Inactive Slow, and multiple iExplore.exe running

Welcome aboard

Please, complete all steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.

Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
 
Hi :) Here is the MBAM logs:

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 09/02/2015
Scan Time: 10:23:21
Logfile:
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2015.02.09.03
Rootkit Database: v2015.02.03.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: JP

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 452672
Time Elapsed: 32 min, 19 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)
 
DDS.txt:

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 8.0.7601.17514
Run by JP at 11:21:50 on 2015-02-09
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3914.1467 [GMT 2:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\igfxCUIService.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\SysWOW64\atashost.exe
C:\Program Files (x86)\Sage Pastel Evolution\Freedom Service\Freedom.ServiceHost.exe
C:\ProgramData\DatacardService\HWDeviceService64.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
C:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS2008R2\MSSQL\Binn\sqlservr.exe
C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
C:\Windows\SysWOW64\vmnat.exe
C:\Program Files\WinAutomation\WinAutomation.ServiceAgent.exe
C:\Program Files (x86)\Atheros\Ath_WlanAgent.exe
C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
C:\Windows\SysWOW64\vmnetdhcp.exe
C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
C:\Windows\System32\alg.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\ProgramData\DatacardService\DCSHelper.exe
C:\Windows\system32\igfxEM.exe
C:\Windows\system32\igfxHK.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Users\JP.AS2\AppData\Roaming\uTorrent\uTorrent.exe
C:\Program Files (x86)\Microsoft Office\Office15\ONENOTEM.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uDefault_Page_URL = about:blank
mSearch Page = www.google.com
mDefault_Page_URL = about:blank
mDefault_Search_URL = www.google.com
mWinlogon: Userinit = userinit.exe,
BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL
BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [Mobile Partner] C:\Program Files (x86)\MobileWiFi\MobileWiFi
uRun: [uTorrent] "C:\Users\JP.AS2\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED
StartupFolder: C:\Users\JP.AS2\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\SENDTO~1.LNK - C:\Program Files (x86)\Microsoft Office\Office15\ONENOTEM.EXE
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
mPolicies-System: RunStartupScriptSync = dword:1
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~2\Office15\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
TCP: NameServer = 192.168.0.10
TCP: Interfaces\{18195D85-DB6B-4CD6-9C71-1E099F46D24B} : DHCPNameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{4CE61002-8F9A-42CE-AE4C-1339DB01F2DB} : DHCPNameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{6DA6402A-60EE-4D57-A6A6-7C0FB71B9184} : DHCPNameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{8B612D1A-14FE-4336-ADC2-D9D8BE03B054} : DHCPNameServer = 192.168.9.1 192.168.9.1
TCP: Interfaces\{949FFFF9-2DA6-46F5-9614-8DC7D5035323} : DHCPNameServer = 192.168.0.10
TCP: Interfaces\{949FFFF9-2DA6-46F5-9614-8DC7D5035323}\459676562775966696 : DHCPNameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{A902A7FD-8296-43DE-B849-2DD8FAEAD097} : DHCPNameServer = 10.20.30.8 10.20.30.19
TCP: Interfaces\{D29F7482-36AC-46A1-950D-8C57FF51E649} : DHCPNameServer = 192.168.0.10
TCP: Interfaces\{FF10FE80-CE43-4099-917D-CAEE3596CB84} : DHCPNameServer = 192.168.16.10
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
SSODL: WebCheck - <orphaned>
IFEO: mobilebroadband.exe - "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
x64-mSearch Page = www.google.com
x64-mDefault_Page_URL = about:blank
x64-mDefault_Search_URL = www.google.com
x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL
x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office15\ONBttnIE.dll
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
x64-IFEO: mobilebroadband.exe - "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\JP.AS2\AppData\Roaming\Mozilla\Firefox\Profiles\8uy6i9ye.default\
FF - plugin: C:\PROGRA~2\MICROS~2\Office15\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\browser\plugins\npatgpc.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMeetingJoinPluginOC.dll
FF - plugin: C:\Program Files\Microsoft\Web Platform Installer\NPWPIDetector.dll
FF - plugin: C:\Users\JP.AS2\AppData\Roaming\Mozilla\plugins\npatgpc.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2014-1-25 268512]
R0 vsock;vSockets Driver;C:\Windows\System32\drivers\vsock.sys [2014-12-9 76480]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2014-10-19 283064]
R2 atashost;WebEx Service Host for Support Center;C:\Windows\SysWOW64\atashost.exe [2014-9-15 118056]
R2 Evolution Freedom Service;Evolution Freedom Service;C:\Program Files (x86)\Sage Pastel Evolution\Freedom Service\Freedom.ServiceHost.exe [2014-6-27 338432]
R2 HWDeviceService64.exe;HWDeviceService64.exe;C:\ProgramData\DatacardService\HWDeviceService64.exe [2013-4-10 351824]
R2 igfxCUIService1.0.0.0;Intel(R) HD Graphics Control Panel Service;C:\Windows\System32\igfxCUIService.exe [2014-5-21 315352]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2015-1-28 969016]
R2 MSSQL$SQLEXPRESS2008R2;SQL Server (SQLEXPRESS2008R2);C:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS2008R2\MSSQL\Binn\sqlservr.exe [2010-4-3 61913952]
R2 TeamViewer;TeamViewer 10;C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [2014-12-17 5429520]
R2 VMUSBArbService;VMware USB Arbitration Service;C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [2014-11-18 912576]
R2 WinAutomation Service;WinAutomation Service;C:\Program Files\WinAutomation\WinAutomation.ServiceAgent.exe [2011-1-25 166912]
R2 ZAtheros Wlan Agent;ZAtheros Wlan Agent;C:\Program Files (x86)\Atheros\Ath_WlanAgent.exe [2014-8-4 72864]
R3 huawei_enumerator;huawei_enumerator;C:\Windows\System32\drivers\ew_jubusenum.sys [2014-12-12 91648]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2014-5-21 450520]
R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2012-1-19 435240]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2015-1-28 25816]
R3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2015-1-28 129752]
R3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac.sys [2015-1-28 63704]
R3 WSDScan;WSD Scan Support via UMB;C:\Windows\System32\drivers\WSDScan.sys [2009-7-14 25088]
R4 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2015-1-28 1871160]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2012-7-9 104912]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-7-8 123856]
S2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;D:\Hi-Rez Studios\HiPatchService.exe --> D:\Hi-Rez Studios\HiPatchService.exe [?]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2014-4-3 315008]
S2 SQLAgent$SQLEXPRESS2008R2;SQL Server Agent (SQLEXPRESS2008R2);C:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS2008R2\MSSQL\Binn\SQLAGENT.EXE [2010-4-3 428384]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2011-4-12 71168]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;C:\Windows\System32\drivers\ew_hwusbdev.sys [2014-12-12 109568]
S3 ew_usbenumfilter;huawei_CompositeFilter;C:\Windows\System32\drivers\ew_usbenumfilter.sys [2014-12-12 14976]
S3 huawei_cdcacm;huawei_cdcacm;C:\Windows\System32\drivers\ew_jucdcacm.sys [2014-12-12 110592]
S3 huawei_cdcecm;huawei_cdcecm;C:\Windows\System32\drivers\ew_jucdcecm.sys [2014-12-12 77312]
S3 huawei_ext_ctrl;huawei_ext_ctrl;C:\Windows\System32\drivers\ew_juextctrl.sys [2014-12-12 30720]
S3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS;C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [2014-8-4 169752]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2014-3-11 133928]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2014-3-11 347872]
S3 pikbd;Pluralinput Keyboard 0.8.6;C:\Windows\System32\drivers\pikbd.sys [2014-9-29 22880]
S3 pimou;Pluralinput Mouse 0.8.6;C:\Windows\System32\drivers\pimou.sys [2014-9-29 22880]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 27136]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys [2013-8-21 14112]
S4 Evolution Mobile Service;Evolution Mobile Service;C:\Program Files (x86)\Sage Pastel Evolution\Evolution Mobile Service\SageService.SelfHost.exe [2014-5-20 269824]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2010-4-3 59744]
S4 RsFx0150;RsFx0150 Driver;C:\Windows\System32\drivers\RsFx0150.sys [2010-4-3 313696]
S4 test;test;cmd /K start C:\Users\JP.AS2\Desktop\taskkil.txt --> cmd [?]
S4 TuneUp.UtilitiesSvc;TuneUp Utilities Service;C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe [2013-8-29 2100024]
S4 VmbService;Vodafone Mobile Broadband Service;C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe [2012-10-15 8704]
.
=============== Created Last 30 ================
.
2015-02-09 05:59:04 1188440 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{1E2D3696-18DE-4C43-A1C5-0E93521495D3}\gapaengine.dll
2015-02-09 05:57:16 11870360 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B2AD8641-E959-4D3E-AF80-A29345383876}\mpengine.dll
2015-02-05 13:27:39 -------- d-----w- C:\Users\JP.AS2\AppData\Local\CrashDumps
2015-02-05 08:37:24 -------- d-----w- C:\Users\JP.AS2\AppData\Roaming\FabFilter
2015-02-05 08:23:20 1597440 ----a-w- C:\FabFilter Volcano 2.dpm
2015-02-05 08:23:19 -------- d-----w- C:\Program Files (x86)\FabFilter
2015-02-05 08:14:39 -------- d-----w- C:\ProgramData\RAW
2015-02-05 08:14:39 -------- d-----w- C:\Program Files (x86)\Rob Papen
2015-02-05 06:20:44 11870360 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2015-02-04 14:44:47 35064 ----a-w- C:\Windows\System32\drivers\TrueSight.sys
2015-02-04 14:44:46 -------- d-----w- C:\ProgramData\RogueKiller
2015-02-04 14:44:35 -------- d-----w- C:\TDSSKiller_Quarantine
2015-02-03 07:29:21 -------- d-----w- C:\AdwCleaner
2015-01-28 12:54:28 129752 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2015-01-28 12:54:00 93400 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2015-01-28 12:54:00 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys
2015-01-28 12:54:00 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
2015-01-28 12:54:00 -------- d-----w- C:\ProgramData\Malwarebytes
2015-01-28 12:54:00 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-01-27 09:37:00 94320 ----a-w- C:\Program Files (x86)\Mozilla Firefox\webapprt-stub.exe
2015-01-27 09:37:00 922168 ----a-w- C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe
2015-01-27 09:37:00 91032 ----a-w- C:\Program Files (x86)\Mozilla Firefox\webapp-uninstaller.exe
2015-01-27 09:37:00 73816 ----a-w- C:\Program Files (x86)\Mozilla Firefox\wow_helper.exe
2015-01-27 09:37:00 34016 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npMeetingJoinPluginOC.dll
2015-01-27 09:37:00 273008 ----a-w- C:\Program Files (x86)\Mozilla Firefox\updater.exe
2015-01-27 09:37:00 27133040 ----a-w- C:\Program Files (x86)\Mozilla Firefox\xul.dll
2015-01-27 09:37:00 227704 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2015-01-27 09:37:00 220784 ----a-w- C:\Program Files (x86)\Mozilla Firefox\sandboxbroker.dll
2015-01-27 09:37:00 150128 ----a-w- C:\Program Files (x86)\Mozilla Firefox\softokn3.dll
2015-01-26 12:42:54 -------- d-----w- C:\Users\JP.AS2\AppData\Roaming\calibre
2015-01-26 12:14:12 -------- d-----w- C:\Program Files (x86)\EPUB Converter Tool
2015-01-16 06:25:19 -------- d-----w- C:\New folder
2015-01-11 11:07:17 68 ----a-w- C:\on.bat
.
==================== Find3M ====================
.
2014-12-31 11:14:31 298120 ------w- C:\Windows\System32\MpSigStub.exe
2014-11-20 16:44:40 931008 ----a-w- C:\Windows\System32\vnetlib64.dll
2014-11-20 16:44:38 66752 ----a-w- C:\Windows\System32\drivers\vmx86.sys
2014-11-20 16:44:38 438464 ----a-w- C:\Windows\SysWow64\vmnat.exe
2014-11-20 16:44:38 26816 ----a-w- C:\Windows\System32\drivers\vmnetuserif.sys
2014-11-20 16:44:26 359104 ----a-w- C:\Windows\SysWow64\vmnetdhcp.exe
2014-11-20 16:44:20 81088 ----a-w- C:\Windows\System32\vmnetbridge.dll
2014-11-20 16:44:20 49856 ----a-w- C:\Windows\System32\vnetinst.dll
2014-11-20 16:44:20 48832 ----a-w- C:\Windows\System32\drivers\vmnetbridge.sys
2014-11-20 16:44:20 28864 ----a-w- C:\Windows\System32\drivers\vmnetadapter.sys
2014-11-20 16:44:20 27328 ----a-w- C:\Windows\System32\drivers\vmnet.sys
2014-11-20 16:44:16 33472 ----a-w- C:\Windows\System32\drivers\VMkbd.sys
2014-11-18 06:04:10 55488 ----a-w- C:\Windows\System32\drivers\hcmon.sys
2014-11-17 15:38:44 68288 ----a-w- C:\Windows\System32\vsocklib.dll
2014-11-17 15:38:42 76480 ----a-w- C:\Windows\System32\drivers\vsock.sys
2014-11-17 15:38:42 64192 ----a-w- C:\Windows\SysWow64\vsocklib.dll
2014-11-17 15:38:40 85584 ----a-w- C:\Windows\System32\drivers\vmci.sys
.
============= FINISH: 11:23:19.77 ===============
 
attach.txt:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 04/08/2014 10:41:58
System Uptime: 09/02/2015 11:05:42 (0 hours ago)
.
Motherboard: Acer | | EA50_HC_CR
Processor: Intel(R) Core(TM) i5-3230M CPU @ 2.60GHz | U3E1 | 2601/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 199 GiB total, 6.793 GiB free.
D: is FIXED (NTFS) - 500 GiB total, 4.001 GiB free.
E: is CDROM ()
F: is CDROM ()
Z: is NetworkDisk (NTFS) - 731 GiB total, 228.477 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: VMware Virtual Ethernet Adapter for VMnet8
Device ID: ROOT\VMWARE\0001
Manufacturer: VMware, Inc.
Name: VMware Virtual Ethernet Adapter for VMnet8
PNP Device ID: ROOT\VMWARE\0001
Service: VMnetAdapter
.
Class GUID: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Description: USB Video Device
Device ID: USB\VID_1BCF&PID_2C18&MI_00\7&22116BC6&0&0000
Manufacturer: Microsoft
Name: HD WebCam
PNP Device ID: USB\VID_1BCF&PID_2C18&MI_00\7&22116BC6&0&0000
Service: usbvideo
.
Class GUID:
Description: Base System Device
Device ID: PCI\VEN_14E4&DEV_16BE&SUBSYS_06471025&REV_10\4&2B026579&0&02E0
Manufacturer:
Name: Base System Device
PNP Device ID: PCI\VEN_14E4&DEV_16BE&SUBSYS_06471025&REV_10\4&2B026579&0&02E0
Service:
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft Teredo Tunneling Adapter
Device ID: ROOT\*TEREDO\0000
Manufacturer: Microsoft
Name: Teredo Tunneling Pseudo-Interface
PNP Device ID: ROOT\*TEREDO\0000
Service: tunnel
.
Class GUID:
Description: Base System Device
Device ID: PCI\VEN_14E4&DEV_16BF&SUBSYS_06471025&REV_10\4&2B026579&0&03E0
Manufacturer:
Name: Base System Device
PNP Device ID: PCI\VEN_14E4&DEV_16BF&SUBSYS_06471025&REV_10\4&2B026579&0&03E0
Service:
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Atheros AR5BWB222 Wireless Network Adapter
Device ID: PCI\VEN_168C&DEV_0034&SUBSYS_E052105B&REV_01\4&1B6B0519&0&00E1
Manufacturer: Atheros Communications Inc.
Name: Atheros AR5BWB222 Wireless Network Adapter
PNP Device ID: PCI\VEN_168C&DEV_0034&SUBSYS_E052105B&REV_01\4&1B6B0519&0&00E1
Service: athr
.
Class GUID:
Description: PCI Simple Communications Controller
Device ID: PCI\VEN_8086&DEV_1E3A&SUBSYS_064B1025&REV_04\3&11583659&0&B0
Manufacturer:
Name: PCI Simple Communications Controller
PNP Device ID: PCI\VEN_8086&DEV_1E3A&SUBSYS_064B1025&REV_04\3&11583659&0&B0
Service:
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: VMware Virtual Ethernet Adapter for VMnet1
Device ID: ROOT\VMWARE\0000
Manufacturer: VMware, Inc.
Name: VMware Virtual Ethernet Adapter for VMnet1
PNP Device ID: ROOT\VMWARE\0000
Service: VMnetAdapter
.
==== System Restore Points ===================
.
RP122: 09/02/2015 10:18:46 - pre-set
.
==== Installed Programs ======================
.
µTorrent
Adobe Flash Player 14 Plugin
Adobe Reader XI (11.0.07)
ARC System 2 version 2.2.0
ASIO4ALL
AutoHotkey 1.0.48.05
Broadcom NetLink Controller
Cableguys FilterShaper 3.1.6
CamStudio 2.7.2
Cisco WebEx Meetings
Convert EPUB to PDF 6.6.0
Counter-Strike 1.0
Crystal Reports Basic Runtime for Visual Studio 2008
DAEMON Tools Lite
Dropbox
EitherMouse 0.5988
Evolution Freedom Service
Evolution Mobile Service
FabFilter Volcano v2.03
FL Studio 11
FL Studio 11.5
FlowStone FL 3.0
Foxit Reader
Hi-Rez Studios Authenticate and Update Service
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946040)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946308)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946344)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947540)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947789)
IK Multimedia Authorization Manager version 1.0.9
IL Download Manager
IL Harmor
IL Shared Libraries
Intel(R) OpenCL CPU Runtime
Intel(R) Processor Graphics
iZotope Trash 2
K-Lite Mega Codec Pack 10.6.0
KORG KONTROL Editor
Lennar Digital Sylenth VSTi v1.2.1
Malwarebytes Anti-Malware version 2.0.4.1028
Microsoft .NET Framework 4.5
Microsoft Access MUI (English) 2013
Microsoft Access Setup Metadata MUI (English) 2013
Microsoft Application Error Reporting
Microsoft DCF MUI (English) 2013
Microsoft Excel MUI (English) 2013
Microsoft Groove MUI (English) 2013
Microsoft InfoPath MUI (English) 2013
Microsoft IntelliPoint 8.2
Microsoft Lync MUI (English) 2013
Microsoft Office 64-bit Components 2013
Microsoft Office OSM MUI (English) 2013
Microsoft Office OSM UX MUI (English) 2013
Microsoft Office Professional Plus 2013
Microsoft Office Proofing (English) 2013
Microsoft Office Proofing Tools 2013 - English
Microsoft Office Proofing Tools 2013 - Español
Microsoft Office Shared 64-bit MUI (English) 2013
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2013
Microsoft Office Shared MUI (English) 2013
Microsoft Office Shared Setup Metadata MUI (English) 2013
Microsoft OneNote MUI (English) 2013
Microsoft Outlook MUI (English) 2013
Microsoft PowerPoint MUI (English) 2013
Microsoft Publisher MUI (English) 2013
Microsoft Report Viewer Redistributable 2008 (KB971119)
Microsoft Report Viewer Redistributable 2008 SP1
Microsoft Security Client
Microsoft Security Essentials
Microsoft SQL Server 2008 R2 (64-bit)
Microsoft SQL Server 2008 R2 Native Client
Microsoft SQL Server 2008 R2 Policies
Microsoft SQL Server 2008 R2 RsFx Driver
Microsoft SQL Server 2008 R2 Setup (English)
Microsoft SQL Server 2008 Setup Support Files
Microsoft SQL Server Browser
Microsoft SQL Server Compact 3.5 SP2 ENU
Microsoft SQL Server Compact 3.5 SP2 Query Tools ENU
Microsoft SQL Server VSS Writer
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.51106
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.51106
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106
Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
Microsoft Visual Studio Tools for Applications 2.0 - ENU
Microsoft Web Platform Installer 2.0
Microsoft Word MUI (English) 2013
MobileWiFi
Mozilla Firefox 35.0.1 (x86 en-US)
Mozilla Maintenance Service
Native Instruments - Kore 2 Controller
Native Instruments Kore 2
Native Instruments Massive
Native Instruments Service Center
Ohm Force - Ohmicide VST
OpenAL
Outils de vérification linguistique 2013 de Microsoft Office - Français
Pastel Evolution (6.50.85)
Pastel Evolution (6.60.84)
Pastel Evolution (6.81.48)
Pastel Evolution (6.81.51)
Pastel Evolution Business Intelligence Centre
Pastel Evolution Cash Manager
Pastel Evolution Inventory Issue
Pastel Evolution Mobile Sales
Pluralinput
Polygon version 1.0
Quake Live
Qualcomm Atheros WiFi Driver Installation
Race Driver Grid
RecoveryFix for BKF Evaluation Ver 4.02.01
Sage Evolution (6.82.65)
Sage Evolution (6.82.67)
Sage Evolution (6.82.81)
Sage Evolution (7.00.174)
Sage Evolution (7.00.195)
Sage Evolution (7.00.198)
Sage Evolution (7.00.204)
Sage Evolution (7.00.207)
Sage Evolution Advanced Procurement
Sage Evolution Alert Management
Sage Evolution Debtors Manager
Sage Evolution Delivery Management
Sage Evolution Global Tax
Sage Evolution Intelligence Reporting
Sage Evolution Inventory Issue
Sage Evolution Inventory Optimisation
Sage Evolution Mobile Sales
Sage Evolution Outlook Add-in
Sage Evolution Service Manager
Sage Evolution Voucher Management
SAP Crystal Reports runtime engine for .NET Framework 4 (32-bit)
Schaack Audio Technologies Transient Shaper VST v2.04
Skype™ 7.0
SQL Server 2008 R2 Common Files
SQL Server 2008 R2 Database Engine Services
SQL Server 2008 R2 Database Engine Shared
SQL Server 2008 R2 Management Studio
Sql Server Customer Experience Improvement Program
Steam
Stutter Edit Expansion 1
Stutter Edit Expansion 2
TeamPlayer 2.2.0
TeamSpeak 3 Client
TeamViewer 10
TeraCopy 2.3
TuneUp Utilities 2014
TuneUp Utilities 2014 (en-US)
Virtual DJ Pro Full - Atomix Productions
VLC media player 1.1.9
VMware Player
Vodafone Mobile Broadband
Warface Launcher (Beta)
Waves Complete V9r21
Winamp
WinAutomation
Windows Small Business Server 2011 Standard ClientAgent
Windows Small Business Server 2011 Standard WMI Provider
WinRAR 5.00 beta 8 (64-bit)
.
==== Event Viewer Messages From Past Week ========
.
09/02/2015 11:08:00, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
09/02/2015 11:01:09, Error: Schannel [36888] - The following fatal alert was generated: 10. The internal error state is 10.
09/02/2015 08:31:50, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
09/02/2015 07:45:33, Error: NETLOGON [5719] - This computer was not able to set up a secure session with a domain controller in domain AS2 due to the following: There are currently no logon servers available to service the logon request. This may lead to authentication problems. Make sure that this computer is connected to the network. If the problem persists, please contact your domain administrator. ADDITIONAL INFO If this computer is a domain controller for the specified domain, it sets up the secure session to the primary domain controller emulator in the specified domain. Otherwise, this computer sets up the secure session to any domain controller in the specified domain.
08/02/2015 17:47:12, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.191.4085.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.11302.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
08/02/2015 17:41:09, Error: Microsoft-Windows-TerminalServices-RemoteConnectionManager [1067] - The terminal server cannot register 'TERMSRV' Service Principal Name to be used for server authentication. The following error occured: The specified domain either does not exist or could not be contacted. .
08/02/2015 17:37:33, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.191.4085.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.11302.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
08/02/2015 17:37:11, Error: Microsoft-Windows-GroupPolicy [1129] - The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.
07/02/2015 15:15:44, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the MBAMScheduler service.
06/02/2015 16:11:08, Error: Microsoft-Windows-SharedAccess_NAT [31004] - The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.
05/02/2015 12:43:32, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
05/02/2015 12:43:03, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.
05/02/2015 12:42:27, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the LanmanServer service.
05/02/2015 08:26:12, Error: Microsoft-Windows-SharedAccess_NAT [30013] - The DHCP allocator has disabled itself on IP address 192.168.0.110, since the IP address is outside the 192.168.137.0/255.255.255.0 scope from which addresses are being allocated to DHCP clients. To enable the DHCP allocator on this IP address, change the scope to include the IP address, or change the IP address to fall within the scope.
05/02/2015 08:08:20, Error: Microsoft-Windows-SharedAccess_NAT [34001] - The ICS_IPV6 failed to configure IPv6 stack.
.
==== End Of File ===========================
 
