOWS\diagwrn.xml
    2015-08-31 07:50 - 2015-08-31 08:34 - 00036198 _____ C:\WINDOWS\diagerr.xml
    2015-08-31 07:50 - 2015-08-31 08:30 - 00000000 ____D C:\Users\dale
    2015-08-31 07:50 - 2015-01-16 22:48 - 00000000 ___RD C:\Users\dale\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
    2015-08-31 07:50 - 2014-11-21 17:14 - 00000000 ___RD C:\Users\dale\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
    2015-08-31 07:50 - 2014-11-21 17:14 - 00000000 ___RD C:\Users\dale\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
    2015-08-31 07:50 - 2014-11-21 09:48 - 00000369 _____ C:\Users\dale\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
    2015-08-31 07:50 - 2014-11-21 09:48 - 00000369 _____ C:\Users\dale\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
    2015-08-31 07:50 - 2013-08-22 17:36 - 00000000 ____D C:\Users\dale\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
    2015-08-31 07:49 - 2015-09-26 14:59 - 00000000 ____D C:\Users\Administrator
    2015-08-31 07:49 - 2015-01-16 22:48 - 00000000 ___RD C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
    2015-08-31 07:49 - 2014-11-21 17:14 - 00000000 ___RD C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
    2015-08-31 07:49 - 2014-11-21 17:14 - 00000000 ___RD C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
    2015-08-31 07:49 - 2014-11-21 09:48 - 00000369 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
    2015-08-31 07:49 - 2014-11-21 09:48 - 00000369 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
    2015-08-31 07:49 - 2013-08-22 17:36 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
    2015-08-31 07:40 - 2015-09-19 01:18 - 00000000 ____D C:\WINDOWS\SysWOW64\RTCOM
    2015-08-31 07:40 - 2015-08-31 07:40 - 00000000 ____H C:\ProgramData\DP45977C.lfl
    2015-08-31 07:40 - 2015-08-31 07:40 - 00000000 ____D C:\Program Files\Realtek
    2015-08-31 06:12 - 2015-08-31 08:34 - 00006604 _____ C:\WINDOWS\comsetup.log
    2015-08-30 09:57 - 2015-08-30 09:58 - 00087701 _____ C:\Users\Administrator\Downloads\Addition.txt
    2015-08-30 09:54 - 2015-09-27 03:31 - 00040027 _____ C:\Users\Administrator\Downloads\FRST.txt
    2015-08-29 23:46 - 2015-08-29 23:46 - 00407813 _____ C:\Users\Administrator\Downloads\B00TFORUM8.htm
    2015-08-29 23:17 - 2015-09-27 03:31 - 00000000 ____D C:\FRST
     
  14. Califauna

    Califauna TS Rookie Topic Starter Posts: 20

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2015-09-27 03:00 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\system32\sru
    2015-09-27 02:43 - 2015-02-08 16:09 - 00000924 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
    2015-09-27 02:17 - 2015-02-08 16:08 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\ClassicShell
    2015-09-27 01:59 - 2015-02-08 14:08 - 00003596 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2273160904-4274275969-784373220-500
    2015-09-27 01:40 - 2015-07-28 08:49 - 00000000 ____D C:\Users\Administrator\Desktop\Cayman 2015
    2015-09-27 00:42 - 2013-08-22 16:46 - 00461985 _____ C:\WINDOWS\setupact.log
    2015-09-26 20:45 - 2015-02-18 17:53 - 00022196 _____ C:\WINDOWS\error.log
    2015-09-26 20:45 - 2015-02-08 16:09 - 00000920 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
    2015-09-26 20:45 - 2013-08-22 16:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
    2015-09-26 20:45 - 2013-08-22 16:44 - 00538864 _____ C:\WINDOWS\system32\FNTCACHE.DAT
    2015-09-26 20:44 - 2015-02-18 17:53 - 00006413 _____ C:\WINDOWS\errord.log
    2015-09-26 20:44 - 2015-02-08 14:12 - 00000012 _____ C:\WINDOWS\CUAppUsage.Dat
    2015-09-26 20:44 - 2014-11-21 09:29 - 00046038 _____ C:\WINDOWS\PFRO.log
    2015-09-26 20:43 - 2015-02-08 17:03 - 00000000 ____D C:\Users\Administrator\AppData\Local\CrashDumps
    2015-09-26 20:35 - 2015-07-04 00:08 - 00233984 ___SH C:\Users\Administrator\Desktop\Thumbs.db
    2015-09-26 20:24 - 2015-02-08 19:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OFFICE SOFTWARE
    2015-09-26 20:23 - 2015-02-08 16:22 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe
    2015-09-26 20:17 - 2012-09-23 20:43 - 00055432 _____ (Adobe Systems Inc) C:\WINDOWS\system32\AdobePDF.dll
    2015-09-26 20:17 - 2012-09-23 20:43 - 00026768 _____ (Adobe Systems Inc.) C:\WINDOWS\system32\AdobePDFUI.dll
    2015-09-26 20:14 - 2015-02-08 16:20 - 00000000 ____D C:\ProgramData\Adobe
    2015-09-26 20:14 - 2015-02-08 16:20 - 00000000 ____D C:\Program Files (x86)\Adobe
    2015-09-26 18:56 - 2015-02-08 13:50 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Adobe
    2015-09-26 15:08 - 2015-02-08 19:25 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SECURITY
    2015-09-26 14:59 - 2015-07-06 13:39 - 00000000 ____D C:\AdwCleaner
    2015-09-26 13:28 - 2014-03-25 22:36 - 00000000 ___HD C:\VTRoot
    2015-09-26 12:26 - 2015-06-28 03:59 - 00113880 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
    2015-09-26 04:13 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\Web
    2015-09-26 01:35 - 2013-08-22 15:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
    2015-09-26 01:21 - 2015-02-08 16:45 - 00000000 ____D C:\ProgramData\TuneUp Software
    2015-09-26 00:55 - 2015-02-26 16:16 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Mp3tag
    2015-09-26 00:28 - 2014-11-21 09:38 - 01176620 _____ C:\WINDOWS\system32\PerfStringBackup.INI
    2015-09-25 21:41 - 2015-02-08 22:59 - 00000000 ____D C:\Users\Administrator\AppData\Local\JDownloader 2.0
    2015-09-25 21:11 - 2015-02-08 19:25 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DOWNLOADING GENERAL
    2015-09-25 14:49 - 2015-02-08 15:02 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Skype
    2015-09-23 05:11 - 2015-07-08 13:30 - 00513536 ___SH C:\Users\Administrator\Downloads\Thumbs.db
    2015-09-23 05:08 - 2015-02-09 02:01 - 00000232 _____ C:\WINDOWS\Lexstat.ini
    2015-09-23 04:57 - 2015-02-09 01:59 - 00003863 _____ C:\WINDOWS\system32\LexFiles.ulf
    2015-09-23 04:56 - 2015-02-09 02:01 - 00233128 _____ ( ) C:\WINDOWS\system32\lxbkih.exe
    2015-09-23 04:56 - 2007-02-28 13:59 - 00358400 _____ (Lexmark International, Inc.) C:\WINDOWS\system32\lxbkdrs.dll
    2015-09-23 04:56 - 2005-09-13 16:27 - 00054784 _____ C:\WINDOWS\system32\lxbkcnv4.dll
    2015-09-23 04:55 - 2015-02-09 02:01 - 00565928 _____ ( ) C:\WINDOWS\system32\lxbkcoms.exe
    2015-09-23 04:55 - 2015-02-09 02:01 - 00235688 _____ ( ) C:\WINDOWS\system32\lxbkcfg.exe
    2015-09-23 04:54 - 2015-02-09 02:01 - 01417728 _____ ( ) C:\WINDOWS\system32\lxbkserv.dll
    2015-09-23 04:54 - 2015-02-09 02:01 - 01099264 _____ ( ) C:\WINDOWS\system32\lxbkusb1.dll
    2015-09-23 04:54 - 2015-02-09 02:01 - 00695808 _____ ( ) C:\WINDOWS\system32\lxbkcomc.dll
    2015-09-23 04:54 - 2015-02-09 02:01 - 00659456 _____ ( ) C:\WINDOWS\system32\lxbkhbn3.dll
    2015-09-23 04:54 - 2015-02-09 02:01 - 00567808 _____ C:\WINDOWS\system32\lxbkutil.dll
    2015-09-23 04:54 - 2015-02-09 02:01 - 00487424 _____ ( ) C:\WINDOWS\system32\lxbklmpm.dll
    2015-09-23 04:54 - 2015-02-09 02:01 - 00443392 _____ (Lexmark International Inc.) C:\WINDOWS\system32\lxbkjswr.dll
    2015-09-23 04:54 - 2015-02-09 02:01 - 00417792 _____ C:\WINDOWS\system32\lxbkcoin.dll
    2015-09-23 04:54 - 2015-02-09 02:01 - 00409600 _____ ( ) C:\WINDOWS\system32\lxbkpmui.dll
    2015-09-23 04:54 - 2015-02-09 02:01 - 00249856 _____ ( ) C:\WINDOWS\system32\lxbkcomm.dll
    2015-09-23 04:54 - 2015-02-09 02:01 - 00238592 _____ ( ) C:\WINDOWS\system32\lxbkinpa.dll
    2015-09-23 04:54 - 2015-02-09 02:01 - 00226816 _____ ( ) C:\WINDOWS\system32\lxbkiesc.dll
    2015-09-23 04:54 - 2015-02-09 02:01 - 00109056 _____ () C:\WINDOWS\system32\lxbkvs.dll
    2015-09-23 04:54 - 2015-02-09 02:01 - 00079360 _____ (Lexmark International Inc.) C:\WINDOWS\system32\lxbkcu.dll
    2015-09-23 04:54 - 2015-02-09 02:01 - 00077824 _____ (Lexmark International Inc.) C:\WINDOWS\system32\lxbkcur.dll
    2015-09-23 04:54 - 2015-02-09 02:01 - 00062464 _____ (Lexmark International) C:\WINDOWS\system32\lxbkcfg.dll
    2015-09-23 04:54 - 2015-02-09 02:01 - 00035328 _____ ( ) C:\WINDOWS\system32\lxbkprox.dll
    2015-09-23 04:54 - 2015-02-09 02:01 - 00010752 _____ ( ) C:\WINDOWS\system32\lxbkpplc.dll
    2015-09-23 04:02 - 2014-11-21 10:12 - 00103936 _____ (Microsoft Corporation) C:\WINDOWS\system32\wiafbdrv.dll
    2015-09-23 04:02 - 2014-11-21 10:12 - 00044544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbscan.sys
    2015-09-23 04:00 - 2015-02-08 23:37 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Audacity
    2015-09-23 03:47 - 2015-04-01 13:09 - 00000000 ____D C:\Users\Administrator\Documents\My PSP Files
    2015-09-23 03:09 - 2015-02-08 16:22 - 00000000 ____D C:\Users\Administrator\AppData\Local\Adobe
    2015-09-23 03:03 - 2015-05-05 20:29 - 00206080 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\ssudmdm.sys
    2015-09-23 03:03 - 2015-05-05 20:29 - 00110336 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\ssudbus.sys
    2015-09-23 02:13 - 2013-08-22 16:46 - 00001571 _____ C:\WINDOWS\setuperr.log
    2015-09-22 23:19 - 2015-04-17 21:38 - 00000000 ____D C:\Users\Administrator\dwhelper
    2015-09-22 23:03 - 2015-02-11 04:55 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\vlc
    2015-09-17 00:20 - 2015-02-08 16:09 - 00000000 ____D C:\Users\Administrator\AppData\Local\Google
    2015-09-16 22:28 - 2015-04-24 13:05 - 00000000 ____D C:\ProgramData\Oracle
    2015-09-16 22:07 - 2015-04-24 13:04 - 00000000 ____D C:\Program Files (x86)\Java
    2015-09-16 22:06 - 2015-04-24 13:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
    2015-09-16 22:04 - 2015-04-24 13:06 - 00097888 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
    2015-09-16 09:38 - 2015-02-08 16:09 - 00003896 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
    2015-09-16 09:38 - 2015-02-08 16:09 - 00003660 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
    2015-09-15 07:06 - 2015-02-08 15:31 - 00003112 _____ C:\WINDOWS\System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-2273160904-4274275969-784373220-500
    2015-09-15 07:06 - 2015-02-08 15:31 - 00000000 ___RD C:\Users\Administrator\OneDrive
    2015-09-09 20:48 - 2015-04-11 16:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
    2015-09-07 17:48 - 2015-02-08 16:56 - 00000000 ____D C:\Program Files (x86)\SpeedFan
    2015-09-06 00:47 - 2015-07-11 23:52 - 00095744 ____N C:\WINDOWS\Minidump\090615-25765-01.dmp
    2015-09-03 13:52 - 2015-08-05 01:29 - 00579408 _____ (COMODO) C:\WINDOWS\system32\guard64.dll
    2015-09-03 13:52 - 2015-08-05 01:29 - 00445472 _____ (COMODO) C:\WINDOWS\SysWOW64\guard32.dll
    2015-09-02 21:31 - 2015-02-08 13:25 - 00000000 ____D C:\Program Files\COMODO
    2015-09-01 21:36 - 2011-05-18 08:08 - 00047616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dc3d.sys
    2015-09-01 21:35 - 2015-05-21 00:10 - 02317104 _____ (Microsoft Corporation) C:\WINDOWS\system32\coin97itp.dll
    2015-09-01 21:34 - 2015-05-21 00:07 - 02317104 _____ (Microsoft Corporation) C:\WINDOWS\system32\coin97ip.dll
    2015-09-01 06:45 - 2015-02-08 16:11 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
    2015-09-01 06:24 - 2015-02-09 19:04 - 00164034 _____ C:\WINDOWS\DPINST.LOG
    2015-09-01 05:34 - 2015-06-28 03:59 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
    2015-09-01 05:33 - 2015-06-28 03:59 - 00109272 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
    2015-09-01 05:33 - 2015-06-28 03:59 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
    2015-09-01 05:33 - 2015-06-28 03:59 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
    2015-08-31 18:27 - 2015-02-08 05:13 - 132483416 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
    2015-08-31 17:36 - 2013-08-22 17:36 - 00262144 _____ C:\WINDOWS\system32\config\BCD-Template
    2015-08-31 17:35 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\system32\restore
    2015-08-31 17:32 - 2013-08-22 12:35 - 00220672 _____ (Microsoft Corporation) C:\WINDOWS\system32\RemoteFileBrowse.dll
    2015-08-31 17:32 - 2013-08-22 10:25 - 00533504 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmconnect.exe
    2015-08-31 17:32 - 2013-08-22 09:35 - 00144967 _____ C:\WINDOWS\system32\virtmgmt.msc
    2015-08-31 17:03 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\AppReadiness
    2015-08-31 16:53 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
    2015-08-31 16:42 - 2013-08-22 15:25 - 00262144 ___SH C:\WINDOWS\system32\config\ELAM
    2015-08-31 09:38 - 2015-07-17 22:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
    2015-08-31 08:38 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\rescache
    2015-08-31 08:35 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\Registration
    2015-08-31 08:32 - 2013-08-22 17:36 - 00000000 __RSD C:\WINDOWS\Media
    2015-08-31 08:32 - 2013-08-22 17:36 - 00000000 __RHD C:\Users\Public\Libraries
    2015-08-31 08:11 - 2015-06-25 00:40 - 00000000 ____D C:\WINDOWS\system32\RightClickFiles
    2015-08-31 08:11 - 2014-11-21 09:18 - 00000000 ____D C:\WINDOWS\ShellNew
    2015-08-31 08:10 - 2015-07-31 03:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CSR BlueSuite 2.5.0
    2015-08-31 08:10 - 2015-07-26 22:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
    2015-08-31 08:10 - 2015-07-10 12:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
    2015-08-31 08:10 - 2015-07-09 23:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Toontrack
    2015-08-31 08:10 - 2015-07-06 16:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
    2015-08-31 08:10 - 2015-07-06 01:23 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Android SDK Tools
    2015-08-31 08:10 - 2015-07-06 01:14 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Droid Explorer
    2015-08-31 08:10 - 2015-07-04 23:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
    2015-08-31 08:10 - 2015-07-04 15:49 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\R-Studio
    2015-08-31 08:10 - 2015-06-28 02:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hit'n'Mix
    2015-08-31 08:10 - 2015-05-27 21:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DarkAdapted
    2015-08-31 08:10 - 2015-05-19 22:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ABBYY FineReader 12
    2015-08-31 08:10 - 2015-04-30 13:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Andy
    2015-08-31 08:10 - 2015-04-19 22:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DB Browser for SQLite
    2015-08-31 08:10 - 2015-04-06 18:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Finale 2012
    2015-08-31 08:10 - 2015-04-01 13:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Jasc Software
    2015-08-31 08:10 - 2015-03-31 12:31 - 00000000 ____D C:\ProgramData\regid.1995-08.com.techsmith
    2015-08-31 08:10 - 2015-03-14 19:09 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BBC iPlayer
    2015-08-31 08:10 - 2015-03-01 20:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Chainer
    2015-08-31 08:10 - 2015-02-26 18:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EaseUS Todo Backup Advanced Server 7.5
    2015-08-31 08:10 - 2015-02-24 12:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Active@ File Recovery Professional
    2015-08-31 08:10 - 2015-02-08 22:28 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BROWSING
    2015-08-31 08:10 - 2015-02-08 19:25 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SYSTEM INTERNALS
    2015-08-31 08:10 - 2015-02-08 19:25 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PERFORMANCE & OVERCLOCKING
    2015-08-31 08:10 - 2015-02-08 19:25 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OTHER
    2015-08-31 08:10 - 2015-02-08 19:25 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AUDIO
    2015-08-31 08:10 - 2015-02-08 19:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VIDEO
    2015-08-31 08:10 - 2015-02-08 19:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MUSIC DOWNLOADING
    2015-08-31 08:10 - 2015-02-08 19:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ANDROID
    2015-08-31 08:08 - 2013-08-22 17:37 - 00005217 _____ C:\WINDOWS\DtcInstall.log
    2015-08-31 08:08 - 2013-08-22 15:36 - 00000000 __RHD C:\Users\Default
    2015-08-31 08:08 - 2013-08-22 15:36 - 00000000 ____D C:\Users\Default.migrated
    2015-08-31 08:07 - 2014-11-21 08:54 - 00000000 ____D C:\WINDOWS\SysWOW64\WCN
    2015-08-31 08:07 - 2014-11-21 08:54 - 00000000 ____D C:\WINDOWS\SysWOW64\sysprep
    2015-08-31 08:07 - 2014-11-21 08:54 - 00000000 ____D C:\WINDOWS\system32\WCN
    2015-08-31 08:07 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\SysWOW64\MUI
    2015-08-31 08:07 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\system32\spool
    2015-08-31 08:07 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\system32\NDF
    2015-08-31 08:07 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\system32\MUI
    2015-08-31 08:07 - 2013-08-22 15:36 - 00000000 ____D C:\WINDOWS\SysWOW64\SMI
    2015-08-31 08:06 - 2015-02-13 05:16 - 00000000 ____D C:\WINDOWS\system32\appmgmt
    2015-08-31 08:05 - 2015-07-25 17:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeraByte Unlimited
    2015-08-31 08:05 - 2015-07-25 14:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acronis
    2015-08-31 08:05 - 2015-07-01 00:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MeldaProduction
    2015-08-31 08:05 - 2015-06-24 23:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MOBILE
    2015-08-31 08:05 - 2015-06-20 18:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cycling '74
    2015-08-31 08:05 - 2015-05-18 17:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID
    2015-08-31 08:05 - 2015-03-21 12:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MediaHint
    2015-08-31 08:05 - 2015-02-08 19:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WINDOWS CUSTOMISATION
    2015-08-31 08:05 - 2015-02-08 19:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VIRTUALISATION
    2015-08-31 08:05 - 2015-02-08 19:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VIDEO DOWNLOADING
    2015-08-31 08:05 - 2015-02-08 19:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SYNCHRONISATION
    2015-08-31 08:05 - 2015-02-08 19:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MUSIC SOFTWARE
    2015-08-31 08:05 - 2015-02-08 19:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FILE MANAGEMENT
    2015-08-31 08:05 - 2015-02-08 19:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DEVICE DRIVERS AND SUITES
    2015-08-31 08:05 - 2015-02-08 19:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CLOUD
    2015-08-31 08:05 - 2013-08-22 17:43 - 00000000 ____D C:\WINDOWS\DigitalLocker
    2015-08-31 08:05 - 2013-08-22 17:36 - 00000000 __SHD C:\Program Files (x86)\Windows Sidebar
    2015-08-31 08:05 - 2013-08-22 17:36 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
    2015-08-31 08:05 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\InputMethod
    2015-08-31 08:05 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\Help
    2015-08-31 08:05 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\FileManager
    2015-08-31 08:05 - 2013-08-22 17:36 - 00000000 ____D C:\Program Files (x86)\WindowsPowerShell
    2015-08-31 08:04 - 2015-02-09 01:47 - 00000000 ____D C:\Program Files\NVIDIA Corporation
    2015-08-31 08:04 - 2013-08-22 17:36 - 00000000 __SHD C:\Program Files\Windows Sidebar
    2015-08-31 08:04 - 2013-08-22 17:36 - 00000000 ____D C:\Program Files\WindowsPowerShell
    2015-08-31 08:04 - 2013-08-22 17:36 - 00000000 ____D C:\Program Files\Common Files\System
    2015-08-31 08:04 - 2013-08-22 17:36 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
    2015-08-31 07:53 - 2015-02-08 05:15 - 00000000 ____D C:\Users\dale\AppData\Local\Packages
    2015-08-31 07:53 - 2013-08-22 17:36 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy
    2015-08-31 07:53 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\system32\Recovery
    2015-08-31 07:52 - 2015-06-29 18:24 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\XLN Audio
    2015-08-31 07:52 - 2015-06-27 01:45 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\4Front
    2015-08-31 07:52 - 2015-02-09 00:07 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\STREAMING
    2015-08-31 07:52 - 2015-02-09 00:01 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LINGUISTICS
    2015-08-31 07:52 - 2015-02-09 00:00 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NETWORKING AND TOOLS
    2015-08-31 07:52 - 2015-02-08 22:41 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DOCUMENT CONVERSION
    2015-08-31 07:52 - 2015-02-08 22:29 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WINDOWS INTERACTION
    2015-08-31 07:52 - 2015-02-08 19:25 - 00000000 ___RD C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WEB BROWSING
    2015-08-31 07:52 - 2015-02-08 19:25 - 00000000 ___RD C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MEDIA PLAYERS
    2015-08-31 07:52 - 2015-02-08 19:25 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MUSIC MANAGEMENT
    2015-08-31 07:52 - 2015-02-08 19:25 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\INSTALLATION MANAGEMENT
    2015-08-31 07:52 - 2015-02-08 19:25 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HDD TOOLS
    2015-08-31 07:52 - 2015-02-08 19:25 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GRAPHIC DESIGN
    2015-08-31 07:52 - 2015-02-08 19:25 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CODING
    2015-08-31 07:52 - 2015-02-08 19:25 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BACKUP
    2015-08-31 07:52 - 2015-02-08 13:50 - 00000000 ____D C:\Users\Administrator\AppData\Local\Packages
    2015-08-31 07:43 - 2014-03-18 08:25 - 00000000 __SHD C:\Recovery
    2015-08-31 07:43 - 2013-08-22 15:36 - 00000000 ____D C:\WINDOWS\system32\Sysprep
    2015-08-31 06:27 - 2015-02-08 05:14 - 01709067 _____ C:\WINDOWS\WindowsUpdate (1).log
    2015-08-31 06:22 - 2014-03-18 09:21 - 00008192 __RSH C:\BOOTSECT.BAK
    2015-08-31 02:01 - 2015-07-31 11:51 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sony Ericsson
    2015-08-31 02:01 - 2015-07-31 11:50 - 00000000 ____D C:\Program Files (x86)\Sony Ericsson
    2015-08-31 01:12 - 2015-02-08 14:56 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
    2015-08-31 00:58 - 2015-04-01 13:11 - 00000000 ____D C:\ProgramData\InstallShield
    2015-08-31 00:57 - 2015-08-05 22:33 - 00000000 ____D C:\Program Files\Common Files\EPSON
    2015-08-31 00:57 - 2015-08-05 22:27 - 00000000 ____D C:\ProgramData\EPSON
    2015-08-31 00:56 - 2014-03-18 03:24 - 00000000 __RHD C:\MSOCache
    2015-08-30 09:55 - 2015-07-08 21:32 - 00014046 _____ C:\Users\Administrator\Desktop\hijackthis.log
    2015-08-29 22:09 - 2015-08-14 17:55 - 00000000 ____D C:\Program Files (x86)\EPSON
    2015-08-29 22:03 - 2015-08-14 17:51 - 00000000 ____D C:\Program Files (x86)\EPSON Software

    ==================== Files in the root of some directories =======

    2015-02-13 17:09 - 2015-02-13 17:19 - 1289216 _____ () C:\Program Files (x86)\JumplistLauncher.exe
    2015-02-13 17:20 - 2015-06-29 12:26 - 0005256 _____ () C:\Program Files (x86)\settings.dat
    2015-05-27 21:38 - 2015-05-27 21:45 - 0000539 _____ () C:\Users\Administrator\AppData\Roaming\DarkAdapted Preferences
    2015-02-08 23:42 - 2015-02-08 23:42 - 0118724 _____ () C:\Users\Administrator\AppData\Local\30FDB2F6_stp.CIS
    2015-02-08 23:42 - 2015-02-08 23:42 - 0000318 _____ () C:\Users\Administrator\AppData\Local\30FDB2F6_stp.CIS.part
    2015-06-12 16:27 - 2015-06-12 16:27 - 0003584 _____ () C:\Users\Administrator\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2015-02-12 10:43 - 2015-02-12 10:43 - 0000001 _____ () C:\Users\Administrator\AppData\Local\RawCopy.1.02.agreement
    2015-02-17 20:38 - 2015-02-17 20:38 - 0000055 _____ () C:\Users\Administrator\AppData\Local\RawCopy.savedialog.dir
    2015-02-12 10:47 - 2015-07-25 18:40 - 0000001 _____ () C:\Users\Administrator\AppData\Local\RawCopy.savedialog.filterindex
    2015-02-12 10:44 - 2015-07-25 18:39 - 0000001 _____ () C:\Users\Administrator\AppData\Local\RawCopy.sourcedisk.index
    2015-08-31 07:40 - 2015-08-31 07:40 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
    2015-05-05 18:14 - 2015-05-05 18:14 - 0010295 _____ () C:\ProgramData\regid.2011-06.com.youtubebyclick_3C521B99-9ACE-47EA-AC9F-26075467D03B.swidtag
    Description: License Activation (slui.exe) failed with the following error code:
    hr=0x8007007B
    Command-line arguments:
    RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=NetworkAvailable

    Error: (09/26/2015 07:52:24 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
    Description: License Activation (slui.exe) failed with the following error code:
    hr=0x8007007B
    Command-line arguments:
    RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=UserLogon;SessionId=1


    System errors:
    =============
    Error: (09/27/2015 12:05:06 AM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
    Description: 4

    Error: (09/26/2015 08:46:34 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
    Description: The HomeGroup Listener service terminated with the following service-specific error:
    %%2147944153

    Error: (09/26/2015 08:45:33 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The UAC File Virtualization service failed to start due to the following error:
    %%1275

    Error: (09/26/2015 07:51:47 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
    Description: The HomeGroup Listener service terminated with the following service-specific error:
    %%2147944153

    Error: (09/26/2015 07:50:48 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The UAC File Virtualization service failed to start due to the following error:
    %%1275

    Error: (09/26/2015 05:56:29 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
    Description: The HomeGroup Listener service terminated with the following service-specific error:
    %%2147944153

    Error: (09/26/2015 05:55:38 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The UAC File Virtualization service failed to start due to the following error:
    %%1275

    Error: (09/26/2015 04:49:47 PM) (Source: DCOM) (EventID: 10010) (User: Dales-PC)
    Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

    Error: (09/26/2015 04:00:22 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

    Error: (09/26/2015 04:00:21 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The Virtual Disk service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.


    CodeIntegrity:
    ===================================
    Date: 2015-09-27 02:35:39.886
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

    Date: 2015-09-27 01:52:17.098
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

    Date: 2015-09-26 23:32:09.948
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

    Date: 2015-09-26 20:49:28.476
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

    Date: 2015-09-26 19:57:14.380
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

    Date: 2015-09-26 18:06:48.740
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

    Date: 2015-09-26 17:59:16.302
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

    Date: 2015-09-26 16:53:39.802
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

    Date: 2015-09-26 16:19:41.017
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

    Date: 2015-09-26 15:43:30.298
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.


    ==================== Memory info ===========================

    Processor: Pentium(R) Dual-Core CPU T4200 @ 2.00GHz
    Percentage of memory in use: 59%
    Total physical RAM: 2936.88 MB
    Available physical RAM: 1198.14 MB
    Total Virtual: 5880.88 MB
    Available Virtual: 3313.47 MB

    ==================== Drives ================================

    Drive c: (Windows 8.1) (Fixed) (Total:232.88 GB) (Free:63.31 GB) NTFS ==>[drive with boot components (obtained from BCD)]

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: EA270E9A)
    Partition 1: (Active) - (Size=232.9 GB) - (Type=07 NTFS)

    ==================== End of Addition.txt ============================
     
  15. Broni

    Broni Malware Annihilator Posts: 52,915   +344

    You mixed FRST.txt and Addition.txt logs.
    Please post complete logs.
     
  16. Califauna

    Califauna TS Rookie Topic Starter Posts: 20

    Sorry.

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:23-09-2015
    Ran by Administrator (administrator) on DALES-PC (27-09-2015 03:31:38)
    Running from C:\Users\Administrator\Downloads
    Loaded Profiles: Administrator (Available Profiles: dale & Administrator)
    Platform: Windows 8.1 Pro (X64) Language: English (United States)
    Internet Explorer Version 11 (Default browser: FF)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    (COMODO) C:\Program Files\COMODO\COMODO Internet Security\CisTray.exe
    (Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe
    (COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
    () C:\Program Files\COMODO\COMODO Programs Manager\CPMservice.exe
    (CrypKey (Canada) Ltd.) C:\Windows\System32\Crypserv.exe
    (CHENGDU YIWO Tech Development Co., Ltd) C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe
    ( ) C:\Windows\System32\lxbkcoms.exe
    (Seagate) C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedul2.exe
    (Seagate) C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedhlp.exe
    (COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
    () C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe
    (Microsoft Corporation) C:\Windows\System32\vds.exe
    (COMODO) C:\Program Files\COMODO\COMODO Internet Security\cis.exe
    (IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
    (Microsoft Corporation) C:\Windows\System32\rundll32.exe
    (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe
    (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe


    ==================== Registry (Whitelisted) ===========================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13774552 2015-02-15] (Realtek Semiconductor)
    HKLM\...\Run: [Seagate Scheduler2 Service] => C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedhlp.exe [400720 2013-10-31] (Seagate)
    HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161984 2015-02-08] (IvoSoft)
    HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2585744 2015-07-06] (NVIDIA Corporation)
    HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
    HKLM\...\Run: [M-Audio Taskbar Icon] => C:\Windows\system32\M-AudioTaskBarIcon.exe [798216 2015-02-15] (Avid Technology, Inc.)
    HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472992 2013-03-21] (Adobe Systems Incorporated)
    HKLM\...\Run: [COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10}] => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1427648 2015-08-05] (COMODO)
    HKLM-x32\...\Run: [DiscWizardMonitor.exe] => C:\Program Files (x86)\Seagate\DiscWizard\DiscWizardMonitor.exe [6418376 2013-10-31] (Seagate)
    HKLM-x32\...\Run: [AcronisTibMounterMonitor] => C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe [1105184 2013-01-10] (Acronis)
    HKLM-x32\...\Run: [EaseUS EPM tray] => C:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.2\bin\EpmNews.exe [2089056 2015-02-17] (CHENGDU YIWO Tech Development Co., Ltd)
    HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2015-02-08] (Apple Inc.)
    HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [448856 2015-02-08] (DivX, LLC)
    HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2015-02-08] ()
    HKLM-x32\...\Run: [EaseUS EPM Tray Agent] => C:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.2\bin\TrayPopupE\TrayTipAgentE.exe [255072 2015-02-17] ()
    HKLM-x32\...\Run: [Andy] => C:\Program Files\Andy\HandyAndy.exe
    HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311616 2015-05-05] (Samsung Electronics Co., Ltd.)
    HKLM-x32\...\Run: [Bonus.SSR.FR12] => C:\Program Files (x86)\ABBYY FineReader 12\Bonus.ScreenshotReader.exe [1517088 2015-05-19] (ABBYY Production LLC.)
    HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597552 2015-09-16] (Oracle Corporation)
    HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [926896 2015-09-26] ()
    HKLM-x32\...\Run: [] => [X]
    HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3477640 2015-09-26] (Adobe Systems Inc.)
    HKU\S-1-5-21-2273160904-4274275969-784373220-500\...\Run: [ClipboardHistory] => C:\Program Files (x86)\ClipboardHistory\ClipboardHistory.exe [506728 2015-02-08] (Outertech)
    HKU\S-1-5-21-2273160904-4274275969-784373220-500\...\Run: [KiesPreload] => C:\Program Files (x86)\Samsung\Kies\Kies.exe [1566016 2015-05-05] (Samsung)
    HKU\S-1-5-21-2273160904-4274275969-784373220-500\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22344224 2015-07-29] (Google)
    HKU\S-1-5-21-2273160904-4274275969-784373220-500\...\Run: [JumplistWatcher] => C:\Program Files (x86)\JumplistExtender\T7EBackground.exe [622592 2015-02-08] (Marco Zafra)
    HKU\S-1-5-21-2273160904-4274275969-784373220-500\...\Run: [DAEMON Tools Lite] => C:\Program Files\DAEMON Tools Lite\DTLite.exe [5583120 2015-02-27] (Disc Soft Ltd)
    HKU\S-1-5-21-2273160904-4274275969-784373220-500\...\Run: [TunnelBear] => C:\Program Files (x86)\TunnelBear\TBear.Client.exe [2588608 2015-04-25] (TunnelBear)
    HKU\S-1-5-21-2273160904-4274275969-784373220-500\...\Run: [Spotify Web Helper] => C:\Users\Administrator\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2020920 2015-05-05] (Spotify Ltd)
    HKU\S-1-5-21-2273160904-4274275969-784373220-500\...\Run: [Spotify] => C:\Users\Administrator\AppData\Roaming\Spotify\Spotify.exe [7168568 2015-05-05] (Spotify Ltd)
    HKU\S-1-5-21-2273160904-4274275969-784373220-500\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [53282944 2015-06-29] (Skype Technologies S.A.)
    HKU\S-1-5-21-2273160904-4274275969-784373220-500\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\x64\3\E_YATINFE.EXE /EPT "EPLTarget\P0000000000000000" /M "XP-225 Series"
    HKU\S-1-5-21-2273160904-4274275969-784373220-500\...\MountPoints2: {89bb100f-c06a-11e4-8293-001a7d0abf05} - "E:\Autoplay.exe" -auto
    ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-07-29] (Google)
    ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-07-29] (Google)
    ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-07-29] (Google)
    ShellIconOverlayIdentifiers: [0PerformanceMonitor] -> {3B5B973C-92A4-4855-9D3F-0F3D23332208} => No File
    ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20] (IvoSoft)
    ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-04-20] (IvoSoft)
    Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Core Temp.lnk [2015-02-08]
    ShortcutTarget: Core Temp.lnk -> C:\ProgramData\Allmyapps\apps\18327\Core Temp.exe (No File)
    Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\speedfan.exe - Shortcut.lnk [2015-02-13]
    ShortcutTarget: speedfan.exe - Shortcut.lnk -> C:\Program Files (x86)\SpeedFan\speedfan.exe (Almico Software (www.almico.com))
    GroupPolicyScripts: Restriction <======= ATTENTION

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Internet Explorer:
    ==================
    HKU\S-1-5-21-2273160904-4274275969-784373220-500\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/es-es/?ocid=iehp
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2012-10-01] (Microsoft Corporation)
    BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20] (IvoSoft)
    BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation)
    BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll [2014-04-20] (IvoSoft)
    BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23] (Adobe Systems Incorporated)
    BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\OCHelper.dll [2015-06-09] (Microsoft Corporation)
    BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-04-20] (IvoSoft)
    BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\ssv.dll [2015-09-16] (Oracle Corporation)
    BHO-x32: Adobe Acrobat Create PDF Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2012-09-23] (Adobe Systems Incorporated)
    BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\GROOVEEX.DLL [2015-06-16] (Microsoft Corporation)
    BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-09-16] (Oracle Corporation)
    BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [2014-04-20] (IvoSoft)
    BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2012-09-23] (Adobe Systems Incorporated)
    Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20] (IvoSoft)
    Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2012-09-23] (Adobe Systems Incorporated)
    Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-04-11] (Microsoft Corporation)
    Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\MSOSB.DLL [2015-04-11] (Microsoft Corporation)

    FireFox:
    ========
    FF ProfilePath: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ulpdv8g8.default
    FF NewTab: www.google.co.uk
    FF DefaultSearchEngine: Google UK
    FF SelectedSearchEngine: Google UK
    FF Homepage: www.google.co.uk
    FF NetworkProxy: "ftp", "180.183.105.55"
    FF NetworkProxy: "ftp_port", 3128
    FF NetworkProxy: "socks", "180.183.105.55"
    FF NetworkProxy: "socks_port", 3128
    FF NetworkProxy: "ssl", "180.183.105.55"
    FF NetworkProxy: "ssl_port", 3128
    FF NetworkProxy: "type", 0
    FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40620.0\npctrl.dll [2015-06-20] ( Microsoft Corporation)
    FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-04-11] (Microsoft Corporation)
    FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2013-03-21] (Adobe Systems)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_209.dll [2015-07-15] ()
    FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
    FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll [2014-11-21] (DivX, LLC)
    FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
    FF Plugin-x32: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-09-16] (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-09-16] (Oracle Corporation)
    FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2012-10-01] (Microsoft Corporation)
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40620.0\npctrl.dll [2015-06-19] ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\NPSPWRAP.DLL [2015-04-11] (Microsoft Corporation)
    FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-07-06] (NVIDIA Corporation)
    FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-07-06] (NVIDIA Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-16] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-16] (Google Inc.)
    FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
    FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
    FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2012-09-23] (Adobe Systems Inc.)
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-07-03] (Adobe Systems Inc.)
    FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2013-03-21] (Adobe Systems)
    FF Plugin HKU\S-1-5-21-2273160904-4274275969-784373220-500: SkypePlugin -> C:\Users\Administrator\AppData\Local\SkypePlugin\7.5.0.123\npGatewayNpapi.dll [2015-07-17] (Skype Technologies S.A.)
    FF Plugin HKU\S-1-5-21-2273160904-4274275969-784373220-500: SkypePlugin64 -> C:\Users\Administrator\AppData\Local\SkypePlugin\7.5.0.123\npGatewayNpapi-x64.dll [2015-07-17] (Skype Technologies S.A.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2012-10-01] (Microsoft Corporation)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2012-09-23] (Adobe Systems Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2015-02-08] (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2015-02-08] (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2015-02-08] (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2015-02-08] (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2015-02-08] (Apple Inc.)
    FF SearchPlugin: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ulpdv8g8.default\searchplugins\google-maps-uk.xml [2015-09-11]
    FF Extension: Xmarks - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ulpdv8g8.default\Extensions\foxmarks@kei.com [2015-05-15]
    FF Extension: Print pages to PDF - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ulpdv8g8.default\Extensions\printPages2Pdf@reinhold.ripper [2015-05-31]
    FF Extension: EPUBReader - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ulpdv8g8.default\Extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F} [2015-05-31]
    FF Extension: System.Security.Cryptography.CryptographicException - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ulpdv8g8.default\Extensions\{7F7A4577-8FC3-141E-DD31-1321B4A6F2FC} [2015-06-25]
    FF Extension: Flash and Video Download - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ulpdv8g8.default\Extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a} [2015-09-21]
    FF Extension: Default Full Zoom Level - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ulpdv8g8.default\Extensions\{D9A7CBEC-DE1A-444f-A092-844461596C4D} [2015-05-29]
    FF Extension: YouTube Flash Video Player - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ulpdv8g8.default\Extensions\{f3bd3dd2-2888-44c5-91a2-2caeb33fb898} [2015-09-05]
    FF Extension: Roomy Bookmarks Toolbar - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ulpdv8g8.default\Extensions\ALone-live@ya.ru.xpi [2015-02-08]
    FF Extension: Add to Amazon Wish List Button - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ulpdv8g8.default\Extensions\amznUWL2@amazon.com.xpi [2015-02-08]
    FF Extension: DownThemAll! AntiContainer - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ulpdv8g8.default\Extensions\anticontainer@downthemall.net.xpi [2015-02-08]
    FF Extension: Bookmark Favicon Changer - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ulpdv8g8.default\Extensions\bookmarkfaviconchanger@sonthakit.xpi [2015-02-08]
    FF Extension: Color Transform - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ulpdv8g8.default\Extensions\colortransform@pjs.nl.xpi [2015-02-08]
    FF Extension: Colour That Site! - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ulpdv8g8.default\Extensions\ColourThatSite@einspeiser.de.xpi [2015-04-07]
    FF Extension: Media Hint - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ulpdv8g8.default\Extensions\firefox@mediahint.com.xpi [2015-03-21]
    FF Extension: Email This! Bookmarklet Extension - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ulpdv8g8.default\Extensions\gmailthis@lazyrussian.com.xpi [2015-06-04]
    FF Extension: savetexttofile - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ulpdv8g8.default\Extensions\HighlightedTextToFile@bobbyrne01.org.xpi [2015-02-08]
    FF Extension: YouTube mp3 - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ulpdv8g8.default\Extensions\info@youtube-mp3.org.xpi [2015-05-14]
    FF Extension: One Click Proxy - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ulpdv8g8.default\Extensions\jid0-zXo3XFGyiDalgkeEO4UYJTUwo2I@jetpack.xpi [2015-05-12]
    FF Extension: Lazarus: Form Recovery - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ulpdv8g8.default\Extensions\lazarus@interclue.com.xpi [2015-02-13]
    FF Extension: Live Edit - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ulpdv8g8.default\Extensions\lonely@hamzeen.xpi [2015-05-12]
    FF Extension: MD5 Reborned Hasher - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ulpdv8g8.default\Extensions\md5rehasher@phoneixs.es.xpi [2015-05-12]
    FF Extension: Multifox - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ulpdv8g8.default\Extensions\multifox@hultmann.xpi [2015-02-08]
    FF Extension: Multiple Tab Handler - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ulpdv8g8.default\Extensions\multipletab@piro.sakura.ne.jp.xpi [2015-05-09]
    FF Extension: NoSquint - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ulpdv8g8.default\Extensions\nosquint@urandom.ca.xpi [2015-02-08]
    FF Extension: Print Edit - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ulpdv8g8.default\Extensions\printedit@DW-dev.xpi [2015-02-08]
    FF Extension: MetisMe - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ulpdv8g8.default\Extensions\product@metisme.com.xpi [2015-02-08]
    FF Extension: Restart - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ulpdv8g8.default\Extensions\Restart@schuzak.jp.xpi [2015-02-13]
    FF Extension: Roomy Bookmarks Toolbar - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ulpdv8g8.default\Extensions\roomy_bookmarks_toolbar-1.4.4-sm.xpi [2015-02-08]
    FF Extension: Screen Draw - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ulpdv8g8.default\Extensions\screendraw@grizzlyape.com.xpi [2015-05-12]
    FF Extension: Auto-Sort Bookmarks - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ulpdv8g8.default\Extensions\sortbookmarks@bouanto.xpi [2015-02-08]
    FF Extension: Status-4-Evar - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ulpdv8g8.default\Extensions\status4evar@caligonstudios.com.xpi [2015-02-08]
    FF Extension: StopTube - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ulpdv8g8.default\Extensions\stoptube@kashiif.com.xpi [2015-02-08]
    FF Extension: Google Translator for Firefox - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ulpdv8g8.default\Extensions\translator@zoli.bod.xpi [2015-02-08]
    FF Extension: Resurrect Pages - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ulpdv8g8.default\Extensions\{0c8fbd76-bdeb-4c52-9b24-d587ce7b9dc3}.xpi [2015-02-08]
    FF Extension: Session Manager - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ulpdv8g8.default\Extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi [2015-02-08]
    FF Extension: FlashGot - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ulpdv8g8.default\Extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi [2015-06-29]
    FF Extension: Print/Print Preview - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ulpdv8g8.default\Extensions\{19EB90DC-A456-458b-8AAC-616D91AAFCE1}.xpi [2015-02-08]
    FF Extension: uBlock - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ulpdv8g8.default\Extensions\{2b10c1c8-a11f-4bad-fe9c-1c11e82cac42}.xpi [2015-06-18]
    FF Extension: CacheViewer Continued - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ulpdv8g8.default\Extensions\{30E08C68-889E-11E0-95EF-DA7E4824019B}.xpi [2015-02-08]
    FF Extension: PDF Download - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ulpdv8g8.default\Extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}.xpi [2015-02-08]
    FF Extension: Download Videos From YouTube - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ulpdv8g8.default\Extensions\{3ED8ADFD-E755-4aea-986B-A3828315DB53}.xpi [2015-06-22]
    FF Extension: Text Link - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ulpdv8g8.default\Extensions\{54BB9F3F-07E5-486c-9B39-C7398B99391C}.xpi [2015-02-08]
    FF Extension: Mozilla Archive Format - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ulpdv8g8.default\Extensions\{7f57cf46-4467-4c2d-adfa-0cba7c507e54}.xpi [2015-02-08]
    FF Extension: Search by Image for Google - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ulpdv8g8.default\Extensions\{ab4b5718-3998-4a2c-91ae-18a7c2db513e}.xpi [2015-02-08]
    FF Extension: Password Exporter - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ulpdv8g8.default\Extensions\{B17C1C5A-04B1-11DB-9804-B622A1EF5492}.xpi [2015-02-08]
    FF Extension: Download YouTube Videos as MP4 - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ulpdv8g8.default\Extensions\{b9bfaf1c-a63f-47cd-8b9a-29526ced9060}.xpi [2015-06-22]
    FF Extension: DownThemAll! - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ulpdv8g8.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2015-02-08]
    FF Extension: Internote - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ulpdv8g8.default\Extensions\{e3631030-7c02-11da-a72b-0800200c9a66}.xpi [2015-02-08]
    FF Extension: Greasemonkey - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ulpdv8g8.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2015-02-08]
    FF Extension: QuickJava - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ulpdv8g8.default\Extensions\{E6C1199F-E687-42da-8C24-E7770CC3AE66}.xpi [2015-02-08]
    FF Extension: UnMHT - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ulpdv8g8.default\Extensions\{f759ca51-3a91-4dd1-ae78-9db5eee9ebf0}.xpi [2015-07-08]
    FF Extension: YouTube Flash Video Player - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\mrfu2j53.Redirect test profile\Extensions\{f3bd3dd2-2888-44c5-91a2-2caeb33fb898} [2015-09-27]
    FF Extension: No Name - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\mrfu2j53.Redirect test profile\Extensions\colortransform@pjs.nl.xpi [2015-09-27]
    FF Extension: No Name - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\mrfu2j53.Redirect test profile\Extensions\ColourThatSite@einspeiser.de.xpi [2015-09-27]
    FF Extension: No Name - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\mrfu2j53.Redirect test profile\Extensions\HighlightedTextToFile@bobbyrne01.org.xpi [2015-09-27]
    FF Extension: No Name - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\mrfu2j53.Redirect test profile\Extensions\info@youtube-mp3.org.xpi [2015-09-27]
    FF Extension: No Name - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\mrfu2j53.Redirect test profile\Extensions\jid0-zXo3XFGyiDalgkeEO4UYJTUwo2I@jetpack.xpi [2015-09-27]
    FF Extension: No Name - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\mrfu2j53.Redirect test profile\Extensions\multifox@hultmann.xpi [2015-09-27]
    FF Extension: No Name - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\mrfu2j53.Redirect test profile\Extensions\sortbookmarks@bouanto.xpi [2015-09-27]
    FF Extension: StopTube - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\mrfu2j53.Redirect test profile\Extensions\stoptube@kashiif.com.xpi [2015-09-27]
    FF Extension: No Name - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\mrfu2j53.Redirect test profile\Extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi [2015-09-27]
    FF Extension: No Name - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\mrfu2j53.Redirect test profile\Extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi [2015-09-27]
    FF Extension: No Name - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\mrfu2j53.Redirect test profile\Extensions\{2b10c1c8-a11f-4bad-fe9c-1c11e82cac42}.xpi [2015-09-27]
    FF Extension: No Name - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\mrfu2j53.Redirect test profile\Extensions\{ab4b5718-3998-4a2c-91ae-18a7c2db513e}.xpi [2015-09-27]
    FF Extension: No Name - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\mrfu2j53.Redirect test profile\Extensions\{B17C1C5A-04B1-11DB-9804-B622A1EF5492}.xpi [2015-09-27]
    FF Extension: No Name - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\mrfu2j53.Redirect test profile\Extensions\{b9bfaf1c-a63f-47cd-8b9a-29526ced9060}.xpi [2015-09-27]
    FF Extension: No Name - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\mrfu2j53.Redirect test profile\Extensions\{E6C1199F-E687-42da-8C24-E7770CC3AE66}.xpi [2015-09-27]
    FF Extension: No Name - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\mrfu2j53.Redirect test profile\Extensions\{f759ca51-3a91-4dd1-ae78-9db5eee9ebf0}.xpi [2015-09-27]
    FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
    FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2015-09-26]

    Chrome:
    =======
    CHR Profile: C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Google Slides) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-09-07]
    CHR Extension: (Media Hint) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\akipcefbjlmpbcejgdaopmmidpnjlhnb [2015-09-07]
    CHR Extension: (Google Docs) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-09-07]
    CHR Extension: (Google Drive) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-09-07]
    CHR Extension: (YouTube) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-07]
    CHR Extension: (uBlock Origin) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2015-09-20]
    CHR Extension: (Google Search) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-09-07]
    CHR Extension: (Adobe Acrobat - Create PDF) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2015-09-07]
    CHR Extension: (Google Sheets) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-09-07]
    CHR Extension: (Google Docs Offline) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-07]
    CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-09-07]
    CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2015-09-07]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-09-07]
    CHR Extension: (Gmail) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-09-07]
    CHR HKU\S-1-5-21-2273160904-4274275969-784373220-500\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2012-09-23]

    ==================== Services (Whitelisted) ========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2255064 2015-02-18] (Broadcom Corporation.)
    S3 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2753720 2015-07-26] (Microsoft Corporation)
    R2 CmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [5542472 2015-09-25] (COMODO)
    S3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2265792 2015-08-05] (COMODO)
    R2 CPMService; C:\Program Files\COMODO\COMODO Programs Manager\CPMService.exe [116032 2011-09-05] ()
    R2 Crypkey License; C:\Windows\SYSTEM32\crypserv.exe [122880 2015-02-20] (CrypKey (Canada) Ltd.) [File not signed]
    S3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1272592 2015-03-02] (Disc Soft Ltd)
    S3 DroidExplorerService; C:\Program Files\Droid Explorer\DroidExplorer.Service.exe [255488 2015-03-09] (Ryan Conrad) [File not signed]
    R2 EaseUS Agent; C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe [37384 2015-02-26] (CHENGDU YIWO Tech Development Co., Ltd)
    S3 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148560 2015-07-06] (NVIDIA Corporation)
    R2 lxbk_device; C:\WINDOWS\system32\lxbkcoms.exe [565928 2015-09-23] ( )
    R2 lxbk_device; C:\WINDOWS\SysWOW64\lxbkcoms.exe [537256 2015-09-23] ( )
    S4 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-09-01] (Malwarebytes Corporation)
    S3 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1706128 2015-07-06] (NVIDIA Corporation)
    S3 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21833360 2015-07-06] (NVIDIA Corporation)
    S3 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2014-10-13] (DEVGURU Co., LTD.)
    S3 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5429520 2015-02-08] (TeamViewer GmbH)
    S3 TechSmith Uploader Service; C:\Program Files (x86)\Common Files\TechSmith Shared\Uploader\UploaderService.exe [3408384 2015-03-31] (TechSmith Corporation) [File not signed]
    S4 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe [2103096 2015-09-26] (TuneUp Software)
    S4 TunnelBearMaintenance; C:\Program Files (x86)\TunnelBear\TBear.Maintenance.exe [34752 2015-04-25] ()
    S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2015-01-16] (Microsoft Corporation)
    S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-01-16] (Microsoft Corporation)

    ===================== Drivers (Whitelisted) ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R3 Apowersoft_AudioDevice; C:\Windows\system32\drivers\Apowersoft_AudioDevice.sys [31920 2015-02-08] (Wondershare)
    R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [170712 2015-02-18] (Broadcom Corporation.)
    R3 BthA2DP; C:\Windows\system32\drivers\BthA2DP.sys [131328 2014-11-21] (Microsoft Corporation)
    S3 bthav; C:\Windows\system32\drivers\bthav.sys [40448 2015-02-15] (CSR, plc)
    R3 BthHFAud; C:\Windows\system32\DRIVERS\BthHfAud.sys [32768 2014-11-21] (Microsoft Corporation)
    R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [21720 2015-08-05] (COMODO)
    R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [827632 2015-08-05] (COMODO)
    R1 cmdhlp; C:\Windows\system32\DRIVERS\cmdhlp.sys [35056 2015-08-05] (COMODO)
    S3 csrusbfilter; C:\Windows\System32\Drivers\csrusbfilter.sys [23752 2015-02-18] (Cambridge Silicon Radio Limited)
    R0 cumon; C:\Windows\System32\drivers\cumon.sys [205512 2011-09-05] (Windows (R) Win 7 DDK provider)
    R3 dtlitescsibus; C:\Windows\System32\drivers\dtlitescsibus.sys [30352 2015-03-02] (Disc Soft Ltd)
    S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
    S3 eksmidi; C:\Windows\system32\drivers\eksmidi.sys [101472 2015-02-09] (EKS)
    R1 ElRawDisk; C:\Windows\system32\drivers\rsdrvx64.sys [26024 2015-02-08] (EldoS Corporation)
    S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [18528 2014-11-18] ()
    S3 epmntdrv; C:\Windows\SysWOW64\epmntdrv.sys [14944 2015-02-17] ()
    R0 EUBKMON; C:\Windows\System32\drivers\EUBKMON.sys [48136 2015-02-26] ()
    S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [10848 2014-11-18] ()
    S3 EuGdiDrv; C:\Windows\SysWOW64\EuGdiDrv.sys [10208 2015-02-17] ()
    R0 Evdd; C:\Windows\System32\drivers\evdd.sys [19568 2011-09-05] ()
    R1 inspect; C:\Windows\system32\DRIVERS\inspect.sys [127232 2015-08-05] (COMODO)
    S3 MADFUPROKEYSSONO; C:\Windows\System32\drivers\MAudioProKeysSono_DFU.sys [46088 2015-02-15] (M-Audio)
    S3 MAUSBPROKEYSSONO; C:\Windows\system32\DRIVERS\MAudioProKeysSono.sys [187912 2015-02-15] (Avid Technology, Inc.)
    S3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-09-01] (Malwarebytes Corporation)
    S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-09-01] (Malwarebytes Corporation)
    R1 NetworkX; C:\Windows\system32\ckldrv.sys [28664 2015-02-20] ()
    S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-01-16] (NVIDIA Corporation)
    R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38032 2015-02-15] (NVIDIA Corporation)
    S3 OSFMount; C:\Program Files\OSFMount\OSFMount.sys [1299384 2015-02-08] (PassMark Software)
    R0 phylock; C:\Windows\System32\drivers\phylock.sys [34864 2015-07-26] (TeraByte, Inc.)
    R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-06-22] (Corel Corporation)
    S3 rspLLL; C:\Windows\System32\DRIVERS\rspLLL64.sys [25504 2015-02-18] (Resplendence Software Projects Sp.)
    R3 tap-tb-0901; C:\Windows\system32\DRIVERS\tap-tb-0901.sys [38656 2015-02-22] (The OpenVPN Project)
    R0 tib; C:\Windows\System32\DRIVERS\tib.sys [1120032 2015-02-08] (Acronis International GmbH)
    S0 tib_mounter; C:\Windows\System32\DRIVERS\tib_mounter.sys [183224 2015-02-08] (Acronis)
    S3 TosRfSnd; C:\Windows\system32\drivers\tosrfsnd.sys [63488 2015-02-13] (TOSHIBA Corporation) [File not signed]
    S3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys [14112 2013-12-16] (TuneUp Software)
    S3 VBoxUSB; C:\Windows\System32\Drivers\VBoxUSB.sys [115208 2015-05-23] (Oracle Corporation)
    R0 vidsflt; C:\Windows\System32\DRIVERS\vidsflt.sys [130848 2015-02-08] (Acronis International GmbH)
    S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [35320 2015-01-16] (Microsoft Corporation)
    R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [258368 2015-01-16] (Microsoft Corporation)
    S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-01-16] (Microsoft Corporation)
     