redtarget.gif
Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2

  • Close all the running programs
  • Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator
  • Otherwise just double-click on RogueKiller.exe
  • Pre-scan will start. Let it finish.
  • Click on SCAN button.
  • Wait until the Status box shows Scan Finished
  • Click on Delete.
  • Wait until the Status box shows Deleting Finished.
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • RKreport.txt could also be found on your desktop.
  • If more than one log is produced post all logs.
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

redtarget.gif
Create new restore point before proceeding with the next step....
How to: http://www.smartestcomputing.us.com/topic/63983-how-to-create-new-restore-point-all-windows/

Download
51a5f31352b88-icon_MBAR.png
Malwarebytes Anti-Rootkit (MBAR) to your desktop.
  • Warning! Malwarebytes Anti-Rootkit needs to be run from an account with administrator rights.
  • Double click on downloaded file. OK self extracting prompt.
  • MBAR will start. Click "Next" to continue.
  • Click in the following screen "Update" to obtain the latest malware definitions.
  • Once the update is complete select "Next" and click "Scan".
  • When the scan is finished and no malware has been found select "Exit".
  • If malware was detected, make sure to check all the items and click "Cleanup". Reboot your computer.
  • Open the MBAR folder located on your Desktop and paste the content of the following files in your next reply:
    • "mbar-log-{date} (xx-xx-xx).txt"
    • "system-log.txt"
NOTE. If you see This version requires you to completely exit the Anti Malware application message right click on the Malwarebytes Anti-Malware icon in the system tray and click on Exit.
 
*-*-* In Decending order *-*-* RKreport_DEL_02102015_163608.log

RogueKiller V10.2.0.0 [Jan 19 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : JP [Administrator]
Mode : Delete -- Date : 02/10/2015 16:36:08

¤¤¤ Processes : 2 ¤¤¤
[Proc.Injected] iexplore.exe(7148) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe[7] -> Killed [TermProc]
[Proc.Injected] iexplore.exe(5652) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe[7] -> Killed [TermProc]

¤¤¤ Registry : 13 ¤¤¤
[PUM.SearchPage] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Search Page : http://go.microsoft.com/fwlink/?LinkId=54896 -> Replaced (http://go.microsoft.com/fwlink/?LinkId=54896)
[PUM.SearchPage] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Search Page : http://go.microsoft.com/fwlink/?LinkId=54896 -> Replaced (http://go.microsoft.com/fwlink/?LinkId=54896)
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{A902A7FD-8296-43DE-B849-2DD8FAEAD097} | DhcpNameServer : [(Private Address) (XX)][(Private Address) (XX)] -> Replaced ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{A902A7FD-8296-43DE-B849-2DD8FAEAD097} | DhcpNameServer : [(Private Address) (XX)][(Private Address) (XX)] -> Replaced ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{A902A7FD-8296-43DE-B849-2DD8FAEAD097} | DhcpNameServer : [(Private Address) (XX)][(Private Address) (XX)] -> Replaced ()
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 2 -> Replaced (2)
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 2 -> Replaced (2)
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-1913415371-4241227638-503936330-1202\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 1 -> Replaced (1)
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-1913415371-4241227638-503936330-1202\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 1 -> Replaced (1)
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 0 -> Replaced (0)
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 0 -> Replaced (0)
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 0 -> Replaced (0)
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 0 -> Replaced (0)

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤

¤¤¤ Web browsers : 1 ¤¤¤
[FIREFX:Addon] 8uy6i9ye.default : Battlefield Play4Free [battlefieldplay4free@ea.com] -> Deleted

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: TOSHIBA MQ01ABD075 ATA Device +++++
--- User ---
[MBR] 5425fba6f519b39071d0f4b6a4d379ca
[BSP] 95e5e9219f45e49bf13c080a11a9cb95 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 203302 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 416569344 | Size: 512000 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK


============================================
RKreport_DEL_02042015_165229.log - RKreport_SCN_02042015_165123.log - RKreport_SCN_02102015_163406.log - RKreport_DEL_02102015_163521.log
RKreport_DEL_02102015_163542.log
 
RKreport_DEL_02102015_163542.log


RogueKiller V10.2.0.0 [Jan 19 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : JP [Administrator]
Mode : Delete -- Date : 02/10/2015 16:35:42

¤¤¤ Processes : 2 ¤¤¤
[Proc.Injected] iexplore.exe(7148) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe[7] -> Killed [TermProc]
[Proc.Injected] iexplore.exe(5652) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe[7] -> Killed [TermProc]

¤¤¤ Registry : 13 ¤¤¤
[PUM.SearchPage] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Search Page : www.google.com -> Replaced (http://go.microsoft.com/fwlink/?LinkId=54896)
[PUM.SearchPage] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Search Page : www.google.com -> Replaced (http://go.microsoft.com/fwlink/?LinkId=54896)
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{A902A7FD-8296-43DE-B849-2DD8FAEAD097} | DhcpNameServer : 10.20.30.8 10.20.30.19 [(Private Address) (XX)][(Private Address) (XX)] -> Replaced ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{A902A7FD-8296-43DE-B849-2DD8FAEAD097} | DhcpNameServer : 10.20.30.8 10.20.30.19 [(Private Address) (XX)][(Private Address) (XX)] -> Replaced ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{A902A7FD-8296-43DE-B849-2DD8FAEAD097} | DhcpNameServer : 10.20.30.8 10.20.30.19 [(Private Address) (XX)][(Private Address) (XX)] -> Replaced ()
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> Replaced (2)
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> Replaced (2)
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-1913415371-4241227638-503936330-1202\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Replaced (1)
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-1913415371-4241227638-503936330-1202\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Replaced (1)
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Replaced (0)
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Replaced (0)
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Replaced (0)
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Replaced (0)

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: TOSHIBA MQ01ABD075 ATA Device +++++
--- User ---
[MBR] 5425fba6f519b39071d0f4b6a4d379ca
[BSP] 95e5e9219f45e49bf13c080a11a9cb95 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 203302 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 416569344 | Size: 512000 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK


============================================
RKreport_DEL_02042015_165229.log - RKreport_SCN_02042015_165123.log - RKreport_SCN_02102015_163406.log - RKreport_DEL_02102015_163521.log
 
RKreport_DEL_02102015_163521.log

RogueKiller V10.2.0.0 [Jan 19 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : JP [Administrator]
Mode : Delete -- Date : 02/10/2015 16:35:21

¤¤¤ Processes : 2 ¤¤¤
[Proc.Injected] iexplore.exe(7148) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe[7] -> Killed [TermProc]
[Proc.Injected] iexplore.exe(5652) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe[7] -> Killed [TermProc]

¤¤¤ Registry : 13 ¤¤¤
[PUM.SearchPage] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Search Page : www.google.com -> Not selected
[PUM.SearchPage] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Search Page : www.google.com -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{A902A7FD-8296-43DE-B849-2DD8FAEAD097} | DhcpNameServer : 10.20.30.8 10.20.30.19 [(Private Address) (XX)][(Private Address) (XX)] -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{A902A7FD-8296-43DE-B849-2DD8FAEAD097} | DhcpNameServer : 10.20.30.8 10.20.30.19 [(Private Address) (XX)][(Private Address) (XX)] -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{A902A7FD-8296-43DE-B849-2DD8FAEAD097} | DhcpNameServer : 10.20.30.8 10.20.30.19 [(Private Address) (XX)][(Private Address) (XX)] -> Not selected
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> Not selected
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> Not selected
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-1913415371-4241227638-503936330-1202\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Not selected
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-1913415371-4241227638-503936330-1202\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Not selected
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Not selected
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Not selected
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Not selected
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Not selected

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: TOSHIBA MQ01ABD075 ATA Device +++++
--- User ---
[MBR] 5425fba6f519b39071d0f4b6a4d379ca
[BSP] 95e5e9219f45e49bf13c080a11a9cb95 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 203302 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 416569344 | Size: 512000 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK


============================================
RKreport_DEL_02042015_165229.log - RKreport_SCN_02042015_165123.log - RKreport_SCN_02102015_163406.log
 
RKreport_SCN_02102015_163406.log

RogueKiller V10.2.0.0 [Jan 19 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : JP [Administrator]
Mode : Scan -- Date : 02/10/2015 16:34:06

¤¤¤ Processes : 2 ¤¤¤
[Proc.Injected] iexplore.exe(7148) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe[7] -> Killed [TermProc]
[Proc.Injected] iexplore.exe(5652) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe[7] -> Killed [TermProc]

¤¤¤ Registry : 13 ¤¤¤
[PUM.SearchPage] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Search Page : www.google.com -> Found
[PUM.SearchPage] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Search Page : www.google.com -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{A902A7FD-8296-43DE-B849-2DD8FAEAD097} | DhcpNameServer : 10.20.30.8 10.20.30.19 [(Private Address) (XX)][(Private Address) (XX)] -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{A902A7FD-8296-43DE-B849-2DD8FAEAD097} | DhcpNameServer : 10.20.30.8 10.20.30.19 [(Private Address) (XX)][(Private Address) (XX)] -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{A902A7FD-8296-43DE-B849-2DD8FAEAD097} | DhcpNameServer : 10.20.30.8 10.20.30.19 [(Private Address) (XX)][(Private Address) (XX)] -> Found
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> Found
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> Found
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-1913415371-4241227638-503936330-1202\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Found
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-1913415371-4241227638-503936330-1202\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Found

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: TOSHIBA MQ01ABD075 ATA Device +++++
--- User ---
[MBR] 5425fba6f519b39071d0f4b6a4d379ca
[BSP] 95e5e9219f45e49bf13c080a11a9cb95 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 203302 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 416569344 | Size: 512000 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK


============================================
RKreport_DEL_02042015_165229.log - RKreport_SCN_02042015_165123.log
 
MBAR log:

Malwarebytes Anti-Rootkit BETA 1.08.3.1004
www.malwarebytes.org

Database version:
main: v2015.02.10.08
rootkit: v2015.02.03.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
JP :: JP-PC [administrator]

10/02/2015 16:50:38
mbar-log-2015-02-10 (16-50-38).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 452272
Time elapsed: 27 minute(s), 24 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)
 
System log:
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.08.3.1004

(c) Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 8.0.7601.17514

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 2.594000 GHz
Memory total: 4104499200, free: 1931661312

Downloaded database version: v2015.02.10.08
Downloaded database version: v2015.02.03.01
Downloaded database version: v2014.12.06.01
Initializing...
======================
This version of Malwarebytes Anti-Rootkit requires you to completely exit the Malwarebytes Anti-Malware application to continue.
=======================================
Initializing...
This version of Malwarebytes Anti-Rootkit requires you to completely exit the Malwarebytes Anti-Malware application to continue.
=======================================


---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.08.3.1004

(c) Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 8.0.7601.17514

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 2.594000 GHz
Memory total: 4104499200, free: 2039607296

Downloaded database version: v2015.02.10.08
Downloaded database version: v2015.02.03.01
Downloaded database version: v2014.12.06.01
Initializing...
======================
------------ Kernel report ------------
02/10/2015 16:50:05
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\DRIVERS\compbatt.sys
\SystemRoot\system32\DRIVERS\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\system32\DRIVERS\vmci.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\vsock.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\msahci.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\system32\DRIVERS\MpFilter.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\vmstorfl.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\dtsoftbus01.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\ws2ifsl.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\system32\drivers\csc.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\igdkmd64.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\k57nd60a.sys
\SystemRoot\system32\DRIVERS\sdbus.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\??\C:\Windows\system32\drivers\VMkbd.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\DRIVERS\wmiacpi.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\rdpbus.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\ew_jubusenum.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\HdAudio.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\IntcDAud.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_dumpata.sys
\SystemRoot\System32\Drivers\dump_msahci.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\vmnetbridge.sys
\SystemRoot\system32\DRIVERS\VMNET.SYS
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\??\C:\Windows\system32\drivers\hcmon.sys
\??\C:\Windows\system32\drivers\vmx86.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\??\C:\Windows\system32\drivers\vmnetuserif.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\System32\drivers\ipnat.sys
\SystemRoot\System32\drivers\rdpdr.sys
\SystemRoot\system32\drivers\tdtcp.sys
\SystemRoot\System32\DRIVERS\tssecsrv.sys
\SystemRoot\System32\Drivers\RDPWD.SYS
\SystemRoot\system32\DRIVERS\asyncmac.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\point64.sys
\SystemRoot\system32\DRIVERS\WSDScan.sys
\SystemRoot\system32\DRIVERS\WSDPrint.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\psapi.dll
\Windows\System32\difxapi.dll
\Windows\System32\comdlg32.dll
\Windows\System32\shell32.dll
\Windows\System32\clbcatq.dll
\Windows\System32\msctf.dll
\Windows\System32\setupapi.dll
\Windows\System32\wininet.dll
\Windows\System32\user32.dll
\Windows\System32\gdi32.dll
\Windows\System32\ws2_32.dll
\Windows\System32\iertutil.dll
\Windows\System32\advapi32.dll
\Windows\System32\imm32.dll
\Windows\System32\imagehlp.dll
\Windows\System32\rpcrt4.dll
\Windows\System32\Wldap32.dll
\Windows\System32\kernel32.dll
\Windows\System32\nsi.dll
\Windows\System32\usp10.dll
\Windows\System32\msvcrt.dll
\Windows\System32\shlwapi.dll
\Windows\System32\oleaut32.dll
\Windows\System32\lpk.dll
\Windows\System32\normaliz.dll
\Windows\System32\ole32.dll
\Windows\System32\urlmon.dll
\Windows\System32\sechost.dll
\Windows\System32\devobj.dll
\Windows\System32\KernelBase.dll
\Windows\System32\crypt32.dll
\Windows\System32\cfgmgr32.dll
\Windows\System32\wintrust.dll
\Windows\System32\comctl32.dll
\Windows\System32\msasn1.dll
\Windows\SysWOW64\normaliz.dll
----------- End -----------
Done!

Scan started
Database versions:
main: v2015.02.10.08
rootkit: v2015.02.03.01

<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa800502c060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800502cb90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800502c060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8004a06060, DeviceName: \Device\Ide\IdeDeviceP0T0L0-0\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: E865E392

Partition information:

Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 2048 Numsec = 204800
Partition file system is NTFS
Partition is bootable

Partition 1 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 206848 Numsec = 416362496

Partition 2 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 416569344 Numsec = 1048576000

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 750156374016 bytes
Sector size: 512 bytes

Done!
Scan finished
=======================================


Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-I.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-0-2048-I.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removal finished
 
Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Never rename Combofix unless instructed.
  • Close any open browsers.
  • Very Important! Temporarily disable your anti-virus and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    If the connection is not there use restore point you created prior to running Combofix.
  • Double click on combofix.exe & follow the prompts.

  • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error Illegal operation attempted on a registery key that has been marked for deletion, restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try the following...

Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

Restart computer in safe mode

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Windows Vista, 7 or 8 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

When the scan is done Notepad will open with rKill.txt log.
NOTE. rKill.txt log will also be present on your desktop.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
 
Thank you sir :)

here are my logs for ComboFix:

ComboFix 15-03-01.01 - JP 02/03/2015 17:16:20.1.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3914.2463 [GMT 2:00]
Running from: c:\users\JP.AS2\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\UniDeealsa
c:\program files (x86)\UniDeealsa\r72tBS7d0rw9oq.dat
c:\program files (x86)\UniDeealsa\r72tBS7d0rw9oq.exe
c:\program files (x86)\UniDeealsa\r72tBS7d0rw9oq.tlb
c:\program files (x86)\UniDeealsa\r72tBS7d0rw9oq.x64.dll
c:\programdata\ntuser.pol
c:\users\JP.AS2\AppData\Local\assembly\tmp
c:\windows\msvcr71.dll
c:\windows\SysWow64\80509.dat
c:\windows\SysWow64\hookdll.dll
c:\windows\SysWow64\tmp276D.tmp
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_test
.
.
((((((((((((((((((((((((( Files Created from 2015-02-02 to 2015-03-02 )))))))))))))))))))))))))))))))
.
.
2015-03-02 15:28 . 2015-03-02 15:28 144 ----a-w- c:\windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2015-03-02 15:23 . 2015-03-02 15:23 -------- d-----w- c:\users\JP~AS2\AppData\Local\temp
2015-03-02 15:23 . 2015-03-02 15:23 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-03-02 15:23 . 2015-03-02 15:23 -------- d-----w- c:\users\netadmin\AppData\Local\temp
2015-03-02 15:23 . 2015-03-02 15:23 -------- d-----w- c:\users\JP\AppData\Local\temp
2015-03-02 14:57 . 2015-03-02 14:57 -------- d-----w- C:\CSV
2015-03-02 14:52 . 2015-01-29 09:07 11910896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7E95EA3E-72B4-44D8-B30B-8244EC003E24}\mpengine.dll
2015-03-02 06:07 . 2015-01-29 09:07 11910896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2015-02-25 11:42 . 2015-02-25 11:42 -------- d-----w- c:\users\JP.AS2\AppData\Local\TechSmith
2015-02-25 11:40 . 2015-02-25 11:40 -------- d-----w- c:\programdata\regid.1995-08.com.techsmith
2015-02-25 11:39 . 2015-02-25 11:39 -------- d-----w- c:\program files (x86)\Common Files\TechSmith Shared
2015-02-25 11:38 . 2015-02-25 11:38 -------- d-----w- c:\programdata\TechSmith
2015-02-25 11:38 . 2015-02-25 11:38 -------- d-----w- c:\program files (x86)\TechSmith
2015-02-20 14:10 . 2015-02-20 14:10 -------- d-----w- c:\users\JP.AS2\AppData\Local\AskPartnerNetwork
2015-02-20 14:10 . 2015-02-20 14:10 -------- d-----w- c:\programdata\AskPartnerNetwork
2015-02-20 14:10 . 2015-02-20 14:10 -------- d-----w- c:\program files (x86)\AskPartnerNetwork
2015-02-20 14:09 . 2015-02-20 14:09 -------- d-----w- c:\programdata\APN
2015-02-20 14:09 . 2015-02-20 14:09 -------- d-----w- c:\programdata\YTD Video Downloader
2015-02-20 14:08 . 2015-02-20 14:08 -------- d-----w- c:\program files (x86)\GreenTree Applications
2015-02-19 07:18 . 2015-02-19 07:18 -------- d-----w- c:\programdata\AMMYY
2015-02-16 06:34 . 2015-02-16 06:34 -------- d-----w- c:\users\JP.AS2\AppData\Local\Geckofx
2015-02-16 06:28 . 2015-02-16 06:28 -------- d-----w- c:\program files (x86)\eReflect
2015-02-16 06:28 . 2015-02-16 06:31 -------- d-----w- c:\programdata\Ultimate Vocabulary
2015-02-16 06:24 . 2015-02-16 06:24 -------- d-----w- c:\users\JP.AS2\AppData\Roaming\eReflect
2015-02-14 05:10 . 2015-02-14 05:10 -------- d-----w- c:\program files\Common Files\Steinberg
2015-02-14 05:10 . 2015-02-14 05:11 -------- d-----w- c:\program files\Sugar Bytes
2015-02-12 11:00 . 2015-02-12 12:34 -------- d-----w- c:\users\JP.AS2\AppData\Local\Free YouTube Downloader
2015-02-12 10:59 . 2015-02-12 10:59 -------- d-----w- c:\program files (x86)\Free YouTube Downloader
2015-02-12 07:54 . 2015-02-12 07:54 -------- d-----w- c:\program files (x86)\UNiDEals o
2015-02-10 18:14 . 2015-02-10 18:14 -------- d-----w- c:\program files (x86)\MP3Diags-unstable
2015-02-10 14:50 . 2015-02-10 15:18 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2015-02-09 05:59 . 2014-09-16 17:00 1188440 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1E2D3696-18DE-4C43-A1C5-0E93521495D3}\gapaengine.dll
2015-02-05 13:27 . 2015-03-02 06:16 -------- d-----w- c:\users\JP.AS2\AppData\Local\CrashDumps
2015-02-05 08:37 . 2015-02-05 08:37 -------- d-----w- c:\users\JP.AS2\AppData\Roaming\FabFilter
2015-02-05 08:23 . 2009-03-18 18:23 1597440 ----a-w- C:\FabFilter Volcano 2.dpm
2015-02-05 08:23 . 2015-02-05 08:23 -------- d-----w- c:\program files (x86)\FabFilter
2015-02-05 08:14 . 2015-02-05 08:14 -------- d-----w- c:\programdata\RAW
2015-02-05 08:14 . 2015-02-05 08:14 -------- d-----w- c:\program files (x86)\Rob Papen
2015-02-04 14:44 . 2015-02-10 14:13 35064 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2015-02-04 14:44 . 2015-02-04 14:44 -------- d-----w- c:\programdata\RogueKiller
2015-02-04 14:44 . 2015-02-04 14:44 -------- d-----w- C:\TDSSKiller_Quarantine
2015-02-03 07:29 . 2015-02-03 07:31 -------- d-----w- C:\AdwCleaner
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-03-02 13:57 . 2015-01-28 12:54 129752 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-02-16 08:59 . 2014-08-04 17:53 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-02-16 08:59 . 2014-08-04 17:53 701616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2015-02-11 06:36 . 2015-02-11 06:38 14804709 ----a-w- C:\StiegelMeyer_110214.zip
2015-02-10 14:49 . 2015-01-28 12:54 97496 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-01-11 11:08 . 2015-01-11 11:07 68 ----a-w- C:\on.bat
2015-01-08 15:36 . 2015-01-09 06:02 150080131 ----a-w- C:\3streams smokehouse.zip
2014-12-31 11:14 . 2010-11-21 03:27 298120 ------w- c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2012-10-01 18:33 1720976 ----a-w- c:\progra~2\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2012-10-01 18:33 1720976 ----a-w- c:\progra~2\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2012-10-01 18:33 1720976 ----a-w- c:\progra~2\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2014-08-17 04:09 131480 ----a-w- c:\users\JP.AS2\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2014-08-17 04:09 131480 ----a-w- c:\users\JP.AS2\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2014-08-17 04:09 131480 ----a-w- c:\users\JP.AS2\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2014-08-17 04:09 131480 ----a-w- c:\users\JP.AS2\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2014-08-17 04:09 131480 ----a-w- c:\users\JP.AS2\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2014-08-17 04:09 131480 ----a-w- c:\users\JP.AS2\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2014-08-17 04:09 131480 ----a-w- c:\users\JP.AS2\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2014-08-17 04:09 131480 ----a-w- c:\users\JP.AS2\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Mobile Partner"="c:\program files (x86)\MobileWiFi\MobileWiFi" [X]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2014-03-04 3696912]
"uTorrent"="c:\users\JP.AS2\AppData\Roaming\uTorrent\uTorrent.exe" [2014-12-01 1385808]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ApnTBMon"="c:\program files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe" [2015-02-04 1980824]
"KORG USB-MIDI Driver"="c:\program files (x86)\KORG\KORG USB-MIDI Driver\EsHelper2.exe" [2014-01-15 394096]
.
c:\users\JP.AS2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Send to OneNote.lnk - c:\program files (x86)\Microsoft Office\Office15\ONENOTEM.EXE /tsr [2012-10-1 158344]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"midi2"=KORGUM64.DRV
"midi3"=KORGUM64.DRV
"midi4"=KORGUM64.DRV
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R2 SQLAgent$SQLEXPRESS2008R2;SQL Server Agent (SQLEXPRESS2008R2);c:\program files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS2008R2\MSSQL\Binn\SQLAGENT.EXE;c:\program files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS2008R2\MSSQL\Binn\SQLAGENT.EXE [x]
R2 WinAutomation Service;WinAutomation Service;c:\program files\WinAutomation\WinAutomation.ServiceAgent.exe;c:\program files\WinAutomation\WinAutomation.ServiceAgent.exe [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys;c:\windows\SYSNATIVE\DRIVERS\ew_hwusbdev.sys [x]
R3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\DRIVERS\ew_usbenumfilter.sys;c:\windows\SYSNATIVE\DRIVERS\ew_usbenumfilter.sys [x]
R3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\DRIVERS\ew_jucdcacm.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jucdcacm.sys [x]
R3 huawei_cdcecm;huawei_cdcecm;c:\windows\system32\DRIVERS\ew_jucdcecm.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jucdcecm.sys [x]
R3 huawei_ext_ctrl;huawei_ext_ctrl;c:\windows\system32\DRIVERS\ew_juextctrl.sys;c:\windows\SYSNATIVE\DRIVERS\ew_juextctrl.sys [x]
R3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [x]
R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x]
R3 KORGUMDS;KORG USB-MIDI Driver for Windows;c:\windows\system32\Drivers\KORGUM64.SYS;c:\windows\SYSNATIVE\Drivers\KORGUM64.SYS [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 pikbd;Pluralinput Keyboard 0.8.6;c:\windows\system32\DRIVERS\pikbd.sys;c:\windows\SYSNATIVE\DRIVERS\pikbd.sys [x]
R3 pimou;Pluralinput Mouse 0.8.6;c:\windows\system32\DRIVERS\pimou.sys;c:\windows\SYSNATIVE\DRIVERS\pimou.sys [x]
R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\DRIVERS\WSDScan.sys;c:\windows\SYSNATIVE\DRIVERS\WSDScan.sys [x]
R4 Evolution Mobile Service;Evolution Mobile Service;c:\program files (x86)\Sage Pastel Evolution\Evolution Mobile Service\SageService.SelfHost.exe;c:\program files (x86)\Sage Pastel Evolution\Evolution Mobile Service\SageService.SelfHost.exe [x]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [x]
R4 RsFx0150;RsFx0150 Driver;c:\windows\system32\DRIVERS\RsFx0150.sys;c:\windows\SYSNATIVE\DRIVERS\RsFx0150.sys [x]
R4 VmbService;Vodafone Mobile Broadband Service;c:\program files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe;c:\program files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe [x]
S0 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys;c:\windows\SYSNATIVE\DRIVERS\vmci.sys [x]
S0 vsock;vSockets Driver;c:\windows\system32\drivers\vsock.sys;c:\windows\SYSNATIVE\drivers\vsock.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S2 APNMCP;Ask Update Service;c:\program files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe;c:\program files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [x]
S2 atashost;WebEx Service Host for Support Center;c:\windows\SysWOW64\atashost.exe;c:\windows\SysWOW64\atashost.exe [x]
S2 Evolution Freedom Service;Evolution Freedom Service;c:\program files (x86)\Sage Pastel Evolution\Freedom Service\Freedom.ServiceHost.exe;c:\program files (x86)\Sage Pastel Evolution\Freedom Service\Freedom.ServiceHost.exe [x]
S2 HWDeviceService64.exe;HWDeviceService64.exe;c:\programdata\DatacardService\HWDeviceService64.exe;c:\programdata\DatacardService\HWDeviceService64.exe [x]
S2 igfxCUIService1.0.0.0;Intel(R) HD Graphics Control Panel Service;c:\windows\system32\igfxCUIService.exe;c:\windows\SYSNATIVE\igfxCUIService.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]
S2 MSSQL$SQLEXPRESS2008R2;SQL Server (SQLEXPRESS2008R2);c:\program files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS2008R2\MSSQL\Binn\sqlservr.exe;c:\program files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS2008R2\MSSQL\Binn\sqlservr.exe [x]
S2 TeamViewer9;TeamViewer 9;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [x]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe;c:\program files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe [x]
S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [x]
S2 ZAtheros Wlan Agent;ZAtheros Wlan Agent;c:\program files (x86)\Atheros\Ath_WlanAgent.exe;c:\program files (x86)\Atheros\Ath_WlanAgent.exe [x]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jubusenum.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys;c:\program files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys [x]
.
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2012-10-01 18:47 2322576 ----a-w- c:\progra~1\MICROS~3\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2012-10-01 18:47 2322576 ----a-w- c:\progra~1\MICROS~3\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2012-10-01 18:47 2322576 ----a-w- c:\progra~1\MICROS~3\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2014-08-17 04:10 164760 ----a-w- c:\users\JP.AS2\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2014-08-17 04:10 164760 ----a-w- c:\users\JP.AS2\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2014-08-17 04:10 164760 ----a-w- c:\users\JP.AS2\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2014-08-17 04:10 164760 ----a-w- c:\users\JP.AS2\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2014-08-17 04:10 164760 ----a-w- c:\users\JP.AS2\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2014-08-17 04:10 164760 ----a-w- c:\users\JP.AS2\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2014-08-17 04:10 164760 ----a-w- c:\users\JP.AS2\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2014-08-17 04:10 164760 ----a-w- c:\users\JP.AS2\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Drivers32]
"midi2"=KORGUM64.DRV
"midi3"=KORGUM64.DRV
"midi4"=KORGUM64.DRV
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mDefault_Search_URL = www.google.com
mDefault_Page_URL = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~2\Office15\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.0.10
TCP: Interfaces\{949FFFF9-2DA6-46F5-9614-8DC7D5035323}: DhcpNameServer = 192.168.0.10
TCP: Interfaces\{949FFFF9-2DA6-46F5-9614-8DC7D5035323}\459676562775966696: DhcpNameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{949FFFF9-2DA6-46F5-9614-8DC7D5035323}\54368616C61627026496378696E676: DhcpNameServer = 10.0.0.2
TCP: Interfaces\{949FFFF9-2DA6-46F5-9614-8DC7D5035323}\64275646469656: DhcpNameServer = 10.0.0.2
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - c:\program files (x86)\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL
FF - ProfilePath - c:\users\JP.AS2\AppData\Roaming\Mozilla\Firefox\Profiles\8uy6i9ye.default\
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{0c8b4c42-6da8-42aa-a225-1f91e7c6ad73} - c:\program files (x86)\UniDeealsa\r72tBS7d0rw9oq.dll
BHO-{0c8b4c42-6da8-42aa-a225-1f91e7c6ad73} - c:\program files (x86)\UniDeealsa\r72tBS7d0rw9oq.x64.dll
AddRemove-Native Instruments - Kore 2 Controller - c:\program files (x86)\Native Instruments\Kore 2 Controller\uninst.exe Software\Native Instruments\Kore 2 Controller\Setup
AddRemove-{11F6D5AB-263F-388E-74DE-E3DECD390E3F} - c:\program files (x86)\UniDeealsa\r72tBS7d0rw9oq.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\windows\SysWOW64\vmnat.exe
c:\program files (x86)\Microsoft Office\Office15\ONENOTEM.EXE
c:\program files (x86)\VMware\VMware Player\vmware-authd.exe
c:\windows\SysWOW64\vmnetdhcp.exe
.
**************************************************************************
.
Completion time: 2015-03-02 17:32:46 - machine was rebooted
ComboFix-quarantined-files.txt 2015-03-02 15:32
.
Pre-Run: 7,484,006,400 bytes free
Post-Run: 5,047,242,752 bytes free
.
- - End Of File - - 9CA0826F8F8D70802BE951CB0C5FF499
A36C5E4F47E84449FF07ED3517B43A31
 
Running from: c:\users\JP.AS2\Downloads\ComboFix.exe
Please move Combofix to proper location (Desktop).

redtarget.gif
Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

redtarget.gif
Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

redtarget.gif
Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please copy and paste it to your reply.
 