  17. Califauna

    Califauna TS Rookie Topic Starter Posts: 20

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2015-09-27 03:30 - 2015-09-27 03:30 - 02192384 _____ (Farbar) C:\Users\Administrator\Downloads\FRST64.exe
    2015-09-26 20:17 - 2015-09-26 20:17 - 00002469 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat XI Pro.lnk
    2015-09-26 20:17 - 2015-09-26 20:17 - 00002080 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller XI.lnk
    2015-09-26 20:08 - 2015-09-26 20:09 - 00000747 _____ C:\WINDOWS\KB893803v2.log
    2015-09-26 16:44 - 2015-09-26 16:44 - 00002900 _____ C:\Users\Administrator\Desktop\JRT.txt
    2015-09-26 15:27 - 2015-09-26 15:27 - 00003292 _____ C:\WINDOWS\System32\Tasks\Restart Snagit
    2015-09-26 15:22 - 2015-09-26 15:22 - 00003820 _____ C:\WINDOWS\System32\Tasks\TechSmith Updater
    2015-09-26 15:19 - 2015-09-26 15:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TechSmith
    2015-09-26 15:03 - 2015-09-26 15:03 - 00001389 _____ C:\Users\Administrator\Desktop\AdwCleaner[C3].txt
    2015-09-26 13:28 - 2015-09-26 13:28 - 00002736 _____ C:\WINDOWS\system32\Drivers\fvstore.dat
    2015-09-26 13:23 - 2015-09-26 13:23 - 00000000 ____D C:\Users\Administrator\Downloads\ytd-video-downloader-4-7-2-es-en-br-fr-de-it-ar-ru-nl-pl-gr-tr-win
    2015-09-26 13:22 - 2015-09-26 13:22 - 11616432 _____ C:\Users\Administrator\Downloads\ytd-video-downloader-4-7-2-es-en-br-fr-de-it-ar-ru-nl-pl-gr-tr-win.exe
    2015-09-26 13:20 - 2015-09-26 13:20 - 00000000 ____D C:\Users\Administrator\Downloads\YTDSetup
    2015-09-26 13:17 - 2015-09-26 13:17 - 00113560 _____ (GreenTree Applications SRL) C:\Users\Administrator\Downloads\YTDSetup(1).exe
    2015-09-26 13:16 - 2015-09-26 13:16 - 00113560 _____ (GreenTree Applications SRL) C:\Users\Administrator\Downloads\YTDSetup.exe
    2015-09-26 12:39 - 2015-09-26 12:39 - 00001516 _____ C:\Users\Administrator\Desktop\MWB Scan.txt
    2015-09-26 03:16 - 2015-09-26 03:16 - 00002918 _____ C:\Users\Administrator\Desktop\Rogue killer report rk_42D6.tmp.txt
    2015-09-26 02:09 - 2015-09-26 02:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
    2015-09-26 02:06 - 2015-09-26 02:07 - 24702920 _____ (Adlice Software ) C:\Users\Administrator\Downloads\setup(1).exe
    2015-09-26 01:10 - 2015-09-26 01:10 - 00002218 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2014.lnk
    2015-09-26 01:10 - 2013-12-18 10:01 - 00040760 _____ (TuneUp Software) C:\WINDOWS\system32\TURegOpt.exe
    2015-09-26 01:10 - 2013-12-18 10:01 - 00029496 _____ (TuneUp Software) C:\WINDOWS\system32\authuitu.dll
    2015-09-26 01:10 - 2013-12-18 10:01 - 00025400 _____ (TuneUp Software) C:\WINDOWS\SysWOW64\authuitu.dll
    2015-09-26 01:09 - 2015-09-26 01:45 - 00000000 ____D C:\Program Files (x86)\TuneUp Utilities 2014
    2015-09-26 00:57 - 2015-09-26 00:57 - 18801736 _____ C:\Users\Administrator\Downloads\RogueKiller(1).exe
    2015-09-26 00:56 - 2015-09-26 00:57 - 21700168 _____ C:\Users\Administrator\Downloads\RogueKillerX64.exe
    2015-09-25 21:23 - 2015-09-25 21:24 - 00000000 ____D C:\Users\Administrator\Downloads\12337 WS
    2015-09-25 21:06 - 2015-09-25 21:31 - 00000000 ____D C:\Users\Administrator\Downloads\12337 Go
    2015-09-25 19:32 - 2015-09-25 21:31 - 00000000 ____D C:\Users\Administrator\Downloads\12337 Adv
    2015-09-25 18:47 - 2015-09-25 18:47 - 00311432 _____ C:\Users\Administrator\Downloads\JDownloader2Setup(2).exe
    2015-09-25 18:46 - 2015-09-25 18:46 - 00351304 _____ C:\Users\Administrator\Downloads\JDownloader2Setup(1).exe
    2015-09-25 18:42 - 2015-09-25 18:42 - 00342184 _____ C:\Users\Administrator\Downloads\JDownloader2Setup.exe
    2015-09-25 18:35 - 2015-09-25 18:39 - 209715200 _____ C:\Users\Administrator\Downloads\12337_Adv.part2.rar
    2015-09-25 18:30 - 2015-09-25 18:35 - 209715200 _____ C:\Users\Administrator\Downloads\12337_Adv.part1.rar
    2015-09-24 14:10 - 2015-09-24 14:10 - 00042094 _____ C:\Users\Administrator\Downloads\net.pikanji.recentlyaddedcontacts-0.apk
    2015-09-23 04:56 - 2015-09-23 05:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lexmark X1100 Series
    2015-09-23 04:56 - 2015-09-23 04:56 - 00537256 _____ ( ) C:\WINDOWS\SysWOW64\lxbkcoms.exe
    2015-09-23 04:56 - 2015-09-23 04:56 - 00385704 _____ ( ) C:\WINDOWS\SysWOW64\lxbkih.exe
    2015-09-23 04:56 - 2015-09-23 04:56 - 00381608 _____ ( ) C:\WINDOWS\SysWOW64\lxbkcfg.exe
    2015-09-23 04:56 - 2015-09-23 04:56 - 00180904 _____ ( ) C:\WINDOWS\SysWOW64\lxbkppls.exe
    2015-09-23 04:56 - 2015-09-23 04:56 - 00000000 ____D C:\Program Files\Lexmark X1100 Series
    2015-09-23 04:56 - 2015-09-23 04:56 - 00000000 ____D C:\Program Files (x86)\Lexmark X1100 Series
    2015-09-23 04:56 - 2008-02-19 09:04 - 00001525 _____ C:\WINDOWS\SysWOW64\lxbk.loc
    2015-09-23 04:56 - 2006-11-30 16:02 - 00072192 _____ (Lexmark International, Inc.) C:\WINDOWS\system32\lxbkinsr.dll
    2015-09-23 04:56 - 2006-11-30 15:47 - 00177664 _____ (Lexmark International, Inc.) C:\WINDOWS\system32\lxbkins.dll
    2015-09-23 04:56 - 2006-11-30 15:47 - 00135168 _____ (Lexmark International Inc.) C:\WINDOWS\system32\lxbkinsb.dll
    2015-09-23 04:56 - 2006-11-30 13:42 - 00458752 _____ (Lexmark International Inc.) C:\WINDOWS\SysWOW64\lxbkjswr.dll
    2015-09-23 04:56 - 2006-11-30 13:42 - 00094208 _____ (Lexmark International Inc.) C:\WINDOWS\SysWOW64\lxbkcur.dll
    2015-09-23 04:56 - 2006-11-30 13:42 - 00086016 _____ (Lexmark International, Inc.) C:\WINDOWS\SysWOW64\lxbkinsr.dll
    2015-09-23 04:56 - 2006-11-30 13:35 - 00155648 _____ (Lexmark International Inc.) C:\WINDOWS\SysWOW64\lxbkinsb.dll
    2015-09-23 04:56 - 2006-11-30 13:35 - 00131072 _____ (Lexmark International, Inc.) C:\WINDOWS\SysWOW64\lxbkins.dll
    2015-09-23 04:56 - 2006-11-30 13:34 - 00413696 _____ C:\WINDOWS\SysWOW64\lxbkutil.dll
    2015-09-23 04:56 - 2006-11-30 13:34 - 00073728 _____ (Lexmark International Inc.) C:\WINDOWS\SysWOW64\lxbkcu.dll
    2015-09-23 04:56 - 2006-11-09 20:28 - 00073728 _____ (Lexmark International) C:\WINDOWS\SysWOW64\LXBKcfg.dll
    2015-09-23 04:56 - 2006-11-06 17:32 - 00194048 _____ C:\WINDOWS\system32\LXBKinst.dll
    2015-09-23 04:56 - 2006-11-06 17:05 - 00305152 _____ ( ) C:\WINDOWS\system32\LXBKhcp.dll
    2015-09-23 04:56 - 2006-11-06 16:37 - 00643072 _____ ( ) C:\WINDOWS\SysWOW64\lxbkpmui.dll
    2015-09-23 04:56 - 2006-11-06 16:35 - 01224704 _____ ( ) C:\WINDOWS\SysWOW64\lxbkserv.dll
    2015-09-23 04:56 - 2006-11-06 16:28 - 00421888 _____ ( ) C:\WINDOWS\SysWOW64\lxbkcomm.dll
    2015-09-23 04:56 - 2006-11-06 16:26 - 00585728 _____ ( ) C:\WINDOWS\SysWOW64\lxbklmpm.dll
    2015-09-23 04:56 - 2006-11-06 16:25 - 00274432 _____ C:\WINDOWS\SysWOW64\LXBKinst.dll
    2015-09-23 04:56 - 2006-11-06 16:24 - 00397312 _____ ( ) C:\WINDOWS\SysWOW64\lxbkiesc.dll
    2015-09-23 04:56 - 2006-11-06 16:21 - 00094208 _____ ( ) C:\WINDOWS\SysWOW64\lxbkpplc.dll
    2015-09-23 04:56 - 2006-11-06 16:20 - 00684032 _____ ( ) C:\WINDOWS\SysWOW64\lxbkcomc.dll
    2015-09-23 04:56 - 2006-11-06 16:20 - 00163840 _____ ( ) C:\WINDOWS\SysWOW64\lxbkprox.dll
    2015-09-23 04:56 - 2006-11-06 16:12 - 00413696 _____ ( ) C:\WINDOWS\SysWOW64\lxbkinpa.dll
    2015-09-23 04:56 - 2006-11-06 16:11 - 00991232 _____ ( ) C:\WINDOWS\SysWOW64\lxbkusb1.dll
    2015-09-23 04:56 - 2006-11-06 16:07 - 00696320 _____ ( ) C:\WINDOWS\SysWOW64\lxbkhbn3.dll
    2015-09-23 04:56 - 2006-09-18 11:23 - 00983101 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\lxbkgf.dll
    2015-09-23 04:07 - 2015-09-23 04:48 - 00003190 _____ C:\lxbk.log
    2015-09-23 03:57 - 2015-09-23 03:59 - 1712016608 _____ C:\Users\Administrator\Downloads\Cometrep2015.tiff
    2015-09-23 03:41 - 2015-09-23 03:41 - 38808920 _____ (Microsoft Corporation) C:\Users\Administrator\Downloads\FileFormatConverters.exe
    2015-09-22 23:54 - 2015-09-22 23:54 - 01800512 _____ (Malwarebytes) C:\Users\Administrator\Downloads\JRT(1).exe
    2015-09-22 23:54 - 2015-09-22 23:54 - 01662976 _____ C:\Users\Administrator\Downloads\adwcleaner_5.008.exe
    2015-09-19 01:16 - 2015-09-19 01:18 - 00000000 ____D C:\WINDOWS\LastGood.Tmp
    2015-09-16 22:05 - 2015-09-16 22:05 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Sun
    2015-09-16 22:05 - 2015-09-16 22:05 - 00000000 ____D C:\Users\Administrator\.oracle_jre_usage
    2015-09-16 22:02 - 2015-09-16 22:02 - 00584288 _____ (Oracle Corporation) C:\Users\Administrator\Downloads\jxpiinstall.exe
    2015-09-07 04:11 - 2015-09-07 04:11 - 00929360 _____ (Google Inc.) C:\Users\Administrator\Downloads\ChromeSetup(1).exe
    2015-09-06 00:47 - 2015-09-06 00:47 - 00000000 ____D C:\WINDOWS\Minidump
    2015-09-02 21:32 - 2015-09-02 21:32 - 00000000 ____D C:\WINDOWS\System32\Tasks\COMODO
    2015-09-02 21:32 - 2015-09-02 21:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\COMODO
    2015-09-02 21:31 - 2015-09-27 03:31 - 01474832 _____ C:\WINDOWS\system32\Drivers\sfi.dat
    2015-09-02 21:27 - 2015-09-02 21:32 - 00000000 ____D C:\ProgramData\Comodo
    2015-09-02 20:46 - 2015-09-02 20:49 - 226558984 _____ (COMODO) C:\Users\Administrator\Downloads\cispremium_installer.exe
    2015-09-02 19:21 - 2015-09-27 01:47 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
    2015-09-02 00:44 - 2015-09-02 00:44 - 01654272 _____ C:\Users\Administrator\Downloads\adwcleaner_5.005.exe
    2015-09-01 23:01 - 2015-09-01 23:01 - 01057320 _____ C:\Users\Administrator\Desktop\Sept 2015 Complete Config Working.cfgx
    2015-09-01 20:28 - 2015-08-05 02:32 - 00007471 _____ C:\WINDOWS\system32\Drivers\inspect.cat
    2015-09-01 20:09 - 2015-09-01 20:09 - 00003028 _____ C:\WINDOWS\System32\Tasks\{31DDBD37-5DB7-4030-8064-10B0CAA806C3}
    2015-09-01 18:18 - 2015-09-01 18:44 - 00127955 _____ C:\zoek-results.log
    2015-09-01 17:55 - 2015-09-01 17:55 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\AVAST Software
    2015-09-01 17:52 - 2015-09-26 02:09 - 00037624 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
    2015-09-01 17:52 - 2015-09-01 19:17 - 00000000 ____D C:\ProgramData\RogueKiller
    2015-09-01 17:51 - 2015-09-26 02:09 - 00000000 ____D C:\Program Files\RogueKiller
    2015-09-01 17:51 - 2015-09-01 17:51 - 03824464 _____ (AVAST Software) C:\Users\Administrator\Downloads\avast-browser-cleanup-sfx.exe
    2015-09-01 17:50 - 2015-09-01 17:51 - 24659208 _____ (Adlice Software ) C:\Users\Administrator\Downloads\setup.exe
    2015-09-01 17:50 - 2015-09-01 17:50 - 00000000 ____D C:\zoek_backup
    2015-09-01 16:05 - 2015-09-01 16:05 - 00000000 ____D C:\Program Files (x86)\JMicron
    2015-09-01 16:04 - 2015-09-01 16:04 - 00000000 ____D C:\WINDOWS\SysWOW64\SDA
    2015-09-01 15:49 - 2015-09-01 15:49 - 00203352 _____ (JMicron Technology Corporation) C:\WINDOWS\SysWOW64\jmcricon.dll
    2015-09-01 15:49 - 2015-09-01 15:49 - 00203352 _____ (JMicron Technology Corporation) C:\WINDOWS\system32\jmcricon.dll
    2015-09-01 15:49 - 2015-09-01 15:49 - 00174168 _____ (JMicron Technology Corporation) C:\WINDOWS\system32\Drivers\jmcr.sys
    2015-09-01 15:47 - 2015-09-01 15:48 - 01061384 _____ (Lenovo Group Limited ) C:\Users\Administrator\Downloads\6jx107ww.exe
    2015-09-01 15:46 - 2015-09-01 15:46 - 00826369 _____ C:\Users\Administrator\Downloads\jmb38x_windrv_r1.00.24_whql.zip
    2015-09-01 06:17 - 2015-09-01 06:17 - 00000000 ____D C:\WINDOWS\pss
    2015-09-01 05:31 - 2015-09-01 05:32 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\Administrator\Downloads\mbam-setup-2.1.8.1057 (1).exe
    2015-09-01 05:31 - 2015-09-01 05:31 - 29593968 _____ (Sony Mobile Communications ) C:\Users\Administrator\Downloads\SonyPCCompanion_Web.exe
    2015-09-01 05:29 - 2015-09-01 05:29 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\Administrator\Downloads\mbam-setup-2.1.8.1057.exe
    2015-08-31 18:26 - 2015-08-31 18:26 - 51076312 _____ (Microsoft Corporation) C:\Users\Administrator\Downloads\Windows-KB890830-x64-V5.27.exe
    2015-08-31 17:37 - 2015-08-31 16:55 - 00000000 ___DC C:\WINDOWS\Panther
    2015-08-31 17:35 - 2015-08-31 17:35 - 00262144 _____ C:\WINDOWS\system32\config\userdiff
    2015-08-31 17:32 - 2015-08-31 17:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hyper-V Management Tools
    2015-08-31 17:32 - 2015-08-31 17:32 - 00000000 ____D C:\Program Files\Reference Assemblies
    2015-08-31 17:32 - 2015-08-31 17:32 - 00000000 ____D C:\Program Files\MSBuild
    2015-08-31 17:32 - 2015-08-31 17:32 - 00000000 ____D C:\Program Files\Hyper-V
    2015-08-31 17:32 - 2015-08-31 17:32 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies
    2015-08-31 17:32 - 2015-08-31 17:32 - 00000000 ____D C:\Program Files (x86)\MSBuild
    2015-08-31 17:31 - 2015-08-31 17:31 - 00024576 _____ (Microsoft Corporation) C:\WINDOWS\system32\sdbinst.exe
    2015-08-31 17:31 - 2015-08-31 17:31 - 00021504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sdbinst.exe
    2015-08-31 17:31 - 2015-08-31 05:58 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
    2015-08-31 17:31 - 2015-08-31 05:57 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
    2015-08-31 17:31 - 2015-02-08 03:38 - 00778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll
    2015-08-31 17:31 - 2015-02-08 03:38 - 00102608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
    2015-08-31 17:31 - 2015-02-08 03:34 - 01166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
    2015-08-31 17:31 - 2015-02-08 03:33 - 00124112 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
    2015-08-31 17:30 - 2015-08-31 17:30 - 00028672 ___SH C:\WINDOWS\system32\config\BCD-Template.LOG
    2015-08-31 16:56 - 2015-08-31 16:56 - 00001453 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
    2015-08-31 16:55 - 2015-08-31 16:55 - 00000020 ___SH C:\Users\Administrator\ntuser.ini
    2015-08-31 16:53 - 2015-08-31 16:53 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_tcwbf_01_09_00.Wdf
    2015-08-31 16:53 - 2015-08-31 16:53 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_WinUSB_01009.Wdf
    2015-08-31 16:53 - 2015-08-31 16:53 - 00000000 ____D C:\Program Files\AuthenTec
    2015-08-31 08:35 - 2015-09-27 00:52 - 01130480 _____ C:\WINDOWS\WindowsUpdate.log
    2015-08-31 08:34 - 2015-08-31 08:34 - 00022744 _____ C:\WINDOWS\system32\emptyregdb.dat
    2015-08-31 08:08 - 2015-08-31 08:08 - 00001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
    2015-08-31 08:08 - 2015-08-31 08:08 - 00000000 ____D C:\Users\Default\AppData\Local\Google
    2015-08-31 08:08 - 2015-08-31 08:08 - 00000000 ____D C:\Users\Default User\AppData\Local\Google
    2015-08-31 07:53 - 2015-08-31 08:10 - 00000000 ____D C:\WINDOWS\system32\config\bbimigrate
    2015-08-31 07:50 - 2015-08-31 08:34 - 00036198 _____ C:\WINDOWS\diagwrn.xml
    2015-08-31 07:50 - 2015-08-31 08:34 - 00036198 _____ C:\WINDOWS\diagerr.xml
    2015-08-31 07:50 - 2015-08-31 08:30 - 00000000 ____D C:\Users\dale
    2015-08-31 07:50 - 2015-01-16 22:48 - 00000000 ___RD C:\Users\dale\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
    2015-08-31 07:50 - 2014-11-21 17:14 - 00000000 ___RD C:\Users\dale\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
    2015-08-31 07:50 - 2014-11-21 17:14 - 00000000 ___RD C:\Users\dale\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
    2015-08-31 07:50 - 2014-11-21 09:48 - 00000369 _____ C:\Users\dale\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
    2015-08-31 07:50 - 2014-11-21 09:48 - 00000369 _____ C:\Users\dale\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
    2015-08-31 07:50 - 2013-08-22 17:36 - 00000000 ____D C:\Users\dale\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
    2015-08-31 07:49 - 2015-09-26 14:59 - 00000000 ____D C:\Users\Administrator
    2015-08-31 07:49 - 2015-01-16 22:48 - 00000000 ___RD C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
    2015-08-31 07:49 - 2014-11-21 17:14 - 00000000 ___RD C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
    2015-08-31 07:49 - 2014-11-21 17:14 - 00000000 ___RD C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
    2015-08-31 07:49 - 2014-11-21 09:48 - 00000369 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
    2015-08-31 07:49 - 2014-11-21 09:48 - 00000369 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
    2015-08-31 07:49 - 2013-08-22 17:36 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
    2015-08-31 07:40 - 2015-09-19 01:18 - 00000000 ____D C:\WINDOWS\SysWOW64\RTCOM
    2015-08-31 07:40 - 2015-08-31 07:40 - 00000000 ____H C:\ProgramData\DP45977C.lfl
    2015-08-31 07:40 - 2015-08-31 07:40 - 00000000 ____D C:\Program Files\Realtek
    2015-08-31 06:12 - 2015-08-31 08:34 - 00006604 _____ C:\WINDOWS\comsetup.log
    2015-08-30 09:57 - 2015-08-30 09:58 - 00087701 _____ C:\Users\Administrator\Downloads\Addition.txt
    2015-08-30 09:54 - 2015-09-27 03:31 - 00040027 _____ C:\Users\Administrator\Downloads\FRST.txt
    2015-08-29 23:46 - 2015-08-29 23:46 - 00407813 _____ C:\Users\Administrator\Downloads\B00TFORUM8.htm
    2015-08-29 23:17 - 2015-09-27 03:31 - 00000000 ____D C:\FRST

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2015-09-27 03:00 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\system32\sru
    2015-09-27 02:43 - 2015-02-08 16:09 - 00000924 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
    2015-09-27 02:17 - 2015-02-08 16:08 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\ClassicShell
    2015-09-27 01:59 - 2015-02-08 14:08 - 00003596 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2273160904-4274275969-784373220-500
    2015-09-27 01:40 - 2015-07-28 08:49 - 00000000 ____D C:\Users\Administrator\Desktop\Cayman 2015
    2015-09-27 00:42 - 2013-08-22 16:46 - 00461985 _____ C:\WINDOWS\setupact.log
    2015-09-26 20:45 - 2015-02-18 17:53 - 00022196 _____ C:\WINDOWS\error.log
    2015-09-26 20:45 - 2015-02-08 16:09 - 00000920 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
    2015-09-26 20:45 - 2013-08-22 16:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
    2015-09-26 20:45 - 2013-08-22 16:44 - 00538864 _____ C:\WINDOWS\system32\FNTCACHE.DAT
    2015-09-26 20:44 - 2015-02-18 17:53 - 00006413 _____ C:\WINDOWS\errord.log
    2015-09-26 20:44 - 2015-02-08 14:12 - 00000012 _____ C:\WINDOWS\CUAppUsage.Dat
    2015-09-26 20:44 - 2014-11-21 09:29 - 00046038 _____ C:\WINDOWS\PFRO.log
    2015-09-26 20:43 - 2015-02-08 17:03 - 00000000 ____D C:\Users\Administrator\AppData\Local\CrashDumps
    2015-09-26 20:35 - 2015-07-04 00:08 - 00233984 ___SH C:\Users\Administrator\Desktop\Thumbs.db
    2015-09-26 20:24 - 2015-02-08 19:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OFFICE SOFTWARE
    2015-09-26 20:23 - 2015-02-08 16:22 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe
    2015-09-26 20:17 - 2012-09-23 20:43 - 00055432 _____ (Adobe Systems Inc) C:\WINDOWS\system32\AdobePDF.dll
    2015-09-26 20:17 - 2012-09-23 20:43 - 00026768 _____ (Adobe Systems Inc.) C:\WINDOWS\system32\AdobePDFUI.dll
    2015-09-26 20:14 - 2015-02-08 16:20 - 00000000 ____D C:\ProgramData\Adobe
    2015-09-26 20:14 - 2015-02-08 16:20 - 00000000 ____D C:\Program Files (x86)\Adobe
    2015-09-26 18:56 - 2015-02-08 13:50 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Adobe
    2015-09-26 15:08 - 2015-02-08 19:25 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SECURITY
    2015-09-26 14:59 - 2015-07-06 13:39 - 00000000 ____D C:\AdwCleaner
    2015-09-26 13:28 - 2014-03-25 22:36 - 00000000 ___HD C:\VTRoot
    2015-09-26 12:26 - 2015-06-28 03:59 - 00113880 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
    2015-09-26 04:13 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\Web
    2015-09-26 01:35 - 2013-08-22 15:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
    2015-09-26 01:21 - 2015-02-08 16:45 - 00000000 ____D C:\ProgramData\TuneUp Software
    2015-09-26 00:55 - 2015-02-26 16:16 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Mp3tag
    2015-09-26 00:28 - 2014-11-21 09:38 - 01176620 _____ C:\WINDOWS\system32\PerfStringBackup.INI
    2015-09-25 21:41 - 2015-02-08 22:59 - 00000000 ____D C:\Users\Administrator\AppData\Local\JDownloader 2.0
    2015-09-25 21:11 - 2015-02-08 19:25 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DOWNLOADING GENERAL
    2015-09-25 14:49 - 2015-02-08 15:02 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Skype
    2015-09-23 05:11 - 2015-07-08 13:30 - 00513536 ___SH C:\Users\Administrator\Downloads\Thumbs.db
    2015-09-23 05:08 - 2015-02-09 02:01 - 00000232 _____ C:\WINDOWS\Lexstat.ini
    2015-09-23 04:57 - 2015-02-09 01:59 - 00003863 _____ C:\WINDOWS\system32\LexFiles.ulf
    2015-09-23 04:56 - 2015-02-09 02:01 - 00233128 _____ ( ) C:\WINDOWS\system32\lxbkih.exe
    2015-09-23 04:56 - 2007-02-28 13:59 - 00358400 _____ (Lexmark International, Inc.) C:\WINDOWS\system32\lxbkdrs.dll
    2015-09-23 04:56 - 2005-09-13 16:27 - 00054784 _____ C:\WINDOWS\system32\lxbkcnv4.dll
    2015-09-23 04:55 - 2015-02-09 02:01 - 00565928 _____ ( ) C:\WINDOWS\system32\lxbkcoms.exe
    2015-09-23 04:55 - 2015-02-09 02:01 - 00235688 _____ ( ) C:\WINDOWS\system32\lxbkcfg.exe
    2015-09-23 04:54 - 2015-02-09 02:01 - 01417728 _____ ( ) C:\WINDOWS\system32\lxbkserv.dll
    2015-09-23 04:54 - 2015-02-09 02:01 - 01099264 _____ ( ) C:\WINDOWS\system32\lxbkusb1.dll
    2015-09-23 04:54 - 2015-02-09 02:01 - 00695808 _____ ( ) C:\WINDOWS\system32\lxbkcomc.dll
    2015-09-23 04:54 - 2015-02-09 02:01 - 00659456 _____ ( ) C:\WINDOWS\system32\lxbkhbn3.dll
    2015-09-23 04:54 - 2015-02-09 02:01 - 00567808 _____ C:\WINDOWS\system32\lxbkutil.dll
    2015-09-23 04:54 - 2015-02-09 02:01 - 00487424 _____ ( ) C:\WINDOWS\system32\lxbklmpm.dll
    2015-09-23 04:54 - 2015-02-09 02:01 - 00443392 _____ (Lexmark International Inc.) C:\WINDOWS\system32\lxbkjswr.dll
    2015-09-23 04:54 - 2015-02-09 02:01 - 00417792 _____ C:\WINDOWS\system32\lxbkcoin.dll
    2015-09-23 04:54 - 2015-02-09 02:01 - 00409600 _____ ( ) C:\WINDOWS\system32\lxbkpmui.dll
    2015-09-23 04:54 - 2015-02-09 02:01 - 00249856 _____ ( ) C:\WINDOWS\system32\lxbkcomm.dll
    2015-09-23 04:54 - 2015-02-09 02:01 - 00238592 _____ ( ) C:\WINDOWS\system32\lxbkinpa.dll
    2015-09-23 04:54 - 2015-02-09 02:01 - 00226816 _____ ( ) C:\WINDOWS\system32\lxbkiesc.dll
    2015-09-23 04:54 - 2015-02-09 02:01 - 00109056 _____ () C:\WINDOWS\system32\lxbkvs.dll
    2015-09-23 04:54 - 2015-02-09 02:01 - 00079360 _____ (Lexmark International Inc.) C:\WINDOWS\system32\lxbkcu.dll
    2015-09-23 04:54 - 2015-02-09 02:01 - 00077824 _____ (Lexmark International Inc.) C:\WINDOWS\system32\lxbkcur.dll
    2015-09-23 04:54 - 2015-02-09 02:01 - 00062464 _____ (Lexmark International) C:\WINDOWS\system32\lxbkcfg.dll
    2015-09-23 04:54 - 2015-02-09 02:01 - 00035328 _____ ( ) C:\WINDOWS\system32\lxbkprox.dll
    2015-09-23 04:54 - 2015-02-09 02:01 - 00010752 _____ ( ) C:\WINDOWS\system32\lxbkpplc.dll
    2015-09-23 04:02 - 2014-11-21 10:12 - 00103936 _____ (Microsoft Corporation) C:\WINDOWS\system32\wiafbdrv.dll
    2015-09-23 04:02 - 2014-11-21 10:12 - 00044544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbscan.sys
    2015-09-23 04:00 - 2015-02-08 23:37 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Audacity
    2015-09-23 03:47 - 2015-04-01 13:09 - 00000000 ____D C:\Users\Administrator\Documents\My PSP Files
    2015-09-23 03:09 - 2015-02-08 16:22 - 00000000 ____D C:\Users\Administrator\AppData\Local\Adobe
    2015-09-23 03:03 - 2015-05-05 20:29 - 00206080 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\ssudmdm.sys
    2015-09-23 03:03 - 2015-05-05 20:29 - 00110336 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\ssudbus.sys
    2015-09-23 02:13 - 2013-08-22 16:46 - 00001571 _____ C:\WINDOWS\setuperr.log
    2015-09-22 23:19 - 2015-04-17 21:38 - 00000000 ____D C:\Users\Administrator\dwhelper
    2015-09-22 23:03 - 2015-02-11 04:55 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\vlc
    2015-09-17 00:20 - 2015-02-08 16:09 - 00000000 ____D C:\Users\Administrator\AppData\Local\Google
    2015-09-16 22:28 - 2015-04-24 13:05 - 00000000 ____D C:\ProgramData\Oracle
    2015-09-16 22:07 - 2015-04-24 13:04 - 00000000 ____D C:\Program Files (x86)\Java
    2015-09-16 22:06 - 2015-04-24 13:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
    2015-09-16 22:04 - 2015-04-24 13:06 - 00097888 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
    2015-09-16 09:38 - 2015-02-08 16:09 - 00003896 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
    2015-09-16 09:38 - 2015-02-08 16:09 - 00003660 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
    2015-09-15 07:06 - 2015-02-08 15:31 - 00003112 _____ C:\WINDOWS\System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-2273160904-4274275969-784373220-500
    2015-09-15 07:06 - 2015-02-08 15:31 - 00000000 ___RD C:\Users\Administrator\OneDrive
    2015-09-09 20:48 - 2015-04-11 16:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
    2015-09-07 17:48 - 2015-02-08 16:56 - 00000000 ____D C:\Program Files (x86)\SpeedFan
    2015-09-06 00:47 - 2015-07-11 23:52 - 00095744 ____N C:\WINDOWS\Minidump\090615-25765-01.dmp
    2015-09-03 13:52 - 2015-08-05 01:29 - 00579408 _____ (COMODO) C:\WINDOWS\system32\guard64.dll
    2015-09-03 13:52 - 2015-08-05 01:29 - 00445472 _____ (COMODO) C:\WINDOWS\SysWOW64\guard32.dll
    2015-09-02 21:31 - 2015-02-08 13:25 - 00000000 ____D C:\Program Files\COMODO
    2015-09-01 21:36 - 2011-05-18 08:08 - 00047616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dc3d.sys
    2015-09-01 21:35 - 2015-05-21 00:10 - 02317104 _____ (Microsoft Corporation) C:\WINDOWS\system32\coin97itp.dll
    2015-09-01 21:34 - 2015-05-21 00:07 - 02317104 _____ (Microsoft Corporation) C:\WINDOWS\system32\coin97ip.dll
    2015-09-01 06:45 - 2015-02-08 16:11 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
    2015-09-01 06:24 - 2015-02-09 19:04 - 00164034 _____ C:\WINDOWS\DPINST.LOG
    2015-09-01 05:34 - 2015-06-28 03:59 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
    2015-09-01 05:33 - 2015-06-28 03:59 - 00109272 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
    2015-09-01 05:33 - 2015-06-28 03:59 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
    2015-09-01 05:33 - 2015-06-28 03:59 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
    2015-08-31 18:27 - 2015-02-08 05:13 - 132483416 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
    2015-08-31 17:36 - 2013-08-22 17:36 - 00262144 _____ C:\WINDOWS\system32\config\BCD-Template
    2015-08-31 17:35 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\system32\restore
    2015-08-31 17:32 - 2013-08-22 12:35 - 00220672 _____ (Microsoft Corporation) C:\WINDOWS\system32\RemoteFileBrowse.dll
    2015-08-31 17:32 - 2013-08-22 10:25 - 00533504 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmconnect.exe
    2015-08-31 17:32 - 2013-08-22 09:35 - 00144967 _____ C:\WINDOWS\system32\virtmgmt.msc
    2015-08-31 17:03 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\AppReadiness
    2015-08-31 16:53 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
    2015-08-31 16:42 - 2013-08-22 15:25 - 00262144 ___SH C:\WINDOWS\system32\config\ELAM
    2015-08-31 09:38 - 2015-07-17 22:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
    2015-08-31 08:38 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\rescache
    2015-08-31 08:35 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\Registration
    2015-08-31 08:32 - 2013-08-22 17:36 - 00000000 __RSD C:\WINDOWS\Media
    2015-08-31 08:32 - 2013-08-22 17:36 - 00000000 __RHD C:\Users\Public\Libraries
    2015-08-31 08:11 - 2015-06-25 00:40 - 00000000 ____D C:\WINDOWS\system32\RightClickFiles
    2015-08-31 08:11 - 2014-11-21 09:18 - 00000000 ____D C:\WINDOWS\ShellNew
    2015-08-31 08:10 - 2015-07-31 03:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CSR BlueSuite 2.5.0
    2015-08-31 08:10 - 2015-07-26 22:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
    2015-08-31 08:10 - 2015-07-10 12:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
    2015-08-31 08:10 - 2015-07-09 23:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Toontrack
    2015-08-31 08:10 - 2015-07-06 16:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
    2015-08-31 08:10 - 2015-07-06 01:23 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Android SDK Tools
    2015-08-31 08:10 - 2015-07-06 01:14 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Droid Explorer
    2015-08-31 08:10 - 2015-07-04 23:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
    2015-08-31 08:10 - 2015-07-04 15:49 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\R-Studio
    2015-08-31 08:10 - 2015-06-28 02:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hit'n'Mix
    2015-08-31 08:10 - 2015-05-27 21:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DarkAdapted
    2015-08-31 08:10 - 2015-05-19 22:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ABBYY FineReader 12
    2015-08-31 08:10 - 2015-04-30 13:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Andy
    2015-08-31 08:10 - 2015-04-19 22:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DB Browser for SQLite
    2015-08-31 08:10 - 2015-04-06 18:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Finale 2012
    2015-08-31 08:10 - 2015-04-01 13:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Jasc Software
    2015-08-31 08:10 - 2015-03-31 12:31 - 00000000 ____D C:\ProgramData\regid.1995-08.com.techsmith
    2015-08-31 08:10 - 2015-03-14 19:09 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BBC iPlayer
    2015-08-31 08:10 - 2015-03-01 20:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Chainer
    2015-08-31 08:10 - 2015-02-26 18:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EaseUS Todo Backup Advanced Server 7.5
    2015-08-31 08:10 - 2015-02-24 12:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Active@ File Recovery Professional
    2015-08-31 08:10 - 2015-02-08 22:28 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BROWSING
    2015-08-31 08:10 - 2015-02-08 19:25 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SYSTEM INTERNALS
    2015-08-31 08:10 - 2015-02-08 19:25 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PERFORMANCE & OVERCLOCKING
    2015-08-31 08:10 - 2015-02-08 19:25 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OTHER
    2015-08-31 08:10 - 2015-02-08 19:25 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AUDIO
    2015-08-31 08:10 - 2015-02-08 19:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VIDEO
    2015-08-31 08:10 - 2015-02-08 19:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MUSIC DOWNLOADING
    2015-08-31 08:10 - 2015-02-08 19:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ANDROID
    2015-08-31 08:08 - 2013-08-22 17:37 - 00005217 _____ C:\WINDOWS\DtcInstall.log
    2015-08-31 08:08 - 2013-08-22 15:36 - 00000000 __RHD C:\Users\Default
    2015-08-31 08:08 - 2013-08-22 15:36 - 00000000 ____D C:\Users\Default.migrated
    2015-08-31 08:07 - 2014-11-21 08:54 - 00000000 ____D C:\WINDOWS\SysWOW64\WCN
    2015-08-31 08:07 - 2014-11-21 08:54 - 00000000 ____D C:\WINDOWS\SysWOW64\sysprep
    2015-08-31 08:07 - 2014-11-21 08:54 - 00000000 ____D C:\WINDOWS\system32\WCN
    2015-08-31 08:07 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\SysWOW64\MUI
    2015-08-31 08:07 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\system32\spool
    2015-08-31 08:07 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\system32\NDF
    2015-08-31 08:07 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\system32\MUI
    2015-08-31 08:07 - 2013-08-22 15:36 - 00000000 ____D C:\WINDOWS\SysWOW64\SMI
    2015-08-31 08:06 - 2015-02-13 05:16 - 00000000 ____D C:\WINDOWS\system32\appmgmt
    2015-08-31 08:05 - 2015-07-25 17:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeraByte Unlimited
    2015-08-31 08:05 - 2015-07-25 14:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acronis
    2015-08-31 08:05 - 2015-07-01 00:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MeldaProduction
    2015-08-31 08:05 - 2015-06-24 23:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MOBILE
    2015-08-31 08:05 - 2015-06-20 18:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cycling '74
    2015-08-31 08:05 - 2015-05-18 17:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID
    2015-08-31 08:05 - 2015-03-21 12:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MediaHint
    2015-08-31 08:05 - 2015-02-08 19:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WINDOWS CUSTOMISATION
    2015-08-31 08:05 - 2015-02-08 19:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VIRTUALISATION
    2015-08-31 08:05 - 2015-02-08 19:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VIDEO DOWNLOADING
    2015-08-31 08:05 - 2015-02-08 19:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SYNCHRONISATION
    2015-08-31 08:05 - 2015-02-08 19:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MUSIC SOFTWARE
    2015-08-31 08:05 - 2015-02-08 19:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FILE MANAGEMENT
    2015-08-31 08:05 - 2015-02-08 19:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DEVICE DRIVERS AND SUITES
    2015-08-31 08:05 - 2015-02-08 19:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CLOUD
    2015-08-31 08:05 - 2013-08-22 17:43 - 00000000 ____D C:\WINDOWS\DigitalLocker
    2015-08-31 08:05 - 2013-08-22 17:36 - 00000000 __SHD C:\Program Files (x86)\Windows Sidebar
    2015-08-31 08:05 - 2013-08-22 17:36 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
    2015-08-31 08:05 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\InputMethod
    2015-08-31 08:05 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\Help
    2015-08-31 08:05 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\FileManager
    2015-08-31 08:05 - 2013-08-22 17:36 - 00000000 ____D C:\Program Files (x86)\WindowsPowerShell
    2015-08-31 08:04 - 2015-02-09 01:47 - 00000000 ____D C:\Program Files\NVIDIA Corporation
    2015-08-31 08:04 - 2013-08-22 17:36 - 00000000 __SHD C:\Program Files\Windows Sidebar
    2015-08-31 08:04 - 2013-08-22 17:36 - 00000000 ____D C:\Program Files\WindowsPowerShell
    2015-08-31 08:04 - 2013-08-22 17:36 - 00000000 ____D C:\Program Files\Common Files\System
    2015-08-31 08:04 - 2013-08-22 17:36 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
    2015-08-31 07:53 - 2015-02-08 05:15 - 00000000 ____D C:\Users\dale\AppData\Local\Packages
    2015-08-31 07:53 - 2013-08-22 17:36 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy
    2015-08-31 07:53 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\system32\Recovery
    2015-08-31 07:52 - 2015-06-29 18:24 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\XLN Audio
    2015-08-31 07:52 - 2015-06-27 01:45 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\4Front
    2015-08-31 07:52 - 2015-02-09 00:07 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\STREAMING
    2015-08-31 07:52 - 2015-02-09 00:01 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LINGUISTICS
    2015-08-31 07:52 - 2015-02-09 00:00 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NETWORKING AND TOOLS
    2015-08-31 07:52 - 2015-02-08 22:41 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DOCUMENT CONVERSION
    2015-08-31 07:52 - 2015-02-08 22:29 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WINDOWS INTERACTION
    2015-08-31 07:52 - 2015-02-08 19:25 - 00000000 ___RD C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WEB BROWSING
    2015-08-31 07:52 - 2015-02-08 19:25 - 00000000 ___RD C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MEDIA PLAYERS
    2015-08-31 07:52 - 2015-02-08 19:25 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MUSIC MANAGEMENT
    2015-08-31 07:52 - 2015-02-08 19:25 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\INSTALLATION MANAGEMENT
    2015-08-31 07:52 - 2015-02-08 19:25 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HDD TOOLS
    2015-08-31 07:52 - 2015-02-08 19:25 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GRAPHIC DESIGN
    2015-08-31 07:52 - 2015-02-08 19:25 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CODING
    2015-08-31 07:52 - 2015-02-08 19:25 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BACKUP
    2015-08-31 07:52 - 2015-02-08 13:50 - 00000000 ____D C:\Users\Administrator\AppData\Local\Packages
    2015-08-31 07:43 - 2014-03-18 08:25 - 00000000 __SHD C:\Recovery
    2015-08-31 07:43 - 2013-08-22 15:36 - 00000000 ____D C:\WINDOWS\system32\Sysprep
    2015-08-31 06:27 - 2015-02-08 05:14 - 01709067 _____ C:\WINDOWS\WindowsUpdate (1).log
    2015-08-31 06:22 - 2014-03-18 09:21 - 00008192 __RSH C:\BOOTSECT.BAK
    2015-08-31 02:01 - 2015-07-31 11:51 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sony Ericsson
    2015-08-31 02:01 - 2015-07-31 11:50 - 00000000 ____D C:\Program Files (x86)\Sony Ericsson
    2015-08-31 01:12 - 2015-02-08 14:56 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
    2015-08-31 00:58 - 2015-04-01 13:11 - 00000000 ____D C:\ProgramData\InstallShield
    2015-08-31 00:57 - 2015-08-05 22:33 - 00000000 ____D C:\Program Files\Common Files\EPSON
    2015-08-31 00:57 - 2015-08-05 22:27 - 00000000 ____D C:\ProgramData\EPSON
    2015-08-31 00:56 - 2014-03-18 03:24 - 00000000 __RHD C:\MSOCache
    2015-08-30 09:55 - 2015-07-08 21:32 - 00014046 _____ C:\Users\Administrator\Desktop\hijackthis.log
    2015-08-29 22:09 - 2015-08-14 17:55 - 00000000 ____D C:\Program Files (x86)\EPSON
    2015-08-29 22:03 - 2015-08-14 17:51 - 00000000 ____D C:\Program Files (x86)\EPSON Software
     