Here is AdwCleaner log:

# AdwCleaner v4.111 - Logfile created 04/03/2015 at 08:21:41
# Updated 18/02/2015 by Xplode
# Database : 2015-03-02.3 [Server]
# Operating system : Windows 7 Professional Service Pack 1 (x64)
# Username : JP - JP-PC
# Running from : C:\Users\JP.AS2\Downloads\adwcleaner_4.111.exe
# Option : Cleaning

***** [ Services ] *****

Service Deleted : APNMCP

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\apn
Folder Deleted : C:\ProgramData\AskPartnerNetwork
Folder Deleted : C:\ProgramData\ytd video downloader
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ytd video downloader
Folder Deleted : C:\Program Files (x86)\AskPartnerNetwork
Folder Deleted : C:\Program Files (x86)\GreenTree Applications
Folder Deleted : C:\Program Files (x86)\DriverToolkit
Folder Deleted : C:\Program Files (x86)\UNiDEals o

***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****

Shortcut Disinfected : C:\Users\JP.AS2\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\StormFall.lnk

***** [ Registry ] *****

Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnTbMon]
Key Deleted : HKLM\SOFTWARE\Classes\P0c8b4c42_6da8_42aa_a225_1f91e7c6ad73_.P0c8b4c42_6da8_42aa_a225_1f91e7c6ad73_
Key Deleted : HKLM\SOFTWARE\Classes\P0c8b4c42_6da8_42aa_a225_1f91e7c6ad73_.P0c8b4c42_6da8_42aa_a225_1f91e7c6ad73_.9
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0c8b4c42-6da8-42aa-a225-1f91e7c6ad73}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C7405EEB-2E16-40FE-9E27-1F48CAAB15E1}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0c8b4c42-6da8-42aa-a225-1f91e7c6ad73}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0c8b4c42-6da8-42aa-a225-1f91e7c6ad73}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{0c8b4c42-6da8-42aa-a225-1f91e7c6ad73}
Key Deleted : HKCU\Software\AskPartnerNetwork
Key Deleted : HKCU\Software\DriverToolkit
Key Deleted : HKLM\SOFTWARE\AskPartnerNetwork
Key Deleted : HKLM\SOFTWARE\Description
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{11F6D5AB-263F-388E-74DE-E3DECD390E3F}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7AB5857A57A0687786597A857BFFFFFF

***** [ Web browsers ] *****

-\\ Internet Explorer v8.0.7601.17514


-\\ Mozilla Firefox v35.0.1 (x86 en-US)