  18. Califauna

    Califauna TS Rookie Topic Starter Posts: 20

    ==================== Files in the root of some directories =======

    2015-02-13 17:09 - 2015-02-13 17:19 - 1289216 _____ () C:\Program Files (x86)\JumplistLauncher.exe
    2015-02-13 17:20 - 2015-06-29 12:26 - 0005256 _____ () C:\Program Files (x86)\settings.dat
    2015-05-27 21:38 - 2015-05-27 21:45 - 0000539 _____ () C:\Users\Administrator\AppData\Roaming\DarkAdapted Preferences
    2015-02-08 23:42 - 2015-02-08 23:42 - 0118724 _____ () C:\Users\Administrator\AppData\Local\30FDB2F6_stp.CIS
    2015-02-08 23:42 - 2015-02-08 23:42 - 0000318 _____ () C:\Users\Administrator\AppData\Local\30FDB2F6_stp.CIS.part
    2015-06-12 16:27 - 2015-06-12 16:27 - 0003584 _____ () C:\Users\Administrator\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2015-02-12 10:43 - 2015-02-12 10:43 - 0000001 _____ () C:\Users\Administrator\AppData\Local\RawCopy.1.02.agreement
    2015-02-17 20:38 - 2015-02-17 20:38 - 0000055 _____ () C:\Users\Administrator\AppData\Local\RawCopy.savedialog.dir
    2015-02-12 10:47 - 2015-07-25 18:40 - 0000001 _____ () C:\Users\Administrator\AppData\Local\RawCopy.savedialog.filterindex
    2015-02-12 10:44 - 2015-07-25 18:39 - 0000001 _____ () C:\Users\Administrator\AppData\Local\RawCopy.sourcedisk.index
    2015-08-31 07:40 - 2015-08-31 07:40 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
    2015-05-05 18:14 - 2015-05-05 18:14 - 0010295 _____ () C:\ProgramData\regid.2011-06.com.youtubebyclick_3C521B99-9ACE-47EA-AC9F-26075467D03B.swidtag

    Some files in TEMP:
    ====================
    C:\Users\Administrator\AppData\Local\Temp\130876732864096387.exe
    C:\Users\Administrator\AppData\Local\Temp\13087673321430603253.exe
    C:\Users\Administrator\AppData\Local\Temp\dllnt_dump.dll
    C:\Users\Administrator\AppData\Local\Temp\DseShExt-x64.dll
    C:\Users\Administrator\AppData\Local\Temp\DseShExt-x86.dll
    C:\Users\Administrator\AppData\Local\Temp\i4jdel0.exe
    C:\Users\Administrator\AppData\Local\Temp\proxy_vole1413000634955814965.dll
    C:\Users\Administrator\AppData\Local\Temp\SDShelEx-win32.dll
    C:\Users\Administrator\AppData\Local\Temp\SDShelEx-x64.dll
    C:\Users\Administrator\AppData\Local\Temp\sfamcc00001.dll
    C:\Users\Administrator\AppData\Local\Temp\sfamcc00002.dll
    C:\Users\Administrator\AppData\Local\Temp\sfareca00001.dll
    C:\Users\Administrator\AppData\Local\Temp\sfareca00002.dll
    C:\Users\Administrator\AppData\Local\Temp\SkypeSetup.exe
    C:\Users\Administrator\AppData\Local\Temp\sqlite3.dll


    ==================== Bamital & volsnap =================

    (There is no automatic fix for files that do not pass verification.)

    C:\WINDOWS\system32\winlogon.exe => File is digitally signed
    C:\WINDOWS\system32\wininit.exe => File is digitally signed
    C:\WINDOWS\explorer.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
    C:\WINDOWS\system32\svchost.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
    C:\WINDOWS\system32\services.exe => File is digitally signed
    C:\WINDOWS\system32\User32.dll => File is digitally signed
    C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
    C:\WINDOWS\system32\userinit.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
    C:\WINDOWS\system32\rpcss.dll => File is digitally signed
    C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
    C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
    C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

    ==================== BCD ================================

    Windows Boot Manager
    --------------------
    identifier {bootmgr}
    device partition=C:
    description Windows Boot Manager
    locale en-US
    inherit {globalsettings}
    default {current}
    resumeobject {41a39ea7-4ff5-11e5-8d05-f813eabacc72}
    displayorder {current}
    toolsdisplayorder {memdiag}
    timeout 30

    Windows Boot Loader
    -------------------
    identifier {15ee57ce-af41-11e4-824e-20cf305cadbe}
    device ramdisk=[C:]\Recovery\WindowsRE\Winre.wim,{15ee57cf-af41-11e4-824e-20cf305cadbe}
    path \windows\system32\winload.exe
    description Windows Recovery Environment
    locale en-US
    inherit {bootloadersettings}
    displaymessage Recovery
    osdevice ramdisk=[C:]\Recovery\WindowsRE\Winre.wim,{15ee57cf-af41-11e4-824e-20cf305cadbe}
    systemroot \windows
    nx OptIn
    bootmenupolicy Standard
    winpe Yes

    Windows Boot Loader
    -------------------
    identifier {26143d25-4ff6-11e5-8d05-f813eabacc72}
    device ramdisk=[C:]\Recovery\WindowsRE\Winre.wim,{26143d26-4ff6-11e5-8d05-f813eabacc72}
    path \windows\system32\winload.exe
    description Windows Recovery Environment
    locale en-US
    inherit {bootloadersettings}
    displaymessage Recovery
    displaymessageoverride Recovery
    osdevice ramdisk=[C:]\Recovery\WindowsRE\Winre.wim,{26143d26-4ff6-11e5-8d05-f813eabacc72}
    systemroot \windows
    nx OptIn
    bootmenupolicy Standard
    winpe Yes

    Windows Boot Loader
    -------------------
    identifier {current}
    device partition=C:
    path \WINDOWS\system32\winload.exe
    description Windows 8.1
    locale en-US
    inherit {bootloadersettings}
    recoverysequence {26143d25-4ff6-11e5-8d05-f813eabacc72}
    recoveryenabled Yes
    allowedinmemorysettings 0x15000075
    osdevice partition=C:
    systemroot \WINDOWS
    resumeobject {41a39ea7-4ff5-11e5-8d05-f813eabacc72}
    nx OptIn
    bootmenupolicy Standard

    Windows Boot Loader
    -------------------
    identifier {e7718843-c44c-11e3-9b88-865291c53616}
    device ramdisk=[C:]\Recovery\WindowsRE\Winre.wim,{e7718844-c44c-11e3-9b88-865291c53616}
    path \windows\system32\winload.exe
    description Windows Recovery Environment
    locale en-US
    inherit {bootloadersettings}
    displaymessage Recovery
    osdevice ramdisk=[C:]\Recovery\WindowsRE\Winre.wim,{e7718844-c44c-11e3-9b88-865291c53616}
    systemroot \windows
    nx OptIn
    bootmenupolicy Standard
    winpe Yes

    Windows Boot Loader
    -------------------
    identifier {eb70c2b8-ae6d-11e3-bae8-ddc4a07b574f}
    device unknown
    path \Windows\system32\winload.exe
    description Windows 8.1
    locale en-US
    inherit {bootloadersettings}
    integrityservices Enable
    recoveryenabled Yes
    allowedinmemorysettings 0x15000075
    osdevice unknown
    systemroot \Windows
    resumeobject {eb70c2b7-ae6d-11e3-bae8-ddc4a07b574f}
    nx OptIn
    bootmenupolicy Standard

    Resume from Hibernate
    ---------------------
    identifier {381a9354-c445-11e3-8271-806e6f6e6963}
    device partition=C:
    path \Windows\system32\winresume.exe
    description Windows 8.1 Pro
    locale en-US
    inherit {resumeloadersettings}
    recoverysequence {15ee57ce-af41-11e4-824e-20cf305cadbe}
    recoveryenabled Yes
    filedevice partition=C:
    filepath \hiberfil.sys
    debugoptionenabled No

    Resume from Hibernate
    ---------------------
    identifier {41a39ea7-4ff5-11e5-8d05-f813eabacc72}
    device partition=C:
    path \WINDOWS\system32\winresume.exe
    description Windows Resume Application
    locale en-US
    inherit {resumeloadersettings}
    recoverysequence {26143d25-4ff6-11e5-8d05-f813eabacc72}
    recoveryenabled Yes
    allowedinmemorysettings 0x15000075
    filedevice partition=C:
    filepath \hiberfil.sys
    bootmenupolicy Standard
    debugoptionenabled No

    Resume from Hibernate
    ---------------------
    identifier {eb70c2b7-ae6d-11e3-bae8-ddc4a07b574f}
    device unknown
    path \Windows\system32\winresume.exe
    description Windows Resume Application
    locale en-US
    inherit {resumeloadersettings}
    recoveryenabled Yes
    allowedinmemorysettings 0x15000075
    filedevice unknown
    filepath \hiberfil.sys
    bootmenupolicy Standard
    debugoptionenabled No

    Windows Memory Tester
    ---------------------
    identifier {memdiag}
    device partition=C:
    path \boot\memtest.exe
    description Windows Memory Diagnostic
    locale en-US
    inherit {globalsettings}
    badmemoryaccess Yes

    EMS Settings
    ------------
    identifier {emssettings}
    bootems No

    Debugger Settings
    -----------------
    identifier {dbgsettings}
    debugtype Serial
    debugport 1
    baudrate 115200

    RAM Defects
    -----------
    identifier {badmemory}

    Global Settings
    ---------------
    identifier {globalsettings}
    inherit {dbgsettings}
    {emssettings}
    {badmemory}

    Boot Loader Settings
    --------------------
    identifier {bootloadersettings}
    inherit {globalsettings}
    {hypervisorsettings}

    Hypervisor Settings
    -------------------
    identifier {hypervisorsettings}
    hypervisordebugtype Serial
    hypervisordebugport 1
    hypervisorbaudrate 115200

    Resume Loader Settings
    ----------------------
    identifier {resumeloadersettings}
    inherit {globalsettings}

    Device options
    --------------
    identifier {15ee57cf-af41-11e4-824e-20cf305cadbe}
    description Windows Recovery
    ramdisksdidevice partition=C:
    ramdisksdipath \Recovery\WindowsRE\boot.sdi

    Device options
    --------------
    identifier {26143d26-4ff6-11e5-8d05-f813eabacc72}
    description Windows Recovery
    ramdisksdidevice partition=C:
    ramdisksdipath \Recovery\WindowsRE\boot.sdi

    Device options
    --------------
    identifier {84f6ebe6-4f98-11e5-82e4-00030dad0bd1}
    description Windows Setup
    ramdisksdidevice partition=C:
    ramdisksdipath \$WINDOWS.~BT\Sources\SafeOS\boot.sdi

    Device options
    --------------
    identifier {e7718844-c44c-11e3-9b88-865291c53616}
    description Windows Recovery
    ramdisksdidevice partition=C:
    ramdisksdipath \Recovery\WindowsRE\boot.sdi



    LastRegBack: 2015-09-20 17:00

    ==================== End of FRST.txt ============================
     
  19. Califauna

    Califauna TS Rookie Topic Starter Posts: 20

    Additional scan result of Farbar Recovery Scan Tool (x64) Version:23-09-2015
    Ran by Administrator (2015-09-27 03:46:13)
    Running from C:\Users\Administrator\Downloads
    Windows 8.1 Pro (X64) (2015-08-31 14:55:10)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-2273160904-4274275969-784373220-500 - Administrator - Enabled) => C:\Users\Administrator
    dale (S-1-5-21-2273160904-4274275969-784373220-1001 - Administrator - Enabled) => C:\Users\dale
    Guest (S-1-5-21-2273160904-4274275969-784373220-501 - Limited - Disabled)
    HomeGroupUser$ (S-1-5-21-2273160904-4274275969-784373220-1003 - Limited - Enabled)

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AV: COMODO Antivirus (Enabled - Up to date) {F25D0092-CDBE-B303-ADB7-88DE8CDECCF5}
    AS: Comodo Defense+ (Enabled - Up to date) {493CE176-EB84-BC8D-9707-B3ACF7598648}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    FW: COMODO Firewall (Enabled) {CA6681B7-87D1-B25B-86E8-21EB720D8B8E}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
    ABBYY FineReader 12 Corporate (HKLM-x32\...\{F12000CE-0001-0000-0000-074957833700}) (Version: 12.1.439 - ABBYY Production LLC)
    Ableton Live 9 Suite (HKLM\...\{D4EA4767-BB54-4094-A9F9-F058C2D47DA3}) (Version: 9.0.0.0 - Ableton)
    Active@ File Recovery Professional 14 (HKLM\...\{C34F36E0-4D8B-42E8-90AD-50C76E1AE282}_is1) (Version: 14 - LSoft Technologies Inc)
    ActivePerl 5.16.1 Build 1601 (64-bit) (HKLM\...\{653D48F0-098C-45C1-8267-86EA7B9D0EDB}) (Version: 5.16.1601 - ActiveState)
    Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.008.20082 - Adobe Systems Incorporated)
    Adobe Acrobat XI Pro (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.00 - Adobe Systems)
    Adobe Audition CC (HKLM-x32\...\{DE1E055B-679C-42F8-B114-7B6ED0B8ED95}) (Version: 6.0 - Adobe Systems Incorporated)
    Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.209 - Adobe Systems Incorporated)
    Allmyapps (HKU\S-1-5-21-2273160904-4274275969-784373220-500\...\Allmyapps) (Version: 2.0.0.30 - Allmyapps)
    Android SDK Tools (HKLM-x32\...\Android SDK Tools) (Version: 1.16 - Google Inc.)
    Andy OS (HKLM-x32\...\Andy OS) (Version: 0.43 - Andy OS, Inc)
    Any Video Converter 5.7.7 (HKLM-x32\...\Any Video Converter_is1) (Version: - Any-Video-Converter.com)
    Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
    ARIA Engine v1.6.2.0 (HKLM\...\ARIA Engine_is1) (Version: v1.6.2.0 - Plogue Art et Technologie, Inc)
    Ashampoo MP3 Cover Finder v.1.0.12 (HKLM-x32\...\{5A842CF6-7E61-52D7-C64C-2F20E9D408F1}_is1) (Version: 1.0.12 - Ashampoo GmbH & Co. KG)
    ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.10 - Michael Tippach)
    Audacity 2.0.6 (HKLM-x32\...\Audacity_is1) (Version: 2.0.6 - Audacity Team)
    AutoHotkey 1.1.19.02 (HKLM\...\AutoHotkey) (Version: 1.1.19.02 - Lexikos)
    Avast Browser Cleanup (HKU\S-1-5-21-2273160904-4274275969-784373220-500\...\Avast Browser Cleanup) (Version: 10.3.2223.101 - AVAST Software)
    BBC iPlayer Downloads (HKLM-x32\...\{C3794B09-6C43-4B93-9CA8-F10BECCF2971}) (Version: 1.11.1 - BBC)
    BEHRINGER USB AUDIO DRIVER (HKLM\...\USB_AUDIO_DEusb-audio.deBehringer2902) (Version: - )
    bl (x32 Version: 1.0.0 - Your Company Name) Hidden
    Bluetooth Command Line Tools 1.2 (HKLM-x32\...\{2557A2FA-2A9A-4829-AD02-8DD95C7E4B8B}_is1) (Version: 1.2.0.56 - bluetoothinstaller.com)
    Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
    Chainer v1.0 (HKLM-x32\...\Chainer 1.0) (Version: - )
    Classic Shell (HKLM\...\{840C85B7-D3D6-4143-9AF9-DAE80FD54CFC}) (Version: 4.1.0 - IvoSoft)
    Clipboard History (HKLM-x32\...\ClipboardHistory) (Version: 1.0 - Outertech)
    COMODO Internet Security Premium (HKLM\...\{367D1EA4-24FD-402F-AFF0-08A678D2EE28}) (Version: 8.2.0.4674 - COMODO Security Solutions Inc.)
    COMODO Programs Manager (HKLM\...\{D968E920-3A49-48EB-BA1D-8964DCDF0CA9}) (Version: 1.3_build_30 - COMODO)
    Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6514.5001 - Microsoft Corporation)
    ConvertHelper 3.1.1 (HKLM\...\{27CC6AB1-E72B-4179-AF1A-EAE507EBAF52}}_is1) (Version: - DownloadHelper)
    Core Temp 1.0 RC6 (HKLM\...\{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1) (Version: 1.0 - Alcpu)
    CPUID CPU-Z 1.72 (HKLM\...\CPUID CPU-Z_is1) (Version: - )
    CSR BlueSuite 2.5.0 (HKLM-x32\...\CSR BlueSuite 2.5.0_is1) (Version: - Cambridge Silicon Radio Ltd.)
    DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 5.0.1.0406 - Disc Soft Ltd)
    DarkAdapted 3.0 (HKLM-x32\...\{FDA06822-011E-4A1E-9B2E-BF25D5C453F8}_is1) (Version: - AquilaDigital Partnership)
    DB Browser for SQLite (HKLM-x32\...\SqliteBrowser3) (Version: 3.6.0 - oldsch00l)
    Direct WAV MP3 Splitter version 2.7.0.25 (HKLM-x32\...\Direct WAV MP3 Splitter_is1) (Version: 2.7.0.25 - Piston Software)
    DiskInternals Partition Recovery (HKLM-x32\...\DiskInternals Partition Recovery) (Version: 5.4 - DiskInternals Research)
    DivX Setup (HKLM-x32\...\DivX Setup) (Version: 2.7.0.31 - DivX, LLC)
    Droid Explorer 0.9.0.2 (x64) (HKLM\...\{CEC12343-D6C5-4C69-9A3D-295A2459B37D}) (Version: 0.9.0.2 - Ryan Conrad)
    EaseUS Data Recovery Wizard 8.6 (HKLM\...\EaseUS Data Recovery Wizard 8.6_is1) (Version: - EaseUS)
    EaseUS Partition Master 10.2 (HKLM-x32\...\EaseUS Partition Master_is1) (Version: - EaseUS)
    EaseUS Todo Backup Advanced Server 7.5 (HKLM-x32\...\EaseUS Todo Backup_is1) (Version: 7.5 - CHENGDU YIWO Tech Development Co., Ltd)
    EasyBCD 2.2 (HKLM-x32\...\EasyBCD) (Version: 2.2 - NeoSmart Technologies)
    EKS Driver Pack 16.12.2010 (HKLM\...\EKS Driver Pack 16.12.2010) (Version: 16.12.2010 - EKS)
    EPSON XP-225 Series Printer Uninstall (HKLM\...\EPSON XP-225 Series) (Version: - SEIKO EPSON Corporation)
    Equalizer APO (HKLM\...\EqualizerAPO) (Version: 0.9.1 - )
    EVEREST Ultimate Edition v5.50 (HKLM-x32\...\EVEREST Ultimate Edition_is1) (Version: 5.50 - Lavalys, Inc.)
    EZdrummer 2 64-bit (HKLM\...\{B9217824-0EBE-49C7-98A0-A76CC46BBB7D}) (Version: 2.0.0 - Toontrack)
    EZdrummer 2 64-bit Update (HKLM\...\{11CC8964-9CB0-46E6-9218-CD39ED4A554D}) (Version: 2.0.1 - Toontrack)
    EZkeys Grand Piano 64 (HKLM\...\{23CA8D91-FD3B-4EE6-BBDF-B5924E7E44EB}) (Version: 1.0.2 - Toontrack)
    EZXPercussion (HKLM-x32\...\{2CC4BC82-41CF-43D3-B533-7283AA8BB86F}) (Version: 1.0 - Toontrack)
    Finale 2012 (HKLM-x32\...\Finale 2012) (Version: 2012.c.r13.4 - MakeMusic)
    FreeFileSync 6.13 (HKLM-x32\...\FreeFileSync_is1) (Version: 6.13 - www.FreeFileSync.org)
    Garritan ARIA Player v1.620 (HKLM\...\__ARIA_1012___is1) (Version: v1.6.2.0 - Garritan)
    Garritan Instruments for Finale (HKLM\...\__ARIA_1013___is1) (Version: v2.0.0.0 - Garritan)
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 45.0.2454.99 - Google Inc.)
    Google Drive (HKLM-x32\...\{12ADFB82-D5A3-43E4-B2F4-FCD9B690315B}) (Version: 1.24.9931.5480 - Google, Inc.)
    Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
    Google Update Helper (x32 Version: 1.3.21.165 - Google Inc.) Hidden
    Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden
    Guitar Pro 6 (HKLM-x32\...\{14A487F2-1259-4E6C-AE3C-3C888DDBCB60}_is1) (Version: - Arobas Music)
    Hard Disk Sentinel PRO (HKLM-x32\...\Hard Disk Sentinel_is1) (Version: - HDS)
    HDD Raw Copy Tool v1.02 (HKLM-x32\...\HDD Raw Copy Tool_is1) (Version: - HDDGURU)
    HeavyLoad V3.3 (64 bit) (HKLM\...\HeavyLoad_is1) (Version: 3.3 - JAM Software)
    Hit'n'Mix Play (HKLM-x32\...\Hit'n'Mix Play) (Version: 1.5.8 - Hit'n'Mix Ltd)
    HWiNFO32 Version 4.50 (HKLM-x32\...\HWiNFO32_is1) (Version: 4.50 - Martin Malík - REALiX)
    HWiNFO64 Version 4.50 (HKLM\...\HWiNFO64_is1) (Version: 4.50 - Martin Malík - REALiX)
    Image for Windows 2.86 Trial (HKLM-x32\...\Image for Windows (V2)_is1) (Version: - TeraByte Unlimited)
    Jasc Paint Shop Pro 9 (HKLM-x32\...\{F843C6A3-224D-4615-94F8-3C461BD9AEA0}) (Version: 9.00.0000 - Jasc Software Inc)
    Java 8 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218060F0}) (Version: 8.0.600.27 - Oracle Corporation)
    JBridge (HKLM-x32\...\JBridge) (Version: - JBridge)
    JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
    JMicron Flash Media Controller Driver (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.55.0 - JMicron Technology Corp.)
    Jumplist Extender (HKLM-x32\...\{2D5349D5-167D-4D27-BD8C-9117A6C63FED}_is1) (Version: 0.4 - Marco Zafra)
    LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - )
    LatencyMon 6.00 (HKLM\...\LatencyMon_is1) (Version: - Resplendence Software Projects Sp.)
    Lexmark X1100 Series (HKLM\...\Lexmark X1100 Series) (Version: - Lexmark International, Inc.)
    Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
    M-Audio ProKeysSono Driver 6.0.2 (x64) (HKLM\...\{5008FD09-0F0B-4B0B-93FF-A7302137F62E}) (Version: 6.0.2 - M-Audio)
    Max 6.1.10 (x64) (HKLM\...\{C8F67FDD-EE0B-4F60-9FAD-1B49C4E2EB63}) (Version: 136.1.10 - Cycling '74)
    MediaHint (HKLM-x32\...\{35487E7F-80C5-42AB-B6F4-13E603645E44}) (Version: 1.80.0000 - MediaHint)
    MediaInfo 0.7.72 (HKLM\...\MediaInfo) (Version: 0.7.72 - MediaArea.net)
    MediaMonkey 4.1 (HKLM-x32\...\MediaMonkey_is1) (Version: 4.1 - Ventis Media Inc.)
    Medieval CUE Splitter (HKLM-x32\...\{B96D2269-568B-4CBF-9332-12FAE8B158F7}) (Version: 1.2.0 - Medieval Software)
    MeldaProduction MTotalBundle64 8 (HKLM-x32\...\MeldaProduction MTotalBundle64 8) (Version: - MeldaProduction)
    Melodyne Runtime 4.1 (x64) (HKLM\...\{53EE2829-E9DB-4913-B3EA-96F10F84E98B}) (Version: 1.0.1 - Celemony Software GmbH)
    Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4420.1017 - Microsoft Corporation)
    Microsoft OneDrive (HKU\S-1-5-21-2273160904-4274275969-784373220-500\...\OneDriveSetup.exe) (Version: 17.3.5951.0827 - Microsoft Corporation)
    Microsoft OneNote 2013 - en-us (HKLM\...\OneNoteFreeRetail - en-us) (Version: 15.0.4737.1003 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40620.0 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 (HKLM-x32\...\{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}) (Version: 9.0.21022.218 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
    MIDI Yoke (HKLM-x32\...\{CCB3F587-BAD0-4F32-99FC-301E6F9ABAB4}) (Version: 1.75.53 - JOConnell)
    MIDI-OX (HKLM-x32\...\{A6457851-5EA9-45B0-AF1D-D2A0A4781CFB}) (Version: 7.02.372 - MIDIOX Computing)
    Mozilla Firefox 40.0.3 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 40.0.3 (x86 en-US)) (Version: 40.0.3 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 40.0.3.5716 - Mozilla)
    Mp3tag v2.65a (HKLM-x32\...\Mp3tag) (Version: v2.65a - Florian Heidenreich)
    MusicBrainz Picard (HKLM-x32\...\MusicBrainz Picard) (Version: 1.2 - MusicBrainz)
    Native Instruments Kontakt 5 (HKLM-x32\...\Native Instruments Kontakt 5) (Version: 5.4.2.245 - Native Instruments)
    Native Instruments Kontakt Factory Selection (HKLM-x32\...\Native Instruments Kontakt Factory Selection) (Version: - Native Instruments)
    NirSoft BlueScreenView (HKLM-x32\...\NirSoft BlueScreenView) (Version: - )
    Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.7.4 - Notepad++ Team)
    Novation USB Audio Driver 2.6 (HKLM\...\Novation USB Audio Driver_is1) (Version: 2.6 - Novation DMS Ltd.)
    NVIDIA 3D Vision Controller Driver 340.50 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 340.50 - NVIDIA Corporation)
    NVIDIA 3D Vision Driver 341.44 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 341.44 - NVIDIA Corporation)
    NVIDIA GeForce Experience 2.2.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.2.2 - NVIDIA Corporation)
    NVIDIA Graphics Driver 341.44 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 341.44 - NVIDIA Corporation)
    NVIDIA PhysX System Software 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
    Office 15 Click-to-Run Extensibility Component (Version: 15.0.4737.1003 - Microsoft Corporation) Hidden
    Office 15 Click-to-Run Licensing Component (Version: 15.0.4737.1003 - Microsoft Corporation) Hidden
    Office 15 Click-to-Run Localization Component (Version: 15.0.4737.1003 - Microsoft Corporation) Hidden
    OpenOffice 4.1.1 (HKLM-x32\...\{9395F41D-0F80-432E-9A59-B8E477E7E163}) (Version: 4.11.9775 - Apache Software Foundation)
    Oracle VM VirtualBox 4.3.28 (HKLM\...\{E8BB81BC-E67C-4750-84EE-128DA5A7ADA5}) (Version: 4.3.28 - Oracle Corporation)
    OSFMount v1.5 (HKLM\...\OSFMount_is1) (Version: 1.5.1015 - Passmark Software)
    Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
    Oxford Spanish Dictionary (HKLM-x32\...\Oxford Spanish Dictionary) (Version: - )
    PACE License Support Win64 (HKLM-x32\...\InstallShield_{72ad9d51-0903-4fe7-af5d-33b3185fa6e9}) (Version: 2.4.7.0852 - PACE Anti-Piracy, Inc.)
    PACE License Support Win64 (Version: 2.4.7.0852 - PACE Anti-Piracy, Inc.) Hidden
    ph (x32 Version: 1.0.0 - Your Company Name) Hidden
    Pianoteq v2.3.0 (HKLM-x32\...\Pianoteq23) (Version: - )
    Process Hacker 2.33 (r5590) (HKLM\...\Process_Hacker2_is1) (Version: 2.33.0.5590 - wj32)
    QtWeb Internet Browser 3.8.5 (HKLM-x32\...\{13C0E1F7-BB8A-4545-B25E-628D025A94AD}_is1) (Version: - QtWeb.NET)
    QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
    Quod Libet - audio library tagger, manager, and player (HKLM-x32\...\Quod Libet) (Version: - )
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7399 - Realtek Semiconductor Corp.)
    ReNamer (HKLM-x32\...\ReNamer_is1) (Version: 5.50 - [den4b] Denis Kozlov)
    Resource Hacker Version 3.6.0 (HKLM-x32\...\ResourceHacker_is1) (Version: - )
    Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
    RogueKiller version 10 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 10 - Adlice Software)
    R-Studio 7.5 (HKLM-x32\...\R-Studio 7.5NSIS) (Version: 7.5.156292 - R-Tools Technology Inc.)
    Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.3.15045.4 - Samsung Electronics Co., Ltd.)
    Samsung Kies (x32 Version: 2.6.3.15045.4 - Samsung Electronics Co., Ltd.) Hidden
    SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.49.0 - SAMSUNG Electronics Co., Ltd.)
    Seagate DiscWizard (HKLM-x32\...\{80AB2C3C-87B7-47C7-928C-ED5374631C97}) (Version: 16.0.5840 - Seagate)
    SHIELD Streaming (Version: 4.0.1000 - NVIDIA Corporation) Hidden
    SHIELD Wireless Controller Driver (Version: 17.12.8 - NVIDIA Corporation) Hidden
    Similarity 64-bit 1.9.2 (HKLM\...\{02F06E82-CCC3-4F71-ADC6-A65338E4A9DF}) (Version: 1.9.1941 - GAR Software)
    Skype Web Plugin (HKLM-x32\...\{75BBD24C-C19A-4885-B8FD-EB15009277D3}) (Version: 7.5.0.123 - Skype Technologies S.A.)
    Skype™ 7.6 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.6.105 - Skype Technologies S.A.)
    Snagit 12 (HKLM-x32\...\{d02e7440-ca9b-4c28-b0bf-f226a6c79efd}) (Version: 12.3.1.2879 - TechSmith Corporation)
    Snagit 12 (x32 Version: 12.3.1 - TechSmith Corporation) Hidden
    SopCast 3.9.6 (HKLM-x32\...\SopCast) (Version: 3.9.6 - www.sopcast.com)
    Spectrasonics Trilian Library version 1.0 (HKLM-x32\...\Spectrasonics Trilian Library_is1) (Version: - Copyright (C) 2009-2011 Spectrasonics)
    SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version: - )
    Spotify (HKU\S-1-5-21-2273160904-4274275969-784373220-500\...\Spotify) (Version: 1.0.4.90.g0b6df40b - Spotify AB)
    Spotydl 0.9.37.0 (HKLM-x32\...\Spotydl_is1) (Version: 0.9.37.0 - spotydl.com)
    SUPER © v2015.build.64+Recorder (2015/02/13) version v2015.buil (HKLM-x32\...\{8E2A29E2-96BF-8759-4DA7-5C16C90729A4}_is1) (Version: v2015.build.64+Recorder - eRightSoft)
    Superior Drummer 64-bit (HKLM\...\{22029AEE-38DF-4E35-AEF4-FE8CA3F6667F}) (Version: 2.4.0 - Toontrack)
    Superior Drummer Installer (HKLM-x32\...\{009AC76E-1A66-4682-82B7-417E77F3C648}) (Version: 2.0.1 - Toontrack)
    Tag&Rename 3.8.6 (HKLM-x32\...\Tag&Rename_is1) (Version: 3.8.6 - Softpointer Inc)
    TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.38475 - TeamViewer)
    TeraCopy 2.3 (HKLM\...\TeraCopy_is1) (Version: - Code Sector)
    TotalDocConverter (HKLM-x32\...\Total Doc Converter_is1) (Version: - Softplicity, Inc.)
    Tunatic (HKLM-x32\...\Tunatic) (Version: - )
    TuneUp Utilities 2014 (en-US) (x32 Version: 14.0.1000.221 - TuneUp Software) Hidden
    TuneUp Utilities 2014 (HKLM-x32\...\TuneUp Utilities) (Version: 14.0.1000.221 - TuneUp Software)
    TuneUp Utilities 2014 (x32 Version: 14.0.1000.221 - TuneUp Software) Hidden
    TunnelBear (HKLM-x32\...\{a8a8801e-37a4-4866-a5dc-2d8b0943b84c}) (Version: 2.3.13.0 - TunnelBear)
    TunnelBear (x32 Version: 2.3.13.0 - TunnelBear) Hidden
    Undelete 360 (HKLM-x32\...\Undelete 360_is1) (Version: - File Recovery Ltd.)
    Universal Adb Driver (HKLM-x32\...\{D9C4202E-6D51-4B06-A8F1-22316E654BCA}) (Version: 1.0.0 - ClockworkMod)
    Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb)
    VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
    Video Download Capture V4.8.0 (HKLM-x32\...\{3C9D008D-3716-4C3F-90CD-38ED57568FAB}_is1) (Version: 4.8.0 - Apowersoft)
    Virtual Audio Cable 4.10 (HKLM\...\Virtual Audio Cable 4.10) (Version: - )
    Virtual Disk Driver (HKLM-x32\...\{6B6137AE-281D-419E-9F40-FFD1B42A740D}) (Version: 1.1.2141 - Acronis)
    VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
    WhoCrashed 5.03 (HKLM\...\WhoCrashed_is1) (Version: - Resplendence Software Projects Sp.)
    Windows Driver Package - Cambridge Silicon Radio Ltd. (CSRBC) USB (02/03/2011 2.4.0.0) (HKLM\...\88C277C6E63CBDAF35A096E80A5B97A29A619D3A) (Version: 02/03/2011 2.4.0.0 - Cambridge Silicon Radio Ltd.)
    Windows Driver Package - Cambridge Silicon Radio Ltd. (USBSPI) USB (01/21/2011 2.4.0.0) (HKLM\...\516F2BEA6007D982DCE90BA1592C17F0FFD75DBA) (Version: 01/21/2011 2.4.0.0 - Cambridge Silicon Radio Ltd.)
    WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
    Xentone version 1.3.61 (HKLM-x32\...\{06AF433A-92A9-4DFB-A7F3-2F413BB35A8B}}_is1) (Version: 1.3.61 - H-Pi Instruments)
    YouTubeByClick (HKLM-x32\...\{C05E2D5A-938F-41AD-98C5-A6BCBC69CE2F}) (Version: 2.2.10 - YouTubeByClick.com)