*************************

AdwCleaner[R0].txt - [2722 bytes] - [03/02/2015 09:29:25]
AdwCleaner[R1].txt - [2775 bytes] - [04/03/2015 08:19:37]
AdwCleaner[S0].txt - [2790 bytes] - [03/02/2015 09:31:32]
AdwCleaner[S1].txt - [2759 bytes] - [04/03/2015 08:21:41]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [2818 bytes] ##########
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.3 (03.01.2015:1)
OS: Windows 7 Professional x64
Ran by JP on 04/03/2015 at 8:34:52.69
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\ammyy"
Failed to delete: [Folder] "C:\Users\JP.AS2\AppData\Roaming\moters"
Successfully deleted: [Folder] "C:\Users\JP.AS2\appdata\local\free youtube downloader"
Successfully deleted: [Folder] "C:\Program Files (x86)\free youtube downloader"



~~~ FireFox

Successfully deleted: [File] C:\Users\JP.AS2\AppData\Roaming\mozilla\firefox\profiles\8uy6i9ye.default\searchplugins\ask-search.xml
Successfully deleted the following from C:\Users\JP.AS2\AppData\Roaming\mozilla\firefox\profiles\8uy6i9ye.default\prefs.js

user_pref("extensions.xpiState", "{\"app-profile\":{\"toolbar_SGT1-SP@apn.ask.com\":{\"d\":\"C:\\\\Users\\\\JP.AS2\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\8
Emptied folder: C:\Users\JP.AS2\AppData\Roaming\mozilla\firefox\profiles\8uy6i9ye.default\minidumps [2 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 04/03/2015 at 8:37:01.77
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
***Part1***

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-03-2015
Ran by JP (administrator) on JP-PC on 04-03-2015 08:48:29
Running from C:\Users\JP.AS2\Downloads
Loaded Profiles: JP (Available profiles: Netadmin & JP & JP)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Cisco WebEx LLC) C:\Windows\SysWOW64\atashost.exe
(Sage Pastel) C:\Program Files (x86)\Sage Pastel Evolution\Freedom Service\Freedom.ServiceHost.exe
() C:\ProgramData\DatacardService\HWDeviceService64.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(KORG Inc.) C:\Program Files (x86)\KORG\KORG USB-MIDI Driver\EsHelper2.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS2008R2\MSSQL\Binn\sqlservr.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(Softomotive) C:\Program Files\WinAutomation\WinAutomation.ServiceAgent.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesApp64.exe
(Atheros) C:\Program Files (x86)\Atheros\Ath_WlanAgent.exe
(VMware, Inc.) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Farbar) C:\Users\JP.AS2\Downloads\FRST64(1).exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [KORG USB-MIDI Driver] => C:\Program Files (x86)\KORG\KORG USB-MIDI Driver\EsHelper2.exe [394096 2014-01-16] (KORG Inc.)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKU\S-1-5-21-1913415371-4241227638-503936330-1202\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-1913415371-4241227638-503936330-1202\...\Run: [Mobile Partner] => C:\Program Files (x86)\MobileWiFi\MobileWiFi
HKU\S-1-5-21-1913415371-4241227638-503936330-1202\...\Run: [uTorrent] => C:\Users\JP.AS2\AppData\Roaming\uTorrent\uTorrent.exe [1385808 2014-12-01] (BitTorrent Inc.)
Startup: C:\Users\JP.AS2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\Office15\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\JP.AS2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\Office15\ONENOTEM.EXE (Microsoft Corporation)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-1913415371-4241227638-503936330-1202\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSSE
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSSE
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1913415371-4241227638-503936330-1202\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1913415371-4241227638-503936330-1202\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSSE
SearchScopes: HKLM-x32 -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = http://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.10

FireFox:
========
FF ProfilePath: C:\Users\JP.AS2\AppData\Roaming\Mozilla\Firefox\Profiles\8uy6i9ye.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin: @microsoft.com/wpi,version=1.0 -> C:\Program Files\Microsoft\Web Platform Installer\\npwpidetector.dll (Microsoft Corp)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/wpi,version=1.1 -> C:\Program Files\Microsoft\Web Platform Installer\\npwpidetector.dll (Microsoft Corp)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npatgpc.dll (Cisco WebEx LLC)
FF Plugin ProgramFiles/Appdata: C:\Users\JP.AS2\AppData\Roaming\mozilla\plugins\npatgpc.dll (Cisco WebEx LLC)
FF Extension: Search App by Ask - C:\Users\JP.AS2\AppData\Roaming\Mozilla\Firefox\Profiles\8uy6i9ye.default\Extensions\toolbar_SGT1-SP@apn.ask.com.xpi [2015-02-06]
FF Extension: Download Status Bar - C:\Users\JP.AS2\AppData\Roaming\Mozilla\Firefox\Profiles\8uy6i9ye.default\Extensions\{6c28e999-e900-4635-a39d-b1ec90ba0c0f}.xpi [2014-08-27]
FF Extension: SoundCloud Downloader - Technowise - C:\Users\JP.AS2\AppData\Roaming\Mozilla\Firefox\Profiles\8uy6i9ye.default\Extensions\{c8d3bc80-0810-4d21-a2c2-be5f2b2832ac}.xpi [2015-02-27]
FF Extension: Adblock Plus - C:\Users\JP.AS2\AppData\Roaming\Mozilla\Firefox\Profiles\8uy6i9ye.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-08-04]
FF Extension: DownThemAll! - C:\Users\JP.AS2\AppData\Roaming\Mozilla\Firefox\Profiles\8uy6i9ye.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2014-12-29]

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 Evolution Freedom Service; C:\Program Files (x86)\Sage Pastel Evolution\Freedom Service\Freedom.ServiceHost.exe [338432 2014-06-27] (Sage Pastel) [File not signed]
S4 Evolution Mobile Service; C:\Program Files (x86)\Sage Pastel Evolution\Evolution Mobile Service\SageService.SelfHost.exe [269824 2014-05-20] () [File not signed]
R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [351824 2013-04-10] ()
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [315352 2014-08-04] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
R2 MSSQL$SQLEXPRESS2008R2; C:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS2008R2\MSSQL\Binn\sqlservr.exe [61913952 2010-04-03] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)
S2 SQLAgent$SQLEXPRESS2008R2; C:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS2008R2\MSSQL\Binn\SQLAGENT.EXE [428384 2010-04-03] (Microsoft Corporation)
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe [2100024 2013-08-29] (TuneUp Software)
S4 VmbService; C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe [8704 2012-10-15] (Vodafone) [File not signed]
R2 WinAutomation Service; C:\Program Files\WinAutomation\WinAutomation.ServiceAgent.exe [166912 2011-01-27] (Softomotive) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)
R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Atheros\Ath_WlanAgent.exe [72864 2012-02-19] (Atheros) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-10-19] (Disc Soft Ltd)
S3 KORGUMDS; C:\Windows\System32\Drivers\KORGUM64.SYS [34136 2014-01-16] (KORG INC.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-03-04] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
S3 pikbd; C:\Windows\System32\DRIVERS\pikbd.sys [22880 2013-11-30] (Christian Gulden)
S3 pimou; C:\Windows\System32\DRIVERS\pimou.sys [22880 2013-11-30] (Christian Gulden)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-02-10] ()
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys [14112 2013-08-21] (TuneUp Software)
R0 vsock; C:\Windows\System32\drivers\vsock.sys [76480 2014-11-17] (VMware, Inc.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
***Part2***



==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-04 08:44 - 2015-03-04 08:48 - 00013528 _____ () C:\Users\JP.AS2\Downloads\FRST.txt
2015-03-04 08:44 - 2015-03-04 08:44 - 00033188 _____ () C:\Users\JP.AS2\Downloads\Addition.txt
2015-03-04 08:43 - 2015-03-04 08:48 - 00000000 ____D () C:\FRST
2015-03-04 08:37 - 2015-03-04 08:37 - 00001485 _____ () C:\Users\JP.AS2\Desktop\JRT.txt
2015-03-04 08:16 - 2015-03-04 08:16 - 02092544 _____ (Farbar) C:\Users\JP.AS2\Downloads\FRST64(1).exe
2015-03-04 08:15 - 2015-03-04 08:16 - 02126848 _____ () C:\Users\JP.AS2\Downloads\adwcleaner_4.111.exe
2015-03-04 08:15 - 2015-03-04 08:15 - 01388333 _____ (Thisisu) C:\Users\JP.AS2\Downloads\JRT(1).exe
2015-03-03 17:45 - 2015-03-03 17:45 - 00010037 _____ () C:\Users\JP.AS2\Desktop\Three Streams Timesheet - 03-03-2015.xlsx
2015-03-03 17:29 - 2015-03-03 17:31 - 00000000 ____D () C:\Users\JP.AS2\Downloads\Datsik - Release Me (Remixes)
2015-03-03 14:20 - 2015-03-03 14:20 - 00033712 _____ () C:\Users\JP.AS2\Downloads\Glitch 2013 Psy Bass1.FXP
2015-03-03 14:19 - 2015-03-03 14:19 - 00089134 _____ () C:\Users\JP.AS2\Downloads\Drishti Trancegates.fxb
2015-03-03 14:18 - 2015-03-03 14:18 - 00193236 _____ () C:\Users\JP.AS2\Downloads\Bass.fxp
2015-03-03 14:18 - 2015-03-03 14:18 - 00093282 _____ () C:\Users\JP.AS2\Downloads\squelch 2.flp
2015-03-03 14:18 - 2015-03-03 14:18 - 00055550 _____ () C:\Users\JP.AS2\Downloads\squelch.flp
2015-03-03 13:52 - 2015-03-03 13:52 - 00516276 _____ () C:\Users\JP.AS2\Downloads\The Psy Producers Forum Beginners Bank V3 (Sylenth 26_01_15)(1).fxb
2015-03-03 13:10 - 2015-03-03 13:10 - 00052149 _____ () C:\Users\JP.AS2\Downloads\Salmon.zip
2015-03-03 11:08 - 2015-03-03 11:08 - 00000000 ____D () C:\Users\JP.AS2\Downloads\Smokehouse
2015-03-03 11:07 - 2015-03-03 11:07 - 00123216 _____ () C:\Users\JP.AS2\Downloads\Smokehouse.zip
2015-03-03 09:58 - 2015-03-03 09:58 - 00803118 _____ () C:\Users\JP.AS2\Downloads\15 likes! FLP.zip
2015-03-02 17:32 - 2015-03-02 17:32 - 00025636 _____ () C:\ComboFix.txt
2015-03-02 17:14 - 2015-03-02 17:32 - 00000000 ____D () C:\Qoobox
2015-03-02 17:14 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-03-02 17:14 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-03-02 17:14 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-03-02 17:14 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-03-02 17:14 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-03-02 17:14 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2015-03-02 17:14 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2015-03-02 17:14 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2015-03-02 17:13 - 2015-03-02 17:31 - 00000000 ____D () C:\Windows\erdnt
2015-03-02 16:57 - 2015-03-02 16:57 - 00000000 ____D () C:\CSV
2015-03-02 16:02 - 2015-03-02 16:02 - 100393835 _____ () C:\Users\JP.AS2\Documents\KILLER WORKOUT MOTIVATION (HD) 720P.mp4
2015-03-02 15:53 - 2015-03-02 15:53 - 101778699 _____ () C:\Users\JP.AS2\Documents\BEST MOTIVATION TO WORKOUT !!!.mp4
2015-03-02 15:49 - 2015-03-02 15:50 - 01943800 _____ (Bleeping Computer, LLC) C:\Users\JP.AS2\Downloads\rkill.exe
2015-03-02 15:47 - 2015-03-02 15:49 - 05612482 ____R (Swearware) C:\Users\JP.AS2\Desktop\ComboFix.exe
2015-03-02 15:38 - 2015-03-02 15:38 - 49340832 _____ () C:\Users\JP.AS2\Documents\Astounding Workout ART (HD).mp4
2015-03-02 15:37 - 2015-03-02 15:37 - 48427688 _____ () C:\Users\JP.AS2\Documents\Pure Motivation!.mp4
2015-02-28 16:37 - 2015-03-02 17:06 - 00000499 _____ () C:\Users\JP.AS2\Desktop\blo.txt
2015-02-27 17:27 - 2015-02-27 17:27 - 00000000 ____D () C:\Users\JP.AS2\Downloads\Dirtyphonics - Write Your Future EP (2015)
2015-02-27 15:16 - 2015-02-27 15:17 - 04812800 _____ () C:\Users\JP.AS2\Downloads\Workgroup
2015-02-27 10:39 - 2015-02-27 10:39 - 00000000 ____D () C:\Users\JP.AS2\Downloads\Jack Ü – Take Ü There (Remixes)
2015-02-27 10:13 - 2015-02-27 10:13 - 29668214 _____ () C:\Users\JP.AS2\Downloads\2015-02 pack.rar
2015-02-27 10:12 - 2015-02-27 10:12 - 00091643 _____ () C:\Users\JP.AS2\Downloads\2015-02+pack.rar.html
2015-02-27 09:27 - 2015-02-27 09:27 - 00000064 _____ () C:\Users\JP.AS2\Desktop\cc.txt
2015-02-27 09:11 - 2015-02-27 09:12 - 18105857 ____R () C:\Users\JP.AS2\Downloads\Guitar Rig 4 Presets.rar
2015-02-27 09:07 - 2015-02-27 13:49 - 00000000 ____D () C:\Users\JP.AS2\Downloads\Bong – Drop Your Head (2014) [UPA007] [GLITCH HOP, D&B, DUBSTEP] [EDM RG]
2015-02-27 09:07 - 2015-02-27 09:08 - 00000000 ____D () C:\Users\JP.AS2\Downloads\Bong – Savage (2014) [SBHM035]
2015-02-27 09:00 - 2015-02-27 09:00 - 00008373 _____ () C:\Users\JP.AS2\Desktop\freesoundclouddownloader.zip
2015-02-27 08:55 - 2015-02-27 08:57 - 00000000 ____D () C:\Users\JP.AS2\Downloads\Vikings.S03E02.HDTV.x264-KILLERS[ettv]
2015-02-27 08:39 - 2014-08-09 06:32 - 00398335 _____ () C:\Users\JP.AS2\Downloads\DJMFilterPC.zip
2015-02-27 08:39 - 2013-11-25 00:55 - 00412366 _____ () C:\Users\JP.AS2\Downloads\DimExpVSTPC.zip
2015-02-27 08:39 - 2011-09-01 18:38 - 00563873 _____ () C:\Users\JP.AS2\Downloads\OP1DrumUtilityPC_101.zip
2015-02-27 08:39 - 2011-08-30 03:15 - 00327116 _____ () C:\Users\JP.AS2\Downloads\MIDIShiftArrayVSTPC.zip
2015-02-27 08:38 - 2015-01-26 01:02 - 01052960 _____ () C:\Users\JP.AS2\Downloads\Install_Xfer_OTT.exe
2015-02-27 08:38 - 2013-11-24 11:49 - 00374755 _____ () C:\Users\JP.AS2\Downloads\DeltaModulatorPC.zip
2015-02-26 17:08 - 2015-02-26 17:11 - 00000000 ____D () C:\Users\JP.AS2\Downloads\Datsik-Down_For_My_Ninjas_EP--WEB-2014
2015-02-26 16:33 - 2015-03-03 17:32 - 00000000 ____D () C:\Users\JP.AS2\Downloads\DMS.Nutty.T.Z3ta.Hardstyle.SoundBank-AMPLiFY
2015-02-26 16:32 - 2015-02-26 16:33 - 00000000 ____D () C:\Users\JP.AS2\Downloads\Vandalism - Kick Me (WAV)
2015-02-26 16:30 - 2015-02-26 16:30 - 00000000 ____D () C:\Users\JP.AS2\Downloads\DMS Heavy Bass NI Massive Soundset
2015-02-26 16:29 - 2015-02-26 16:31 - 00000000 ____D () C:\Users\JP.AS2\Downloads\Vandalism.Just.Before.The.Drop
2015-02-26 16:28 - 2015-02-26 16:28 - 00000000 ____D () C:\Users\JP.AS2\Downloads\DMS NI Massive Electro Soundset
2015-02-26 16:10 - 2015-02-26 16:10 - 00000000 ____D () C:\Users\JP.AS2\Downloads\DanceMidiSamples Darwins Piano Sessions Vol.1 & Vol.2
2015-02-26 16:08 - 2015-02-26 16:08 - 00022226 _____ () C:\Users\JP.AS2\Downloads\[rutracker.org].t4636402.torrent
2015-02-26 16:08 - 2015-02-26 16:08 - 00020398 _____ () C:\Users\JP.AS2\Downloads\[rutracker.org].t4782641.torrent
2015-02-26 16:06 - 2015-02-26 16:06 - 00018719 _____ () C:\Users\JP.AS2\Downloads\[rutracker.org].t4513555.torrent
2015-02-26 16:06 - 2015-02-26 16:06 - 00015703 _____ () C:\Users\JP.AS2\Downloads\[rutracker.org].t4679021.torrent
2015-02-26 16:04 - 2015-02-26 16:11 - 00000000 ____D () C:\Users\JP.AS2\Downloads\Mechanimal Psytrance Samples Vol 1
2015-02-26 16:03 - 2015-02-26 16:03 - 00035691 _____ () C:\Users\JP.AS2\Downloads\uc.htm
2015-02-26 16:00 - 2015-02-26 16:00 - 00027209 _____ () C:\Users\JP.AS2\Downloads\[rutracker.org].t3745574.torrent
2015-02-26 15:59 - 2015-02-26 15:59 - 00054495 _____ () C:\Users\JP.AS2\Downloads\[rutracker.org].t2620943.torrent
2015-02-26 15:59 - 2015-02-26 15:59 - 00004705 _____ () C:\Users\JP.AS2\Downloads\[rutracker.org].t3439909.torrent
2015-02-26 15:59 - 2015-02-26 15:59 - 00003070 _____ () C:\Users\JP.AS2\Downloads\[rutracker.org].t3738934.torrent
2015-02-26 15:59 - 2015-02-26 15:59 - 00000504 _____ () C:\Users\JP.AS2\Downloads\[rutracker.org].t3684345.torrent
2015-02-26 15:58 - 2015-02-26 16:08 - 00000000 ____D () C:\Users\JP.AS2\Downloads\DanceMidiSamples.Beetz.n.Bobz.Insanity.FX.WAV-ASSiGN
2015-02-26 15:58 - 2015-02-26 16:06 - 00000000 ____D () C:\Users\JP.AS2\Downloads\DMS Hardstyle Manipulation Vol 1
2015-02-26 15:58 - 2015-02-26 16:03 - 00000000 ____D () C:\Users\JP.AS2\Downloads\NuBorn.PsyTrance
2015-02-26 15:58 - 2015-02-26 15:58 - 00000000 ____D () C:\Users\JP.AS2\Downloads\DMS Mashed-Up Dance Vocals
2015-02-26 15:57 - 2015-02-26 15:57 - 00102397 _____ () C:\Users\JP.AS2\Downloads\[rutracker.org].t2425592.torrent
2015-02-26 15:57 - 2015-02-26 15:57 - 00063551 _____ () C:\Users\JP.AS2\Downloads\[rutracker.org].t3629952.torrent
2015-02-26 15:57 - 2015-02-26 15:57 - 00034161 _____ () C:\Users\JP.AS2\Downloads\[rutracker.org].t2473423.torrent
2015-02-26 15:57 - 2015-02-26 15:57 - 00021877 _____ () C:\Users\JP.AS2\Downloads\[rutracker.org].t3465985.torrent
2015-02-26 15:57 - 2015-02-26 15:57 - 00019118 _____ () C:\Users\JP.AS2\Downloads\[rutracker.org].t4692908.torrent
2015-02-26 15:57 - 2015-02-26 15:57 - 00000000 ____D () C:\Users\JP.AS2\Downloads\DMS - Trance Bundle MIDI
2015-02-26 15:56 - 2015-02-26 15:56 - 00035856 _____ () C:\Users\JP.AS2\Downloads\[rutracker.org].t3757386.torrent
2015-02-26 15:56 - 2015-02-26 15:56 - 00034783 _____ () C:\Users\JP.AS2\Downloads\[rutracker.org].t3760099.torrent
2015-02-26 15:56 - 2015-02-26 15:56 - 00033978 _____ () C:\Users\JP.AS2\Downloads\[rutracker.org].t3409779(1).torrent
2015-02-26 15:55 - 2015-02-26 16:13 - 00000000 ____D () C:\Users\JP.AS2\Downloads\Dms - Mechanimal Psytrance Samples Vol.2
2015-02-26 15:55 - 2015-02-26 15:55 - 00033978 _____ () C:\Users\JP.AS2\Downloads\[rutracker.org].t3409779.torrent
2015-02-26 15:37 - 2015-02-26 15:37 - 00000000 ____D () C:\Users\JP.AS2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Soundcloud Playlist Downloader
2015-02-26 15:31 - 2014-11-21 22:50 - 19195346 _____ () C:\Users\JP.AS2\Downloads\Invective MW EvilEpic.wav
2015-02-26 14:10 - 2014-12-26 09:04 - 183908813 _____ () C:\Users\JP.AS2\Downloads\ums18.PlugInGuru.MegaWav.Combo.rar
2015-02-26 13:35 - 2015-02-26 14:05 - 62209288 _____ () C:\Users\JP.AS2\Downloads\ums18.PlugInGuru.MegaWav.Combo.rar.part
2015-02-26 11:49 - 2015-02-26 11:49 - 117501954 _____ () C:\Users\JP.AS2\Documents\Making Of _The Prodigy's Firestarter_ by Jim Pavloff in Ableton Live.mp4
2015-02-26 11:47 - 2015-02-26 11:47 - 56788480 _____ () C:\Users\JP.AS2\Documents\Making of _The Prodigy - Voodoo People_ in Ableton by Jim Pavloff.mp4
2015-02-26 11:46 - 2015-02-26 11:46 - 42389456 _____ () C:\Users\JP.AS2\Documents\Making of _The Prodigy - Smack My ***** Up_ in Ableton by Jim Pavloff.mp4
2015-02-26 09:59 - 2015-02-26 10:00 - 00078042 _____ () C:\Users\JP.AS2\Desktop\Job Quotation MCM_pre.rtm
2015-02-25 16:03 - 2015-02-25 16:04 - 00070126 _____ () C:\Users\JP.AS2\Desktop\Job card.rtm
2015-02-25 15:19 - 2015-02-25 15:19 - 00030740 _____ () C:\Users\JP.AS2\Downloads\[limetorrents.cc]Datzme.–.Nihilism.EP..2014..[HAR291].[ELECTRO.HOUSE..DUBST.torrent
2015-02-25 15:15 - 2015-02-25 15:16 - 39921532 _____ () C:\Users\JP.AS2\Downloads\Against Humanity - Saqqarah Remix Stems.zip
2015-02-25 14:52 - 2015-02-25 14:52 - 143385882 _____ () C:\Users\JP.AS2\Documents\POWER_RANGERS.mp4
2015-02-25 13:43 - 2015-02-25 13:43 - 00003788 _____ () C:\Windows\System32\Tasks\TechSmith Updater
2015-02-25 13:42 - 2015-02-25 13:42 - 00000000 ____D () C:\Users\JP.AS2\AppData\Local\TechSmith
2015-02-25 13:41 - 2015-02-25 13:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TechSmith
2015-02-25 13:40 - 2015-02-25 13:40 - 00000000 ____D () C:\ProgramData\regid.1995-08.com.techsmith
2015-02-25 13:38 - 2015-02-25 13:38 - 00000000 ____D () C:\ProgramData\TechSmith
2015-02-25 13:38 - 2015-02-25 13:38 - 00000000 ____D () C:\Program Files (x86)\TechSmith
2015-02-25 13:23 - 2015-02-25 13:25 - 00000000 ____D () C:\Users\JP.AS2\Downloads\Techsmith Snagit v12.2.2 Build 2107 Final Eng_Rus
2015-02-25 13:22 - 2015-02-25 13:22 - 00013652 _____ () C:\Users\JP.AS2\Downloads\[rutracker.org].t4920863.torrent