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    CustomCLSID: HKU\S-1-5-21-2273160904-4274275969-784373220-500_Classes\CLSID\{59CA9673-A08B-489C-8932-1C3E0CF244D8}\localserver32 -> C:\Users\Administrator\AppData\Local\SkypePlugin\7.5.0.123\GatewayVersion-x64.exe (Skype Technologies S.A.)
    CustomCLSID: HKU\S-1-5-21-2273160904-4274275969-784373220-500_Classes\CLSID\{B982932A-124D-489C-A7B3-8BCD1FDB8DD3}\InprocServer32 -> C:\Users\Administrator\AppData\Local\SkypePlugin\7.5.0.123\GatewayActiveX-x64.dll (Skype Technologies S.A.)
    CustomCLSID: HKU\S-1-5-21-2273160904-4274275969-784373220-500_Classes\CLSID\{CBF9CD8C-2714-4F36-B76A-43E6C7547BC2}\localserver32 -> C:\Users\Administrator\AppData\Local\SkypePlugin\7.5.0.123\EdgeCalling.exe (Skype Technologies S.A.)

    ==================== Restore Points =========================

    02-09-2015 21:04:27 Removing COMODO Internet Security Premium
    12-09-2015 00:46:54 Scheduled Checkpoint
    20-09-2015 20:35:42 Scheduled Checkpoint
    22-09-2015 23:56:41 JRT Pre-Junkware Removal
    25-09-2015 23:47:08 Revo Uninstaller's restore point - TuneUp Utilities 2014

    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2013-08-22 15:25 - 2015-09-26 19:58 - 00001078 ____A C:\WINDOWS\system32\Drivers\etc\hosts


    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {0434ED0A-02E4-4377-BBBB-41A6936BAFBA} - System32\Tasks\AllmyappsUpdateTask => C:\Users\Administrator\AppData\Roaming\Allmyapps\Allmyapps.exe
    Task: {19D06676-597C-4187-91A5-40B5DD2BD986} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2015-02-08] (Microsoft Corporation)
    Task: {2169A334-3A15-4A69-BDA0-CBBB36AA7CA2} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-2273160904-4274275969-784373220-500 => %localappdata%\Microsoft\OneDrive\OneDrive.exe
    Task: {3639B1A0-A9CF-408A-ADA1-8E55FE787F1C} - System32\Tasks\{31DDBD37-5DB7-4030-8064-10B0CAA806C3} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2015-08-05] (COMODO)
    Task: {46109DC7-8000-415A-A213-4BF66F55F88D} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2015-08-05] (COMODO)
    Task: {4DCF11D7-AD36-4436-9AB8-7F8208E69E71} - System32\Tasks\HardDiskSentinel\Hard Disk Sentinel_Administrator => C:\Program Files (x86)\Hard Disk Sentinel\HDSentinel.exe [2015-02-08] (H.D.S. Hungary)
    Task: {5D1B51F4-0905-4261-BBD2-E4E4AF6FA618} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
    Task: {63989CE4-1A8E-4947-A2FD-438D717D2556} - System32\Tasks\TechSmith Updater => C:\Program Files (x86)\Common Files\TechSmith Shared\Updater\TSCUpdClt.exe [2015-03-31] (TechSmith Corporation)
    Task: {67ED5FDD-C06F-4446-9409-04952F093942} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-07-26] (Microsoft Corporation)
    Task: {6B8FA50D-9D3A-4D0D-B316-8123EA8777D3} - System32\Tasks\COMODO\COMODO Scan {F140D794-60B6-4F00-9235-D6457AA25B22} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2015-08-05] (COMODO)
    Task: {6E00464F-41BC-4880-A8DD-FCDEB99C1022} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2015-02-08] (Microsoft Corporation)
    Task: {7253FF57-368F-4C82-B27A-338505140F6C} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2015-08-05] (COMODO)
    Task: {79B34201-A62A-47B6-A258-5FF0A398990A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
    Task: {9E3FCFDE-8796-498D-BA77-05CF3A0C710C} - System32\Tasks\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2015-08-05] (COMODO)
    Task: {A0459977-33F3-4E0E-8396-DCD96DC1B94E} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2015-02-08] (Microsoft Corporation)
    Task: {BD797F8E-1326-41E3-811A-3310E17F39AF} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-07-26] (Microsoft Corporation)
    Task: {C8E55F47-5233-4078-A0FB-0CE2C145C26C} - System32\Tasks\COMODO\COMODO Cache Builder {0FB77674-7905-4F34-A362-C5A9A26F8CF9} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2015-08-05] (COMODO)
    Task: {CA01DE4C-DE0B-4178-9A20-9389B1F61957} - System32\Tasks\Restart Snagit => C:\Program Files (x86)\TechSmith\Snagit 12\snagit32.exe [2015-03-31] (TechSmith Corporation)

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

    ==================== Loaded Modules (Whitelisted) ==============

    2012-10-01 22:36 - 2012-10-01 22:36 - 06522480 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
    2011-09-05 17:11 - 2011-09-05 17:11 - 00116032 _____ () C:\Program Files\COMODO\COMODO Programs Manager\CPMService.exe
    2005-09-13 18:27 - 2015-02-09 02:00 - 00054784 _____ () C:\WINDOWS\system32\lxbkcnv5.dll
    2015-02-26 18:24 - 2015-02-26 18:24 - 00240680 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe
    2015-02-08 16:28 - 2015-02-08 16:28 - 00657920 _____ () C:\Program Files\TeraCopy\TeraCopy64.dll
    2015-01-08 23:02 - 2015-01-08 23:02 - 00067808 _____ () C:\Program Files\COMODO\COMODO Internet Security\scanners\smart.cav
    2015-02-26 18:24 - 2015-02-26 18:24 - 00098824 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CodeLog.dll
    2015-02-26 18:24 - 2015-02-26 18:24 - 00031240 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CheckTool.dll
    2015-02-26 18:24 - 2015-02-26 18:24 - 00017416 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CompressFile.dll
    2015-02-26 18:24 - 2015-02-26 18:24 - 00088584 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\TBGetRemoteNetInfo.dll
    2015-02-26 18:24 - 2015-02-26 18:24 - 01296392 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\libxml2.dll
    2015-02-26 18:24 - 2015-02-26 18:24 - 00060936 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\zlib1.dll
    2015-02-26 18:24 - 2015-02-26 18:24 - 00107528 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\ActivationOnline.dll
    2015-02-26 18:24 - 2015-02-26 18:24 - 00075784 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\logsys.dll
    2015-02-26 18:24 - 2015-02-26 18:24 - 00030216 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\DiskSearchImg.dll
    2015-02-26 18:24 - 2015-02-26 18:24 - 00068104 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\MountImg.dll
    2015-02-26 18:24 - 2015-02-26 18:24 - 00158216 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\ImgFile.dll
    2015-02-26 18:24 - 2015-02-26 18:24 - 00275976 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\DsImgFile.dll
    2015-02-26 18:24 - 2015-02-26 18:24 - 00072200 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CheckImg.dll
    2015-02-26 18:24 - 2015-02-26 18:24 - 00139784 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\vhdvmdk.dll
    2015-02-26 18:24 - 2015-02-26 18:24 - 00037384 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\BootDriver.dll
    2015-02-26 18:24 - 2015-02-26 18:24 - 00297512 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\ExchBackupSize.dll
    2015-02-26 18:24 - 2015-02-26 18:24 - 00743976 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\ExImage.dll
    2015-02-26 18:24 - 2015-02-26 18:24 - 00472616 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\ExchBackupSizeEx.dll
    2015-02-26 18:24 - 2015-02-26 18:24 - 00193032 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\EmailBackupSize.dll
    2015-02-26 18:24 - 2015-02-26 18:24 - 00255496 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\AndroidImage.dll
    2015-02-26 18:24 - 2015-02-26 18:24 - 00145928 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\EnumDisk.dll
    2015-02-26 18:24 - 2015-02-26 18:24 - 00076808 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\FatLib.dll
    2015-02-26 18:24 - 2015-02-26 18:24 - 00207880 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\NTFSLib.dll
    2015-02-26 18:24 - 2015-02-26 18:24 - 00024584 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\GetDriverInfo.dll
    2015-02-26 18:24 - 2015-02-26 18:24 - 00020488 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CorrectMbr.dll
    2015-02-26 18:24 - 2015-02-26 18:24 - 00032264 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\EnumTapeDevice.dll
    2015-02-26 18:24 - 2015-02-26 18:24 - 00034824 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\TbTapeBrowse.dll
    2015-02-26 18:24 - 2015-02-26 18:24 - 00064008 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\RegLib.dll
    2015-02-26 18:24 - 2015-02-26 18:24 - 00022536 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\AccountManager.dll
    2015-02-26 18:24 - 2015-02-26 18:24 - 00115720 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\NasOperator.dll
    2015-02-26 18:24 - 2015-02-26 18:24 - 00194056 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\EmailBrowser.dll
    2015-02-26 18:24 - 2015-02-26 18:24 - 00135688 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CloudOperator.dll
    2015-02-26 18:24 - 2015-02-26 18:24 - 00037896 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\ActiveOnline.dll
    2015-02-26 18:24 - 2015-02-26 18:24 - 00135688 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\VMConfig.dll
    2015-02-26 18:24 - 2015-02-26 18:24 - 00019976 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\AndroidDeviceManager.dll
    2015-02-26 18:24 - 2015-02-26 18:24 - 00043016 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\TbDataSwap.dll
    2015-02-26 18:24 - 2015-02-26 18:24 - 00096776 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\TBFireWall.dll
    2015-02-26 18:24 - 2015-02-26 18:24 - 00353800 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\DeviceManager.dll
    2015-02-26 18:24 - 2015-02-26 18:24 - 00027144 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\DeviceAdapter.dll
    2015-02-26 18:24 - 2015-02-26 18:24 - 00137224 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\Device.dll
    2015-02-26 18:24 - 2015-02-26 18:24 - 00146952 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\Partition.dll
    2015-02-26 18:24 - 2015-02-26 18:24 - 00050184 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\FileSystemAnalyser.dll
    2015-02-26 18:24 - 2015-02-26 18:24 - 00061960 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\FATFileSystemAnalyser.dll
    2015-02-26 18:24 - 2015-02-26 18:24 - 00089608 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\Common.dll
    2015-02-26 18:24 - 2015-02-26 18:24 - 00056328 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\NTFSFileSystemAnalyser.dll
    2015-02-26 18:24 - 2015-02-26 18:24 - 00223752 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\SmartBackup.dll

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)

    AlternateDataStreams: C:\Program Files (x86)\JumplistLauncher.exe:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\Ckconfig.exe:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\Ckrfresh.exe:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\lsb_un20.exe:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\MASetupCaller.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\MusiccityDownload.exe:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\Setup_ck.exe:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\AcpiServiceVnA64.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\AdobePDF.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\AdobePDFUI.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\AERTAC64.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\AERTAR64.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\audioLibVc.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\BcmBtRSupport.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\BootMan.exe:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\btwdi.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\BtwRSupportService.exe:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\Ckldrv.sys:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\coin97ip.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\coin97itp.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\CONEQMSAPOGUILibrary.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\Crypserv.exe:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\CsrSecCoins.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\CX64APO.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\d3dx10_43.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\d3dx11_43.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\D3DX9_43.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\DDPA64.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\DDPD64A.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\DDPO64A.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\DDPP64A.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\dns-sd.exe:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\DTSBassEnhancementDLL64.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\DTSBoostDLL64.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\DTSGainCompensatorDLL64.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\DTSGFXAPO64.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\DTSGFXAPONS64.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\DTSLFXAPO64.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\DTSLimiterDLL64.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\DTSNeoPCDLL64.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\DTSS2HeadphoneDLL64.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\DTSS2SpeakerDLL64.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\DTSSymmetryDLL64.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\DTSU2PGFX64.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\DTSU2PLFX64.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\DTSU2PREC64.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\DTSVoiceClarityDLL64.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\EuEpmGdi.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\fbnative.exe:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\FMAPO64.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\hpinkcoiB111.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\hpinkinsB111.exe:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\hpinkstsB111LM.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\ICEsoundAPO64.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\jmcricon.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\KAAPORT64.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\lxbkcfg.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\lxbkcfg.exe:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\lxbkcnv4.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\lxbkcnv5.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\lxbkcoin.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\lxbkcomc.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\lxbkcomm.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\lxbkcoms.exe:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\lxbkcu.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\lxbkcur.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\lxbkdrs.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\lxbkg.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\lxbkhbn3.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\lxbkiesc.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\lxbkih.exe:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\lxbkinpa.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\lxbkjswr.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\lxbklmpm.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\lxbkpmui.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\lxbkpplc.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\lxbkprox.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\lxbkserv.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\lxbkusb1.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\lxbkutil.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\lxbkvs.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\M-AudioTaskBarIcon.exe:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\MaxxAudioAPO20.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\MaxxAudioAPO30.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\MaxxAudioAPO4064.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\MaxxAudioAPO5064.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\MaxxAudioAPO6064.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\MaxxAudioAPOShell64.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\MaxxAudioEQ64.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\MaxxAudioRealtek64.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\MaxxSpeechAPO64.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\MaxxVoiceAPO2064.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\MaxxVoiceAPO3064.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\MaxxVolumeSDAPO.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\MISS_APO.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\MRT.exe:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\NAHIMICAPOlfx.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\NahimicAPONSControl.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\nvaudcap64v.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\nvnusbaudio_coinst.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\nvvsvc.exe:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\OpenCL.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\RCoInstII64.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\RltkAPO64.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\RP3DAA64.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\RP3DHT64.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\RTCOM64.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\RtDataProc64.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\RTEED64A.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\RTEEG64A.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\RTEEL64A.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\RTEEP64A.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\RtkApi64.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\RtkCfg64.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\RtkCoLDR64.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\RtlCPAPI64.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\RtNicProp64.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\RtPgEx64.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\rtscan.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\RTSnMg64.cpl:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\SFAPO64.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\SFCOM64.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\SFNHK64.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\SFSS_APO.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\sl3apo64.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\slcnt64.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\slprp64.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\sltech64.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\SRAPO64.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\SRCOM.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\SRCOM64.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\SRRPTR64.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\SRSHP64.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\SRSTSH64.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\SRSTSX64.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\SRSWOW64.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\tadefxapo.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\tadefxapo264.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\tepeqapo64.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\tosade.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\tosasfapo64.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\toseaeapo64.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\tossaeapo64.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\TsWpfWrp.exe:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\VBoxNetFltNobj.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\WavesGUILib64.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\WdfCoInstaller01007.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\wdfcoinstaller01009.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\wiafbdrv.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\WinUSBCoInstaller.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\YamahaAE.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\SysWOW64\ApowersoftScreenCapturing.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\SysWOW64\ApowersoftScreenCapturingFilter.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\SysWOW64\ApowersoftVideoMixerFilter.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\SysWOW64\BootMan.exe:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx10_43.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx11_43.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx9_31.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\SysWOW64\D3DX9_43.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\SysWOW64\dgderapi.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\SysWOW64\dns-sd.exe:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\SysWOW64\drvc.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\SysWOW64\epmntdrv.sys:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\SysWOW64\EuEpmGdi.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\SysWOW64\EuGdiDrv.sys:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\SysWOW64\jmcricon.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\SysWOW64\lxbkcfg.exe:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\SysWOW64\lxbkcoms.exe:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\SysWOW64\lxbkih.exe:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\SysWOW64\lxbkppls.exe:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\SysWOW64\MASetupCleaner.exe:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\SysWOW64\MFC71ESP.DLL:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\SysWOW64\muzapp.exe:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\SysWOW64\nvaudcap32v.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\SysWOW64\nvStreaming.exe:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\SysWOW64\Olepau32.ax:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\SysWOW64\OpenCL.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\SysWOW64\pncrt.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\SysWOW64\Redemption.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\SysWOW64\RltkAPO.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\SysWOW64\setupempdrv03.exe:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\SysWOW64\SFCOM.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\SysWOW64\SRCOM.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\SysWOW64\swscale-lav-2.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\SysWOW64\TAKDSDecoder.ax:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\SysWOW64\TsWpfWrp.exe:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\Drivers\Apowersoft_AudioDevice.sys:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\Drivers\bcbtums.sys:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\Drivers\bthav.sys:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\Drivers\btwampfl.sys:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\Drivers\csrusbfilter.sys:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\Drivers\dc3d.sys:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\Drivers\dtlitescsibus.sys:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\Drivers\eksmidi.sys:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\Drivers\eubakup.sys:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\Drivers\EUBKMON.sys:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\Drivers\eudskacs.sys:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\Drivers\EuFdDisk.sys:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\Drivers\jmcr.sys:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\Drivers\MAudioProKeysSono.sys:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\Drivers\MAudioProKeysSono_DFU.sys:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\Drivers\mbam.sys:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\Drivers\mbamchameleon.sys:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\Drivers\mwac.sys:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\Drivers\nvvad64v.sys:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\Drivers\phylock.sys:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\Drivers\rsdrvx64.sys:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\Drivers\rspLLL64.sys:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\Drivers\Rt630x64.sys:$CmdTcID
     
  20. Califauna

    Califauna TS Rookie Topic Starter Posts: 20

    AlternateDataStreams: C:\WINDOWS\system32\Drivers\RTKVHD64.sys:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\Drivers\ssudbus.sys:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\Drivers\ssudmdm.sys:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\Drivers\tap-tb-0901.sys:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\Drivers\tosporte.sys:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\Drivers\tosrfbd.sys:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\Drivers\tosrfbnp.sys:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\Drivers\tosrfcom.sys:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\Drivers\Tosrfhid.sys:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\Drivers\tosrfnds.sys:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\Drivers\TosRfSnd.sys:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\Drivers\tosrfusb.sys:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\Drivers\usbscan.sys:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\Drivers\VBoxDrv.sys:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\Drivers\VBoxNetAdp.sys:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\Drivers\VBoxUSB.sys:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\Drivers\VBoxUSBMon.sys:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\Drivers\vrtaucbl.sys:$CmdTcID
    AlternateDataStreams: C:\Users\Administrator\Cookies:RxhZ9woyaG2Kyu070E6ze
    AlternateDataStreams: C:\Users\Administrator\Desktop\Num_2._Art_4._Diane_Fromage.pdf:$CmdZnID
    AlternateDataStreams: C:\Users\Administrator\Desktop\Run Explorer as System.bat:$CmdTcID
    AlternateDataStreams: C:\Users\Administrator\Downloads\11760405_10153030110535679_1542847361_o.jpg:$CmdZnID
    AlternateDataStreams: C:\Users\Administrator\Downloads\12337_Adv.part1.rar:$CmdTcID
    AlternateDataStreams: C:\Users\Administrator\Downloads\12337_Adv.part1.rar:$CmdZnID
    AlternateDataStreams: C:\Users\Administrator\Downloads\12337_Adv.part2.rar:$CmdTcID
    AlternateDataStreams: C:\Users\Administrator\Downloads\12337_Adv.part2.rar:$CmdZnID
    AlternateDataStreams: C:\Users\Administrator\Downloads\341.44-desktop-win8-win7-winvista-64bit-international-whql.exe:$CmdTcID
    AlternateDataStreams: C:\Users\Administrator\Downloads\341.44-desktop-win8-win7-winvista-64bit-international-whql.exe:$CmdZnID
    AlternateDataStreams: C:\Users\Administrator\Downloads\6jx107ww.exe:$CmdZnID
    AlternateDataStreams: C:\Users\Administrator\Downloads\adwcleaner_4.207.exe:$CmdZnID
    AlternateDataStreams: C:\Users\Administrator\Downloads\adwcleaner_5.005.exe:$CmdTcID
    AlternateDataStreams: C:\Users\Administrator\Downloads\adwcleaner_5.005.exe:$CmdZnID
    AlternateDataStreams: C:\Users\Administrator\Downloads\adwcleaner_5.008.exe:$CmdTcID
    AlternateDataStreams: C:\Users\Administrator\Downloads\adwcleaner_5.008.exe:$CmdZnID
    AlternateDataStreams: C:\Users\Administrator\Downloads\Amnesia - Mojito_Lite_feat._Tito_Nieves.mp3:$CmdTcID
    AlternateDataStreams: C:\Users\Administrator\Downloads\Amnesia - Mojito_Lite_feat._Tito_Nieves.mp3:$CmdZnID
    AlternateDataStreams: C:\Users\Administrator\Downloads\Andy_Android_Emulator_v44_10.exe:$CmdZnID
    AlternateDataStreams: C:\Users\Administrator\Downloads\avast-browser-cleanup-sfx.exe:$CmdTcID
    AlternateDataStreams: C:\Users\Administrator\Downloads\avast-browser-cleanup-sfx.exe:$CmdZnID
    AlternateDataStreams: C:\Users\Administrator\Downloads\B00TFORUM8.htm:$CmdZnID
    AlternateDataStreams: C:\Users\Administrator\Downloads\Charge2_QSG_EN.pdf:$CmdZnID
    AlternateDataStreams: C:\Users\Administrator\Downloads\Charge2_SS_EN.pdf:$CmdZnID
    AlternateDataStreams: C:\Users\Administrator\Downloads\ChromeSetup(1).exe:$CmdTcID
    AlternateDataStreams: C:\Users\Administrator\Downloads\ChromeSetup(1).exe:$CmdZnID
    AlternateDataStreams: C:\Users\Administrator\Downloads\ChromeSetup.exe:$CmdZnID
    AlternateDataStreams: C:\Users\Administrator\Downloads\Cibo Matto-Spoon.mp3:$CmdTcID
    AlternateDataStreams: C:\Users\Administrator\Downloads\Cibo Matto-Spoon.mp3:$CmdZnID
    AlternateDataStreams: C:\Users\Administrator\Downloads\cispremium_installer.exe:$CmdTcID
    AlternateDataStreams: C:\Users\Administrator\Downloads\cispremium_installer.exe:$CmdZnID
    AlternateDataStreams: C:\Users\Administrator\Downloads\epson378919eu.pdf:$CmdZnID
    AlternateDataStreams: C:\Users\Administrator\Downloads\epson513359eu.exe:$CmdTcID
    AlternateDataStreams: C:\Users\Administrator\Downloads\epson513359eu.exe:$CmdZnID
    AlternateDataStreams: C:\Users\Administrator\Downloads\Eric Clapton - Change The World (Pro)(1).gp3:$CmdZnID
    AlternateDataStreams: C:\Users\Administrator\Downloads\Eric Clapton - Change The World (Pro)(2).gp3:$CmdZnID
    AlternateDataStreams: C:\Users\Administrator\Downloads\Eric Clapton - Change The World (Pro).gp3:$CmdZnID
    AlternateDataStreams: C:\Users\Administrator\Downloads\Eric Clapton - Change The World (Pro).gp4:$CmdZnID
    AlternateDataStreams: C:\Users\Administrator\Downloads\Eric Clapton - Old Love (Pro).gp3:$CmdZnID
    AlternateDataStreams: C:\Users\Administrator\Downloads\Eric Clapton - Old Love (Pro).gp5:$CmdZnID
    AlternateDataStreams: C:\Users\Administrator\Downloads\Eric Clapton - Old Love (Unplugged, 1992) (E. Matacena).mp3:$CmdTcID
    AlternateDataStreams: C:\Users\Administrator\Downloads\Eric Clapton - Old Love (Unplugged, 1992) (E. Matacena).mp3:$CmdZnID
    AlternateDataStreams: C:\Users\Administrator\Downloads\Eric Clapton - Old Love [MTV Unplugged] [vk.comsmfm_radio] (S. Afanasyev).mp3:$CmdTcID
    AlternateDataStreams: C:\Users\Administrator\Downloads\Eric Clapton - Old Love [MTV Unplugged] [vk.comsmfm_radio] (S. Afanasyev).mp3:$CmdZnID
    AlternateDataStreams: C:\Users\Administrator\Downloads\FicheroCliente(1).pdf:$CmdTcID
    AlternateDataStreams: C:\Users\Administrator\Downloads\FicheroCliente(1).pdf:$CmdZnID
    AlternateDataStreams: C:\Users\Administrator\Downloads\FicheroCliente(2).pdf:$CmdTcID
    AlternateDataStreams: C:\Users\Administrator\Downloads\FicheroCliente(2).pdf:$CmdZnID
    AlternateDataStreams: C:\Users\Administrator\Downloads\FicheroCliente.pdf:$CmdZnID
    AlternateDataStreams: C:\Users\Administrator\Downloads\FileFormatConverters.exe:$CmdTcID
    AlternateDataStreams: C:\Users\Administrator\Downloads\FileFormatConverters.exe:$CmdZnID
    AlternateDataStreams: C:\Users\Administrator\Downloads\Flash_tool_for_Xperia_6.zip:$CmdZnID
    AlternateDataStreams: C:\Users\Administrator\Downloads\FRST64.exe:$CmdTcID
    AlternateDataStreams: C:\Users\Administrator\Downloads\FRST64.exe:$CmdZnID
    AlternateDataStreams: C:\Users\Administrator\Downloads\gapa.zip:$CmdTcID
    AlternateDataStreams: C:\Users\Administrator\Downloads\gapa.zip:$CmdZnID
    AlternateDataStreams: C:\Users\Administrator\Downloads\HitmanPro_x64(1).exe:$CmdTcID
    AlternateDataStreams: C:\Users\Administrator\Downloads\HitmanPro_x64(1).exe:$CmdZnID
    AlternateDataStreams: C:\Users\Administrator\Downloads\HojaDeFirmas(1).pdf:$CmdTcID
    AlternateDataStreams: C:\Users\Administrator\Downloads\HojaDeFirmas(1).pdf:$CmdZnID
    AlternateDataStreams: C:\Users\Administrator\Downloads\HojaDeFirmas.pdf:$CmdTcID
    AlternateDataStreams: C:\Users\Administrator\Downloads\HojaDeFirmas.pdf:$CmdZnID
    AlternateDataStreams: C:\Users\Administrator\Downloads\interim-101-guidance-12-2014.PDF:$CmdZnID
    AlternateDataStreams: C:\Users\Administrator\Downloads\JBL_CHARGE_2.7z:$CmdZnID
    AlternateDataStreams: C:\Users\Administrator\Downloads\JDownloader2Setup(1).exe:$CmdZnID
    AlternateDataStreams: C:\Users\Administrator\Downloads\JDownloader2Setup(2).exe:$CmdZnID
    AlternateDataStreams: C:\Users\Administrator\Downloads\JDownloader2Setup.exe:$CmdZnID
    AlternateDataStreams: C:\Users\Administrator\Downloads\jmb38x_windrv_r1.00.24_whql.zip:$CmdTcID
    AlternateDataStreams: C:\Users\Administrator\Downloads\jmb38x_windrv_r1.00.24_whql.zip:$CmdZnID
    AlternateDataStreams: C:\Users\Administrator\Downloads\JRT(1).exe:$CmdTcID
    AlternateDataStreams: C:\Users\Administrator\Downloads\JRT(1).exe:$CmdZnID
    AlternateDataStreams: C:\Users\Administrator\Downloads\JRT.exe:$CmdTcID
    AlternateDataStreams: C:\Users\Administrator\Downloads\JRT.exe:$CmdZnID
    AlternateDataStreams: C:\Users\Administrator\Downloads\jxpiinstall.exe:$CmdZnID
    AlternateDataStreams: C:\Users\Administrator\Downloads\manhunter.(1986).eng.1cd.(3546915).zip:$CmdTcID
    AlternateDataStreams: C:\Users\Administrator\Downloads\manhunter.(1986).eng.1cd.(3546915).zip:$CmdZnID
    AlternateDataStreams: C:\Users\Administrator\Downloads\mbam-setup-2.1.8.1057 (1).exe:$CmdTcID
    AlternateDataStreams: C:\Users\Administrator\Downloads\mbam-setup-2.1.8.1057.exe:$CmdTcID
    AlternateDataStreams: C:\Users\Administrator\Downloads\Movimiento_0:$CmdTcID
    AlternateDataStreams: C:\Users\Administrator\Downloads\Movimiento_0:$CmdZnID
    AlternateDataStreams: C:\Users\Administrator\Downloads\Movimiento_0(1):$CmdTcID
    AlternateDataStreams: C:\Users\Administrator\Downloads\Movimiento_0(1):$CmdZnID
    AlternateDataStreams: C:\Users\Administrator\Downloads\Movimiento_2:$CmdZnID
    AlternateDataStreams: C:\Users\Administrator\Downloads\net.pikanji.recentlyaddedcontacts-0.apk:$CmdZnID
    AlternateDataStreams: C:\Users\Administrator\Downloads\NPE.exe:$CmdZnID
    AlternateDataStreams: C:\Users\Administrator\Downloads\phylock_ifw2.zip:$CmdTcID
    AlternateDataStreams: C:\Users\Administrator\Downloads\phylock_ifw2.zip:$CmdZnID
    AlternateDataStreams: C:\Users\Administrator\Downloads\Pink-Tambourine.rar:$CmdTcID
    AlternateDataStreams: C:\Users\Administrator\Downloads\Pink-Tambourine.rar:$CmdZnID
    AlternateDataStreams: C:\Users\Administrator\Downloads\Pro027.xlsx:$CmdZnID
    AlternateDataStreams: C:\Users\Administrator\Downloads\Prosodic Typology Revisited_Adding Macro-Rhythm(1).pdf:$CmdTcID
    AlternateDataStreams: C:\Users\Administrator\Downloads\Prosodic Typology Revisited_Adding Macro-Rhythm(1).pdf:$CmdZnID
    AlternateDataStreams: C:\Users\Administrator\Downloads\Prosodic Typology Revisited_Adding Macro-Rhythm(2).pdf:$CmdTcID
    AlternateDataStreams: C:\Users\Administrator\Downloads\Prosodic Typology Revisited_Adding Macro-Rhythm(2).pdf:$CmdZnID
    AlternateDataStreams: C:\Users\Administrator\Downloads\Prosodic Typology Revisited_Adding Macro-Rhythm(3).pdf:$CmdTcID
    AlternateDataStreams: C:\Users\Administrator\Downloads\Prosodic Typology Revisited_Adding Macro-Rhythm(3).pdf:$CmdZnID
    AlternateDataStreams: C:\Users\Administrator\Downloads\Prosodic Typology Revisited_Adding Macro-Rhythm.pdf:$CmdTcID
    AlternateDataStreams: C:\Users\Administrator\Downloads\Prosodic Typology Revisited_Adding Macro-Rhythm.pdf:$CmdZnID
    AlternateDataStreams: C:\Users\Administrator\Downloads\QQ截图20150707110501.png:$CmdZnID
    AlternateDataStreams: C:\Users\Administrator\Downloads\RogueKiller(1).exe:$CmdTcID
    AlternateDataStreams: C:\Users\Administrator\Downloads\RogueKiller(1).exe:$CmdZnID
    AlternateDataStreams: C:\Users\Administrator\Downloads\RogueKiller.exe:$CmdTcID
    AlternateDataStreams: C:\Users\Administrator\Downloads\RogueKiller.exe:$CmdZnID
    AlternateDataStreams: C:\Users\Administrator\Downloads\RogueKillerX64.exe:$CmdTcID
    AlternateDataStreams: C:\Users\Administrator\Downloads\RogueKillerX64.exe:$CmdZnID
    AlternateDataStreams: C:\Users\Administrator\Downloads\rq08074_7-28-2015_9-39-22(1).pdf:$CmdTcID
    AlternateDataStreams: C:\Users\Administrator\Downloads\rq08074_7-28-2015_9-39-22(1).pdf:$CmdZnID
    AlternateDataStreams: C:\Users\Administrator\Downloads\rq08074_7-28-2015_9-39-22.pdf:$CmdTcID
    AlternateDataStreams: C:\Users\Administrator\Downloads\rq08074_7-28-2015_9-39-22.pdf:$CmdZnID
    AlternateDataStreams: C:\Users\Administrator\Downloads\setup(1).exe:$CmdZnID
    AlternateDataStreams: C:\Users\Administrator\Downloads\setup.exe:$CmdTcID
    AlternateDataStreams: C:\Users\Administrator\Downloads\setup.exe:$CmdZnID
    AlternateDataStreams: C:\Users\Administrator\Downloads\SkypeSetup.exe:$CmdZnID
    AlternateDataStreams: C:\Users\Administrator\Downloads\SkypeWebPlugin.msi:$CmdTcID
    AlternateDataStreams: C:\Users\Administrator\Downloads\SkypeWebPlugin.msi:$CmdZnID
    AlternateDataStreams: C:\Users\Administrator\Downloads\Sony PC Companion_Web.exe:$CmdTcID
    AlternateDataStreams: C:\Users\Administrator\Downloads\Sony PC Companion_Web.exe:$CmdZnID
    AlternateDataStreams: C:\Users\Administrator\Downloads\SonyPCCompanion_Web.exe:$CmdTcID
    AlternateDataStreams: C:\Users\Administrator\Downloads\Stemm - Face the Pain.mp3:$CmdTcID
    AlternateDataStreams: C:\Users\Administrator\Downloads\Stemm - Face the Pain.mp3:$CmdZnID
    AlternateDataStreams: C:\Users\Administrator\Downloads\subtersonic-_black_swamp_tambourine.zip:$CmdTcID
    AlternateDataStreams: C:\Users\Administrator\Downloads\subtersonic-_black_swamp_tambourine.zip:$CmdZnID
    AlternateDataStreams: C:\Users\Administrator\Downloads\sunpentown-sd-014v-dehumidifier-manual.pdf:$CmdZnID
    AlternateDataStreams: C:\Users\Administrator\Downloads\Tambo by ahjteam EXAMPLE.midi:$CmdZnID
    AlternateDataStreams: C:\Users\Administrator\Downloads\Tambo by ahjteam README.rtf:$CmdZnID
    AlternateDataStreams: C:\Users\Administrator\Downloads\Tambo by ahjteam.tci:$CmdZnID
    AlternateDataStreams: C:\Users\Administrator\Downloads\Tambo-by-ahjteam(1).zip:$CmdTcID
    AlternateDataStreams: C:\Users\Administrator\Downloads\Tambo-by-ahjteam(1).zip:$CmdZnID
    AlternateDataStreams: C:\Users\Administrator\Downloads\Tambo-by-ahjteam.zip:$CmdTcID
    AlternateDataStreams: C:\Users\Administrator\Downloads\Tambo-by-ahjteam.zip:$CmdZnID
    AlternateDataStreams: C:\Users\Administrator\Downloads\test-ramp-1.jpg:$CmdZnID
    AlternateDataStreams: C:\Users\Administrator\Downloads\third_year_progress_report_locked_2.pdf:$CmdZnID
    AlternateDataStreams: C:\Users\Administrator\Downloads\UNED_ENGLISH 2015.pdf:$CmdTcID
    AlternateDataStreams: C:\Users\Administrator\Downloads\UNED_ENGLISH 2015.pdf:$CmdZnID
    AlternateDataStreams: C:\Users\Administrator\Downloads\UniversalAdbDriver.zip:$CmdTcID
    AlternateDataStreams: C:\Users\Administrator\Downloads\UniversalAdbDriver.zip:$CmdZnID
    AlternateDataStreams: C:\Users\Administrator\Downloads\Update_Service_Setup-2.11.12.5.exe:$CmdTcID
    AlternateDataStreams: C:\Users\Administrator\Downloads\Update_Service_Setup-2.11.12.5.exe:$CmdZnID
    AlternateDataStreams: C:\Users\Administrator\Downloads\uTorrentPortable_3-4-3-40298_online-paf.exe:$CmdZnID
    AlternateDataStreams: C:\Users\Administrator\Downloads\uTorrentPortable_3.4.4.40911_online.paf.exe:$CmdZnID
    AlternateDataStreams: C:\Users\Administrator\Downloads\Wax Tailor - Sometimes.mp3:$CmdTcID
    AlternateDataStreams: C:\Users\Administrator\Downloads\Wax Tailor - Sometimes.mp3:$CmdZnID
    AlternateDataStreams: C:\Users\Administrator\Downloads\Windows-KB890830-x64-V5.26.exe:$CmdTcID
    AlternateDataStreams: C:\Users\Administrator\Downloads\Windows-KB890830-x64-V5.26.exe:$CmdZnID
    AlternateDataStreams: C:\Users\Administrator\Downloads\ytd-video-downloader-4-7-2-es-en-br-fr-de-it-ar-ru-nl-pl-gr-tr-win.exe:$CmdTcID
    AlternateDataStreams: C:\Users\Administrator\Downloads\ytd-video-downloader-4-7-2-es-en-br-fr-de-it-ar-ru-nl-pl-gr-tr-win.exe:$CmdZnID
    AlternateDataStreams: C:\Users\Administrator\Downloads\YTDSetup(1).exe:$CmdZnID
    AlternateDataStreams: C:\Users\Administrator\Downloads\YTDSetup.exe:$CmdZnID
    AlternateDataStreams: C:\Users\Administrator\AppData\Local\30FDB2F6_stp.CIS.part:$CmdTcID
    AlternateDataStreams: C:\ProgramData\TEMP:4ABA35EE
    AlternateDataStreams: C:\ProgramData\TEMP:535FBEA2
    AlternateDataStreams: C:\ProgramData\TEMP:6DDED7D9
    AlternateDataStreams: C:\ProgramData\TEMP:89FAC91C
    AlternateDataStreams: C:\ProgramData\TEMP:CF08C48A
    AlternateDataStreams: C:\ProgramData\TEMP:DDCCB2FA
    AlternateDataStreams: C:\ProgramData\TEMP:E8BE05FA
    AlternateDataStreams: C:\Users\dale\OneDrive:ms-properties

    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


    ==================== EXE Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)


    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-2273160904-4274275969-784373220-500\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
    DNS Servers: 192.168.1.1
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
    mpsdrv Firewall Service is not running.
    MpsSvc Firewall Service is not running.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (Currently there is no automatic fix for this section.)

    MSCONFIG\Services: NvNetworkService => 3
    MSCONFIG\Services: NvStreamSvc => 3
    MSCONFIG\Services: SkypeUpdate => 2
    MSCONFIG\Services: Stereo Service => 3
    MSCONFIG\Services: TeamViewer => 3
    MSCONFIG\Services: TuneUp.UtilitiesSvc => 3
    HKLM\...\StartupApproved\StartupFolder: => "Snagit 12.lnk"
    HKLM\...\StartupApproved\Run: => "Seagate Scheduler2 Service"
    HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
    HKLM\...\StartupApproved\Run: => "NvBackend"
    HKLM\...\StartupApproved\Run: => "ShadowPlay"
    HKLM\...\StartupApproved\Run: => "lxbkbmgr.exe"
    HKLM\...\StartupApproved\Run: => "RTHDVCPL"
    HKLM\...\StartupApproved\Run: => "M-Audio Taskbar Icon"
    HKLM\...\StartupApproved\Run: => "CsrHCRPServer"
    HKLM\...\StartupApproved\Run: => "CsrAudioguiCtrl"
    HKLM\...\StartupApproved\Run: => "CsrSyncMLServer"
    HKLM\...\StartupApproved\Run: => "vksts"
    HKLM\...\StartupApproved\Run: => "HarmonyUserStartup"
    HKLM\...\StartupApproved\Run: => "CSRHarmonySkypePlugin"
    HKLM\...\StartupApproved\Run: => "TrayApplication"
    HKLM\...\StartupApproved\Run32: => "DiscWizardMonitor.exe"
    HKLM\...\StartupApproved\Run32: => "AcronisTibMounterMonitor"
    HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
    HKLM\...\StartupApproved\Run32: => "EaseUS EPM tray"
    HKLM\...\StartupApproved\Run32: => "EaseUS EPM Tray Agent"
    HKLM\...\StartupApproved\Run32: => "KiesTrayAgent"
    HKLM\...\StartupApproved\Run32: => "APSDaemon"
    HKLM\...\StartupApproved\Run32: => "QuickTime Task"
    HKLM\...\StartupApproved\Run32: => "Adobe ARM"
    HKLM\...\StartupApproved\Run32: => "Acrobat Assistant 8.0"
    HKLM\...\StartupApproved\Run32: => ""
    HKLM\...\StartupApproved\Run32: => "DivXMediaServer"
    HKLM\...\StartupApproved\Run32: => "DivXUpdate"
    HKLM\...\StartupApproved\Run32: => "Andy"
    HKLM\...\StartupApproved\Run32: => "Bonus.SSR.FR12"
    HKU\S-1-5-21-2273160904-4274275969-784373220-500\...\StartupApproved\StartupFolder: => "speedfan.exe - Shortcut.lnk"
    HKU\S-1-5-21-2273160904-4274275969-784373220-500\...\StartupApproved\StartupFolder: => "Core Temp.lnk"
    HKU\S-1-5-21-2273160904-4274275969-784373220-500\...\StartupApproved\Run: => "Allmyapps"
    HKU\S-1-5-21-2273160904-4274275969-784373220-500\...\StartupApproved\Run: => "Allmyapps Update"
    HKU\S-1-5-21-2273160904-4274275969-784373220-500\...\StartupApproved\Run: => "KiesPreload"
    HKU\S-1-5-21-2273160904-4274275969-784373220-500\...\StartupApproved\Run: => "KiesAirMessage"
    HKU\S-1-5-21-2273160904-4274275969-784373220-500\...\StartupApproved\Run: => "GoogleDriveSync"
    HKU\S-1-5-21-2273160904-4274275969-784373220-500\...\StartupApproved\Run: => "Google Update"
    HKU\S-1-5-21-2273160904-4274275969-784373220-500\...\StartupApproved\Run: => "JumplistWatcher"
    HKU\S-1-5-21-2273160904-4274275969-784373220-500\...\StartupApproved\Run: => "Wondershare Helper Compact.exe"
    HKU\S-1-5-21-2273160904-4274275969-784373220-500\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_361C1DD22E1256C6B68316A32E8B1949"
    HKU\S-1-5-21-2273160904-4274275969-784373220-500\...\StartupApproved\Run: => "DAEMON Tools Lite"
    HKU\S-1-5-21-2273160904-4274275969-784373220-500\...\StartupApproved\Run: => "TunnelBear"
    HKU\S-1-5-21-2273160904-4274275969-784373220-500\...\StartupApproved\Run: => "Spotify Web Helper"
    HKU\S-1-5-21-2273160904-4274275969-784373220-500\...\StartupApproved\Run: => "Spotify"
    HKU\S-1-5-21-2273160904-4274275969-784373220-500\...\StartupApproved\Run: => "Gamma Panel executable"
    HKU\S-1-5-21-2273160904-4274275969-784373220-500\...\StartupApproved\Run: => "Embtion"
    HKU\S-1-5-21-2273160904-4274275969-784373220-500\...\StartupApproved\Run: => ""
    HKU\S-1-5-21-2273160904-4274275969-784373220-500\...\StartupApproved\Run: => "Skype"
    HKU\S-1-5-21-2273160904-4274275969-784373220-500\...\StartupApproved\Run: => "Sony PC Companion"
    HKU\S-1-5-21-2273160904-4274275969-784373220-500\...\StartupApproved\Run: => "EPLTarget\P0000000000000000"

    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
    FirewallRules: [{0E3DBB5D-9AA8-4CD1-BF00-A5BCE1C1FE55}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
    FirewallRules: [{033BF356-B984-4958-B584-91A1372E18B9}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
    FirewallRules: [{5141F975-0650-4626-A23C-7522CE51BDFD}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
    FirewallRules: [{0C752913-45A1-4039-817C-6060C2C89110}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
    FirewallRules: [{3860C4B0-E795-4F41-ACC2-E3FB090BA3FD}] => (Allow) F:\B\Ma\PROGRAM DATA AND PROJECTS ETC\uTorrent Software\uTorrentSoftware.exe
    FirewallRules: [{1EF2B9E8-7AC1-4BCA-A986-B69047FC9B89}] => (Allow) F:\B\Ma\PROGRAM DATA AND PROJECTS ETC\uTorrent Software\uTorrentSoftware.exe
    FirewallRules: [{CB635AB7-168B-418D-B5B7-995972C7EFDF}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe
    FirewallRules: [{7DD3B35C-6EFF-4A5D-8832-980DA8E1411A}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe
    FirewallRules: [{B47FB92A-9D42-4C41-A953-3DDB8071316A}] => (Allow) C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe
    FirewallRules: [{CCDF3E5D-873C-4A95-8E16-E4F8915FB36C}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe
    FirewallRules: [{10947210-F4B5-4040-826D-D6317AF7CB46}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe
    FirewallRules: [{B9DAF5DF-E6FE-4999-A521-094A1F6AAA4B}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe
    FirewallRules: [{1DDDFB35-984E-4D04-BB81-A3F834FC965D}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TBConsoleUI.exe
    FirewallRules: [{2F4ACAA2-9C79-4F78-8591-9A42FEB5E507}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TBConsoleUI.exe
    FirewallRules: [{AD96584F-67AC-4F82-9BBE-AD5C0E6E61A6}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TbService.exe
    FirewallRules: [{B5F4C02A-497F-4710-AC65-0EB1DE15435C}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TbService.exe
    FirewallRules: [{1EC951D6-9F1D-43F4-BEC8-AB637508BE46}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture\ApowersoftDownloaderHelp.dll
    FirewallRules: [{005841C4-B1CA-4065-879C-BD848B8714D1}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture\ApowersoftDownloaderHelp.dll
    FirewallRules: [{39037797-C465-4832-9037-EDDF4C9DC3D4}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture\ApowersoftPlayer.dll
    FirewallRules: [{E0214837-48B4-41EB-8C0B-DE2D2B0A3832}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture\ApowersoftPlayer.dll
    FirewallRules: [{A106BA46-F08D-436B-87AB-45E6F5BDEE95}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture\ApowersoftAC.dll
    FirewallRules: [{C1A96054-23C3-4B1A-A9BF-7520F4BB7F9A}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture\ApowersoftAC.dll
    FirewallRules: [{2AE87BD6-B282-44D1-AC90-ED6FB717BC16}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture\ApowersoftDump.dll
    FirewallRules: [{2FD3DE22-6802-460E-8435-333FF067CE04}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture\ApowersoftDump.dll
    FirewallRules: [{071EBA47-B5B0-464C-9000-603129FD4ED9}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture\ApowersoftSrv.dll
    FirewallRules: [{2D92E39D-E942-4BB6-A452-053239D5FAB8}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture\ApowersoftSrv.dll
    FirewallRules: [{B1677CDD-F448-4280-B537-A630A4C7B902}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture\Video Download Capture.exe
    FirewallRules: [{6B121315-D6E3-4BF0-B7E6-E89FE9E7FD06}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture\Video Download Capture.exe
    FirewallRules: [{2B4572F5-7D98-4AC1-8E08-F189EF61B055}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
    FirewallRules: [{4AD873A6-E094-4FB6-924D-EAB11B3FD0A4}] => (Allow) C:\Users\Administrator\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
    FirewallRules: [{DD657591-C16D-46FB-B66B-515E384E577E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{92AC6E3A-022D-462E-A4CD-CEE2D29497E5}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{3AAB0A6E-8633-40BE-9CE3-BFEABF561371}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
    FirewallRules: [{BB857866-C605-4D99-B8A7-D429BF3FFE9D}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
    FirewallRules: [{AFEFDFB0-96A7-4F22-B04E-1F5B32D2ECEA}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
    FirewallRules: [{2783EB04-052E-4EE9-A29A-E7483E67E5A8}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
    FirewallRules: [{873C1E69-0161-46DD-8EE5-CC77D7C020FF}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    FirewallRules: [{ACE7B793-4044-4754-A9AC-1BF4FD0BCC22}] => (Allow) C:\Users\Administrator\Desktop\uTorrentPortable\App\uTorrent\uTorrent.exe
    FirewallRules: [{EF4EB667-3047-4D01-85B9-984B43672C92}] => (Allow) C:\Users\Administrator\Desktop\uTorrentPortable\App\uTorrent\uTorrent.exe
    FirewallRules: [{0CC2EE16-BE00-4104-B8DB-9B2FFFB3E6E1}] => (Allow) C:\Windows\SysWOW64\lxbkcoms.exe
    FirewallRules: [{6699580B-F3CB-4598-B23A-9EF2766A917A}] => (Allow) C:\Windows\SysWOW64\lxbkcoms.exe
    FirewallRules: [{61ECE606-99BB-424F-951A-0A11B4FA9E06}] => (Allow) C:\Windows\System32\lxbkcoms.exe
    FirewallRules: [{9FD5EC8A-58C5-4495-8E79-2FCB6E3A92F1}] => (Allow) C:\Windows\System32\lxbkcoms.exe
    FirewallRules: [{40B93C68-5496-48CE-B8B4-698E85EE6317}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\lxbkpswx.exe
    FirewallRules: [{7D02A16B-51A1-4DBF-99E8-657051AE8B86}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\lxbkpswx.exe

    ==================== Faulty Device Manager Devices =============

    Could not list Devices. Check "winmgmt" service or repair WMI.


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (09/27/2015 12:42:34 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
    Description: License Activation (slui.exe) failed with the following error code:
    hr=0x8007007B
    Command-line arguments:
    RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=NetworkAvailable

    Error: (09/26/2015 08:47:12 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
    Description: License Activation (slui.exe) failed with the following error code:
    hr=0x8007007B
    Command-line arguments:
    RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=NetworkAvailable

    Error: (09/26/2015 08:46:55 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
    Description: License Activation (slui.exe) failed with the following error code:
    hr=0x8007007B
    Command-line arguments:
    RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=UserLogon;SessionId=1

    Error: (09/26/2015 08:42:27 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: Explorer.EXE, version: 6.3.9600.17415, time stamp: 0x54503a3a
    Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
    Exception code: 0xc0000005
    Fault offset: 0x00000000037b0fd8
    Faulting process id: 0x548
    Faulting application start time: 0xExplorer.EXE0
    Faulting application path: Explorer.EXE1
    Faulting module path: Explorer.EXE2
    Report Id: Explorer.EXE3
    Faulting package full name: Explorer.EXE4
    Faulting package-relative application ID: Explorer.EXE5

    Error: (09/26/2015 08:29:55 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
    Description: License Activation (slui.exe) failed with the following error code:
    hr=0x8007007B
    Command-line arguments:
    RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=NetworkAvailable

    Error: (09/26/2015 08:26:40 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: explorer.exe, version: 6.3.9600.17415, time stamp: 0x54503a3a
    Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
    Exception code: 0xc0000005
    Fault offset: 0x00000000062e0fd8
    Faulting process id: 0x1f0
    Faulting application start time: 0xexplorer.exe0
    Faulting application path: explorer.exe1
    Faulting module path: explorer.exe2
    Report Id: explorer.exe3
    Faulting package full name: explorer.exe4
    Faulting package-relative application ID: explorer.exe5

    Error: (09/26/2015 08:16:38 PM) (Source: MsiInstaller) (EventID: 11310) (User: Dales-PC)
    Description: Product: Adobe Acrobat XI Pro -- Error 1310.Error writing to file: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe. System error 0. Verify that you have access to that directory.

    Error: (09/26/2015 08:08:50 PM) (Source: Windows Installer 3.1) (EventID: 4373) (User: )
    Description: WindowsNot enough storage is available to process this command.

    Error: (09/26/2015 07:52:34 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
    Description: License Activation (slui.exe) failed with the following error code:
    hr=0x8007007B
    Command-line arguments:
    RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=NetworkAvailable

    Error: (09/26/2015 07:52:24 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
    Description: License Activation (slui.exe) failed with the following error code:
    hr=0x8007007B
    Command-line arguments:
    RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=UserLogon;SessionId=1


    System errors:
    =============
    Error: (09/27/2015 12:05:06 AM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
    Description: 4

    Error: (09/26/2015 08:46:34 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
    Description: The HomeGroup Listener service terminated with the following service-specific error:
    %%2147944153

    Error: (09/26/2015 08:45:33 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The UAC File Virtualization service failed to start due to the following error:
    %%1275

    Error: (09/26/2015 07:51:47 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
    Description: The HomeGroup Listener service terminated with the following service-specific error:
    %%2147944153

    Error: (09/26/2015 07:50:48 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The UAC File Virtualization service failed to start due to the following error:
    %%1275

    Error: (09/26/2015 05:56:29 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
    Description: The HomeGroup Listener service terminated with the following service-specific error:
    %%2147944153

    Error: (09/26/2015 05:55:38 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The UAC File Virtualization service failed to start due to the following error:
    %%1275

    Error: (09/26/2015 04:49:47 PM) (Source: DCOM) (EventID: 10010) (User: Dales-PC)
    Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

    Error: (09/26/2015 04:00:22 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

    Error: (09/26/2015 04:00:21 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The Virtual Disk service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.


    CodeIntegrity:
    ===================================
    Date: 2015-09-27 02:35:39.886
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

    Date: 2015-09-27 01:52:17.098
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

    Date: 2015-09-26 23:32:09.948
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

    Date: 2015-09-26 20:49:28.476
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

    Date: 2015-09-26 19:57:14.380
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

    Date: 2015-09-26 18:06:48.740
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

    Date: 2015-09-26 17:59:16.302
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

    Date: 2015-09-26 16:53:39.802
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

    Date: 2015-09-26 16:19:41.017
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

    Date: 2015-09-26 15:43:30.298
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.


    ==================== Memory info ===========================

    Processor: Pentium(R) Dual-Core CPU T4200 @ 2.00GHz
    Percentage of memory in use: 59%
    Total physical RAM: 2936.88 MB
    Available physical RAM: 1198.14 MB
    Total Virtual: 5880.88 MB
    Available Virtual: 3313.47 MB

    ==================== Drives ================================

    Drive c: (Windows 8.1) (Fixed) (Total:232.88 GB) (Free:63.31 GB) NTFS ==>[drive with boot components (obtained from BCD)]

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: EA270E9A)
    Partition 1: (Active) - (Size=232.9 GB) - (Type=07 NTFS)

    ==================== End of Addition.txt ============================
     
  21. Broni

    Broni Malware Annihilator Posts: 52,915   +344

    Download attached fixlist.txt file and save it to the Desktop.
    NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    Run FRST(FRST64) and press the Fix button just once and wait.
    The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
     

    Attached Files:

  22. Califauna

    Califauna TS Rookie Topic Starter Posts: 20

    Done. So far this appears to have done the trcik. Thanks so much.