2015-02-25 10:19 - 2015-02-25 10:21 - 00000000 ____D () C:\Users\JP.AS2\Downloads\English Pronunciation Books and Audio books Collection - Mantesh
2015-02-25 09:01 - 2015-02-26 15:43 - 00000000 ____D () C:\Users\JP.AS2\Downloads\Ableton Live 9 Suite 9.1.3 (Win 64 bit) (patch - io) [ChingLiu]
2015-02-25 08:40 - 2015-02-25 08:40 - 176078321 _____ () C:\Users\JP.AS2\Documents\Dragon Ball Z_ Light of Hope - Pilot.mp4
2015-02-24 20:06 - 2015-02-24 20:06 - 00000749 _____ () C:\Users\JP.AS2\Desktop\gdsfsdfsdsfdfsdfsd.txt
2015-02-24 16:05 - 2015-02-24 16:06 - 08371384 _____ (Digital Metaphors ) C:\Users\JP.AS2\Downloads\LearnRAP.exe
2015-02-24 15:58 - 2015-02-24 15:58 - 76367905 _____ () C:\Users\JP.AS2\Documents\MOD Vienna 2015 Beyond the future by Monster Energy Highlights.mp4
2015-02-24 14:18 - 2015-02-24 14:18 - 00019365 _____ () C:\Users\JP.AS2\Downloads\[rutracker.org].t4666193.torrent
2015-02-24 13:10 - 2015-02-24 13:10 - 00001174 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk
2015-02-24 13:10 - 2015-02-24 13:10 - 00001162 _____ () C:\Users\Public\Desktop\TeamViewer 9.lnk
2015-02-24 13:10 - 2015-02-24 13:10 - 00000000 ____D () C:\Users\JP.AS2\Downloads\TeamViewer Premium v10.0.39052 Multilanguage + Crack {B@tman}
2015-02-24 13:10 - 2015-02-24 13:10 - 00000000 ____D () C:\Users\JP.AS2\Downloads\TeamViewer 9.0.26297 Incl Premium + Enterprise Activator [KaranPC]
2015-02-24 12:37 - 2015-02-24 12:37 - 49294916 _____ () C:\Users\JP.AS2\Documents\Jeremy Ellis - Maschine & MPC Lessons #22 part 2.mp4
2015-02-24 12:36 - 2015-02-24 12:36 - 48702889 _____ () C:\Users\JP.AS2\Documents\Jeremy Ellis - Maschine & MPC Lessons #22 part 1.mp4
2015-02-24 12:36 - 2015-02-24 12:36 - 23179175 _____ () C:\Users\JP.AS2\Documents\Jeremy Ellis - Maschine & MPC Lessons #23.mp4
2015-02-24 12:35 - 2015-02-24 12:35 - 46105281 _____ () C:\Users\JP.AS2\Documents\Jeremy Ellis - Maschine & MPC Lessons #21.mp4
2015-02-24 12:35 - 2015-02-24 12:35 - 44299220 _____ () C:\Users\JP.AS2\Documents\Jeremy Ellis - Maschine & MPC Lessons #20.mp4
2015-02-24 12:33 - 2015-02-24 12:33 - 65378678 _____ () C:\Users\JP.AS2\Documents\Jeremy Ellis - Maschine & MPC Lessons #18.mp4
2015-02-24 12:33 - 2015-02-24 12:33 - 34015506 _____ () C:\Users\JP.AS2\Documents\Jeremy Ellis - Maschine & MPC Lessons #19.mp4
2015-02-24 12:32 - 2015-02-24 12:32 - 50775558 _____ () C:\Users\JP.AS2\Documents\Jeremy Ellis - Maschine & MPC Lessons #17.mp4
2015-02-24 12:30 - 2015-02-24 12:30 - 24050961 _____ () C:\Users\JP.AS2\Documents\Jeremy Ellis - Maschine & MPC Lessons #16.mp4
2015-02-24 12:30 - 2015-02-24 12:30 - 14442239 _____ () C:\Users\JP.AS2\Documents\Jeremy Ellis - Maschine & MPC Lessons #15.mp4
2015-02-24 12:29 - 2015-02-24 12:29 - 21898007 _____ () C:\Users\JP.AS2\Documents\Jeremy Ellis - Maschine & MPC Lessons #13.mp4
2015-02-24 12:29 - 2015-02-24 12:29 - 21701879 _____ () C:\Users\JP.AS2\Documents\Jeremy Ellis - Maschine & MPC Lessons #12.mp4
2015-02-24 12:29 - 2015-02-24 12:29 - 15479625 _____ () C:\Users\JP.AS2\Documents\Jeremy Ellis - Maschine & MPC Lessons #14.mp4
2015-02-24 12:28 - 2015-02-24 12:28 - 28492201 _____ () C:\Users\JP.AS2\Documents\Jeremy Ellis - Maschine & MPC Lessons #10.mp4
2015-02-24 12:28 - 2015-02-24 12:28 - 15191264 _____ () C:\Users\JP.AS2\Documents\Jeremy Ellis - Maschine & MPC Lessons #11.mp4
2015-02-24 12:27 - 2015-02-24 12:27 - 38871793 _____ () C:\Users\JP.AS2\Documents\Jeremy Ellis- Maschine & MPC Lessons #5a.mp4
2015-02-24 12:27 - 2015-02-24 12:27 - 32221247 _____ () C:\Users\JP.AS2\Documents\Jeremy Ellis - Maschine & MPC Lessons #9.mp4
2015-02-24 12:27 - 2015-02-24 12:27 - 28038055 _____ () C:\Users\JP.AS2\Documents\Jeremy Ellis - Maschine & MPC Lessons #8.mp4
2015-02-24 12:25 - 2015-02-24 12:25 - 17962295 _____ () C:\Users\JP.AS2\Documents\Jeremy Ellis - Maschine & MPC Lessons #6.mp4
2015-02-24 12:25 - 2015-02-24 12:25 - 17673622 _____ () C:\Users\JP.AS2\Documents\Jeremy Ellis - Maschine & MPC Lessons #5.mp4
2015-02-24 12:24 - 2015-02-24 12:24 - 25348204 _____ () C:\Users\JP.AS2\Documents\Jeremy Ellis - Maschine & MPC Lessons.mp4
2015-02-24 12:24 - 2015-02-24 12:24 - 22212717 _____ () C:\Users\JP.AS2\Documents\Jeremy Ellis - Maschine & MPC Lessons #3.mp4
2015-02-24 12:24 - 2015-02-24 12:24 - 13679905 _____ () C:\Users\JP.AS2\Documents\Jeremy Ellis - Maschine & MPC Lessons #2.mp4
2015-02-24 12:24 - 2015-02-24 12:24 - 08672268 _____ () C:\Users\JP.AS2\Documents\Jeremy Ellis - Maschine & MPC Lessons #4.mp4
2015-02-24 12:22 - 2015-02-24 12:22 - 14436998 _____ () C:\Users\JP.AS2\Documents\Jeremy Ellis Presents_ MPC_MPD Lessons 5 - Cascara Variations.mp4
2015-02-24 12:22 - 2015-02-24 12:22 - 13099695 _____ () C:\Users\JP.AS2\Documents\Jeremy Ellis Presents_ MPC_MPD Lessons 7 - Bell and Beats 2.mp4
2015-02-24 12:22 - 2015-02-24 12:22 - 10066514 _____ () C:\Users\JP.AS2\Documents\Jeremy Ellis Presents_ MPC_MPD Lessons 8 - Bell and Beats 3.mp4
2015-02-24 12:21 - 2015-02-24 12:21 - 10217825 _____ () C:\Users\JP.AS2\Documents\Jeremy Ellis presents - MPC_MPD Lessons 2 - Son Clave.mp4
2015-02-24 12:21 - 2015-02-24 12:21 - 09535202 _____ () C:\Users\JP.AS2\Documents\Jeremy Ellis presents_ MPC_MPD Lessons 1- 6_8 Clave.mp4
2015-02-24 12:21 - 2015-02-24 12:21 - 07444259 _____ () C:\Users\JP.AS2\Documents\Jeremy Ellis presents - MPC_MPD Lessons 3 - Cascara_Palito.mp4
2015-02-24 12:21 - 2015-02-24 12:21 - 07406266 _____ () C:\Users\JP.AS2\Documents\Jeremy Ellis presents_ MPC_MPD Lessons 4 - Tumbao.mp4
2015-02-24 12:21 - 2015-02-24 12:21 - 05117022 _____ () C:\Users\JP.AS2\Documents\Jeremy Ellis Presents_ MPC_MPD Lessons 6 - Bell and Beats 1.mp4
2015-02-24 12:20 - 2015-02-24 12:20 - 06165068 _____ () C:\Users\JP.AS2\Documents\Jeremy Ellis - MPC_MPD Basics 4.mp4
2015-02-24 12:20 - 2015-02-24 12:20 - 03515846 _____ () C:\Users\JP.AS2\Documents\Jeremy Ellis - MPC_MPD Basics 3.mp4
2015-02-24 12:19 - 2015-02-24 12:19 - 05315872 _____ () C:\Users\JP.AS2\Documents\Jeremy Ellis - MPC_MPD Basics 6 - Paradiddles.mp4
2015-02-24 12:19 - 2015-02-24 12:19 - 04584075 _____ () C:\Users\JP.AS2\Documents\Jeremy Ellis - MPC_MPD Basics 8 - Triple Paradiddles.mp4
2015-02-24 12:19 - 2015-02-24 12:19 - 04397409 _____ () C:\Users\JP.AS2\Documents\Jeremy Ellis - MPC_MPD Basics 7 - Double Paradiddles.mp4
2015-02-24 12:19 - 2015-02-24 12:19 - 03955972 _____ () C:\Users\JP.AS2\Documents\Jeremy Ellis - MPC_MPD Basics 2.mp4
2015-02-24 12:18 - 2015-02-24 12:18 - 03463493 _____ () C:\Users\JP.AS2\Documents\Jeremy Ellis - MPC_MPD Basics 1.mp4
2015-02-23 19:56 - 2015-02-23 19:57 - 00000000 ____D () C:\Users\JP.AS2\Downloads\usbdeview-x64
2015-02-23 19:56 - 2015-02-23 19:56 - 00108171 _____ () C:\Users\JP.AS2\Downloads\usbdeview-x64.zip
2015-02-23 19:56 - 2014-11-17 13:51 - 00169568 _____ (NirSoft) C:\Users\JP.AS2\Downloads\USBDeview.exe
2015-02-23 19:56 - 2014-11-17 13:51 - 00022536 _____ () C:\Users\JP.AS2\Downloads\USBDeview.chm
2015-02-23 19:40 - 2015-02-23 19:40 - 02660137 _____ () C:\Users\JP.AS2\Desktop\PadKONTROLPreload_Scenes_633659301117640000.zip
2015-02-23 19:21 - 2015-02-23 19:21 - 08808479 _____ () C:\Users\JP.AS2\Downloads\PadKONTROL_Editor_Librarian_PC_633659297069650000.ZIP
2015-02-23 19:06 - 2015-01-28 23:24 - 00000000 ____D () C:\Users\JP.AS2\Downloads\__MACOSX
2015-02-23 19:06 - 2014-02-13 08:51 - 02771128 _____ (Korg Inc. ) C:\Users\JP.AS2\Downloads\DrvTools_e(1.14_r12).exe
2015-02-23 18:29 - 2015-02-23 18:29 - 02272319 _____ () C:\Users\JP.AS2\Downloads\USA_DrvTools_e(1.14_r12).zip
2015-02-23 17:13 - 2007-07-02 12:31 - 00000000 ____D () C:\Users\JP.AS2\Downloads\Pastor Troy - Tool Muziq (2007) - Rap [www.torrentazos.com]
2015-02-23 15:35 - 2015-02-23 15:35 - 00000000 ____D () C:\Users\JP.AS2\Downloads\1.0.0.34
2015-02-23 15:34 - 2015-02-23 15:34 - 03493672 _____ () C:\Users\JP.AS2\Downloads\1.0.0.34.zip
2015-02-23 13:52 - 2015-02-23 13:52 - 00070351 _____ () C:\Users\JP.AS2\Desktop\Job Quotation export.rtm
2015-02-23 12:35 - 2015-02-23 12:35 - 00078880 _____ () C:\Users\JP.AS2\Desktop\Job Invoice_2.rtm
2015-02-20 16:10 - 2015-02-20 16:10 - 00000000 ____D () C:\Users\JP.AS2\AppData\Local\AskPartnerNetwork
2015-02-20 15:16 - 2015-02-20 16:07 - 00000000 ____D () C:\Users\JP.AS2\Downloads\Heavyocity.Evolve.VSTi.DXi.RTAS.HYBRID.DVDR.D2-AiRISO
2015-02-20 14:19 - 2015-02-20 15:04 - 140255386 _____ () C:\Users\JP.AS2\Downloads\14.NeuroVision.Vol.2.rar
2015-02-20 13:43 - 2015-02-20 13:43 - 00000055 _____ () C:\Users\JP.AS2\Desktop\pltest.csv
2015-02-20 13:23 - 2015-02-20 13:23 - 00030048 _____ () C:\Users\JP.AS2\Downloads\[rutracker.org].t4039095.torrent
2015-02-20 13:23 - 2015-02-20 13:23 - 00030048 _____ () C:\Users\JP.AS2\Downloads\[rutracker.org].t4039095(2).torrent
2015-02-20 13:23 - 2015-02-20 13:23 - 00030048 _____ () C:\Users\JP.AS2\Downloads\[rutracker.org].t4039095(1).torrent
2015-02-20 13:19 - 2015-02-20 13:19 - 00006245 _____ () C:\Users\JP.AS2\Downloads\[rutracker.org].t4022388.torrent
2015-02-20 12:03 - 2015-02-20 12:21 - 110314125 _____ () C:\Users\JP.AS2\Downloads\14.NeuroVision.Vol.3.rar
2015-02-20 11:23 - 2015-02-20 11:23 - 00029623 _____ () C:\Users\JP.AS2\Downloads\[rutracker.org].t4865984.torrent
2015-02-20 11:23 - 2015-02-20 11:23 - 00017753 _____ () C:\Users\JP.AS2\Downloads\[rutracker.org].t4914065.torrent
2015-02-20 11:23 - 2015-02-20 11:23 - 00017718 _____ () C:\Users\JP.AS2\Downloads\[rutracker.org].t4875882.torrent
2015-02-20 11:23 - 2015-02-20 11:23 - 00009511 _____ () C:\Users\JP.AS2\Downloads\[rutracker.org].t4867100.torrent
2015-02-20 11:21 - 2015-02-20 11:21 - 00014165 _____ () C:\Users\JP.AS2\Downloads\[rutracker.org].t3608227.torrent
2015-02-20 11:21 - 2015-02-20 11:21 - 00005069 _____ () C:\Users\JP.AS2\Downloads\[rutracker.org].t3957668.torrent
2015-02-20 11:21 - 2015-02-20 11:21 - 00003557 _____ () C:\Users\JP.AS2\Downloads\[rutracker.org].t4522025.torrent
2015-02-20 11:20 - 2015-02-20 11:20 - 00034308 _____ () C:\Users\JP.AS2\Downloads\[rutracker.org].t4677771.torrent
2015-02-20 11:20 - 2015-02-20 11:20 - 00003624 _____ () C:\Users\JP.AS2\Downloads\[rutracker.org].t3720058.torrent
2015-02-20 11:17 - 2015-02-20 11:17 - 00010600 _____ () C:\Users\JP.AS2\Downloads\[rutracker.org].t3725710.torrent
2015-02-20 11:17 - 2015-02-20 11:17 - 00004368 _____ () C:\Users\JP.AS2\Downloads\[rutracker.org].t3960230.torrent
2015-02-20 10:49 - 2015-02-20 10:55 - 19709187 _____ () C:\Users\JP.AS2\Downloads\KICK101WiN.rar
2015-02-19 10:51 - 2015-02-19 10:52 - 00000000 ____D () C:\Users\JP.AS2\AppData\OICE_15_974FA576_32C1D314_1F2A
2015-02-19 08:52 - 2015-02-19 08:52 - 00000519 _____ () C:\Users\JP.AS2\Desktop\18-02-2015.txt
2015-02-18 10:36 - 2015-02-18 10:36 - 00020920 _____ () C:\Users\JP.AS2\Downloads\eReflect_207_20Speed_20Reading_202014_20_28Windows_2BMac_29_20_2B_20eReflect_20Confidence_20In_20Context-aMYOvE.torrent
2015-02-18 10:36 - 2015-02-18 10:36 - 00020920 _____ () C:\Users\JP.AS2\Downloads\eReflect_207_20Speed_20Reading_202014_20_28Windows_2BMac_29_20_2B_20eReflect_20Confidence_20In_20Context-aMYOvE(1).torrent
2015-02-18 10:32 - 2015-02-18 10:33 - 00000000 ____D () C:\Users\JP.AS2\Downloads\U.S. Army Reconnaissance and Surveillance Handbook
2015-02-17 18:05 - 2015-02-17 18:09 - 73882971 ____R () C:\Users\JP.AS2\Downloads\Pastor Troy - Tool Muziq (2007) - Rap [www.torrentazos.com].rar
2015-02-17 17:42 - 2015-02-17 17:42 - 00000000 ____D () C:\Users\JP.AS2\Downloads\Jason Ferruggia - Renegade Diet
2015-02-17 17:42 - 2015-02-17 17:42 - 00000000 ____D () C:\Users\JP.AS2\Downloads\Create the Style You Crave on a Budget You Can Afford The Sweet Spot Guide to Home Decor - Desha Peacock
2015-02-17 17:39 - 2015-02-17 17:42 - 00000000 ____D () C:\Users\JP.AS2\Downloads\Decision Making For Dummies -Dawna Jones + Decision Making Techniques and Applications - Mantesh
2015-02-17 17:39 - 2015-02-17 17:39 - 00000000 ____D () C:\Users\JP.AS2\Downloads\Style for Men - The Fundamentals of Style - An Illustrated Guide to Dressing Well + Being the Best Man For Dummies - Mantesh
2015-02-17 17:39 - 2015-02-17 17:39 - 00000000 ____D () C:\Users\JP.AS2\Downloads\David Wygant (America's Dating Agent) - No Excuses & SelfLove - Mantesh
2015-02-17 17:38 - 2015-02-17 17:38 - 00000000 ____D () C:\Users\JP.AS2\Downloads\Susie Dent - How To Talk Like a Local A Complete Guide to English Dialects - Mantesh
2015-02-17 17:37 - 2015-02-17 17:38 - 00000000 ____D () C:\Users\JP.AS2\Downloads\Steve Kaplan - Be the Elephant - Build a Bigger, Better Business - How to Win and Keep Big Customers - Mantesh
2015-02-17 17:35 - 2015-02-17 17:35 - 00000000 ____D () C:\Users\JP.AS2\Downloads\The New Rules of Lifting Supercharged Ten All-New Muscle-Building Programs for Men and Women - Lou Schuler, Alwyn Cosgrove - Mantesh
2015-02-17 17:34 - 2015-02-17 17:36 - 00000000 ____D () C:\Users\JP.AS2\Downloads\The Joy of Home Distilling The Ultimate Guide to Making Your Own Vodka, Whiskey, Rum, Brandy, Moonshine, and More - Mantesh
2015-02-17 17:33 - 2015-02-17 17:35 - 00000000 ____D () C:\Users\JP.AS2\Downloads\Yoga Basics for Men - An Intro to Man Flow Yoga - Dean Pohlman, Pam Apostolou - Mantesh
2015-02-17 17:33 - 2015-02-17 17:34 - 00000000 ____D () C:\Users\JP.AS2\Downloads\Improving Your Memory How to Remember What You're Starting to Forget - Janet Fogler, Lynn Stern - Mantesh
2015-02-17 17:29 - 2015-02-17 17:38 - 00000000 ____D () C:\Users\JP.AS2\Downloads\High-Intensity 300 - Intense Workouts Including 40 of thr Toughest Test for the Ultimate Challenge - Dan Trink - Mantesh
2015-02-17 17:29 - 2015-02-17 17:31 - 00000000 ____D () C:\Users\JP.AS2\Downloads\Writing With Power Techniques for Mastering the Writing Process
2015-02-17 17:29 - 2015-02-17 17:29 - 00000000 ____D () C:\Users\JP.AS2\Downloads\How to Study - Ron Fry - Mantesh
2015-02-17 17:28 - 2015-02-17 17:33 - 00000000 ____D () C:\Users\JP.AS2\Downloads\Kama Sutra - A Modern Guide to the Ancient Art of Sex - Nitya Lacroix
2015-02-17 17:28 - 2015-02-17 17:28 - 00000000 ____D () C:\Users\JP.AS2\Downloads\Now I Know More The Revealing Stories Behind Even More of the World's Most Interesting Facts - Dan Lewis - Mantesh
2015-02-17 17:27 - 2015-02-17 17:31 - 00000000 ____D () C:\Users\JP.AS2\Downloads\1,000 Inventions and Discoveries - Roger Bridgman - Mantesh
2015-02-17 17:27 - 2015-02-17 17:28 - 00000000 ____D () C:\Users\JP.AS2\Downloads\But I Didn't Mean That! - How to Avoid Misunderstandings And Hurt Feelings in Everyday Life - Richard Heyman EdD, June Paris, Rachel Small - Mantesh
2015-02-17 17:27 - 2015-02-17 17:27 - 00000000 ____D () C:\Users\JP.AS2\Downloads\How to Build a Fire And Other Handy Things Your Grandfather Knew - Erin Bried - Mantesh
2015-02-17 17:22 - 2015-02-17 17:26 - 00000000 ____D () C:\Users\JP.AS2\Downloads\*****'s Guides As Easy As It Gets ! - People Skills - Casey Hawley - Mantesh
2015-02-17 17:22 - 2015-02-17 17:25 - 00000000 ____D () C:\Users\JP.AS2\Downloads\Complete Guide to Dumbbell Training + Diamond-Cut Abs - Danny Kavadlo, Josh Bryant, Fred C. Hatfield - Mantesh
2015-02-17 17:20 - 2015-02-17 17:26 - 00000000 ____D () C:\Users\JP.AS2\Downloads\Oxford Word Skills Basic,Intermediate,Advanced - Learn and Practise English Vocabulary + Supplementary Skills Reading - Mantesh
2015-02-17 17:20 - 2015-02-17 17:22 - 00000000 ____D () C:\Users\JP.AS2\Downloads\21 Ways To Meet And Marry The Woman Of Your Dreams -Mantesh
2015-02-17 17:17 - 2015-02-17 17:21 - 00000000 ____D () C:\Users\JP.AS2\Downloads\Men's Health Push, Pull, Swing - The Fat-Torching, Muscle-Building Dumbbell, Kettlebell & Sandbag Program - Myatt Murphy - Mantesh
2015-02-17 17:16 - 2015-02-17 17:27 - 00000000 ____D () C:\Users\JP.AS2\Downloads\Target Vocabulary Books 1,2, 3 - Peter Watcyn-Jones - Mantesh
2015-02-17 17:15 - 2015-02-17 17:17 - 00000000 ____D () C:\Users\JP.AS2\Downloads\Speed Mathematics - Secret Skills for Quick Mental Calculation ,Math for Life Crucial Ideas,Achieve Their Full Potential ,Speed Mathematics Simplified - Bill Handley - Mantesh
2015-02-17 17:14 - 2015-02-17 17:17 - 00000000 ____D () C:\Users\JP.AS2\Downloads\Chi Kung - Warm Up Exercises,Health and Martial Arts,Healing Practices,Sexual Vigor,Healing Principles for Detoxification and Rejuvenation - Mantesh
2015-02-17 17:14 - 2015-02-17 17:15 - 00000000 ____D () C:\Users\JP.AS2\Downloads\Five Good Minutes in the Evening 100 Mindful Practices to Help You Relieve Stress and Bring Your Best to Work - Jeffrey Brantley - Mantesh
2015-02-17 17:14 - 2015-02-17 17:14 - 00000000 ____D () C:\Users\JP.AS2\Downloads\Things you should know about your mate 1000 Questions for Couples - Michael Webb - Mantesh
2015-02-17 17:13 - 2015-02-17 17:13 - 00000000 ____D () C:\Users\JP.AS2\Downloads\Reflexology - Beginners Guide to Eliminate Pain, Lose Weight and De-Stress with Ancient Techniques - Ingrid Sen - Mantesh
2015-02-17 17:12 - 2015-02-17 17:12 - 00000000 ____D () C:\Users\JP.AS2\Downloads\The Secrets to Writing a Successful Business Plan A Pro Shares a Step-By-Step Guide to Creating a Plan That Gets Results - Hal Shelton - Mantesh
2015-02-17 17:12 - 2015-02-17 17:12 - 00000000 ____D () C:\Users\JP.AS2\Downloads\*****'s Guides Basic Math and Pre-Algebra - Carolyn Wheater - Mantesh
2015-02-17 17:11 - 2015-02-17 17:12 - 00000000 ____D () C:\Users\JP.AS2\Downloads\Men’s Fitness Workout Manual 2015 + 10 Week Body Plan - Complete Guide to Building Muscle, Losing Fat and feeling Great- Mantesh
2015-02-17 17:11 - 2015-02-17 17:12 - 00000000 ____D () C:\Users\JP.AS2\Downloads\English How to Speak English Fluently in 1 Week - Over 70+ SECRET TIPS to Learn Vocabulary and Speak Great English - Edward Clemons - Mantesh
2015-02-17 17:11 - 2015-02-17 17:12 - 00000000 ____D () C:\Users\JP.AS2\Downloads\Boost Your Brain - Switch on Your Brain With more than 300 Puzzles,Tips and Teasers - Joel Levy - Mantesh
2015-02-16 18:49 - 2015-02-16 18:50 - 00000000 ____D () C:\Users\JP.AS2\Downloads\The.Walking.Dead.S05E10.HDTV.x264-KILLERS[ettv]
2015-02-16 11:23 - 2015-02-16 11:24 - 00043413 _____ () C:\Users\JP.AS2\Desktop\qin.csv
2015-02-16 11:21 - 2015-02-16 11:21 - 00031473 _____ () C:\Users\JP.AS2\Desktop\qin.xlsx
2015-02-16 11:03 - 2015-02-16 11:03 - 00103236 _____ () C:\Users\JP.AS2\Documents\CTN Import.csv
2015-02-16 10:53 - 2015-02-16 10:53 - 00150584 _____ () C:\Users\JP.AS2\Documents\Linkqage CTN Inventory Journal Batch 1.xlsx
2015-02-16 10:49 - 2015-02-16 10:21 - 00103236 _____ () C:\Users\JP.AS2\Documents\CTN Import.txt
2015-02-16 08:34 - 2015-02-16 08:34 - 00000000 ____D () C:\Users\JP.AS2\Documents\Ultimate Vocabulary
2015-02-16 08:34 - 2015-02-16 08:34 - 00000000 ____D () C:\Users\JP.AS2\AppData\Local\Geckofx
2015-02-16 08:29 - 2015-02-16 08:29 - 00002156 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ultimate Vocabulary 2014.lnk
2015-02-16 08:29 - 2015-02-16 08:29 - 00002144 _____ () C:\Users\Public\Desktop\Ultimate Vocabulary 2014.lnk
2015-02-16 08:28 - 2015-02-16 08:31 - 00000000 ____D () C:\ProgramData\Ultimate Vocabulary
2015-02-16 08:28 - 2015-02-16 08:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ultimate Vocabulary 2014
2015-02-16 08:28 - 2015-02-16 08:28 - 00000000 ____D () C:\Program Files (x86)\eReflect
2015-02-16 08:24 - 2015-02-16 08:24 - 00000000 ____D () C:\Users\JP.AS2\AppData\Roaming\eReflect
2015-02-14 10:08 - 2015-02-26 08:38 - 00000000 ____D () C:\Users\JP.AS2\Desktop\New folder (3)
2015-02-14 07:10 - 2015-02-14 07:11 - 00000000 ____D () C:\Users\JP.AS2\Documents\Sugar Bytes
2015-02-14 07:10 - 2015-02-14 07:11 - 00000000 ____D () C:\Users\JP.AS2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sugar Bytes
2015-02-14 07:10 - 2015-02-14 07:11 - 00000000 ____D () C:\Program Files\Sugar Bytes
2015-02-14 07:10 - 2015-02-14 07:10 - 00000000 ____D () C:\Program Files\Common Files\Steinberg
2015-02-14 06:58 - 2015-02-14 06:58 - 00000000 ____D () C:\Users\JP.AS2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TubeOhm
2015-02-14 06:58 - 2015-02-14 06:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TubeOhm
2015-02-13 17:05 - 2015-02-13 17:05 - 05447719 ____R () C:\Users\JP.AS2\Downloads\Antares.Tube.VST.DX.v1.0-ArCTiC.rar
2015-02-13 17:02 - 2015-02-16 19:03 - 00000000 ____D () C:\Users\JP.AS2\Downloads\Heavyocity.Evolve.VSTi.DXi.RTAS.HYBRID.DVDR.D1-AiRISO
2015-02-13 16:55 - 2015-02-13 17:00 - 00000000 ____D () C:\Users\JP.AS2\Downloads\Heavyocity Evolve R2 v1.6 KONTAKT UPDATE-SYNTHiC4TE [oddsox]
2015-02-13 13:56 - 2015-02-13 14:11 - 11878802 _____ () C:\Users\JP.AS2\Downloads\Hive3304Win.zip
2015-02-13 12:13 - 2015-02-13 12:13 - 00086361 _____ () C:\Users\JP.AS2\Desktop\Invoice.rtm
2015-02-13 12:13 - 2015-02-13 12:13 - 00000042 _____ () C:\Users\JP.AS2\Desktop\Invoice Data.dtm
2015-02-13 11:42 - 2015-02-13 11:42 - 00000000 ____D () C:\Users\JP.AS2\Documents\SQLSCRIPTS
2015-02-13 10:27 - 2015-02-13 10:57 - 00000000 ____D () C:\Users\JP.AS2\Downloads\eReflect Ultimate Vocabulary 2014
2015-02-13 10:26 - 2015-02-13 10:26 - 00015567 _____ () C:\Users\JP.AS2\Downloads\F7FC56621BFBD82C4A15235875A957C837779A74.torrent
2015-02-12 20:11 - 2015-02-12 20:11 - 00000023 _____ () C:\Users\JP.AS2\Desktop\pa.txt
2015-02-12 16:49 - 2015-02-12 17:00 - 00000000 ____D () C:\Users\JP.AS2\Downloads\Marco.Polo.2014.S01E03.WEBRIP.x264-2HD[rarbg]
2015-02-12 16:49 - 2015-02-12 16:58 - 00000000 ____D () C:\Users\JP.AS2\Downloads\Marco.Polo.2014.S01E04.WEBRIP.x264-2HD
2015-02-12 16:38 - 2015-02-12 16:38 - 00000000 ____D () C:\Users\JP.AS2\Downloads\Marco.Polo.2014.S01E02.WEBRIP.x264-2HD[ettv]
2015-02-12 13:32 - 2015-02-12 13:32 - 00000000 ____D () C:\Users\JP.AS2\Downloads\Better Call Saul S01E02 HDTV.XviD-AFG[Pawulon]
2015-02-12 13:07 - 2015-02-12 13:08 - 11127472 _____ () C:\Users\JP.AS2\Downloads\SetupYTD.exe
2015-02-12 12:59 - 2015-02-12 12:59 - 00001289 _____ () C:\Users\Public\Desktop\Free YouTube Downloader.lnk
2015-02-12 12:59 - 2015-02-12 12:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free YouTube Downloader
2015-02-12 12:59 - 2015-02-11 08:35 - 102067712 _____ () C:\StiegelMeyer_110214.bak
2015-02-12 12:46 - 2015-02-12 12:46 - 00000000 ____D () C:\Users\JP.AS2\Desktop\D
2015-02-12 12:45 - 2015-02-12 12:45 - 00000000 ____D () C:\Users\JP.AS2\Downloads\FL Studio Cookbook, Friedman (Packt)[PDF][StormRG]
2015-02-12 12:41 - 2015-02-12 12:42 - 00000000 ____D () C:\Users\JP.AS2\Downloads\Sonic Academy Ultimate Drums Dubstep
2015-02-12 12:40 - 2015-02-12 12:40 - 00000000 ____D () C:\Users\JP.AS2\Downloads\Fab Filter Plugins Pack WIN x86 x64 - R2R [deepstatus]
2015-02-12 10:36 - 2015-02-12 10:36 - 00000000 ____D () C:\Users\JP.AS2\Downloads\Get That Pro Sound - The Ultimate Guide to Compression
2015-02-12 10:24 - 2015-02-12 10:24 - 00000479 _____ () C:\Users\JP.AS2\Desktop\anon.txt
2015-02-12 10:15 - 2015-02-12 10:37 - 00000000 ____D () C:\Users\JP.AS2\Downloads\Groove3 Fabfilter Effects And Synths Explained TUTORiAL-MATRiX [deepstatus][h33t][1337x][flashtorrents]
2015-02-12 10:02 - 2015-02-12 10:23 - 00000000 ____D () C:\Users\JP.AS2\Downloads\Lynda - Mixing an EDM Track Tutorial-kEISO
2015-02-12 10:00 - 2015-02-12 10:05 - 00000000 ____D () C:\Users\JP.AS2\Downloads\Music Tech Magazine - 50 Ways to Supercharge Your Sound + Gear of the Year +30 Pages of Tutorials (January 2014)
2015-02-12 10:00 - 2015-02-12 10:00 - 00000000 ____D () C:\Users\JP.AS2\Downloads\[Video Tutorial] Learn to play songs by ear never need sheet music again No prior knowledge needed_
2015-02-11 09:10 - 2015-02-11 09:10 - 00000031 _____ () C:\Users\JP.AS2\Desktop\riaan.txt
2015-02-11 08:38 - 2015-02-11 08:36 - 14804709 _____ () C:\StiegelMeyer_110214.zip
2015-02-10 21:39 - 2015-02-10 21:39 - 00648177 _____ () C:\Users\JP.AS2\Documents\MP3Diags.dat
2015-02-10 20:15 - 2015-02-10 21:39 - 00002819 _____ () C:\Users\JP.AS2\Documents\MP3Diags.ini
2015-02-10 20:14 - 2015-02-10 20:14 - 00000000 ____D () C:\Users\JP.AS2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MP3 Diags Unstable
2015-02-10 20:14 - 2015-02-10 20:14 - 00000000 ____D () C:\Program Files (x86)\MP3Diags-unstable
2015-02-10 19:58 - 2015-02-10 20:01 - 07803477 _____ () C:\Users\JP.AS2\Downloads\MP3DiagsSetup-unstable.exe
2015-02-10 16:50 - 2015-02-10 17:18 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-02-10 16:47 - 2015-02-10 17:18 - 00000000 ____D () C:\Users\JP.AS2\Desktop\mbar
2015-02-10 16:44 - 2015-02-10 16:45 - 16466552 _____ (Malwarebytes Corp.) C:\Users\JP.AS2\Downloads\mbar-1.08.3.1004.exe
2015-02-10 15:58 - 2015-02-10 16:11 - 15431256 _____ () C:\Users\JP.AS2\Downloads\RogueKiller(1).exe
2015-02-10 08:31 - 2015-02-10 08:32 - 00000000 ____D () C:\Users\JP.AS2\Documents\Xite
2015-02-09 17:21 - 2015-02-09 17:51 - 00000000 ____D () C:\Users\JP.AS2\Downloads\Season 1
2015-02-09 15:30 - 2015-02-09 15:30 - 00134137 _____ () C:\Users\JP.AS2\Documents\MASTER Pricelist FINAL - ___.xlsx
2015-02-09 12:14 - 2015-02-09 12:14 - 00046886 _____ () C:\Customers.csv
2015-02-09 11:23 - 2015-02-09 11:23 - 00018561 _____ () C:\Users\JP.AS2\Desktop\dds.txt
2015-02-09 11:23 - 2015-02-09 11:23 - 00014162 _____ () C:\Users\JP.AS2\Desktop\attach.txt
2015-02-09 11:18 - 2015-02-09 11:18 - 00688992 ____R (Swearware) C:\Users\JP.AS2\Downloads\dds.com
2015-02-06 12:30 - 2015-02-06 13:58 - 267260076 _____ () C:\Users\JP.AS2\Downloads\LYNDA_MIXING_AN_EDM_TRACK_TUTORIAL-kEISO.rar.part
2015-02-05 17:41 - 2015-02-05 17:41 - 00000000 ____D () C:\Users\JP.AS2\Downloads\Limp Bizkit
2015-02-05 17:40 - 2015-02-05 17:42 - 00000000 ____D () C:\Users\JP.AS2\Downloads\Limp Bizkit Special Edition - Chocolate Starfish and the Hot Dog Flavored Water [320kbps]
2015-02-05 15:27 - 2015-03-03 16:53 - 00000000 ____D () C:\Users\JP.AS2\AppData\Local\CrashDumps
2015-02-05 10:37 - 2015-02-05 10:37 - 00000000 ____D () C:\Users\JP.AS2\Documents\FabFilter
2015-02-05 10:37 - 2015-02-05 10:37 - 00000000 ____D () C:\Users\JP.AS2\AppData\Roaming\FabFilter
2015-02-05 10:23 - 2015-02-05 10:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FabFilter
2015-02-05 10:23 - 2015-02-05 10:23 - 00000000 ____D () C:\Program Files (x86)\FabFilter
2015-02-05 10:23 - 2009-03-18 20:23 - 01597440 _____ (FabFilter) C:\FabFilter Volcano 2.dpm
2015-02-05 10:23 - 2009-03-09 02:03 - 00000286 _____ () C:\FabFilter Volcano 2.dpm.rsr
2015-02-05 10:14 - 2015-02-05 10:14 - 00000000 ____D () C:\Users\JP.AS2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Rob Papen
2015-02-05 10:14 - 2015-02-05 10:14 - 00000000 ____D () C:\ProgramData\RAW
2015-02-05 10:14 - 2015-02-05 10:14 - 00000000 ____D () C:\Program Files (x86)\Rob Papen
2015-02-05 10:06 - 2015-02-05 10:06 - 00001644 _____ () C:\Users\JP.AS2\Desktop\aaa.txt
2015-02-05 08:55 - 2015-02-05 09:00 - 00000000 ____D () C:\Users\JP.AS2\Desktop\New folder (2)
2015-02-04 16:44 - 2015-02-10 16:13 - 00035064 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2015-02-04 16:44 - 2015-02-04 16:44 - 00000000 ____D () C:\TDSSKiller_Quarantine
2015-02-04 16:44 - 2015-02-04 16:44 - 00000000 ____D () C:\ProgramData\RogueKiller
2015-02-04 13:47 - 2015-02-04 13:49 - 15431256 _____ () C:\Users\JP.AS2\Downloads\RogueKiller.exe
2015-02-04 13:22 - 2015-02-04 13:24 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\JP.AS2\Downloads\tdsskiller.exe
2015-02-04 11:44 - 2015-02-04 11:46 - 01388274 _____ (Thisisu) C:\Users\JP.AS2\Downloads\JRT.exe
2015-02-04 10:51 - 2015-02-04 10:51 - 00000000 _____ () C:\Users\JP.AS2\Desktop\New Text Document (3).txt
2015-02-03 19:15 - 2015-02-03 19:15 - 00000000 ____D () C:\Users\JP.AS2\Desktop\TC
2015-02-03 18:31 - 2015-02-03 18:44 - 01182088 _____ () C:\Users\JP.AS2\Downloads\squad vox.wav.part
2015-02-03 09:29 - 2015-03-04 08:21 - 00000000 ____D () C:\AdwCleaner
2015-02-03 09:27 - 2015-02-03 09:27 - 02194432 _____ () C:\Users\JP.AS2\Downloads\AdwCleaner.exe
2015-02-03 09:26 - 2015-02-03 09:26 - 00688992 _____ (Swearware) C:\Users\JP.AS2\Downloads\dds.scr
2015-02-03 09:01 - 2015-02-03 09:07 - 00000000 ____D () C:\Users\JP.AS2\Downloads\Lynda - Accounting Fundamentals Tutorial
2015-02-03 08:59 - 2015-02-03 08:59 - 00000000 ____D () C:\Users\JP.AS2\Downloads\Accounting Made Simple Accounting Explained in 100 Pages or Less (Mike Piper) (epub, mobi) {S-B}™
2015-02-03 08:55 - 2015-02-03 08:56 - 00000000 ____D () C:\Users\JP.AS2\Downloads\Lynda - QuickBooks Advanced Bookkeeping Techniques
2015-02-02 10:42 - 2015-02-02 10:42 - 00000109 _____ () C:\Users\JP.AS2\Desktop\ghg.txt
2015-02-02 09:40 - 2015-02-05 12:41 - 00002184 _____ () C:\Users\JP.AS2\Desktop\Sage Evolution.lnk
2015-02-02 09:40 - 2015-02-02 09:43 - 00000000 ____D () C:\Users\JP.AS2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sage Evolution 7.00.207

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-04 08:47 - 2014-08-04 19:25 - 02022106 _____ () C:\Windows\WindowsUpdate.log
2015-03-04 08:46 - 2014-08-26 15:50 - 00000000 ____D () C:\Stuff
2015-03-04 08:35 - 2014-12-06 01:21 - 00000000 ____D () C:\Users\JP.AS2\AppData\Roaming\moters
2015-03-04 08:31 - 2015-01-28 14:54 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-03-04 08:31 - 2009-07-14 06:45 - 00020288 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-04 08:31 - 2009-07-14 06:45 - 00020288 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-04 08:24 - 2014-12-09 13:26 - 00000000 ____D () C:\ProgramData\VMware
2015-03-04 08:24 - 2014-08-04 11:26 - 00000000 ____D () C:\Users\JP.AS2\AppData\Roaming\uTorrent
2015-03-04 08:23 - 2014-08-04 11:13 - 00000112 _____ () C:\Windows\system32\config\netlogon.ftl
2015-03-04 08:23 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-04 08:23 - 2009-07-14 06:51 - 00100557 _____ () C:\Windows\setupact.log
2015-03-03 17:40 - 2014-08-04 13:02 - 00002008 ____H () C:\Users\JP.AS2\Documents\Default.rdp
2015-03-03 17:02 - 2014-12-09 13:34 - 00000000 ____D () C:\Users\JP.AS2\AppData\Local\VMware
2015-03-03 17:02 - 2009-07-14 07:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
2015-03-03 16:53 - 2014-11-03 15:23 - 00000000 ____D () C:\Users\JP.AS2\AppData\Roaming\Skype
2015-03-03 15:17 - 2010-11-21 05:27 - 00295552 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-03-03 10:09 - 2014-12-09 13:34 - 00000000 ____D () C:\Users\JP.AS2\AppData\Roaming\VMware
2015-03-03 08:19 - 2014-08-25 09:06 - 00027043 _____ () C:\Users\JP.AS2\AppData\Local\BICEvolution.log
2015-03-02 17:34 - 2014-08-08 11:24 - 00000000 ____D () C:\Users\JP.AS2\AppData\Local\Apps\2.0
2015-03-02 17:32 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default
2015-03-02 17:27 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2015-03-02 17:26 - 2010-11-21 05:47 - 09367944 _____ () C:\Windows\PFRO.log
2015-03-02 17:26 - 2009-07-14 04:34 - 82313216 _____ () C:\Windows\system32\config\SOFTWARE.bak
2015-03-02 17:26 - 2009-07-14 04:34 - 28311552 _____ () C:\Windows\system32\config\SYSTEM.bak
2015-03-02 17:26 - 2009-07-14 04:34 - 00524288 _____ () C:\Windows\system32\config\DEFAULT.bak
2015-03-02 17:26 - 2009-07-14 04:34 - 00262144 _____ () C:\Windows\system32\config\SECURITY.bak
2015-03-02 16:28 - 2014-12-19 14:39 - 00000000 ____D () C:\Users\JP.AS2\Downloads\Season 3
2015-03-02 08:23 - 2014-07-07 09:56 - 00000000 ____D () C:\EvoBICMetaData
2015-03-02 07:54 - 2015-01-11 13:00 - 00000432 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2015-02-28 17:10 - 2009-07-14 07:13 - 00881004 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-26 15:37 - 2014-08-15 09:23 - 00000000 ____D () C:\Users\JP.AS2\AppData\Local\Deployment
2015-02-24 16:19 - 2014-09-07 05:19 - 00000000 ____D () C:\Windows\Minidump
2015-02-24 16:18 - 2014-12-19 08:42 - 456068663 _____ () C:\Windows\MEMORY.DMP
2015-02-24 15:45 - 2014-08-04 11:16 - 00118608 _____ () C:\Users\JP.AS2\AppData\Local\GDIPFONTCACHEV1.DAT
2015-02-24 15:39 - 2009-07-14 06:45 - 00450840 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-24 13:03 - 2014-08-05 09:26 - 00000000 ____D () C:\Program Files (x86)\TeamViewer
2015-02-24 12:35 - 2014-07-04 23:02 - 00000000 ____D () C:\Program Files (x86)\Image-Line
2015-02-23 19:50 - 2014-08-11 12:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KORG
2015-02-23 19:50 - 2014-08-11 12:39 - 00000000 ____D () C:\Program Files (x86)\KORG
2015-02-20 16:08 - 2015-01-29 09:47 - 00001289 _____ () C:\Users\Public\Desktop\YTD Video Downloader.lnk
2015-02-19 13:35 - 2014-12-05 11:17 - 00000000 ____D () C:\Users\JP.AS2\Desktop\Evo
2015-02-19 08:57 - 2014-11-03 15:23 - 00000000 ___RD () C:\Program Files (x86)\Skype
2015-02-19 08:57 - 2014-11-03 15:22 - 00000000 ____D () C:\ProgramData\Skype
2015-02-16 11:00 - 2014-08-28 09:04 - 00000000 ____D () C:\Users\JP.AS2\AppData\Local\Adobe
2015-02-16 10:59 - 2014-08-04 19:53 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-02-16 10:59 - 2014-08-04 19:53 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-14 06:58 - 2014-08-11 17:56 - 00000000 ____D () C:\Program Files (x86)\VstPlugins
2015-02-13 12:01 - 2014-08-05 08:52 - 00000000 ____D () C:\Users\JP.AS2\Documents\SQL Server Management Studio
2015-02-13 10:34 - 2014-08-27 14:39 - 00000000 ____D () C:\ProgramData\TuneUp Software
2015-02-12 21:34 - 2014-11-13 19:57 - 00000000 __HDC () C:\ProgramData\{E26B3878-7CEC-469C-B449-5CAA336DF8CD}
2015-02-12 21:34 - 2014-11-13 19:56 - 00000000 __HDC () C:\ProgramData\{C78336EC-F2EB-4640-99A4-DFE96581B90B}
2015-02-12 21:34 - 2014-08-04 14:55 - 00000000 ____D () C:\Users\JP.AS2\AppData\Local\Downloaded Installations
2015-02-12 15:26 - 2014-09-03 16:16 - 00000000 ____D () C:\Program Files (x86)\Sage Evolution v7
2015-02-11 11:47 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-02-10 16:49 - 2015-01-28 14:54 - 00097496 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-02-09 16:20 - 2015-01-12 08:41 - 00000000 ____D () C:\Users\JP.AS2\Desktop\ug
2015-02-09 08:44 - 2014-12-19 10:52 - 00000000 ____D () C:\Program Files\TeraCopy
2015-02-06 09:37 - 2015-01-29 11:45 - 00089343 _____ () C:\Users\JP.AS2\Desktop\Budget Income Statement Monthly.rtm
2015-02-05 10:21 - 2014-10-08 07:51 - 00000000 ____D () C:\Program Files\VSTPlugIns
2015-02-04 14:58 - 2014-08-05 17:02 - 00000000 ____D () C:\Users\JP.AS2\AppData\Roaming\SageEvolution-WhatsNew
2015-02-04 14:18 - 2015-01-16 08:25 - 00000000 ____D () C:\New folder
2015-02-04 08:13 - 2014-10-27 09:58 - 00000000 ____D () C:\Users\JP.AS2\AppData\Roaming\Dropbox
2015-02-03 22:52 - 2014-10-27 10:04 - 00000000 ___RD () C:\Users\JP.AS2\Dropbox
2015-02-02 12:40 - 2015-01-05 17:28 - 00000000 ____D () C:\Users\JP.AS2\Documents\2015 Timesheets
2015-02-02 11:58 - 2014-12-09 18:40 - 00189692 _____ () C:\Users\JP.AS2\Downloads\AA_v3.5.log

==================== Files in the root of some directories =======

2014-08-26 09:40 - 2014-08-26 09:40 - 0000096 _____ () C:\Users\JP.AS2\AppData\Roaming\version2.xml
2014-08-25 09:06 - 2015-03-03 08:19 - 0027043 _____ () C:\Users\JP.AS2\AppData\Local\BICEvolution.log

Some content of TEMP:
====================
C:\Users\JP.AS2\AppData\Local\Temp\Foxit Reader Updater.exe
C:\Users\JP.AS2\AppData\Local\Temp\Quarantine.exe
C:\Users\JP.AS2\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-02-28 16:54

==================== End Of Log ============================
 
Addition.txt

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-03-2015
Ran by JP at 2015-03-04 08:48:53
Running from C:\Users\JP.AS2\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Disabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Disabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-1913415371-4241227638-503936330-1202\...\uTorrent) (Version: 3.4.2.35702 - BitTorrent Inc.)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
ARC System 2 version 2.2.0 (HKLM\...\{4952A610-D484-4F6A-B1B4-33797CFDB821}_is1) (Version: 2.2.0 - IK Multimedia)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.10 - Michael Tippach)
AutoHotkey 1.0.48.05 (HKLM-x32\...\AutoHotkey) (Version: 1.0.48.05 - Chris Mallett)
Broadcom NetLink Controller (HKLM\...\{C91DCB72-F5BB-410D-A91A-314F5D1B4284}) (Version: 15.0.7.1 - Broadcom Corporation)
Cableguys FilterShaper 3.1.6 (HKLM\...\FilterShaper_is1) (Version: 3.1.6 - Cableguys)
CamStudio 2.7.2 (HKLM\...\{04B83666-3A62-452B-85D3-70F8117F2329}_is1) (Version: 2.7.2 - CamStudio Open Source)
Cisco WebEx Meetings (HKLM-x32\...\ActiveTouchMeetingClient) (Version: - Cisco WebEx LLC)
Convert EPUB to PDF 6.6.0 (HKLM-x32\...\{C860AFE7-2A99-4AF6-AB03-116EFC14AD30}) (Version: 6.6.0 - EPUB Converter)
Counter-Strike 1.0 (HKLM-x32\...\Counter-Strike) (Version: 1.0 - )
Crystal Reports Basic Runtime for Visual Studio 2008 (HKLM-x32\...\{CE26F10F-C80F-4377-908B-1B7882AE2CE3}) (Version: 10.5.0.0 - Business Objects)
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
Dropbox (HKU\S-1-5-21-1913415371-4241227638-503936330-1202\...\Dropbox) (Version: 3.0.3 - Dropbox, Inc.)
EitherMouse 0.5988 (HKLM-x32\...\EitherMouse) (Version: 0.5988 - Steffen Software)
Evolution Freedom Service (HKLM-x32\...\{24191AB7-2CA0-47C7-9B2E-DBB5322FA684}) (Version: 2.0.5291.18677 - Sage Pastel)
Evolution Mobile Service (HKLM-x32\...\{1A1F86F6-82EE-4BBF-942F-89487F3D1743}) (Version: 1.0.5253.24107 - Sage Pastel)
FabFilter Volcano v2.03 (HKLM-x32\...\FabFilter Volcano 2_is1) (Version: - ViP Team)
FL Studio 11 (HKLM-x32\...\FL Studio 11) (Version: - Image-Line)
FL Studio 11.5 (HKLM-x32\...\FL Studio 11.5) (Version: - Image-Line)
FlowStone FL 3.0 (HKLM-x32\...\FlowStone) (Version: - )
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 6.2.2.802 - Foxit Corporation)
IK Multimedia Authorization Manager version 1.0.9 (HKLM\...\{85BC0DCB-69E5-4279-AA25-F108EF896588}_is1) (Version: 1.0.9 - IK Multimedia)
IL Download Manager (HKLM-x32\...\IL Download Manager) (Version: - Image-Line)
IL Harmor (HKLM-x32\...\IL Harmor) (Version: - Image-Line)
IL Shared Libraries (HKLM-x32\...\IL Shared Libraries) (Version: - Image-Line)
Intel(R) OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3621 - Intel Corporation)
iZotope Trash 2 (HKLM-x32\...\iZotope Trash 2_is1) (Version: 2.00 - iZotope, Inc.)
K-Lite Mega Codec Pack 10.6.0 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 10.6.0 - )
KORG KONTROL Editor (HKLM-x32\...\{2994E3F1-B6A3-40FD-860E-A54363FC266C}) (Version: 1.50.0000 - KORG Inc.)
KORG USB-MIDI Driver Tools for Windows (HKLM-x32\...\{CACF2945-0BD5-43D3-B0CF-FA7D25DB2C1E}) (Version: 1.14.1202 - Korg Inc.)
Lennar Digital Sylenth VSTi v1.2.1 (HKLM-x32\...\Lennar Digital Sylenth VSTi v1.2.1) (Version: - )