    If I may ask, how did you create the fixlist? Were the problems automatically flagged by FRST using its database, or did you or someone else have to manually scan the FRST scan log and add the lines to the fixlist.txt? Just thinking if it's automated I may be able to use this tool myself should need arise in the future.

    Fix result of Farbar Recovery Scan Tool (x64) Version:23-09-2015
    Ran by Administrator (2015-09-27 19:43:40) Run:1
    Running from C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SECURITY
    Loaded Profiles: Administrator (Available Profiles: dale & Administrator)
    Boot Mode: Normal
    ==============================================

    fixlist content:
    *****************
    HKLM-x32\...\Run: [] => [X]
    HKU\S-1-5-21-2273160904-4274275969-784373220-500\...\MountPoints2: {89bb100f-c06a-11e4-8293-001a7d0abf05} - "E:\Autoplay.exe" -auto
    ShellIconOverlayIdentifiers: [0PerformanceMonitor] -> {3B5B973C-92A4-4855-9D3F-0F3D23332208} => No File
    ShortcutTarget: Core Temp.lnk -> C:\ProgramData\Allmyapps\apps\18327\Core Temp.exe (No File)
    GroupPolicyScripts: Restriction <======= ATTENTION
    2015-02-13 17:20 - 2015-06-29 12:26 - 0005256 _____ () C:\Program Files (x86)\settings.dat
    2015-05-27 21:38 - 2015-05-27 21:45 - 0000539 _____ () C:\Users\Administrator\AppData\Roaming\DarkAdapted Preferences
    2015-02-08 23:42 - 2015-02-08 23:42 - 0118724 _____ () C:\Users\Administrator\AppData\Local\30FDB2F6_stp.CIS
    2015-02-08 23:42 - 2015-02-08 23:42 - 0000318 _____ () C:\Users\Administrator\AppData\Local\30FDB2F6_stp.CIS.part
    2015-06-12 16:27 - 2015-06-12 16:27 - 0003584 _____ () C:\Users\Administrator\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2015-02-12 10:43 - 2015-02-12 10:43 - 0000001 _____ () C:\Users\Administrator\AppData\Local\RawCopy.1.02.agreement
    2015-02-17 20:38 - 2015-02-17 20:38 - 0000055 _____ () C:\Users\Administrator\AppData\Local\RawCopy.savedialog.dir
    2015-02-12 10:47 - 2015-07-25 18:40 - 0000001 _____ () C:\Users\Administrator\AppData\Local\RawCopy.savedialog.filterindex
    2015-02-12 10:44 - 2015-07-25 18:39 - 0000001 _____ () C:\Users\Administrator\AppData\Local\RawCopy.sourcedisk.index
    2015-08-31 07:40 - 2015-08-31 07:40 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
    2015-05-05 18:14 - 2015-05-05 18:14 - 0010295 _____ () C:\ProgramData\regid.2011-06.com.youtubebyclick_3C521B99-9ACE-47EA-AC9F-26075467D03B.swidtag
    C:\Users\Administrator\AppData\Local\Temp\130876732864096387.exe
    C:\Users\Administrator\AppData\Local\Temp\13087673321430603253.exe
    C:\Users\Administrator\AppData\Local\Temp\dllnt_dump.dll
    C:\Users\Administrator\AppData\Local\Temp\DseShExt-x64.dll
    C:\Users\Administrator\AppData\Local\Temp\DseShExt-x86.dll
    C:\Users\Administrator\AppData\Local\Temp\i4jdel0.exe
    C:\Users\Administrator\AppData\Local\Temp\proxy_vole1413000634955814965.dll
    C:\Users\Administrator\AppData\Local\Temp\SDShelEx-win32.dll
    C:\Users\Administrator\AppData\Local\Temp\SDShelEx-x64.dll
    C:\Users\Administrator\AppData\Local\Temp\sfamcc00001.dll
    C:\Users\Administrator\AppData\Local\Temp\sfamcc00002.dll
    C:\Users\Administrator\AppData\Local\Temp\sfareca00001.dll
    C:\Users\Administrator\AppData\Local\Temp\sfareca00002.dll
    C:\Users\Administrator\AppData\Local\Temp\SkypeSetup.exe
    C:\Users\Administrator\AppData\Local\Temp\sqlite3.dll
    AlternateDataStreams: C:\Program Files (x86)\JumplistLauncher.exe:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\Ckconfig.exe:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\Ckrfresh.exe:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\lsb_un20.exe:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\MASetupCaller.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\MusiccityDownload.exe:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\Setup_ck.exe:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\AcpiServiceVnA64.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\AdobePDF.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\AdobePDFUI.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\AERTAC64.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\AERTAR64.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\audioLibVc.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\BcmBtRSupport.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\BootMan.exe:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\btwdi.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\BtwRSupportService.exe:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\Ckldrv.sys:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\coin97ip.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\coin97itp.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\CONEQMSAPOGUILibrary.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\Crypserv.exe:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\CsrSecCoins.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\CX64APO.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\d3dx10_43.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\d3dx11_43.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\D3DX9_43.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\DDPA64.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\DDPD64A.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\DDPO64A.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\DDPP64A.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\dns-sd.exe:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\DTSBassEnhancementDLL64.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\DTSBoostDLL64.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\DTSGainCompensatorDLL64.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\DTSGFXAPO64.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\DTSGFXAPONS64.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\DTSLFXAPO64.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\DTSLimiterDLL64.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\DTSNeoPCDLL64.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\DTSS2HeadphoneDLL64.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\DTSS2SpeakerDLL64.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\DTSSymmetryDLL64.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\DTSU2PGFX64.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\DTSU2PLFX64.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\DTSU2PREC64.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\DTSVoiceClarityDLL64.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\EuEpmGdi.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\fbnative.exe:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\FMAPO64.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\hpinkcoiB111.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\hpinkinsB111.exe:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\hpinkstsB111LM.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\ICEsoundAPO64.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\jmcricon.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\KAAPORT64.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\lxbkcfg.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\lxbkcfg.exe:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\lxbkcnv4.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\lxbkcnv5.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\lxbkcoin.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\lxbkcomc.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\lxbkcomm.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\lxbkcoms.exe:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\lxbkcu.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\lxbkcur.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\lxbkdrs.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\lxbkg.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\lxbkhbn3.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\lxbkiesc.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\lxbkih.exe:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\lxbkinpa.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\lxbkjswr.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\lxbklmpm.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\lxbkpmui.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\lxbkpplc.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\lxbkprox.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\lxbkserv.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\lxbkusb1.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\lxbkutil.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\lxbkvs.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\M-AudioTaskBarIcon.exe:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\MaxxAudioAPO20.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\MaxxAudioAPO30.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\MaxxAudioAPO4064.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\MaxxAudioAPO5064.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\MaxxAudioAPO6064.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\MaxxAudioAPOShell64.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\MaxxAudioEQ64.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\MaxxAudioRealtek64.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\MaxxSpeechAPO64.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\MaxxVoiceAPO2064.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\MaxxVoiceAPO3064.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\MaxxVolumeSDAPO.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\MISS_APO.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\MRT.exe:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\NAHIMICAPOlfx.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\NahimicAPONSControl.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\nvaudcap64v.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\nvnusbaudio_coinst.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\nvvsvc.exe:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\OpenCL.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\RCoInstII64.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\RltkAPO64.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\RP3DAA64.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\RP3DHT64.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\RTCOM64.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\RtDataProc64.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\RTEED64A.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\RTEEG64A.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\RTEEL64A.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\RTEEP64A.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\RtkApi64.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\RtkCfg64.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\RtkCoLDR64.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\RtlCPAPI64.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\RtNicProp64.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\RtPgEx64.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\rtscan.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\RTSnMg64.cpl:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\SFAPO64.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\SFCOM64.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\SFNHK64.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\SFSS_APO.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\sl3apo64.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\slcnt64.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\slprp64.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\sltech64.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\SRAPO64.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\SRCOM.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\SRCOM64.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\SRRPTR64.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\SRSHP64.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\SRSTSH64.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\SRSTSX64.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\SRSWOW64.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\tadefxapo.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\tadefxapo264.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\tepeqapo64.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\tosade.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\tosasfapo64.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\toseaeapo64.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\tossaeapo64.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\TsWpfWrp.exe:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\VBoxNetFltNobj.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\WavesGUILib64.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\WdfCoInstaller01007.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\wdfcoinstaller01009.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\wiafbdrv.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\WinUSBCoInstaller.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\YamahaAE.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\SysWOW64\ApowersoftScreenCapturing.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\SysWOW64\ApowersoftScreenCapturingFilter.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\SysWOW64\ApowersoftVideoMixerFilter.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\SysWOW64\BootMan.exe:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx10_43.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx11_43.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx9_31.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\SysWOW64\D3DX9_43.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\SysWOW64\dgderapi.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\SysWOW64\dns-sd.exe:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\SysWOW64\drvc.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\SysWOW64\epmntdrv.sys:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\SysWOW64\EuEpmGdi.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\SysWOW64\EuGdiDrv.sys:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\SysWOW64\jmcricon.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\SysWOW64\lxbkcfg.exe:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\SysWOW64\lxbkcoms.exe:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\SysWOW64\lxbkih.exe:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\SysWOW64\lxbkppls.exe:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\SysWOW64\MASetupCleaner.exe:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\SysWOW64\MFC71ESP.DLL:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\SysWOW64\muzapp.exe:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\SysWOW64\nvaudcap32v.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\SysWOW64\nvStreaming.exe:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\SysWOW64\Olepau32.ax:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\SysWOW64\OpenCL.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\SysWOW64\pncrt.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\SysWOW64\Redemption.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\SysWOW64\RltkAPO.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\SysWOW64\setupempdrv03.exe:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\SysWOW64\SFCOM.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\SysWOW64\SRCOM.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\SysWOW64\swscale-lav-2.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\SysWOW64\TAKDSDecoder.ax:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\SysWOW64\TsWpfWrp.exe:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\Drivers\Apowersoft_AudioDevice.sys:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\Drivers\bcbtums.sys:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\Drivers\bthav.sys:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\Drivers\btwampfl.sys:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\Drivers\csrusbfilter.sys:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\Drivers\dc3d.sys:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\Drivers\dtlitescsibus.sys:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\Drivers\eksmidi.sys:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\Drivers\eubakup.sys:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\Drivers\EUBKMON.sys:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\Drivers\eudskacs.sys:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\Drivers\EuFdDisk.sys:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\Drivers\jmcr.sys:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\Drivers\MAudioProKeysSono.sys:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\Drivers\MAudioProKeysSono_DFU.sys:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\Drivers\mbam.sys:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\Drivers\mbamchameleon.sys:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\Drivers\mwac.sys:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\Drivers\nvvad64v.sys:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\Drivers\phylock.sys:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\Drivers\rsdrvx64.sys:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\Drivers\rspLLL64.sys:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\Drivers\Rt630x64.sys:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\Drivers\RTKVHD64.sys:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\Drivers\ssudbus.sys:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\Drivers\ssudmdm.sys:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\Drivers\tap-tb-0901.sys:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\Drivers\tosporte.sys:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\Drivers\tosrfbd.sys:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\Drivers\tosrfbnp.sys:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\Drivers\tosrfcom.sys:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\Drivers\Tosrfhid.sys:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\Drivers\tosrfnds.sys:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\Drivers\TosRfSnd.sys:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\Drivers\tosrfusb.sys:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\Drivers\usbscan.sys:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\Drivers\VBoxDrv.sys:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\Drivers\VBoxNetAdp.sys:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\Drivers\VBoxUSB.sys:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\Drivers\VBoxUSBMon.sys:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\Drivers\vrtaucbl.sys:$CmdTcID
    AlternateDataStreams: C:\Users\Administrator\Cookies:RxhZ9woyaG2Kyu070E6ze
    AlternateDataStreams: C:\Users\Administrator\Desktop\Num_2._Art_4._Diane_Fromage.pdf:$CmdZnID
    AlternateDataStreams: C:\Users\Administrator\Desktop\Run Explorer as System.bat:$CmdTcID
    AlternateDataStreams: C:\Users\Administrator\Downloads\11760405_10153030110535679_1542847361_o.jpg:$CmdZnID
    AlternateDataStreams: C:\Users\Administrator\Downloads\12337_Adv.part1.rar:$CmdTcID
    AlternateDataStreams: C:\Users\Administrator\Downloads\12337_Adv.part1.rar:$CmdZnID
    AlternateDataStreams: C:\Users\Administrator\Downloads\12337_Adv.part2.rar:$CmdTcID
    AlternateDataStreams: C:\Users\Administrator\Downloads\12337_Adv.part2.rar:$CmdZnID
    AlternateDataStreams: C:\Users\Administrator\Downloads\341.44-desktop-win8-win7-winvista-64bit-international-whql.exe:$CmdTcID
    AlternateDataStreams: C:\Users\Administrator\Downloads\341.44-desktop-win8-win7-winvista-64bit-international-whql.exe:$CmdZnID
    AlternateDataStreams: C:\Users\Administrator\Downloads\6jx107ww.exe:$CmdZnID
    AlternateDataStreams: C:\Users\Administrator\Downloads\adwcleaner_4.207.exe:$CmdZnID
    AlternateDataStreams: C:\Users\Administrator\Downloads\adwcleaner_5.005.exe:$CmdTcID
    AlternateDataStreams: C:\Users\Administrator\Downloads\adwcleaner_5.005.exe:$CmdZnID
    AlternateDataStreams: C:\Users\Administrator\Downloads\adwcleaner_5.008.exe:$CmdTcID
    AlternateDataStreams: C:\Users\Administrator\Downloads\adwcleaner_5.008.exe:$CmdZnID
    AlternateDataStreams: C:\Users\Administrator\Downloads\Amnesia - Mojito_Lite_feat._Tito_Nieves.mp3:$CmdTcID
    AlternateDataStreams: C:\Users\Administrator\Downloads\Amnesia - Mojito_Lite_feat._Tito_Nieves.mp3:$CmdZnID
    AlternateDataStreams: C:\Users\Administrator\Downloads\Andy_Android_Emulator_v44_10.exe:$CmdZnID
    AlternateDataStreams: C:\Users\Administrator\Downloads\avast-browser-cleanup-sfx.exe:$CmdTcID
    AlternateDataStreams: C:\Users\Administrator\Downloads\avast-browser-cleanup-sfx.exe:$CmdZnID
    AlternateDataStreams: C:\Users\Administrator\Downloads\B00TFORUM8.htm:$CmdZnID
    AlternateDataStreams: C:\Users\Administrator\Downloads\Charge2_QSG_EN.pdf:$CmdZnID
    AlternateDataStreams: C:\Users\Administrator\Downloads\Charge2_SS_EN.pdf:$CmdZnID
    AlternateDataStreams: C:\Users\Administrator\Downloads\ChromeSetup(1).exe:$CmdTcID
    AlternateDataStreams: C:\Users\Administrator\Downloads\ChromeSetup(1).exe:$CmdZnID
    AlternateDataStreams: C:\Users\Administrator\Downloads\ChromeSetup.exe:$CmdZnID
    AlternateDataStreams: C:\Users\Administrator\Downloads\Cibo Matto-Spoon.mp3:$CmdTcID
    AlternateDataStreams: C:\Users\Administrator\Downloads\Cibo Matto-Spoon.mp3:$CmdZnID
    AlternateDataStreams: C:\Users\Administrator\Downloads\cispremium_installer.exe:$CmdTcID
    AlternateDataStreams: C:\Users\Administrator\Downloads\cispremium_installer.exe:$CmdZnID
    AlternateDataStreams: C:\Users\Administrator\Downloads\epson378919eu.pdf:$CmdZnID
    AlternateDataStreams: C:\Users\Administrator\Downloads\epson513359eu.exe:$CmdTcID
    AlternateDataStreams: C:\Users\Administrator\Downloads\epson513359eu.exe:$CmdZnID
    AlternateDataStreams: C:\Users\Administrator\Downloads\Eric Clapton - Change The World (Pro)(1).gp3:$CmdZnID
    AlternateDataStreams: C:\Users\Administrator\Downloads\Eric Clapton - Change The World (Pro)(2).gp3:$CmdZnID
    AlternateDataStreams: C:\Users\Administrator\Downloads\Eric Clapton - Change The World (Pro).gp3:$CmdZnID
    AlternateDataStreams: C:\Users\Administrator\Downloads\Eric Clapton - Change The World (Pro).gp4:$CmdZnID
    AlternateDataStreams: C:\Users\Administrator\Downloads\Eric Clapton - Old Love (Pro).gp3:$CmdZnID
    AlternateDataStreams: C:\Users\Administrator\Downloads\Eric Clapton - Old Love (Pro).gp5:$CmdZnID
    AlternateDataStreams: C:\Users\Administrator\Downloads\Eric Clapton - Old Love (Unplugged, 1992) (E. Matacena).mp3:$CmdTcID
    AlternateDataStreams: C:\Users\Administrator\Downloads\Eric Clapton - Old Love (Unplugged, 1992) (E. Matacena).mp3:$CmdZnID
    AlternateDataStreams: C:\Users\Administrator\Downloads\Eric Clapton - Old Love [MTV Unplugged] [vk.comsmfm_radio] (S. Afanasyev).mp3:$CmdTcID
    AlternateDataStreams: C:\Users\Administrator\Downloads\Eric Clapton - Old Love [MTV Unplugged] [vk.comsmfm_radio] (S. Afanasyev).mp3:$CmdZnID
    AlternateDataStreams: C:\Users\Administrator\Downloads\FicheroCliente(1).pdf:$CmdTcID
    AlternateDataStreams: C:\Users\Administrator\Downloads\FicheroCliente(1).pdf:$CmdZnID
    AlternateDataStreams: C:\Users\Administrator\Downloads\FicheroCliente(2).pdf:$CmdTcID
    AlternateDataStreams: C:\Users\Administrator\Downloads\FicheroCliente(2).pdf:$CmdZnID
    AlternateDataStreams: C:\Users\Administrator\Downloads\FicheroCliente.pdf:$CmdZnID
    AlternateDataStreams: C:\Users\Administrator\Downloads\FileFormatConverters.exe:$CmdTcID
    AlternateDataStreams: C:\Users\Administrator\Downloads\FileFormatConverters.exe:$CmdZnID
    AlternateDataStreams: C:\Users\Administrator\Downloads\Flash_tool_for_Xperia_6.zip:$CmdZnID
    AlternateDataStreams: C:\Users\Administrator\Downloads\FRST64.exe:$CmdTcID
    AlternateDataStreams: C:\Users\Administrator\Downloads\FRST64.exe:$CmdZnID
    AlternateDataStreams: C:\Users\Administrator\Downloads\gapa.zip:$CmdTcID
    AlternateDataStreams: C:\Users\Administrator\Downloads\gapa.zip:$CmdZnID
    AlternateDataStreams: C:\Users\Administrator\Downloads\HitmanPro_x64(1).exe:$CmdTcID
    AlternateDataStreams: C:\Users\Administrator\Downloads\HitmanPro_x64(1).exe:$CmdZnID
    AlternateDataStreams: C:\Users\Administrator\Downloads\HojaDeFirmas(1).pdf:$CmdTcID
    AlternateDataStreams: C:\Users\Administrator\Downloads\HojaDeFirmas(1).pdf:$CmdZnID
    AlternateDataStreams: C:\Users\Administrator\Downloads\HojaDeFirmas.pdf:$CmdTcID
    AlternateDataStreams: C:\Users\Administrator\Downloads\HojaDeFirmas.pdf:$CmdZnID
    AlternateDataStreams: C:\Users\Administrator\Downloads\interim-101-guidance-12-2014.PDF:$CmdZnID
    AlternateDataStreams: C:\Users\Administrator\Downloads\JBL_CHARGE_2.7z:$CmdZnID
    AlternateDataStreams: C:\Users\Administrator\Downloads\JDownloader2Setup(1).exe:$CmdZnID
    AlternateDataStreams: C:\Users\Administrator\Downloads\JDownloader2Setup(2).exe:$CmdZnID
    AlternateDataStreams: C:\Users\Administrator\Downloads\JDownloader2Setup.exe:$CmdZnID
    AlternateDataStreams: C:\Users\Administrator\Downloads\jmb38x_windrv_r1.00.24_whql.zip:$CmdTcID
    AlternateDataStreams: C:\Users\Administrator\Downloads\jmb38x_windrv_r1.00.24_whql.zip:$CmdZnID
    AlternateDataStreams: C:\Users\Administrator\Downloads\JRT(1).exe:$CmdTcID
    AlternateDataStreams: C:\Users\Administrator\Downloads\JRT(1).exe:$CmdZnID
    AlternateDataStreams: C:\Users\Administrator\Downloads\JRT.exe:$CmdTcID
    AlternateDataStreams: C:\Users\Administrator\Downloads\JRT.exe:$CmdZnID
    AlternateDataStreams: C:\Users\Administrator\Downloads\jxpiinstall.exe:$CmdZnID
    AlternateDataStreams: C:\Users\Administrator\Downloads\manhunter.(1986).eng.1cd.(3546915).zip:$CmdTcID
    AlternateDataStreams: C:\Users\Administrator\Downloads\manhunter.(1986).eng.1cd.(3546915).zip:$CmdZnID
    AlternateDataStreams: C:\Users\Administrator\Downloads\mbam-setup-2.1.8.1057 (1).exe:$CmdTcID
    AlternateDataStreams: C:\Users\Administrator\Downloads\mbam-setup-2.1.8.1057.exe:$CmdTcID
    AlternateDataStreams: C:\Users\Administrator\Downloads\Movimiento_0:$CmdTcID
    AlternateDataStreams: C:\Users\Administrator\Downloads\Movimiento_0:$CmdZnID
    AlternateDataStreams: C:\Users\Administrator\Downloads\Movimiento_0(1):$CmdTcID
    AlternateDataStreams: C:\Users\Administrator\Downloads\Movimiento_0(1):$CmdZnID
    AlternateDataStreams: C:\Users\Administrator\Downloads\Movimiento_2:$CmdZnID
    AlternateDataStreams: C:\Users\Administrator\Downloads\net.pikanji.recentlyaddedcontacts-0.apk:$CmdZnID
    AlternateDataStreams: C:\Users\Administrator\Downloads\NPE.exe:$CmdZnID
    AlternateDataStreams: C:\Users\Administrator\Downloads\phylock_ifw2.zip:$CmdTcID
    AlternateDataStreams: C:\Users\Administrator\Downloads\phylock_ifw2.zip:$CmdZnID
    AlternateDataStreams: C:\Users\Administrator\Downloads\Pink-Tambourine.rar:$CmdTcID
    AlternateDataStreams: C:\Users\Administrator\Downloads\Pink-Tambourine.rar:$CmdZnID
    AlternateDataStreams: C:\Users\Administrator\Downloads\Pro027.xlsx:$CmdZnID
    AlternateDataStreams: C:\Users\Administrator\Downloads\Prosodic Typology Revisited_Adding Macro-Rhythm(1).pdf:$CmdTcID
    AlternateDataStreams: C:\Users\Administrator\Downloads\Prosodic Typology Revisited_Adding Macro-Rhythm(1).pdf:$CmdZnID
    AlternateDataStreams: C:\Users\Administrator\Downloads\Prosodic Typology Revisited_Adding Macro-Rhythm(2).pdf:$CmdTcID
    AlternateDataStreams: C:\Users\Administrator\Downloads\Prosodic Typology Revisited_Adding Macro-Rhythm(2).pdf:$CmdZnID
    AlternateDataStreams: C:\Users\Administrator\Downloads\Prosodic Typology Revisited_Adding Macro-Rhythm(3).pdf:$CmdTcID
    AlternateDataStreams: C:\Users\Administrator\Downloads\Prosodic Typology Revisited_Adding Macro-Rhythm(3).pdf:$CmdZnID
    AlternateDataStreams: C:\Users\Administrator\Downloads\Prosodic Typology Revisited_Adding Macro-Rhythm.pdf:$CmdTcID
    AlternateDataStreams: C:\Users\Administrator\Downloads\Prosodic Typology Revisited_Adding Macro-Rhythm.pdf:$CmdZnID
    AlternateDataStreams: C:\Users\Administrator\Downloads\QQ截图20150707110501.png:$CmdZnID
    AlternateDataStreams: C:\Users\Administrator\Downloads\RogueKiller(1).exe:$CmdTcID
    AlternateDataStreams: C:\Users\Administrator\Downloads\RogueKiller(1).exe:$CmdZnID
    AlternateDataStreams: C:\Users\Administrator\Downloads\RogueKiller.exe:$CmdTcID
    AlternateDataStreams: C:\Users\Administrator\Downloads\RogueKiller.exe:$CmdZnID
    AlternateDataStreams: C:\Users\Administrator\Downloads\RogueKillerX64.exe:$CmdTcID
    AlternateDataStreams: C:\Users\Administrator\Downloads\RogueKillerX64.exe:$CmdZnID
    AlternateDataStreams: C:\Users\Administrator\Downloads\rq08074_7-28-2015_9-39-22(1).pdf:$CmdTcID
    AlternateDataStreams: C:\Users\Administrator\Downloads\rq08074_7-28-2015_9-39-22(1).pdf:$CmdZnID
    AlternateDataStreams: C:\Users\Administrator\Downloads\rq08074_7-28-2015_9-39-22.pdf:$CmdTcID
    AlternateDataStreams: C:\Users\Administrator\Downloads\rq08074_7-28-2015_9-39-22.pdf:$CmdZnID
    AlternateDataStreams: C:\Users\Administrator\Downloads\setup(1).exe:$CmdZnID
    AlternateDataStreams: C:\Users\Administrator\Downloads\setup.exe:$CmdTcID
    AlternateDataStreams: C:\Users\Administrator\Downloads\setup.exe:$CmdZnID
    AlternateDataStreams: C:\Users\Administrator\Downloads\SkypeSetup.exe:$CmdZnID
    AlternateDataStreams: C:\Users\Administrator\Downloads\SkypeWebPlugin.msi:$CmdTcID
    AlternateDataStreams: C:\Users\Administrator\Downloads\SkypeWebPlugin.msi:$CmdZnID
    AlternateDataStreams: C:\Users\Administrator\Downloads\Sony PC Companion_Web.exe:$CmdTcID
    AlternateDataStreams: C:\Users\Administrator\Downloads\Sony PC Companion_Web.exe:$CmdZnID
    AlternateDataStreams: C:\Users\Administrator\Downloads\SonyPCCompanion_Web.exe:$CmdTcID
    AlternateDataStreams: C:\Users\Administrator\Downloads\Stemm - Face the Pain.mp3:$CmdTcID
    AlternateDataStreams: C:\Users\Administrator\Downloads\Stemm - Face the Pain.mp3:$CmdZnID
    AlternateDataStreams: C:\Users\Administrator\Downloads\subtersonic-_black_swamp_tambourine.zip:$CmdTcID
    AlternateDataStreams: C:\Users\Administrator\Downloads\subtersonic-_black_swamp_tambourine.zip:$CmdZnID
    AlternateDataStreams: C:\Users\Administrator\Downloads\sunpentown-sd-014v-dehumidifier-manual.pdf:$CmdZnID
    AlternateDataStreams: C:\Users\Administrator\Downloads\Tambo by ahjteam EXAMPLE.midi:$CmdZnID
    AlternateDataStreams: C:\Users\Administrator\Downloads\Tambo by ahjteam README.rtf:$CmdZnID
    AlternateDataStreams: C:\Users\Administrator\Downloads\Tambo by ahjteam.tci:$CmdZnID
    AlternateDataStreams: C:\Users\Administrator\Downloads\Tambo-by-ahjteam(1).zip:$CmdTcID
    AlternateDataStreams: C:\Users\Administrator\Downloads\Tambo-by-ahjteam(1).zip:$CmdZnID
    AlternateDataStreams: C:\Users\Administrator\Downloads\Tambo-by-ahjteam.zip:$CmdTcID
    AlternateDataStreams: C:\Users\Administrator\Downloads\Tambo-by-ahjteam.zip:$CmdZnID
    AlternateDataStreams: C:\Users\Administrator\Downloads\test-ramp-1.jpg:$CmdZnID
    AlternateDataStreams: C:\Users\Administrator\Downloads\third_year_progress_report_locked_2.pdf:$CmdZnID
    AlternateDataStreams: C:\Users\Administrator\Downloads\UNED_ENGLISH 2015.pdf:$CmdTcID
    AlternateDataStreams: C:\Users\Administrator\Downloads\UNED_ENGLISH 2015.pdf:$CmdZnID
    AlternateDataStreams: C:\Users\Administrator\Downloads\UniversalAdbDriver.zip:$CmdTcID
    AlternateDataStreams: C:\Users\Administrator\Downloads\UniversalAdbDriver.zip:$CmdZnID
    AlternateDataStreams: C:\Users\Administrator\Downloads\Update_Service_Setup-2.11.12.5.exe:$CmdTcID
    AlternateDataStreams: C:\Users\Administrator\Downloads\Update_Service_Setup-2.11.12.5.exe:$CmdZnID
    AlternateDataStreams: C:\Users\Administrator\Downloads\uTorrentPortable_3-4-3-40298_online-paf.exe:$CmdZnID
    AlternateDataStreams: C:\Users\Administrator\Downloads\uTorrentPortable_3.4.4.40911_online.paf.exe:$CmdZnID
    AlternateDataStreams: C:\Users\Administrator\Downloads\Wax Tailor - Sometimes.mp3:$CmdTcID
    AlternateDataStreams: C:\Users\Administrator\Downloads\Wax Tailor - Sometimes.mp3:$CmdZnID
    AlternateDataStreams: C:\Users\Administrator\Downloads\Windows-KB890830-x64-V5.26.exe:$CmdTcID
    AlternateDataStreams: C:\Users\Administrator\Downloads\Windows-KB890830-x64-V5.26.exe:$CmdZnID
    AlternateDataStreams: C:\Users\Administrator\Downloads\ytd-video-downloader-4-7-2-es-en-br-fr-de-it-ar-ru-nl-pl-gr-tr-win.exe:$CmdTcID
    AlternateDataStreams: C:\Users\Administrator\Downloads\ytd-video-downloader-4-7-2-es-en-br-fr-de-it-ar-ru-nl-pl-gr-tr-win.exe:$CmdZnID
    AlternateDataStreams: C:\Users\Administrator\Downloads\YTDSetup(1).exe:$CmdZnID
    AlternateDataStreams: C:\Users\Administrator\Downloads\YTDSetup.exe:$CmdZnID
    AlternateDataStreams: C:\Users\Administrator\AppData\Local\30FDB2F6_stp.CIS.part:$CmdTcID
    AlternateDataStreams: C:\ProgramData\TEMP:4ABA35EE
    AlternateDataStreams: C:\ProgramData\TEMP:535FBEA2
    AlternateDataStreams: C:\ProgramData\TEMP:6DDED7D9
    AlternateDataStreams: C:\ProgramData\TEMP:89FAC91C
    AlternateDataStreams: C:\ProgramData\TEMP:CF08C48A
    AlternateDataStreams: C:\ProgramData\TEMP:DDCCB2FA
    AlternateDataStreams: C:\ProgramData\TEMP:E8BE05FA
    AlternateDataStreams: C:\Users\dale\OneDrive:ms-properties
     
  23. Califauna

    Califauna TS Rookie Topic Starter Posts: 20

    *****************

    HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
    "HKU\S-1-5-21-2273160904-4274275969-784373220-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{89bb100f-c06a-11e4-8293-001a7d0abf05}" => key removed successfully
    HKCR\CLSID\{89bb100f-c06a-11e4-8293-001a7d0abf05} => key not found.
    "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\0PerformanceMonitor" => key removed successfully
    HKCR\CLSID\{3B5B973C-92A4-4855-9D3F-0F3D23332208} => key not found.
    C:\ProgramData\Allmyapps\apps\18327\Core Temp.exe => not found.
    C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully
    C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully
    C:\Program Files (x86)\settings.dat => moved successfully
    C:\Users\Administrator\AppData\Roaming\DarkAdapted Preferences => moved successfully
    C:\Users\Administrator\AppData\Local\30FDB2F6_stp.CIS => moved successfully
    C:\Users\Administrator\AppData\Local\30FDB2F6_stp.CIS.part => moved successfully
    C:\Users\Administrator\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini => moved successfully
    C:\Users\Administrator\AppData\Local\RawCopy.1.02.agreement => moved successfully
    C:\Users\Administrator\AppData\Local\RawCopy.savedialog.dir => moved successfully
    C:\Users\Administrator\AppData\Local\RawCopy.savedialog.filterindex => moved successfully
    C:\Users\Administrator\AppData\Local\RawCopy.sourcedisk.index => moved successfully
    C:\ProgramData\DP45977C.lfl => moved successfully
    "C:\ProgramData\regid.2011-06.com.youtubebyclick_3C521B99-9ACE-47EA-AC9F-26075467D03B.swidtag" => File/Folder not found.
    C:\Users\Administrator\AppData\Local\Temp\130876732864096387.exe => moved successfully
    C:\Users\Administrator\AppData\Local\Temp\13087673321430603253.exe => moved successfully
    C:\Users\Administrator\AppData\Local\Temp\dllnt_dump.dll => moved successfully
    C:\Users\Administrator\AppData\Local\Temp\DseShExt-x64.dll => moved successfully
    C:\Users\Administrator\AppData\Local\Temp\DseShExt-x86.dll => moved successfully
    C:\Users\Administrator\AppData\Local\Temp\i4jdel0.exe => moved successfully
    C:\Users\Administrator\AppData\Local\Temp\proxy_vole1413000634955814965.dll => moved successfully
    C:\Users\Administrator\AppData\Local\Temp\SDShelEx-win32.dll => moved successfully
    C:\Users\Administrator\AppData\Local\Temp\SDShelEx-x64.dll => moved successfully
    C:\Users\Administrator\AppData\Local\Temp\sfamcc00001.dll => moved successfully
    C:\Users\Administrator\AppData\Local\Temp\sfamcc00002.dll => moved successfully
    C:\Users\Administrator\AppData\Local\Temp\sfareca00001.dll => moved successfully
    C:\Users\Administrator\AppData\Local\Temp\sfareca00002.dll => moved successfully
    C:\Users\Administrator\AppData\Local\Temp\SkypeSetup.exe => moved successfully
    C:\Users\Administrator\AppData\Local\Temp\sqlite3.dll => moved successfully
    "C:\Program Files (x86)\JumplistLauncher.exe" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\Ckconfig.exe" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\Ckrfresh.exe" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\lsb_un20.exe" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\MASetupCaller.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\MusiccityDownload.exe" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\Setup_ck.exe" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\AcpiServiceVnA64.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\AdobePDF.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\AdobePDFUI.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\AERTAC64.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\AERTAR64.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\audioLibVc.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\BcmBtRSupport.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\BootMan.exe" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\btwdi.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\BtwRSupportService.exe" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\Ckldrv.sys" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\coin97ip.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\coin97itp.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\CONEQMSAPOGUILibrary.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\Crypserv.exe" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\CsrSecCoins.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\CX64APO.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\d3dx10_43.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\d3dx11_43.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\D3DX9_43.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\DDPA64.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\DDPD64A.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\DDPO64A.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\DDPP64A.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\dns-sd.exe" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\DTSBassEnhancementDLL64.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\DTSBoostDLL64.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\DTSGainCompensatorDLL64.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\DTSGFXAPO64.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\DTSGFXAPONS64.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\DTSLFXAPO64.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\DTSLimiterDLL64.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\DTSNeoPCDLL64.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\DTSS2HeadphoneDLL64.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\DTSS2SpeakerDLL64.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\DTSSymmetryDLL64.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\DTSU2PGFX64.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\DTSU2PLFX64.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\DTSU2PREC64.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\DTSVoiceClarityDLL64.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\EuEpmGdi.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\fbnative.exe" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\FMAPO64.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\hpinkcoiB111.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\hpinkinsB111.exe" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\hpinkstsB111LM.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\ICEsoundAPO64.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\jmcricon.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\KAAPORT64.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\lxbkcfg.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\lxbkcfg.exe" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\lxbkcnv4.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\lxbkcnv5.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\lxbkcoin.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\lxbkcomc.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\lxbkcomm.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\lxbkcoms.exe" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\lxbkcu.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\lxbkcur.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\lxbkdrs.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\lxbkg.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\lxbkhbn3.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\lxbkiesc.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\lxbkih.exe" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\lxbkinpa.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\lxbkjswr.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\lxbklmpm.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\lxbkpmui.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\lxbkpplc.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\lxbkprox.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\lxbkserv.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\lxbkusb1.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\lxbkutil.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\lxbkvs.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\M-AudioTaskBarIcon.exe" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\MaxxAudioAPO20.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\MaxxAudioAPO30.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\MaxxAudioAPO4064.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\MaxxAudioAPO5064.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\MaxxAudioAPO6064.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\MaxxAudioAPOShell64.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\MaxxAudioEQ64.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\MaxxAudioRealtek64.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\MaxxSpeechAPO64.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\MaxxVoiceAPO2064.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\MaxxVoiceAPO3064.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\MaxxVolumeSDAPO.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\MISS_APO.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\MRT.exe" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\NAHIMICAPOlfx.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\NahimicAPONSControl.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\nvaudcap64v.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\nvnusbaudio_coinst.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\nvvsvc.exe" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\OpenCL.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\RCoInstII64.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\RltkAPO64.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\RP3DAA64.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\RP3DHT64.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\RTCOM64.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\RtDataProc64.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\RTEED64A.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\RTEEG64A.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\RTEEL64A.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\RTEEP64A.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\RtkApi64.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\RtkCfg64.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\RtkCoLDR64.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\RtlCPAPI64.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\RtNicProp64.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\RtPgEx64.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\rtscan.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\RTSnMg64.cpl" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\SFAPO64.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\SFCOM64.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\SFNHK64.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\SFSS_APO.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\sl3apo64.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\slcnt64.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\slprp64.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\sltech64.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\SRAPO64.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\SRCOM.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\SRCOM64.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\SRRPTR64.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\SRSHP64.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\SRSTSH64.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\SRSTSX64.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\SRSWOW64.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\tadefxapo.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\tadefxapo264.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\tepeqapo64.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\tosade.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\tosasfapo64.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\toseaeapo64.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\tossaeapo64.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\TsWpfWrp.exe" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\VBoxNetFltNobj.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\WavesGUILib64.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\WdfCoInstaller01007.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\wdfcoinstaller01009.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\wiafbdrv.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\WinUSBCoInstaller.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\YamahaAE.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\SysWOW64\ApowersoftScreenCapturing.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\SysWOW64\ApowersoftScreenCapturingFilter.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\SysWOW64\ApowersoftVideoMixerFilter.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\SysWOW64\BootMan.exe" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\SysWOW64\d3dx10_43.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\SysWOW64\d3dx11_43.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\SysWOW64\d3dx9_31.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\SysWOW64\D3DX9_43.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\SysWOW64\dgderapi.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\SysWOW64\dns-sd.exe" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\SysWOW64\drvc.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\SysWOW64\epmntdrv.sys" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\SysWOW64\EuEpmGdi.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\SysWOW64\EuGdiDrv.sys" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\SysWOW64\jmcricon.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\SysWOW64\lxbkcfg.exe" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\SysWOW64\lxbkcoms.exe" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\SysWOW64\lxbkih.exe" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\SysWOW64\lxbkppls.exe" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\SysWOW64\MASetupCleaner.exe" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\SysWOW64\MFC71ESP.DLL" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\SysWOW64\muzapp.exe" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\SysWOW64\nvaudcap32v.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\SysWOW64\nvStreaming.exe" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\SysWOW64\Olepau32.ax" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\SysWOW64\OpenCL.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\SysWOW64\pncrt.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\SysWOW64\Redemption.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\SysWOW64\RltkAPO.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\SysWOW64\setupempdrv03.exe" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\SysWOW64\SFCOM.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\SysWOW64\SRCOM.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\SysWOW64\swscale-lav-2.dll" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\SysWOW64\TAKDSDecoder.ax" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\SysWOW64\TsWpfWrp.exe" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\Drivers\Apowersoft_AudioDevice.sys" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\Drivers\bcbtums.sys" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\Drivers\bthav.sys" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\Drivers\btwampfl.sys" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\Drivers\csrusbfilter.sys" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\Drivers\dc3d.sys" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\Drivers\dtlitescsibus.sys" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\Drivers\eksmidi.sys" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\Drivers\eubakup.sys" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\Drivers\EUBKMON.sys" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\Drivers\eudskacs.sys" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\Drivers\EuFdDisk.sys" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\Drivers\jmcr.sys" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\Drivers\MAudioProKeysSono.sys" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\Drivers\MAudioProKeysSono_DFU.sys" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\Drivers\mbam.sys" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\Drivers\mbamchameleon.sys" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\Drivers\mwac.sys" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\Drivers\nvvad64v.sys" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\Drivers\phylock.sys" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\Drivers\rsdrvx64.sys" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\Drivers\rspLLL64.sys" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\Drivers\Rt630x64.sys" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\Drivers\RTKVHD64.sys" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\Drivers\ssudbus.sys" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\Drivers\ssudmdm.sys" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\Drivers\tap-tb-0901.sys" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\Drivers\tosporte.sys" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\Drivers\tosrfbd.sys" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\Drivers\tosrfbnp.sys" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\Drivers\tosrfcom.sys" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\Drivers\Tosrfhid.sys" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\Drivers\tosrfnds.sys" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\Drivers\TosRfSnd.sys" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\Drivers\tosrfusb.sys" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\Drivers\usbscan.sys" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\Drivers\VBoxDrv.sys" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\Drivers\VBoxNetAdp.sys" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\Drivers\VBoxUSB.sys" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\Drivers\VBoxUSBMon.sys" => ":$CmdTcID" ADS not found.
    "C:\WINDOWS\system32\Drivers\vrtaucbl.sys" => ":$CmdTcID" ADS not found.
    "C:\Users\Administrator\Cookies" => ":RxhZ9woyaG2Kyu070E6ze" ADS not found.
    C:\Users\Administrator\Desktop\Num_2._Art_4._Diane_Fromage.pdf => ":$CmdZnID" ADS removed successfully.
    "C:\Users\Administrator\Desktop\Run Explorer as System.bat" => ":$CmdTcID" ADS not found.
    C:\Users\Administrator\Downloads\11760405_10153030110535679_1542847361_o.jpg => ":$CmdZnID" ADS removed successfully.
    "C:\Users\Administrator\Downloads\12337_Adv.part1.rar" => ":$CmdTcID" ADS not found.
    C:\Users\Administrator\Downloads\12337_Adv.part1.rar => ":$CmdZnID" ADS removed successfully.
    "C:\Users\Administrator\Downloads\12337_Adv.part2.rar" => ":$CmdTcID" ADS not found.
    C:\Users\Administrator\Downloads\12337_Adv.part2.rar => ":$CmdZnID" ADS removed successfully.
    "C:\Users\Administrator\Downloads\341.44-desktop-win8-win7-winvista-64bit-international-whql.exe" => ":$CmdTcID" ADS not found.
    C:\Users\Administrator\Downloads\341.44-desktop-win8-win7-winvista-64bit-international-whql.exe => ":$CmdZnID" ADS removed successfully.
    C:\Users\Administrator\Downloads\6jx107ww.exe => ":$CmdZnID" ADS removed successfully.
    C:\Users\Administrator\Downloads\adwcleaner_4.207.exe => ":$CmdZnID" ADS removed successfully.
    "C:\Users\Administrator\Downloads\adwcleaner_5.005.exe" => ":$CmdTcID" ADS not found.
    C:\Users\Administrator\Downloads\adwcleaner_5.005.exe => ":$CmdZnID" ADS removed successfully.
    "C:\Users\Administrator\Downloads\adwcleaner_5.008.exe" => ":$CmdTcID" ADS not found.
    C:\Users\Administrator\Downloads\adwcleaner_5.008.exe => ":$CmdZnID" ADS removed successfully.
    "C:\Users\Administrator\Downloads\Amnesia - Mojito_Lite_feat._Tito_Nieves.mp3" => ":$CmdTcID" ADS not found.
    C:\Users\Administrator\Downloads\Amnesia - Mojito_Lite_feat._Tito_Nieves.mp3 => ":$CmdZnID" ADS removed successfully.
    C:\Users\Administrator\Downloads\Andy_Android_Emulator_v44_10.exe => ":$CmdZnID" ADS removed successfully.
    "C:\Users\Administrator\Downloads\avast-browser-cleanup-sfx.exe" => ":$CmdTcID" ADS not found.
    C:\Users\Administrator\Downloads\avast-browser-cleanup-sfx.exe => ":$CmdZnID" ADS removed successfully.
    C:\Users\Administrator\Downloads\B00TFORUM8.htm => ":$CmdZnID" ADS removed successfully.
    C:\Users\Administrator\Downloads\Charge2_QSG_EN.pdf => ":$CmdZnID" ADS removed successfully.
    C:\Users\Administrator\Downloads\Charge2_SS_EN.pdf => ":$CmdZnID" ADS removed successfully.
    "C:\Users\Administrator\Downloads\ChromeSetup(1).exe" => ":$CmdTcID" ADS not found.
    C:\Users\Administrator\Downloads\ChromeSetup(1).exe => ":$CmdZnID" ADS removed successfully.
    C:\Users\Administrator\Downloads\ChromeSetup.exe => ":$CmdZnID" ADS removed successfully.
    "C:\Users\Administrator\Downloads\Cibo Matto-Spoon.mp3" => ":$CmdTcID" ADS not found.
    C:\Users\Administrator\Downloads\Cibo Matto-Spoon.mp3 => ":$CmdZnID" ADS removed successfully.
    "C:\Users\Administrator\Downloads\cispremium_installer.exe" => ":$CmdTcID" ADS not found.
    C:\Users\Administrator\Downloads\cispremium_installer.exe => ":$CmdZnID" ADS removed successfully.
    C:\Users\Administrator\Downloads\epson378919eu.pdf => ":$CmdZnID" ADS removed successfully.
    "C:\Users\Administrator\Downloads\epson513359eu.exe" => ":$CmdTcID" ADS not found.
    C:\Users\Administrator\Downloads\epson513359eu.exe => ":$CmdZnID" ADS removed successfully.
    C:\Users\Administrator\Downloads\Eric Clapton - Change The World (Pro)(1).gp3 => ":$CmdZnID" ADS removed successfully.
    C:\Users\Administrator\Downloads\Eric Clapton - Change The World (Pro)(2).gp3 => ":$CmdZnID" ADS removed successfully.
    C:\Users\Administrator\Downloads\Eric Clapton - Change The World (Pro).gp3 => ":$CmdZnID" ADS removed successfully.
    C:\Users\Administrator\Downloads\Eric Clapton - Change The World (Pro).gp4 => ":$CmdZnID" ADS removed successfully.
    C:\Users\Administrator\Downloads\Eric Clapton - Old Love (Pro).gp3 => ":$CmdZnID" ADS removed successfully.
    C:\Users\Administrator\Downloads\Eric Clapton - Old Love (Pro).gp5 => ":$CmdZnID" ADS removed successfully.
    "C:\Users\Administrator\Downloads\Eric Clapton - Old Love (Unplugged, 1992) (E. Matacena).mp3" => ":$CmdTcID" ADS not found.
    C:\Users\Administrator\Downloads\Eric Clapton - Old Love (Unplugged, 1992) (E. Matacena).mp3 => ":$CmdZnID" ADS removed successfully.
    "C:\Users\Administrator\Downloads\Eric Clapton - Old Love [MTV Unplugged] [vk.comsmfm_radio] (S. Afanasyev).mp3" => ":$CmdTcID" ADS not found.
    C:\Users\Administrator\Downloads\Eric Clapton - Old Love [MTV Unplugged] [vk.comsmfm_radio] (S. Afanasyev).mp3 => ":$CmdZnID" ADS removed successfully.
    "C:\Users\Administrator\Downloads\FicheroCliente(1).pdf" => ":$CmdTcID" ADS not found.
    C:\Users\Administrator\Downloads\FicheroCliente(1).pdf => ":$CmdZnID" ADS removed successfully.
    "C:\Users\Administrator\Downloads\FicheroCliente(2).pdf" => ":$CmdTcID" ADS not found.
    C:\Users\Administrator\Downloads\FicheroCliente(2).pdf => ":$CmdZnID" ADS removed successfully.
    C:\Users\Administrator\Downloads\FicheroCliente.pdf => ":$CmdZnID" ADS removed successfully.
    "C:\Users\Administrator\Downloads\FileFormatConverters.exe" => ":$CmdTcID" ADS not found.
    C:\Users\Administrator\Downloads\FileFormatConverters.exe => ":$CmdZnID" ADS removed successfully.
    C:\Users\Administrator\Downloads\Flash_tool_for_Xperia_6.zip => ":$CmdZnID" ADS removed successfully.
    "C:\Users\Administrator\Downloads\FRST64.exe" => ":$CmdTcID" ADS not found.
    "C:\Users\Administrator\Downloads\FRST64.exe" => ":$CmdZnID" ADS not found.
    "C:\Users\Administrator\Downloads\gapa.zip" => ":$CmdTcID" ADS not found.
    C:\Users\Administrator\Downloads\gapa.zip => ":$CmdZnID" ADS removed successfully.
    "C:\Users\Administrator\Downloads\HitmanPro_x64(1).exe" => ":$CmdTcID" ADS not found.
    C:\Users\Administrator\Downloads\HitmanPro_x64(1).exe => ":$CmdZnID" ADS removed successfully.
    "C:\Users\Administrator\Downloads\HojaDeFirmas(1).pdf" => ":$CmdTcID" ADS not found.
    C:\Users\Administrator\Downloads\HojaDeFirmas(1).pdf => ":$CmdZnID" ADS removed successfully.
    "C:\Users\Administrator\Downloads\HojaDeFirmas.pdf" => ":$CmdTcID" ADS not found.
    C:\Users\Administrator\Downloads\HojaDeFirmas.pdf => ":$CmdZnID" ADS removed successfully.
    C:\Users\Administrator\Downloads\interim-101-guidance-12-2014.PDF => ":$CmdZnID" ADS removed successfully.
    C:\Users\Administrator\Downloads\JBL_CHARGE_2.7z => ":$CmdZnID" ADS removed successfully.
    C:\Users\Administrator\Downloads\JDownloader2Setup(1).exe => ":$CmdZnID" ADS removed successfully.
    C:\Users\Administrator\Downloads\JDownloader2Setup(2).exe => ":$CmdZnID" ADS removed successfully.
    C:\Users\Administrator\Downloads\JDownloader2Setup.exe => ":$CmdZnID" ADS removed successfully.
    "C:\Users\Administrator\Downloads\jmb38x_windrv_r1.00.24_whql.zip" => ":$CmdTcID" ADS not found.
    C:\Users\Administrator\Downloads\jmb38x_windrv_r1.00.24_whql.zip => ":$CmdZnID" ADS removed successfully.
    "C:\Users\Administrator\Downloads\JRT(1).exe" => ":$CmdTcID" ADS not found.
    C:\Users\Administrator\Downloads\JRT(1).exe => ":$CmdZnID" ADS removed successfully.
    "C:\Users\Administrator\Downloads\JRT.exe" => ":$CmdTcID" ADS not found.
    C:\Users\Administrator\Downloads\JRT.exe => ":$CmdZnID" ADS removed successfully.
    C:\Users\Administrator\Downloads\jxpiinstall.exe => ":$CmdZnID" ADS removed successfully.
    "C:\Users\Administrator\Downloads\manhunter.(1986).eng.1cd.(3546915).zip" => ":$CmdTcID" ADS not found.
    C:\Users\Administrator\Downloads\manhunter.(1986).eng.1cd.(3546915).zip => ":$CmdZnID" ADS removed successfully.
    "C:\Users\Administrator\Downloads\mbam-setup-2.1.8.1057 (1).exe" => ":$CmdTcID" ADS not found.
    "C:\Users\Administrator\Downloads\mbam-setup-2.1.8.1057.exe" => ":$CmdTcID" ADS not found.
    "C:\Users\Administrator\Downloads\Movimiento_0" => ":$CmdTcID" ADS not found.
    C:\Users\Administrator\Downloads\Movimiento_0 => ":$CmdZnID" ADS removed successfully.
    "C:\Users\Administrator\Downloads\Movimiento_0(1)" => ":$CmdTcID" ADS not found.
    C:\Users\Administrator\Downloads\Movimiento_0(1) => ":$CmdZnID" ADS removed successfully.
    C:\Users\Administrator\Downloads\Movimiento_2 => ":$CmdZnID" ADS removed successfully.
    C:\Users\Administrator\Downloads\net.pikanji.recentlyaddedcontacts-0.apk => ":$CmdZnID" ADS removed successfully.
    C:\Users\Administrator\Downloads\NPE.exe => ":$CmdZnID" ADS removed successfully.
    "C:\Users\Administrator\Downloads\phylock_ifw2.zip" => ":$CmdTcID" ADS not found.
    C:\Users\Administrator\Downloads\phylock_ifw2.zip => ":$CmdZnID" ADS removed successfully.
    "C:\Users\Administrator\Downloads\Pink-Tambourine.rar" => ":$CmdTcID" ADS not found.
    C:\Users\Administrator\Downloads\Pink-Tambourine.rar => ":$CmdZnID" ADS removed successfully.
    C:\Users\Administrator\Downloads\Pro027.xlsx => ":$CmdZnID" ADS removed successfully.
    "C:\Users\Administrator\Downloads\Prosodic Typology Revisited_Adding Macro-Rhythm(1).pdf" => ":$CmdTcID" ADS not found.
    C:\Users\Administrator\Downloads\Prosodic Typology Revisited_Adding Macro-Rhythm(1).pdf => ":$CmdZnID" ADS removed successfully.
    "C:\Users\Administrator\Downloads\Prosodic Typology Revisited_Adding Macro-Rhythm(2).pdf" => ":$CmdTcID" ADS not found.
    C:\Users\Administrator\Downloads\Prosodic Typology Revisited_Adding Macro-Rhythm(2).pdf => ":$CmdZnID" ADS removed successfully.
    "C:\Users\Administrator\Downloads\Prosodic Typology Revisited_Adding Macro-Rhythm(3).pdf" => ":$CmdTcID" ADS not found.
    C:\Users\Administrator\Downloads\Prosodic Typology Revisited_Adding Macro-Rhythm(3).pdf => ":$CmdZnID" ADS removed successfully.
    "C:\Users\Administrator\Downloads\Prosodic Typology Revisited_Adding Macro-Rhythm.pdf" => ":$CmdTcID" ADS not found.
    C:\Users\Administrator\Downloads\Prosodic Typology Revisited_Adding Macro-Rhythm.pdf => ":$CmdZnID" ADS removed successfully.
    C:\Users\Administrator\Downloads\QQ截图20150707110501.png => ":$CmdZnID" ADS removed successfully.
    "C:\Users\Administrator\Downloads\RogueKiller(1).exe" => ":$CmdTcID" ADS not found.
    C:\Users\Administrator\Downloads\RogueKiller(1).exe => ":$CmdZnID" ADS removed successfully.
    "C:\Users\Administrator\Downloads\RogueKiller.exe" => ":$CmdTcID" ADS not found.
    C:\Users\Administrator\Downloads\RogueKiller.exe => ":$CmdZnID" ADS removed successfully.
    "C:\Users\Administrator\Downloads\RogueKillerX64.exe" => ":$CmdTcID" ADS not found.
    C:\Users\Administrator\Downloads\RogueKillerX64.exe => ":$CmdZnID" ADS removed successfully.
    "C:\Users\Administrator\Downloads\rq08074_7-28-2015_9-39-22(1).pdf" => ":$CmdTcID" ADS not found.
    C:\Users\Administrator\Downloads\rq08074_7-28-2015_9-39-22(1).pdf => ":$CmdZnID" ADS removed successfully.
    "C:\Users\Administrator\Downloads\rq08074_7-28-2015_9-39-22.pdf" => ":$CmdTcID" ADS not found.
    C:\Users\Administrator\Downloads\rq08074_7-28-2015_9-39-22.pdf => ":$CmdZnID" ADS removed successfully.
    C:\Users\Administrator\Downloads\setup(1).exe => ":$CmdZnID" ADS removed successfully.
    "C:\Users\Administrator\Downloads\setup.exe" => ":$CmdTcID" ADS not found.
    C:\Users\Administrator\Downloads\setup.exe => ":$CmdZnID" ADS removed successfully.
    C:\Users\Administrator\Downloads\SkypeSetup.exe => ":$CmdZnID" ADS removed successfully.
    "C:\Users\Administrator\Downloads\SkypeWebPlugin.msi" => ":$CmdTcID" ADS not found.
    C:\Users\Administrator\Downloads\SkypeWebPlugin.msi => ":$CmdZnID" ADS removed successfully.
    "C:\Users\Administrator\Downloads\Sony PC Companion_Web.exe" => ":$CmdTcID" ADS not found.
    C:\Users\Administrator\Downloads\Sony PC Companion_Web.exe => ":$CmdZnID" ADS removed successfully.
    "C:\Users\Administrator\Downloads\SonyPCCompanion_Web.exe" => ":$CmdTcID" ADS not found.
    "C:\Users\Administrator\Downloads\Stemm - Face the Pain.mp3" => ":$CmdTcID" ADS not found.
    C:\Users\Administrator\Downloads\Stemm - Face the Pain.mp3 => ":$CmdZnID" ADS removed successfully.
    "C:\Users\Administrator\Downloads\subtersonic-_black_swamp_tambourine.zip" => ":$CmdTcID" ADS not found.
    C:\Users\Administrator\Downloads\subtersonic-_black_swamp_tambourine.zip => ":$CmdZnID" ADS removed successfully.
    C:\Users\Administrator\Downloads\sunpentown-sd-014v-dehumidifier-manual.pdf => ":$CmdZnID" ADS removed successfully.
    C:\Users\Administrator\Downloads\Tambo by ahjteam EXAMPLE.midi => ":$CmdZnID" ADS removed successfully.
    C:\Users\Administrator\Downloads\Tambo by ahjteam README.rtf => ":$CmdZnID" ADS removed successfully.
    C:\Users\Administrator\Downloads\Tambo by ahjteam.tci => ":$CmdZnID" ADS removed successfully.
    "C:\Users\Administrator\Downloads\Tambo-by-ahjteam(1).zip" => ":$CmdTcID" ADS not found.
    C:\Users\Administrator\Downloads\Tambo-by-ahjteam(1).zip => ":$CmdZnID" ADS removed successfully.
    "C:\Users\Administrator\Downloads\Tambo-by-ahjteam.zip" => ":$CmdTcID" ADS not found.
    C:\Users\Administrator\Downloads\Tambo-by-ahjteam.zip => ":$CmdZnID" ADS removed successfully.
    C:\Users\Administrator\Downloads\test-ramp-1.jpg => ":$CmdZnID" ADS removed successfully.
    C:\Users\Administrator\Downloads\third_year_progress_report_locked_2.pdf => ":$CmdZnID" ADS removed successfully.
    "C:\Users\Administrator\Downloads\UNED_ENGLISH 2015.pdf" => ":$CmdTcID" ADS not found.
    C:\Users\Administrator\Downloads\UNED_ENGLISH 2015.pdf => ":$CmdZnID" ADS removed successfully.
    "C:\Users\Administrator\Downloads\UniversalAdbDriver.zip" => ":$CmdTcID" ADS not found.
    C:\Users\Administrator\Downloads\UniversalAdbDriver.zip => ":$CmdZnID" ADS removed successfully.
    "C:\Users\Administrator\Downloads\Update_Service_Setup-2.11.12.5.exe" => ":$CmdTcID" ADS not found.
    C:\Users\Administrator\Downloads\Update_Service_Setup-2.11.12.5.exe => ":$CmdZnID" ADS removed successfully.
    C:\Users\Administrator\Downloads\uTorrentPortable_3-4-3-40298_online-paf.exe => ":$CmdZnID" ADS removed successfully.
    C:\Users\Administrator\Downloads\uTorrentPortable_3.4.4.40911_online.paf.exe => ":$CmdZnID" ADS removed successfully.
    "C:\Users\Administrator\Downloads\Wax Tailor - Sometimes.mp3" => ":$CmdTcID" ADS not found.
    C:\Users\Administrator\Downloads\Wax Tailor - Sometimes.mp3 => ":$CmdZnID" ADS removed successfully.
    "C:\Users\Administrator\Downloads\Windows-KB890830-x64-V5.26.exe" => ":$CmdTcID" ADS not found.
    C:\Users\Administrator\Downloads\Windows-KB890830-x64-V5.26.exe => ":$CmdZnID" ADS removed successfully.
    "C:\Users\Administrator\Downloads\ytd-video-downloader-4-7-2-es-en-br-fr-de-it-ar-ru-nl-pl-gr-tr-win.exe" => ":$CmdTcID" ADS not found.
    C:\Users\Administrator\Downloads\ytd-video-downloader-4-7-2-es-en-br-fr-de-it-ar-ru-nl-pl-gr-tr-win.exe => ":$CmdZnID" ADS removed successfully.
    C:\Users\Administrator\Downloads\YTDSetup(1).exe => ":$CmdZnID" ADS removed successfully.
    C:\Users\Administrator\Downloads\YTDSetup.exe => ":$CmdZnID" ADS removed successfully.
    "C:\Users\Administrator\AppData\Local\30FDB2F6_stp.CIS.part" => ":$CmdTcID" ADS not found.
    C:\ProgramData\TEMP => ":4ABA35EE" ADS removed successfully.
    C:\ProgramData\TEMP => ":535FBEA2" ADS removed successfully.
    C:\ProgramData\TEMP => ":6DDED7D9" ADS removed successfully.
    C:\ProgramData\TEMP => ":89FAC91C" ADS removed successfully.
    C:\ProgramData\TEMP => ":CF08C48A" ADS removed successfully.
    C:\ProgramData\TEMP => ":DDCCB2FA" ADS removed successfully.
    C:\ProgramData\TEMP => ":E8BE05FA" ADS removed successfully.
    "C:\Users\dale\OneDrive" => ":ms-properties" ADS not found.


    The system needed a reboot..

    ==== End of Fixlog 19:43:53 ====
     
  24. Broni

    Broni Malware Annihilator Posts: 52,915   +344

    Good news :)
    I have to create each fixlist manually by looking through all log lines.

    Last scans...

    [​IMG] Download Security Check from here or here and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
    NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
    NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run


    [​IMG] Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
    • Other Services

    Press "Scan".
    It will create a log (FSS.txt) in the same directory the tool is run.
    Please copy and paste the log to your reply.


    [​IMG] Download Temp File Cleaner (TFC)
    Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    [​IMG] Download Sophos Free Virus Removal Tool and save it to your desktop.
    • Double click the icon and select Run
    • Click Next
    • Select I accept the terms in this license agreement, then click Next twice
    • Click Install
    • Click Finish to launch the program
    • Once the virus database has been updated click Start Scanning
    • If any threats are found click Details, then View log file... (bottom left hand corner)
    • Copy and paste the results in your reply
    • Close the Notepad document, close the Threat Details screen, then click Start cleanup
    • Click Exit to close the program
     
  25. Califauna

    Califauna TS Rookie Topic Starter Posts: 20

    Redirect returned. I am looking into whther the sync to my mobile caused the malware to be reloaded into my firefox profile on the laptop. Will update on this and the sophos scan results.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...