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft IntelliPoint 8.2 (HKLM\...\Microsoft IntelliPoint 8.2) (Version: 8.20.468.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM-x32\...\Office15.PROPLUSR) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft Report Viewer Redistributable 2008 SP1 (HKLM-x32\...\Microsoft Report Viewer Redistributable 2008 (KB971119)) (Version: - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 (64-bit) (HKLM\...\Microsoft SQL Server 2008 R2) (Version: - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Native Client (HKLM\...\{2180B33F-3225-423E-BBC1-7798CFD3CD1F}) (Version: 10.50.1600.1 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Policies (HKLM-x32\...\{D21BC5B2-CBAC-48FA-A701-B5A63C1CA7B8}) (Version: 10.50.1600.1 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Setup (English) (HKLM\...\{6D10FB2C-82A9-40F2-91D0-7BE64CF0DAF2}) (Version: 10.50.1600.1 - Microsoft Corporation)
Microsoft SQL Server 2008 Setup Support Files (HKLM\...\{B40EE88B-400A-4266-A17B-E3DE64E94431}) (Version: 10.1.2731.0 - Microsoft Corporation)
Microsoft SQL Server Browser (HKLM-x32\...\{BF9BF038-FE03-429D-9B26-2FA0FD756052}) (Version: 10.50.1600.1 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 Query Tools ENU (HKLM-x32\...\{DDFD8348-058C-4F4B-85E5-6D740D4AB3FE}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{288D79EE-A2D1-42AF-9597-B0ADCC23A8ED}) (Version: 10.50.1600.1 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.31007 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 - ENU (HKLM-x32\...\{4ECF4BDC-8387-329A-ABE9-CF5798F84BB2}) (Version: 9.0.35191 - Microsoft Corporation)
Microsoft Web Platform Installer 2.0 (HKLM\...\{59996900-0E6C-45B7-8C39-C64CB98462E4}) (Version: 2.1.1 - Microsoft Corporation)
MobileWiFi (HKLM-x32\...\MobileWiFi) (Version: TOOL-ConnLaucher_WIN1.12.07.00 - Huawei Technologies Co.,Ltd)
Mozilla Firefox 35.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 35.0.1 (x86 en-US)) (Version: 35.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 31.0 - Mozilla)
MP3 Diags Unstable (HKLM-x32\...\MP3Diags-unstable) (Version: - )
Native Instruments - Kore 2 Controller (HKLM-x32\...\Native Instruments - Kore 2 Controller) (Version: - )
Native Instruments Kore 2 (HKLM-x32\...\Native Instruments Kore 2) (Version: - )
Ohm Force - Ohmicide VST (HKLM-x32\...\Ohmicide VST) (Version: - )
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
Outils de vérification linguistique 2013 de Microsoft Office - Français (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Pastel Evolution (6.50.85) (HKLM-x32\...\CProgramFiles(x86)SageEvolutionv6v6.50.85) (Version: - Softline Pastel)
Pastel Evolution (6.60.84) (HKLM-x32\...\CProgramFiles(x86)SageEvolutionv6v6.60.84) (Version: - Softline Pastel)
Pastel Evolution (6.81.48) (HKLM-x32\...\CProgramFiles(x86)SageEvolutionv6v6.81.48) (Version: - Softline Pastel)
Pastel Evolution (6.81.51) (HKLM-x32\...\CProgramFiles(x86)EvolutionVersion66.81.51) (Version: - Softline Pastel)
Pastel Evolution (6.81.51) (HKLM-x32\...\CProgramFiles(x86)SageEvolutionv6v6.81.51) (Version: - Softline Pastel)
Pastel Evolution Business Intelligence Centre (HKLM-x32\...\{2C97912D-D468-4814-979B-9B78F4954F19}) (Version: 6.8.596 - Alchemex (PTY) LTD)
Pastel Evolution Business Intelligence Centre (HKLM-x32\...\{31A5320D-E32D-46C3-A13E-C73C482C0F03}) (Version: 6.8.594 - Alchemex (PTY) LTD)
Pastel Evolution Business Intelligence Centre (HKLM-x32\...\{97544892-3A43-490F-B7C5-F23327D85BB7}) (Version: 6.8.590 - Alchemex (PTY) LTD)
Pastel Evolution Cash Manager (HKLM-x32\...\{792FA6FC-24DB-4DEF-AE7F-9F1D47F6E186}) (Version: 1.6.0 - Softline Pastel)
Pastel Evolution Cash Manager (HKLM-x32\...\{E537AB80-DF85-429A-860A-4494D6DD2256}) (Version: 1.7.1 - Softline Pastel)
Pastel Evolution Inventory Issue (HKLM-x32\...\{6CC34425-F107-42C4-9CC3-69B6C5910794}) (Version: 6.81.221 - Softline Pastel)
Pastel Evolution Mobile Sales (HKLM-x32\...\{E95E6EDC-23DB-4082-8F2C-292B02D0DC42}) (Version: 6.81.150 - Softline Pastel)
Pluralinput (HKLM-x32\...\{008E3690-DF28-4719-9650-94E8416CCCBE}_is1) (Version: 0.8.6.35930 - Christian Gulden)
Polygon version 1.0 (HKLM-x32\...\{0BF82F4F-37CC-4A00-A20E-B24AA8D90160}_is1) (Version: 1.0 - Glitchmachines)
Quake Live (HKLM-x32\...\Quake Live) (Version: - id Software)
Qualcomm Atheros WiFi Driver Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 3.1 - Qualcomm Atheros)
Race Driver Grid (HKLM-x32\...\Race Driver Grid_R.G. Mechanics_is1) (Version: - R.G. Mechanics, Panky)
RecoveryFix for BKF Evaluation Ver 4.02.01 (HKLM-x32\...\RecoveryFix for BKF - Evaluation Version_is1) (Version: - Chily Softech Pvt Ltd)
Sage Evolution (6.82.65) (HKLM-x32\...\CProgramFiles(x86)EvolutionVersion6v6.82.65) (Version: - Sage Pastel)
Sage Evolution (6.82.67) (HKLM-x32\...\CProgramFiles(x86)EvolutionVersion6v6.82.67) (Version: - Sage Pastel)
Sage Evolution (6.82.67) (HKLM-x32\...\CProgramFiles(x86)SageEvolutionv6v6.82.67) (Version: - Sage Pastel)
Sage Evolution (6.82.81) (HKLM-x32\...\CProgramFiles(x86)SageEvolutionv6v6.82.81) (Version: - Sage Pastel)
Sage Evolution (7.00.174) (HKLM-x32\...\CProgramFiles(x86)SageEvolutionv7v7.00.174) (Version: - Sage Pastel)
Sage Evolution (7.00.195) (HKLM-x32\...\CProgramFiles(x86)SageEvolution) (Version: - Sage Pastel)
Sage Evolution (7.00.195) (HKLM-x32\...\CProgramFiles(x86)SageEvolutionv7v7.00.195) (Version: - Sage Pastel)
Sage Evolution (7.00.198) (HKLM-x32\...\CProgramFiles(x86)SageEvolutionv7v7.00.198) (Version: - Sage Pastel)
Sage Evolution (7.00.204) (HKLM-x32\...\CProgramFiles(x86)SageEvolutionv7v7.00.202) (Version: - Sage Pastel)
Sage Evolution (7.00.207) (HKLM-x32\...\CProgramFiles(x86)SageEvolutionv7v7.00.207) (Version: - Sage Pastel)
Sage Evolution Advanced Procurement (HKLM-x32\...\{9C96F2B7-505D-4B2E-B793-F0A2F10F7370}) (Version: 7.0.111 - Sage Pastel)
Sage Evolution Alert Management (HKLM-x32\...\{215CB21C-90EE-4F78-A975-7232A577612B}) (Version: 7.0.109 - Sage Pastel)
Sage Evolution Debtors Manager (HKLM-x32\...\{90CF1D0B-7866-4B97-9FF8-58DECACAC7A3}) (Version: 2.0.0 - Sage Pastel)
Sage Evolution Delivery Management (HKLM-x32\...\{AA942942-68DD-4B06-8476-F3891CF143E7}) (Version: 7.0.115 - Sage Pastel)
Sage Evolution Global Tax (HKLM-x32\...\{19B81904-1840-4C53-8B43-192DB8358102}) (Version: 7.0.106 - Sage Pastel)
Sage Evolution Intelligence Reporting (HKLM-x32\...\{F53748E7-4DEE-43C0-B221-BE33FA29C3DF}) (Version: 7.0.7430.0045 - Sage Alchemex)
Sage Evolution Inventory Issue (HKLM-x32\...\{BA9C4905-1888-47BA-9717-2B0E5D3A5088}) (Version: 6.82.316 - Sage Pastel)
Sage Evolution Inventory Issue (HKLM-x32\...\{DB3E2547-86C2-422E-B58A-32F1E3088A48}) (Version: 7.0.30 - Sage Pastel)
Sage Evolution Inventory Optimisation (HKLM-x32\...\{C7F40648-35C0-41BE-99E6-AB8072DB68B1}) (Version: 7.0.114 - Sage Pastel)
Sage Evolution Mobile Sales (HKLM-x32\...\{06FA5587-1C17-4F64-B733-696ADEE9236A}) (Version: 7.0.120 - Sage Pastel)
Sage Evolution Outlook Add-in (HKU\S-1-5-21-1913415371-4241227638-503936330-1202\...\0CC5E23BF36330E76AA2C214CF4788DDBCB92E6A) (Version: 7.0.0.12 - Sage Pastel)
Sage Evolution Service Manager (HKLM-x32\...\{ABF08321-CE67-4E06-979B-CE15059F5DDC}) (Version: 7.0.232 - Sage Pastel)
Sage Evolution Voucher Management (HKLM-x32\...\{8471EB46-A2EA-4511-B2F4-A78E86B826FA}) (Version: 7.0.120 - Sage Pastel)
SAP Crystal Reports runtime engine for .NET Framework 4 (32-bit) (HKLM-x32\...\{083988D7-BDA9-4244-983B-409A634BBC09}) (Version: 13.0.1.220 - SAP)
Schaack Audio Technologies Transient Shaper VST v2.04 (HKLM-x32\...\Schaack Audio Technologies Transient Shaper VST v2.04_is1) (Version: - )
Search App by Ask (HKLM-x32\...\{53475431-2D53-5000-76A7-A758B70C1900}) (Version: 12.25.0.244 - APN, LLC) <==== ATTENTION
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Snagit 12 (HKLM-x32\...\{979028FC-2DBF-4BB4-A9EC-4627A9D63D50}) (Version: 12.2.2 - TechSmith Corporation)
Soundcloud Playlist Downloader (HKU\S-1-5-21-1913415371-4241227638-503936330-1202\...\9d4be2ebecbc4e2b) (Version: 1.0.0.33 - Soundcloud Playlist Downloader)
SQL Server 2008 R2 Common Files (Version: 10.50.1600.1 - Microsoft Corporation) Hidden
SQL Server 2008 R2 Database Engine Services (Version: 10.50.1600.1 - Microsoft Corporation) Hidden
SQL Server 2008 R2 Database Engine Shared (Version: 10.50.1600.1 - Microsoft Corporation) Hidden
SQL Server 2008 R2 Management Studio (Version: 10.50.1600.1 - Microsoft Corporation) Hidden
Sql Server Customer Experience Improvement Program (Version: 10.50.1600.1 - Microsoft Corporation) Hidden
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Stutter Edit Expansion 1 (HKLM-x32\...\Stutter Edit Expansion 1_is1) (Version: 1.00 - iZotope, Inc.)
Stutter Edit Expansion 2 (HKLM-x32\...\Stutter Edit Expansion 2_is1) (Version: 1.00 - iZotope, Inc.)
Sugar Bytes Turnado 1.5.1 (HKLM\...\Turnado_is1) (Version: 1.5.1 - Sugar Bytes)
Sugar Bytes WOW2 2.1.1 (HKLM\...\WOW2_is1) (Version: 2.1.1 - Sugar Bytes)
TeamPlayer 2.2.0 (HKLM-x32\...\TeamPlayer_is1) (Version: 2.2.0 - WunderWorks)
TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.26297 - TeamViewer)
TeraCopy 2.3 (HKLM\...\TeraCopy_is1) (Version: - Code Sector)
TuneUp Utilities 2014 (en-US) (x32 Version: 14.0.1000.88 - TuneUp Software) Hidden
TuneUp Utilities 2014 (HKLM-x32\...\TuneUp Utilities 2014) (Version: 14.0.1000.88 - TuneUp Software)
TuneUp Utilities 2014 (x32 Version: 14.0.1000.88 - TuneUp Software) Hidden
Ultimate Vocabulary 2014 (HKLM-x32\...\{E9AFB88A-9133-4348-BE7C-EDEFE0A1B6CF}) (Version: 14.0 - eReflect)
Virtual DJ Pro Full - Atomix Productions (HKLM-x32\...\Virtual DJ Pro Full - Atomix Productions) (Version: - )
VLC media player 1.1.9 (HKLM-x32\...\VLC media player) (Version: 1.1.9 - VideoLAN)
VMware Player (HKLM-x32\...\VMware_Player) (Version: 7.0.0 - VMware, Inc)
VMware Player (Version: 7.0.0 - VMware, Inc.) Hidden
Vodafone Mobile Broadband (HKLM-x32\...\{6C29152D-3FF9-43B2-84E4-9B35FC0BF5C2}) (Version: 10.3.300.42078 - Vodafone)
Warface Launcher (Beta) (HKLM-x32\...\{28D1723C-31C4-4A83-9799-DFFB3739026D}) (Version: 1.0.0 - Crytek GmbH)
Waves Complete V9r21 (HKLM-x32\...\{93000001-C561-4E32-99EB-3C5AD3683A70}) (Version: 9.3.21 - Waves)
Winamp (HKLM-x32\...\Winamp) (Version: 5.666 - Nullsoft, Inc)
WinAutomation (Version: 3.1.5.637 - Softomotive Ltd) Hidden
Windows Small Business Server 2011 Standard ClientAgent (HKLM\...\{5C72F8A3-BF39-4733-B41E-0ED7EF622E37}) (Version: 6.1.7900.1 - Microsoft Corporation)
WinRAR 5.00 beta 8 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.00.8 - win.rar GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1913415371-4241227638-503936330-1202_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\JP.AS2\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1913415371-4241227638-503936330-1202_Classes\CLSID\{56FDF344-FD6D-11d0-958A-006097C9A090}\InprocServer32 -> C:\Users\JP.AS2\AppData\Roaming\moters\supna.dll No File <==== ATTENTION
CustomCLSID: HKU\S-1-5-21-1913415371-4241227638-503936330-1202_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-1913415371-4241227638-503936330-1202_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\JP.AS2\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1913415371-4241227638-503936330-1202_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\JP.AS2\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1913415371-4241227638-503936330-1202_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\JP.AS2\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1913415371-4241227638-503936330-1202_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\JP.AS2\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1913415371-4241227638-503936330-1202_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\JP.AS2\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1913415371-4241227638-503936330-1202_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\JP.AS2\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1913415371-4241227638-503936330-1202_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\JP.AS2\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1913415371-4241227638-503936330-1202_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\JP.AS2\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

==================== Restore Points =========================


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2015-03-02 17:27 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {1F968657-C409-42F4-BAB8-E9585F47CF7E} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {262B9A4A-B208-42FA-BB33-95815D1C57B6} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files (x86)\TuneUp Utilities 2014\OneClick.exe [2013-08-29] (TuneUp Software)
Task: {5AA832CD-99A2-4D81-8D7C-8E9020763F28} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => c:\Program Files\Microsoft IntelliPoint\IPoint.exe [2011-08-01] (Microsoft Corporation)
Task: {69FD544E-F2A4-4B13-A235-2F2CDFFB1400} - System32\Tasks\Adobe online update program => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-05-08] (Adobe Systems Incorporated)
Task: {ADDC3DC6-0E73-44D2-B813-770DDEEA6A31} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {B9E13D31-E182-419E-9EFA-2617E39255F8} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {C48D2698-B5C6-45FC-9F12-4ACE197031D2} - System32\Tasks\TechSmith Updater => C:\Program Files (x86)\Common Files\TechSmith Shared\Updater\TSCUpdClt.exe [2014-07-31] (TechSmith Corporation)
Task: {F06E4151-2915-4E6F-AE85-58681092D2D1} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe

==================== Loaded Modules (whitelisted) ==============

2013-04-10 07:58 - 2013-04-10 07:58 - 00351824 _____ () C:\ProgramData\DatacardService\HWDeviceService64.exe
2013-08-29 12:08 - 2013-08-29 12:08 - 00757048 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\avgrepliba.dll
2010-12-09 16:42 - 2010-12-09 16:42 - 00927744 _____ () C:\Program Files\WinAutomation\System.Data.SQLite.dll
2012-10-01 20:34 - 2012-10-01 20:34 - 06522480 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2014-12-19 10:52 - 2012-01-29 16:55 - 00657920 _____ () C:\Program Files\TeraCopy\TeraCopy64.dll
2014-11-20 18:44 - 2014-11-20 18:44 - 01299136 _____ () C:\Program Files (x86)\VMware\VMware Player\libxml2.dll
2012-10-01 20:33 - 2012-10-01 20:33 - 06522480 _____ () C:\Program Files (x86)\Microsoft Office\Office15\1033\GrooveIntlResource.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\atashost => ""="Service"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1913415371-4241227638-503936330-1202\Control Panel\Desktop\\Wallpaper -> C:\Users\JP.AS2\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.0.10

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: BDESVC => 3
MSCONFIG\Services: bthserv => 3
MSCONFIG\Services: Evolution Freedom Service => 2
MSCONFIG\Services: Evolution Mobile Service => 2
MSCONFIG\Services: IePluginServices => 2
MSCONFIG\Services: test => 2
MSCONFIG\Services: TuneUp.UtilitiesSvc => 2
MSCONFIG\startupfolder: C:^Users^JP.AS2^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Send to OneNote.lnk => C:\Windows\pss\Send to OneNote.lnk.Startup
MSCONFIG\startupreg: IntelliPoint => "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
MSCONFIG\startupreg: MobileBroadband => C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe /silent
MSCONFIG\startupreg: VmbNotifier => C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbNotifier.exe

==================== Accounts: =============================

Administrator (S-1-5-21-3714125016-866609955-929467234-500 - Administrator - Disabled)
Guest (S-1-5-21-3714125016-866609955-929467234-501 - Limited - Disabled)
JP (S-1-5-21-3714125016-866609955-929467234-1000 - Administrator - Enabled) => C:\Users\JP

==================== Faulty Device Manager Devices =============

Name: VMware Virtual Ethernet Adapter for VMnet1
Description: VMware Virtual Ethernet Adapter for VMnet1
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: VMware, Inc.
Service: VMnetAdapter
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: VMware Virtual Ethernet Adapter for VMnet8
Description: VMware Virtual Ethernet Adapter for VMnet8
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: VMware, Inc.
Service: VMnetAdapter
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Base System Device
Description: Base System Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Base System Device
Description: Base System Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Atheros AR5BWB222 Wireless Network Adapter
Description: Atheros AR5BWB222 Wireless Network Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Atheros Communications Inc.
Service: athr
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: HD WebCam
Description: USB Video Device
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: Microsoft
Service: usbvideo
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: PCI Simple Communications Controller
Description: PCI Simple Communications Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============

Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
Date: 2015-03-02 17:23:24.837
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-03-02 17:23:24.822
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-10-18 12:16:23.991
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\LENDIG.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-10-18 12:16:23.983
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\LENDIG.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-10-18 10:12:11.612
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\LENDIG.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-10-18 10:12:11.590
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\LENDIG.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-10-04 13:38:22.768
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\LENDIG.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-10-04 13:38:22.756
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\LENDIG.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-10-04 13:35:14.669
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\LENDIG.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-10-04 13:35:14.656
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\LENDIG.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-3230M CPU @ 2.60GHz
Percentage of memory in use: 40%
Total physical RAM: 3914.36 MB
Available physical RAM: 2310.98 MB
Total Pagefile: 7556.97 MB
Available Pagefile: 5582.27 MB
Total Virtual: 8192 MB
Available Virtual: 8191.8 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:198.54 GB) (Free:4.7 GB) NTFS
Drive d: () (Fixed) (Total:500 GB) (Free:2.7 GB) NTFS
Drive z: () (Network) (Total:731.32 GB) (Free:225.49 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: E865E392)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=198.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=500 GB) - (Type=07 NTFS)

==================== End Of Log ============================
 
redtarget.gif
Uninstall Search App by Ask.

redtarget.gif

Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST(FRST64) and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
 

Attachments

  • fixlist.txt
    1.3 KB · Views: 1
Back